Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/rpMKo0baZdPqRPqlkYdACo6a3P0.roa
File:                     rpMKo0baZdPqRPqlkYdACo6a3P0.roa (raw, json)
Hash identifier:          HTnTb+0/EFAi/eXd0bEmB23wAYwHBXAEwiEqoddfA3o=
Subject key identifier:   AE:93:0A:A3:46:DA:65:D3:EA:44:FA:A5:91:87:40:0A:8E:9A:DC:FD
Certificate issuer:       /CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
Certificate serial:       019425216ED5C53C792A2ADBEA6FE5116419
Authority key identifier: F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/rpMKo0baZdPqRPqlkYdACo6a3P0.roa
Signing time:             Thu 02 Jan 2025 03:48:55 +0000
ROA not before:           Thu 02 Jan 2025 03:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25180
IP address blocks:        195.149.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6e:d5:c5:3c:79:2a:2a:db:ea:6f:e5:11:64:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae930aa346da65d3ea44faa59187400a8e9adcfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:0d:ae:e5:47:fe:8c:4f:1c:fc:5e:0e:6e:
                    3f:63:82:ac:d9:dd:5d:43:1f:e3:7e:b7:f3:a9:75:
                    bb:ba:a0:a9:e2:5e:84:86:e1:a8:fb:f8:28:bb:bc:
                    49:b7:d8:31:d9:9e:9b:02:df:07:9b:c8:b3:45:53:
                    af:50:07:d0:a8:5a:49:04:44:88:1d:f6:5a:b0:63:
                    b3:54:eb:15:28:f6:9a:12:21:30:82:62:64:54:60:
                    d4:3f:a6:54:bf:47:b9:55:4d:9b:dd:42:1c:b1:8a:
                    e5:07:ce:ea:34:cd:a7:45:79:7d:0f:54:6d:f5:cf:
                    96:b3:47:70:44:21:67:82:c9:c8:c7:5e:a1:f6:56:
                    2c:bf:b2:71:ab:69:58:7c:74:e8:e8:eb:b8:01:c2:
                    69:b9:b4:3d:e8:e6:ce:d1:a8:22:8f:c0:a3:d1:f1:
                    81:66:9a:c8:e3:1b:58:7e:44:17:25:0c:d7:16:7e:
                    a0:3d:4a:95:c4:3d:5c:a3:57:72:23:3b:4d:4c:4a:
                    ae:3c:31:72:73:da:b3:ea:22:49:d4:d7:74:99:0c:
                    b2:59:82:b7:ab:d0:98:11:3c:fa:b4:75:11:2f:43:
                    cb:88:7d:98:31:75:b8:da:63:86:1a:09:0e:4d:61:
                    43:fe:6d:98:61:dd:db:e3:00:d2:58:84:a9:6f:43:
                    cb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:93:0A:A3:46:DA:65:D3:EA:44:FA:A5:91:87:40:0A:8E:9A:DC:FD
            X509v3 Authority Key Identifier:
                keyid:F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/rpMKo0baZdPqRPqlkYdACo6a3P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:5e:fc:c7:46:49:0e:0d:70:2e:1b:09:64:6e:ec:1a:ab:98:
         4a:39:2f:91:85:0f:3a:d0:83:0b:a1:c8:b8:71:81:e1:73:77:
         d1:23:ad:9f:26:6e:94:d2:33:58:b2:cc:f6:82:92:74:cf:f4:
         b1:da:8e:58:0e:9d:a2:36:e5:07:7f:4f:a8:39:14:0d:8f:a1:
         e5:7c:98:78:25:f2:03:55:b3:50:f4:4e:11:c8:f0:74:44:ff:
         42:d2:b3:db:de:27:0e:92:5f:b8:1e:a2:c6:37:bf:10:92:7f:
         a2:17:16:9e:36:4b:ff:cf:58:ea:8d:0a:78:28:d9:7c:23:5f:
         89:2e:a7:ec:35:2f:be:cf:d3:1a:fb:d1:ed:c0:98:3c:05:4c:
         b7:2a:9a:eb:00:d6:12:3f:b3:bd:a5:ef:b2:4e:d0:8b:ad:fa:
         cd:f4:31:b5:cf:f5:c2:32:52:aa:a1:f8:4b:6a:c1:61:9a:58:
         07:8c:a5:44:58:a1:d5:a0:bb:48:c0:a1:3f:51:a3:b4:15:e7:
         2f:a0:e2:bb:08:13:58:e2:f4:3e:10:54:82:d9:69:58:cd:d5:
         b5:ce:18:37:5b:6b:de:c6:2c:02:10:52:b0:7a:9b:f6:45:74:
         1c:f0:4b:4c:f6:77:69:3a:2e:b9:da:c8:db:f0:01:7f:e5:a3:
         cc:e3:89:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIW7VxTx5Kirb6m/lEWQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YThiNzBhYTEwMDY5YjU1MTVhOWNiM2MxNDliODg1Yjdh
MTI4MzQwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkzMGFhMzQ2ZGE2NWQzZWE0NGZhYTU5MTg3NDAwYThlOWFkY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrsNruVH/oxPHPxeDm4/Y4Ks2d1d
Qx/jfrfzqXW7uqCp4l6EhuGo+/gou7xJt9gx2Z6bAt8Hm8izRVOvUAfQqFpJBESI
HfZasGOzVOsVKPaaEiEwgmJkVGDUP6ZUv0e5VU2b3UIcsYrlB87qNM2nRXl9D1Rt
9c+Ws0dwRCFngsnIx16h9lYsv7Jxq2lYfHTo6Ou4AcJpubQ96ObO0agij8Cj0fGB
ZprI4xtYfkQXJQzXFn6gPUqVxD1co1dyIztNTEquPDFyc9qz6iJJ1Nd0mQyyWYK3
q9CYETz6tHURL0PLiH2YMXW42mOGGgkOTWFD/m2YYd3b4wDSWISpb0PLBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6TCqNG2mXT6kT6pZGHQAqOmtz9MB8GA1UdIwQY
MBaAFPeotwqhAGm1UVqcs8FJuIW3oSg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEt
OWQwNzQzMzcwNDk1LzEvcnBNS28wYmFaZFBxUlBxbGtZZEFDbzZhM1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEtOWQwNzQzMzcwNDk1
LzEvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5V5MA0G
CSqGSIb3DQEBCwUAA4IBAQAlXvzHRkkODXAuGwlkbuwaq5hKOS+RhQ860IMLoci4
cYHhc3fRI62fJm6U0jNYssz2gpJ0z/Sx2o5YDp2iNuUHf0+oORQNj6HlfJh4JfID
VbNQ9E4RyPB0RP9C0rPb3icOkl+4HqLGN78Qkn+iFxaeNkv/z1jqjQp4KNl8I1+J
LqfsNS++z9Ma+9HtwJg8BUy3KprrANYSP7O9pe+yTtCLrfrN9DG1z/XCMlKqofhL
asFhmlgHjKVEWKHVoLtIwKE/UaO0FecvoOK7CBNY4vQ+EFSC2WlYzdW1zhg3W2ve
xiwCEFKwepv2RXQc8EtM9ndpOi652sjb8AF/5aPM44nV
-----END CERTIFICATE-----