Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9HCG1PtpvSkbpz1KlHfsVFACWHo.roa
File:                     9HCG1PtpvSkbpz1KlHfsVFACWHo.roa (raw, json)
Hash identifier:          Rtx+Blv0bBZYB1MAvu1urSMw2T7x1m9z5p8vPKMEoag=
Subject key identifier:   F4:70:86:D4:FB:69:BD:29:1B:A7:3D:4A:94:77:EC:54:50:02:58:7A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942824F7C271AA85F6F042688494CE4355
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9HCG1PtpvSkbpz1KlHfsVFACWHo.roa
Signing time:             Thu 02 Jan 2025 17:51:38 +0000
ROA not before:           Thu 02 Jan 2025 17:51:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151633
IP address blocks:        212.192.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:f7:c2:71:aa:85:f6:f0:42:68:84:94:ce:43:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f47086d4fb69bd291ba73d4a9477ec545002587a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:02:da:5a:2d:3e:85:12:e9:55:22:7b:ca:92:
                    2e:86:1d:62:91:22:15:c2:a6:c9:8c:4a:13:79:b0:
                    05:e9:20:ff:cd:b2:24:bb:74:0e:f3:04:0a:12:55:
                    76:40:ce:95:58:56:c8:4f:08:cd:3c:df:f4:45:f9:
                    c1:77:3e:c8:f9:c3:2f:78:7b:29:20:06:24:57:77:
                    8c:f0:18:06:9c:4e:bd:7c:d0:0a:f6:7c:a5:7b:ee:
                    8d:76:24:ee:b8:50:7e:c5:d9:f1:b9:b7:94:cb:63:
                    3e:82:33:1f:28:ce:08:99:d3:d2:26:77:b6:3f:c0:
                    28:8a:8d:34:a0:34:bc:13:42:e4:11:c2:06:bd:ab:
                    24:52:c1:f5:be:a5:e1:a5:15:7d:8c:85:1f:70:04:
                    19:87:08:04:3d:cc:f5:37:37:ad:09:eb:5c:ac:a7:
                    0d:aa:d6:58:04:b9:bd:01:34:81:e9:77:a8:26:37:
                    d7:99:b5:66:5f:c8:75:ab:e0:85:bc:88:5d:65:57:
                    c2:11:00:f0:3a:d4:89:ed:73:28:d4:eb:7e:67:cd:
                    b5:07:a2:42:29:cb:e4:a4:e2:49:8a:af:fd:d6:3f:
                    92:8e:0c:01:91:28:bb:15:4e:2a:6e:8b:57:ab:29:
                    58:dc:ad:2f:e8:0a:0c:ac:53:c8:d7:45:93:5d:b3:
                    96:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:70:86:D4:FB:69:BD:29:1B:A7:3D:4A:94:77:EC:54:50:02:58:7A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9HCG1PtpvSkbpz1KlHfsVFACWHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:2d:15:e3:66:5d:b1:0a:b0:9e:50:98:43:b6:2c:36:5e:7e:
         bd:19:a0:7e:6b:5a:e6:00:6f:c5:f9:98:d0:6b:d3:13:80:df:
         f0:44:b2:6f:f9:97:0d:74:ca:e5:1f:9a:42:b0:04:69:fa:6b:
         88:2e:92:da:b7:9c:3a:8c:f9:b1:ab:db:39:2b:19:ae:28:b1:
         59:76:3c:b3:29:d4:c6:51:d4:d6:77:80:93:a6:e7:cc:ab:31:
         93:be:c4:eb:eb:57:57:e6:48:9a:53:ab:72:41:4c:88:7a:6a:
         37:78:89:46:cb:14:46:36:6a:ce:e6:b2:66:8f:ef:56:2a:57:
         e4:1d:80:2f:c2:3d:74:2b:1d:a3:d4:ce:a3:65:4d:96:86:3e:
         0b:80:e6:e7:b9:2d:02:38:30:46:b3:a6:6b:0c:e6:8c:ba:ce:
         a7:25:5b:c3:80:9b:bf:b8:ea:85:8d:17:43:33:0f:6f:f4:97:
         68:e8:8f:4d:9a:74:89:a5:c0:ff:16:88:92:68:c2:60:4d:ec:
         f1:48:ab:1f:72:fd:3a:47:d1:28:61:fd:ce:02:ee:5d:13:f1:
         f2:b1:d9:a7:e0:dc:f4:1a:eb:51:66:9e:ad:80:95:4d:97:f5:
         ce:86:5f:ec:26:03:7a:92:36:04:83:dc:18:57:83:e7:99:19:
         47:af:78:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJPfCcaqF9vBCaISUzkNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDcwODZkNGZiNjliZDI5MWJhNzNkNGE5NDc3ZWM1NDUwMDI1ODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwLaWi0+hRLpVSJ7ypIuhh1ikSIV
wqbJjEoTebAF6SD/zbIku3QO8wQKElV2QM6VWFbITwjNPN/0RfnBdz7I+cMveHsp
IAYkV3eM8BgGnE69fNAK9nyle+6NdiTuuFB+xdnxubeUy2M+gjMfKM4ImdPSJne2
P8Aoio00oDS8E0LkEcIGvaskUsH1vqXhpRV9jIUfcAQZhwgEPcz1NzetCetcrKcN
qtZYBLm9ATSB6XeoJjfXmbVmX8h1q+CFvIhdZVfCEQDwOtSJ7XMo1Ot+Z821B6JC
KcvkpOJJiq/91j+SjgwBkSi7FU4qbotXqylY3K0v6AoMrFPI10WTXbOWrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRwhtT7ab0pG6c9SpR37FRQAlh6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOUhDRzFQdHB2U2ticHoxS2xIZnNWRkFDV0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD5MA0G
CSqGSIb3DQEBCwUAA4IBAQAoLRXjZl2xCrCeUJhDtiw2Xn69GaB+a1rmAG/F+ZjQ
a9MTgN/wRLJv+ZcNdMrlH5pCsARp+muILpLat5w6jPmxq9s5KxmuKLFZdjyzKdTG
UdTWd4CTpufMqzGTvsTr61dX5kiaU6tyQUyIemo3eIlGyxRGNmrO5rJmj+9WKlfk
HYAvwj10Kx2j1M6jZU2Whj4LgObnuS0CODBGs6ZrDOaMus6nJVvDgJu/uOqFjRdD
Mw9v9Jdo6I9NmnSJpcD/FoiSaMJgTezxSKsfcv06R9EoYf3OAu5dE/Hysdmn4Nz0
GutRZp6tgJVNl/XOhl/sJgN6kjYEg9wYV4PnmRlHr3gq
-----END CERTIFICATE-----