Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/E_IIvSbgDnePwa4szd7VMD6gnys.roa
File:                     E_IIvSbgDnePwa4szd7VMD6gnys.roa (raw, json)
Hash identifier:          XolhJaC158fPYvnn4RwApw3vI0d4xDumHbsdRnhLiB8=
Subject key identifier:   13:F2:08:BD:26:E0:0E:77:8F:C1:AE:2C:CD:DE:D5:30:3E:A0:9F:2B
Certificate issuer:       /CN=4a4e2cf002d45ff9ade2ab8643adbfe083ca12d0
Certificate serial:       0194228D72C4CCAAFF6B2DEDB1307128AB46
Authority key identifier: 4A:4E:2C:F0:02:D4:5F:F9:AD:E2:AB:86:43:AD:BF:E0:83:CA:12:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/E_IIvSbgDnePwa4szd7VMD6gnys.roa
Signing time:             Wed 01 Jan 2025 15:48:02 +0000
ROA not before:           Wed 01 Jan 2025 15:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202462
IP address blocks:        194.113.240.0/23 maxlen: 23
                          2001:67c:97c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:72:c4:cc:aa:ff:6b:2d:ed:b1:30:71:28:ab:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a4e2cf002d45ff9ade2ab8643adbfe083ca12d0
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13f208bd26e00e778fc1ae2ccdded5303ea09f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:68:4f:71:6c:93:28:b5:17:12:25:46:84:9f:
                    b1:74:38:a1:24:0f:cb:83:80:8d:9b:af:00:71:2a:
                    52:8a:d9:9e:61:6e:b9:74:d0:85:24:e0:95:e3:44:
                    a7:90:50:7a:3c:d8:1c:f7:23:66:a1:13:6f:e9:4d:
                    d0:79:ea:aa:7c:ce:55:cf:1e:8a:d5:2c:7a:1a:60:
                    22:3d:e2:b8:36:ad:bf:57:86:a0:5a:ee:b8:fe:65:
                    47:11:7e:96:74:9f:24:a9:99:c9:ab:94:65:cc:e6:
                    e3:49:3a:1c:d6:91:ed:10:46:68:17:26:23:91:52:
                    87:00:f2:88:7a:8f:00:00:cf:cd:8b:c1:9a:67:d4:
                    2f:b0:a8:93:f5:ac:ca:be:ef:38:ca:d5:d0:01:f1:
                    0f:98:b5:62:6b:d2:7c:5e:70:9c:47:98:45:70:5e:
                    53:d2:d4:1b:b7:f4:27:7c:73:af:7e:47:27:55:96:
                    3a:3a:46:1d:f8:b3:7a:a7:83:cd:65:ae:a6:61:af:
                    cc:96:57:d0:53:08:81:16:81:65:ca:11:e8:ae:97:
                    91:30:ed:f0:db:28:ff:55:0b:33:08:5d:c4:cb:ff:
                    65:7d:1b:b9:9e:81:24:5c:01:39:3f:a6:23:e8:42:
                    39:bc:88:9a:5c:43:7d:51:92:df:8e:cc:8d:e4:36:
                    96:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:F2:08:BD:26:E0:0E:77:8F:C1:AE:2C:CD:DE:D5:30:3E:A0:9F:2B
            X509v3 Authority Key Identifier:
                keyid:4A:4E:2C:F0:02:D4:5F:F9:AD:E2:AB:86:43:AD:BF:E0:83:CA:12:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/E_IIvSbgDnePwa4szd7VMD6gnys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.240.0/23
