Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4348bs47Fjrt2LssiTNL6s07_G0.roa
File:                     4348bs47Fjrt2LssiTNL6s07_G0.roa (raw, json)
Hash identifier:          DxA25QIRK8PJL4PqD2YsrzQ5YMLfvZnIgcBNjTBqf1A=
Subject key identifier:   E3:7E:3C:6E:CE:3B:16:3A:ED:D8:BB:2C:89:33:4B:EA:CD:3B:FC:6D
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0194214401E02639161042D8726E8598777D
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4348bs47Fjrt2LssiTNL6s07_G0.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48347
IP address blocks:        193.104.57.0/24 maxlen: 24
                          195.43.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:01:e0:26:39:16:10:42:d8:72:6e:85:98:77:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e37e3c6ece3b163aedd8bb2c89334beacd3bfc6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:c8:f3:61:08:3c:5e:1b:88:98:c6:92:af:22:
                    1d:f5:d0:64:db:59:da:63:36:5a:f6:c7:53:72:93:
                    f7:64:da:12:76:d8:63:ac:ce:96:fc:3c:35:19:e1:
                    8d:d6:9a:e4:ee:f7:94:7b:6c:2f:a0:12:15:f5:60:
                    be:64:51:07:6c:d1:0e:a6:09:a5:cc:02:8f:cd:7e:
                    8c:0b:ce:72:32:71:3d:26:1a:70:9b:d1:0a:26:88:
                    5c:37:f6:ad:47:4e:15:8a:74:51:e4:5a:39:34:c8:
                    ef:7b:30:7a:be:eb:a0:a4:a5:73:2d:ff:5c:63:58:
                    5a:07:3c:d2:2b:ef:6f:cf:44:14:2e:bf:c8:19:9f:
                    d5:21:70:e1:0c:8c:75:df:34:1e:a4:16:cb:ce:28:
                    f6:33:60:62:8e:03:a6:fc:bd:b2:70:9d:e1:a4:20:
                    17:d7:49:a9:6a:f3:5d:ca:13:32:d4:a1:83:5a:6a:
                    af:f1:31:38:c4:a2:65:b6:21:66:df:9a:9c:03:f6:
                    bf:c6:5a:5d:96:df:6d:36:45:ad:56:99:e5:8b:14:
                    90:2f:95:56:78:fd:84:43:51:af:73:5f:59:86:7d:
                    ba:9a:a7:7a:51:ef:97:5a:05:00:27:1b:6c:70:bc:
                    f8:43:57:b4:fa:6d:6c:a6:bd:7a:8a:3e:42:7c:99:
                    60:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7E:3C:6E:CE:3B:16:3A:ED:D8:BB:2C:89:33:4B:EA:CD:3B:FC:6D
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/4348bs47Fjrt2LssiTNL6s07_G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.57.0/24
                  195.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a7:15:a4:65:8f:d9:12:8d:23:51:cf:b0:26:d9:64:75:21:
         e4:e3:bc:81:04:93:7f:07:fa:a5:84:c5:19:4c:b4:e8:d8:fe:
         a4:78:70:44:32:0e:05:82:20:2f:d1:63:d4:b6:a0:cc:ce:4c:
         c3:f4:62:24:15:11:2b:b4:97:78:55:02:e5:b6:87:af:62:f7:
         ce:1d:1a:4f:33:59:a2:23:1a:cd:00:71:32:b3:8f:64:26:ff:
         df:16:3e:10:b7:62:18:4a:e9:89:82:1a:79:b5:c0:1a:a3:eb:
         f6:39:e3:81:5c:49:08:4a:86:b2:7e:6c:03:f4:e8:e5:85:60:
         c7:b9:66:3b:a5:4d:de:a9:7f:da:ed:e9:bf:c3:4f:ed:1c:3e:
         8d:04:78:f2:51:fa:69:ad:d9:5d:56:fa:b0:55:79:a7:62:84:
         1f:94:79:7b:ca:26:e7:f3:58:a0:95:29:88:31:b1:7a:6f:45:
         e9:ac:fa:17:04:b4:9e:6f:33:89:5f:d3:8c:c1:74:bb:cd:d9:
         44:84:dc:1b:37:eb:e5:c9:2d:26:0a:0f:eb:61:c9:4f:a9:b9:
         10:3d:14:2e:6e:33:c0:99:22:71:79:bc:69:77:63:58:39:d0:
         ba:ee:c3:90:9e:11:91:43:2e:d4:67:cb:dd:d7:7f:8e:a8:f3:
         28:6b:92:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRAHgJjkWEELYcm6FmHd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdlM2M2ZWNlM2IxNjNhZWRkOGJiMmM4OTMzNGJlYWNkM2JmYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA98jzYQg8XhuImMaSryId9dBk21na
YzZa9sdTcpP3ZNoSdthjrM6W/Dw1GeGN1prk7veUe2wvoBIV9WC+ZFEHbNEOpgml
zAKPzX6MC85yMnE9Jhpwm9EKJohcN/atR04VinRR5Fo5NMjvezB6vuugpKVzLf9c
Y1haBzzSK+9vz0QULr/IGZ/VIXDhDIx13zQepBbLzij2M2BijgOm/L2ycJ3hpCAX
10mpavNdyhMy1KGDWmqv8TE4xKJltiFm35qcA/a/xlpdlt9tNkWtVpnlixSQL5VW
eP2EQ1Gvc19Zhn26mqd6Ue+XWgUAJxtscLz4Q1e0+m1spr16ij5CfJlgaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFON+PG7OOxY67di7LIkzS+rNO/xtMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvNDM0OGJzNDdGanJ0Mkxzc2lUTkw2czA3X0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWg5AwQA
wyuOMA0GCSqGSIb3DQEBCwUAA4IBAQCSpxWkZY/ZEo0jUc+wJtlkdSHk47yBBJN/
B/qlhMUZTLTo2P6keHBEMg4FgiAv0WPUtqDMzkzD9GIkFRErtJd4VQLltoevYvfO
HRpPM1miIxrNAHEys49kJv/fFj4Qt2IYSumJghp5tcAao+v2OeOBXEkISoayfmwD
9OjlhWDHuWY7pU3eqX/a7em/w0/tHD6NBHjyUfpprdldVvqwVXmnYoQflHl7yibn
81iglSmIMbF6b0XprPoXBLSebzOJX9OMwXS7zdlEhNwbN+vlyS0mCg/rYclPqbkQ
PRQubjPAmSJxebxpd2NYOdC67sOQnhGRQy7UZ8vd13+OqPMoa5Lo
-----END CERTIFICATE-----