Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdbfeonKofPkUa5uwB8Wgyg1Da0.roa
File:                     fdbfeonKofPkUa5uwB8Wgyg1Da0.roa (raw, json)
Hash identifier:          ueGfJA1oY+PFk0KcCPN3mco/Rp29rQWbW35rPPQVBHs=
Subject key identifier:   7D:D6:DF:7A:89:CA:A1:F3:E4:51:AE:6E:C0:1F:16:83:28:35:0D:AD
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0192D717D84145DD5F8E9F76A43EAF9846E7
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdbfeonKofPkUa5uwB8Wgyg1Da0.roa
Signing time:             Tue 29 Oct 2024 07:05:17 +0000
ROA not before:           Tue 29 Oct 2024 07:05:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58269
IP address blocks:        37.148.174.0/24 maxlen: 24
                          94.30.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d7:17:d8:41:45:dd:5f:8e:9f:76:a4:3e:af:98:46:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Oct 29 07:05:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dd6df7a89caa1f3e451ae6ec01f168328350dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:31:b4:22:0b:dc:1d:01:c7:c1:eb:bd:3b:06:
                    0f:c1:47:8d:b7:a8:0f:29:96:35:9f:d9:98:22:ab:
                    f2:7d:8e:b6:69:c6:ce:ba:fd:d1:0c:27:a8:3c:02:
                    52:88:d5:ae:f4:57:d4:77:7d:94:3b:d8:56:5b:a7:
                    01:3c:29:be:2f:40:00:cf:e9:3f:ce:3d:12:65:cd:
                    76:e7:a1:80:5e:73:8f:56:a4:74:5d:aa:bf:56:cd:
                    c3:90:b5:58:76:94:4d:43:80:6f:79:ee:3b:fa:a1:
                    ca:59:99:6f:bb:c6:dc:a1:ab:88:56:fc:a7:66:c5:
                    88:9c:56:d8:a7:25:5f:6b:47:fa:bb:5b:be:d2:e4:
                    27:8c:dd:b9:56:d0:ca:5a:ea:50:b3:cc:96:38:a3:
                    22:c3:37:f8:bd:df:23:5c:1d:6c:9e:f7:05:34:d5:
                    ae:b7:02:f5:8b:cb:bb:a3:ba:85:3a:fc:18:f5:77:
                    94:2b:57:7c:c1:a6:cb:c1:12:32:a0:8b:9c:bd:7b:
                    d2:34:8a:ca:99:6e:ad:9b:77:74:59:50:73:d6:b8:
                    94:3f:56:ab:be:4d:95:40:65:c1:50:62:47:7b:99:
                    62:c5:14:19:2d:71:1a:52:a8:12:91:29:37:87:f2:
                    18:47:3c:06:58:24:03:b9:04:43:10:fc:33:68:45:
                    24:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:D6:DF:7A:89:CA:A1:F3:E4:51:AE:6E:C0:1F:16:83:28:35:0D:AD
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fdbfeonKofPkUa5uwB8Wgyg1Da0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.174.0/24
                  94.30.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:c1:bf:78:de:79:78:7d:72:6d:f1:5e:8d:78:97:9d:d4:81:
         d6:07:3f:40:ae:aa:f3:bc:be:5f:af:aa:6f:e7:42:e7:8c:c8:
         0c:aa:86:2f:13:bb:2e:0c:59:79:2f:ec:3e:7c:c0:99:a2:22:
         e2:bc:03:a1:3e:de:60:95:29:c5:2e:4a:22:ee:19:54:c2:2f:
         86:9c:b3:cc:c2:47:fe:8e:7f:0c:6e:be:48:65:6c:6c:58:92:
         a2:b6:26:09:77:08:5b:97:5f:ec:50:60:af:c7:cb:78:3b:b7:
         2a:54:6d:b2:18:61:e3:a2:90:2f:01:af:06:ed:07:aa:c6:2b:
         ff:bd:d6:d2:27:7c:6b:96:f5:d2:52:b2:24:85:79:50:c9:1d:
         c7:3a:5f:b9:fd:ad:c9:8a:86:2f:30:3b:91:00:61:eb:99:bb:
         72:bc:5c:41:26:b0:ea:55:13:5f:c3:b6:db:31:29:c6:1c:8c:
         ee:a0:18:a4:52:7b:8b:5c:e8:1f:1c:d4:26:a5:3b:4f:7d:69:
         b1:eb:e9:b9:68:15:af:29:44:c7:ba:df:b1:33:24:a9:2d:ee:
         4b:7b:27:60:a9:7a:df:da:9b:ce:20:c9:0b:89:dd:44:2c:45:
         4f:f2:07:d6:0f:16:ed:b6:15:4a:3c:cc:5c:52:c2:ac:da:de:
         75:e8:bd:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLXF9hBRd1fjp92pD6vmEbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQxMDI5MDcwNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGQ2ZGY3YTg5Y2FhMWYzZTQ1MWFlNmVjMDFmMTY4MzI4MzUwZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDG0IgvcHQHHweu9OwYPwUeNt6gP
KZY1n9mYIqvyfY62acbOuv3RDCeoPAJSiNWu9FfUd32UO9hWW6cBPCm+L0AAz+k/
zj0SZc1256GAXnOPVqR0Xaq/Vs3DkLVYdpRNQ4Bvee47+qHKWZlvu8bcoauIVvyn
ZsWInFbYpyVfa0f6u1u+0uQnjN25VtDKWupQs8yWOKMiwzf4vd8jXB1snvcFNNWu
twL1i8u7o7qFOvwY9XeUK1d8wabLwRIyoIucvXvSNIrKmW6tm3d0WVBz1riUP1ar
vk2VQGXBUGJHe5lixRQZLXEaUqgSkSk3h/IYRzwGWCQDuQRDEPwzaEUk5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH3W33qJyqHz5FGubsAfFoMoNQ2tMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZmRiZmVvbktvZlBrVWE1dXdCOFdneWcxRGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJZSuAwQA
Xh61MA0GCSqGSIb3DQEBCwUAA4IBAQCEwb943nl4fXJt8V6NeJed1IHWBz9Arqrz
vL5fr6pv50LnjMgMqoYvE7suDFl5L+w+fMCZoiLivAOhPt5glSnFLkoi7hlUwi+G
nLPMwkf+jn8Mbr5IZWxsWJKitiYJdwhbl1/sUGCvx8t4O7cqVG2yGGHjopAvAa8G
7Qeqxiv/vdbSJ3xrlvXSUrIkhXlQyR3HOl+5/a3JioYvMDuRAGHrmbtyvFxBJrDq
VRNfw7bbMSnGHIzuoBikUnuLXOgfHNQmpTtPfWmx6+m5aBWvKUTHut+xMySpLe5L
eydgqXrf2pvOIMkLid1ELEVP8gfWDxbtthVKPMxcUsKs2t516L30
-----END CERTIFICATE-----