                IPv6:
                  2001:67c:97c::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:fb:75:0d:18:ab:20:dc:fd:f2:1e:1b:fa:55:1d:35:a3:04:
         eb:eb:22:70:68:14:00:a3:f3:79:71:b5:44:6c:b6:8c:ba:91:
         5a:dc:08:81:7b:18:8a:da:d0:61:fa:d1:17:fc:fe:bb:7c:8c:
         19:5a:ab:10:40:65:99:14:ca:86:2b:1c:79:e8:14:8f:8b:34:
         37:bb:1d:bd:7e:48:44:27:04:46:0f:25:a0:8c:b9:e4:bc:e3:
         f7:ab:99:a4:d4:03:4d:26:3b:99:4a:5d:03:5b:0a:93:0e:23:
         8b:f1:ab:85:77:61:d1:a4:05:5a:3b:6e:db:7a:82:bb:c5:45:
         82:8a:28:28:c2:60:4f:48:4f:72:c5:b1:91:d4:3b:24:8e:57:
         0d:3e:13:77:5c:5f:ed:b2:3d:d2:4c:a8:e7:95:75:b4:48:15:
         9b:f1:7c:b2:d8:41:6b:6b:9e:37:8a:3d:a7:ac:b9:15:e0:e1:
         d9:13:76:9f:47:2b:07:37:41:b3:74:7d:17:52:66:f7:b4:fe:
         cb:42:f8:ac:95:34:a0:d1:c1:57:4b:0d:3d:ef:47:1f:bc:96:
         91:c1:8a:fe:77:17:74:ef:ec:b1:04:a8:8f:87:f7:92:80:50:
         1c:22:e5:c3:bb:7c:99:40:5f:1f:fc:f1:1c:ca:67:8e:01:c2:
         68:d7:51:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijXLEzKr/ay3tsTBxKKtGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNGUyY2YwMDJkNDVmZjlhZGUyYWI4NjQzYWRiZmUwODNj
YTEyZDAwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2YyMDhiZDI2ZTAwZTc3OGZjMWFlMmNjZGRlZDUzMDNlYTA5ZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGhPcWyTKLUXEiVGhJ+xdDihJA/L
g4CNm68AcSpSitmeYW65dNCFJOCV40SnkFB6PNgc9yNmoRNv6U3QeeqqfM5Vzx6K
1Sx6GmAiPeK4Nq2/V4agWu64/mVHEX6WdJ8kqZnJq5RlzObjSToc1pHtEEZoFyYj
kVKHAPKIeo8AAM/Ni8GaZ9QvsKiT9azKvu84ytXQAfEPmLVia9J8XnCcR5hFcF5T
0tQbt/QnfHOvfkcnVZY6OkYd+LN6p4PNZa6mYa/MllfQUwiBFoFlyhHorpeRMO3w
2yj/VQszCF3Ey/9lfRu5noEkXAE5P6Yj6EI5vIiaXEN9UZLfjsyN5DaWJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBPyCL0m4A53j8GuLM3e1TA+oJ8rMB8GA1UdIwQY
MBaAFEpOLPAC1F/5reKrhkOtv+CDyhLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2s0czhBTFVYX210NHF1R1E2Ml80SVBLRXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zMDg3OWMtOTc2Ni00YTA1LWFkYmYt
OWFjODFlZjQ1OTJjLzEvRV9JSXZTYmdEbmVQd2E0c3pkN1ZNRDZnbnlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zMDg3OWMtOTc2Ni00YTA1LWFkYmYtOWFjODFlZjQ1OTJj
LzEvU2s0czhBTFVYX210NHF1R1E2Ml80SVBLRXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwnHwMA8E
AgACMAkDBwAgAQZ8CXwwDQYJKoZIhvcNAQELBQADggEBAMH7dQ0YqyDc/fIeG/pV
HTWjBOvrInBoFACj83lxtURstoy6kVrcCIF7GIra0GH60Rf8/rt8jBlaqxBAZZkU
yoYrHHnoFI+LNDe7Hb1+SEQnBEYPJaCMueS84/ermaTUA00mO5lKXQNbCpMOI4vx
q4V3YdGkBVo7btt6grvFRYKKKCjCYE9IT3LFsZHUOySOVw0+E3dcX+2yPdJMqOeV
dbRIFZvxfLLYQWtrnjeKPaesuRXg4dkTdp9HKwc3QbN0fRdSZve0/stC+KyVNKDR
wVdLDT3vRx+8lpHBiv53F3Tv7LEEqI+H95KAUBwi5cO7fJlAXx/88RzKZ44BwmjX
UUU=
-----END CERTIFICATE-----