Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/MDIbS6sEXbMo4ibcLekhzijIjYY.roa
File:                     MDIbS6sEXbMo4ibcLekhzijIjYY.roa (raw, json)
Hash identifier:          7iIxmTu02d89hGoTIMu/80TJLS3BqGKAagC48ze8HTo=
Subject key identifier:   30:32:1B:4B:AB:04:5D:B3:28:E2:26:DC:2D:E9:21:CE:28:C8:8D:86
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019424B3E46F1DC888D50BDD586320271C68
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/MDIbS6sEXbMo4ibcLekhzijIjYY.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48481
IP address blocks:        217.64.152.0/22 maxlen: 22
                          217.64.152.0/23 maxlen: 23
                          217.64.154.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e4:6f:1d:c8:88:d5:0b:dd:58:63:20:27:1c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30321b4bab045db328e226dc2de921ce28c88d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:6a:d7:e8:12:71:53:f1:57:59:01:e3:01:c7:
                    24:91:4d:9f:e7:64:3d:5a:75:a1:2b:e6:76:5c:b4:
                    c2:50:bc:e3:c9:4d:92:9c:ec:00:ce:18:d4:6d:7c:
                    f5:2e:da:dc:44:d7:89:39:75:8b:39:3a:cc:ad:cb:
                    ae:72:8e:bb:4b:fe:35:da:06:7f:a6:71:62:3e:84:
                    2b:bc:a4:0e:fb:ea:ce:71:a5:3c:35:86:91:0a:1f:
                    77:e5:63:d7:07:8d:59:63:d8:53:de:46:20:61:32:
                    2a:d6:fc:b9:2f:9c:28:f5:a8:89:90:48:69:5c:74:
                    75:d2:db:43:cd:18:91:32:3b:51:b9:4e:44:6e:5a:
                    de:05:6b:66:db:8d:b9:20:45:db:dc:a4:26:31:23:
                    45:a5:d6:1e:27:b2:7f:2e:80:56:9d:1c:1b:6a:7d:
                    c8:bc:f8:47:cb:4f:24:4b:fa:80:6d:e5:cb:70:a2:
                    15:34:84:3a:13:f8:fc:b4:3e:fa:f4:10:41:35:16:
                    cf:b6:e4:e2:e7:2b:06:48:60:f6:10:76:10:f9:9a:
                    7b:ae:68:37:d4:02:85:3b:ce:b0:33:70:61:95:f6:
                    91:0e:6c:84:dd:53:20:c1:82:d6:77:cc:40:dd:4c:
                    36:a0:60:9f:df:c1:b1:cd:4c:a7:7f:53:39:bb:d7:
                    9a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:32:1B:4B:AB:04:5D:B3:28:E2:26:DC:2D:E9:21:CE:28:C8:8D:86
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/MDIbS6sEXbMo4ibcLekhzijIjYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.64.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:73:c7:66:0d:e5:bb:87:b9:55:6a:09:84:4c:08:92:72:be:
         f0:83:4b:f6:ae:ef:b9:52:f2:23:ef:e4:75:1c:db:9c:27:89:
         61:25:36:f3:15:1f:0d:ec:c3:08:65:8b:8c:7d:80:39:e4:96:
         80:c5:80:52:b4:c9:20:78:85:60:5c:44:b5:99:91:12:72:28:
         b0:41:80:38:09:bb:e4:af:c2:89:e3:de:26:f4:16:87:48:58:
         b8:e8:b0:1e:99:21:1d:8d:ab:20:4e:0e:ef:6c:a9:47:29:d2:
         15:c9:c4:b5:5c:fe:f3:9c:96:66:bf:03:46:71:c9:e3:35:05:
         e2:c0:0f:0e:c6:88:9e:14:26:52:a2:92:00:f5:f6:01:6d:65:
         c3:30:bf:26:c2:5d:7e:e0:44:5f:d9:97:62:cb:60:02:69:e2:
         05:84:4a:c2:c3:07:7b:50:43:7d:f6:98:8b:88:e3:2a:2e:b3:
         d1:67:56:cd:95:5c:21:d1:92:10:56:9b:31:58:43:b5:0d:f2:
         34:0e:71:99:0c:bf:2f:12:cc:b7:83:04:1f:e8:49:46:80:52:
         9f:15:f6:b2:d4:cb:0b:c5:bf:77:28:ad:e8:a8:a8:7e:ae:2e:
         9b:00:fa:73:3f:45:d9:52:3f:a5:ab:d4:81:bd:bb:ea:00:81:
         09:b9:e2:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+RvHciI1QvdWGMgJxxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMyMWI0YmFiMDQ1ZGIzMjhlMjI2ZGMyZGU5MjFjZTI4Yzg4ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GrX6BJxU/FXWQHjAcckkU2f52Q9
WnWhK+Z2XLTCULzjyU2SnOwAzhjUbXz1LtrcRNeJOXWLOTrMrcuuco67S/412gZ/
pnFiPoQrvKQO++rOcaU8NYaRCh935WPXB41ZY9hT3kYgYTIq1vy5L5wo9aiJkEhp
XHR10ttDzRiRMjtRuU5EblreBWtm2425IEXb3KQmMSNFpdYeJ7J/LoBWnRwban3I
vPhHy08kS/qAbeXLcKIVNIQ6E/j8tD769BBBNRbPtuTi5ysGSGD2EHYQ+Zp7rmg3
1AKFO86wM3BhlfaRDmyE3VMgwYLWd8xA3Uw2oGCf38GxzUynf1M5u9eaYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAyG0urBF2zKOIm3C3pIc4oyI2GMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvTURJYlM2c0VYYk1vNGliY0xla2h6aWpJallZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UCYMA0G
CSqGSIb3DQEBCwUAA4IBAQA0c8dmDeW7h7lVagmETAiScr7wg0v2ru+5UvIj7+R1
HNucJ4lhJTbzFR8N7MMIZYuMfYA55JaAxYBStMkgeIVgXES1mZESciiwQYA4Cbvk
r8KJ494m9BaHSFi46LAemSEdjasgTg7vbKlHKdIVycS1XP7znJZmvwNGccnjNQXi
wA8OxoieFCZSopIA9fYBbWXDML8mwl1+4ERf2Zdiy2ACaeIFhErCwwd7UEN99piL
iOMqLrPRZ1bNlVwh0ZIQVpsxWEO1DfI0DnGZDL8vEsy3gwQf6ElGgFKfFfay1MsL
xb93KK3oqKh+ri6bAPpzP0XZUj+lq9SBvbvqAIEJueIF
-----END CERTIFICATE-----