Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/cg7jH9-I6Sn6WdXYTmWfVhQ7Xn0.roa
File:                     cg7jH9-I6Sn6WdXYTmWfVhQ7Xn0.roa (raw, json)
Hash identifier:          cVUrCQ+Jcsq9Mn5dT+aT2qa5NAQFm14m98Qkj8hsxLI=
Subject key identifier:   72:0E:E3:1F:DF:88:E9:29:FA:59:D5:D8:4E:65:9F:56:14:3B:5E:7D
Certificate issuer:       /CN=28ab22fb2da473c5426bfcc1f880861004017087
Certificate serial:       0194282726DC443EFDB66E68ECF7D241F745
Authority key identifier: 28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/cg7jH9-I6Sn6WdXYTmWfVhQ7Xn0.roa
Signing time:             Thu 02 Jan 2025 17:54:01 +0000
ROA not before:           Thu 02 Jan 2025 17:54:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.85.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:26:dc:44:3e:fd:b6:6e:68:ec:f7:d2:41:f7:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ab22fb2da473c5426bfcc1f880861004017087
        Validity
            Not Before: Jan  2 17:54:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=720ee31fdf88e929fa59d5d84e659f56143b5e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:61:ff:9e:54:f1:5b:7d:24:c2:bf:a9:e9:d5:
                    d9:bb:c8:ce:63:be:24:bf:3e:bf:ef:09:78:69:e7:
                    2f:6b:dd:c3:1f:e9:37:80:e4:87:1e:84:90:a6:f4:
                    9a:8b:64:71:a7:40:39:43:a5:ea:eb:ff:34:ae:0b:
                    27:b3:41:2c:42:4d:a6:4d:68:e6:35:e1:21:56:76:
                    9f:b8:ca:c9:65:ee:b5:c9:8b:cd:81:33:0a:ef:3f:
                    a6:fd:45:a1:4f:9e:5b:45:c6:6a:58:17:36:24:67:
                    a2:18:1b:4a:9c:29:28:2f:40:33:eb:6d:29:d1:70:
                    6e:49:21:14:6a:71:60:eb:3f:3f:21:e4:63:ad:92:
                    d4:9c:f4:88:0b:b0:eb:8c:38:9e:a2:49:11:a2:20:
                    60:b1:d2:08:b5:5f:e6:76:17:d3:87:c9:16:ee:ef:
                    be:21:03:0e:b3:f0:51:53:1f:35:42:67:ac:e8:47:
                    ef:b0:1f:a0:76:fd:09:c7:9f:2c:72:3a:41:4e:f6:
                    94:18:88:21:b6:68:bd:ce:1f:ae:82:c6:c8:69:55:
                    92:26:a2:1b:ab:b6:1f:05:9f:f7:12:5e:53:3d:4c:
                    1d:55:1c:2b:c5:02:c7:2c:67:c7:d8:f5:5a:e5:5a:
                    9c:a7:d7:d1:d2:66:e1:12:39:3e:2e:2e:32:45:40:
                    53:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0E:E3:1F:DF:88:E9:29:FA:59:D5:D8:4E:65:9F:56:14:3B:5E:7D
            X509v3 Authority Key Identifier:
                keyid:28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/cg7jH9-I6Sn6WdXYTmWfVhQ7Xn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b9:51:c3:d0:9c:e3:f6:47:12:55:22:47:d4:16:42:39:8d:
         3e:b2:17:83:ba:6d:99:c8:cb:9b:b0:f6:41:65:73:ae:76:cf:
         48:9c:26:c5:2d:5d:f8:5a:23:91:b9:e3:e4:5c:62:10:6d:19:
         1c:02:b3:0f:b7:85:26:19:95:6f:5a:64:39:c9:ad:48:8a:d4:
         0e:9b:af:f7:04:c3:2d:ae:f7:9b:3a:2e:2a:ca:91:12:b5:cb:
         ae:d0:39:f4:98:5f:4b:ab:e3:76:7a:04:f5:5d:a8:d0:bd:92:
         f1:98:03:11:5e:95:b0:b6:ac:ad:91:c9:bf:4c:f8:2e:bb:a0:
         84:91:96:a4:cf:0d:32:41:cd:20:78:ab:3c:41:a0:a7:b6:cc:
         34:f5:46:af:48:27:7e:64:bc:6b:e8:41:6b:39:f4:45:7f:e2:
         e7:15:1f:8b:df:d0:16:39:54:26:f7:4b:3c:b2:1e:4b:3b:0a:
         a0:fb:79:92:54:4d:5d:e3:64:02:e6:d9:e1:ee:d1:b1:58:e7:
         63:ec:00:a9:50:dc:9f:fd:df:0c:51:d0:ce:14:f3:c4:82:f7:
         07:06:a5:7e:9b:0a:fe:ef:2f:79:fe:e5:f4:a2:23:8b:fa:60:
         b4:24:24:60:41:b6:40:02:47:b5:8f:69:c1:f9:b8:fc:e1:20:
         a7:b9:64:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJybcRD79tm5o7PfSQfdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWIyMmZiMmRhNDczYzU0MjZiZmNjMWY4ODA4NjEwMDQw
MTcwODcwHhcNMjUwMTAyMTc1NDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjBlZTMxZmRmODhlOTI5ZmE1OWQ1ZDg0ZTY1OWY1NjE0M2I1ZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2H/nlTxW30kwr+p6dXZu8jOY74k
vz6/7wl4aecva93DH+k3gOSHHoSQpvSai2Rxp0A5Q6Xq6/80rgsns0EsQk2mTWjm
NeEhVnafuMrJZe61yYvNgTMK7z+m/UWhT55bRcZqWBc2JGeiGBtKnCkoL0Az620p
0XBuSSEUanFg6z8/IeRjrZLUnPSIC7DrjDieokkRoiBgsdIItV/mdhfTh8kW7u++
IQMOs/BRUx81Qmes6EfvsB+gdv0Jx58scjpBTvaUGIghtmi9zh+ugsbIaVWSJqIb
q7YfBZ/3El5TPUwdVRwrxQLHLGfH2PVa5Vqcp9fR0mbhEjk+Li4yRUBTLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIO4x/fiOkp+lnV2E5ln1YUO159MB8GA1UdIwQY
MBaAFCirIvstpHPFQmv8wfiAhhAEAXCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMt
M2ExNTk1ZmM4NmVmLzEvY2c3akg5LUk2U242V2RYWVRtV2ZWaFE3WG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMtM2ExNTk1ZmM4NmVm
LzEvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1UMMA0G
CSqGSIb3DQEBCwUAA4IBAQB4uVHD0Jzj9kcSVSJH1BZCOY0+sheDum2ZyMubsPZB
ZXOuds9InCbFLV34WiORuePkXGIQbRkcArMPt4UmGZVvWmQ5ya1IitQOm6/3BMMt
rvebOi4qypEStcuu0Dn0mF9Lq+N2egT1XajQvZLxmAMRXpWwtqytkcm/TPguu6CE
kZakzw0yQc0geKs8QaCntsw09UavSCd+ZLxr6EFrOfRFf+LnFR+L39AWOVQm90s8
sh5LOwqg+3mSVE1d42QC5tnh7tGxWOdj7ACpUNyf/d8MUdDOFPPEgvcHBqV+mwr+
7y95/uX0oiOL+mC0JCRgQbZAAke1j2nB+bj84SCnuWT1
-----END CERTIFICATE-----