Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/prsVOyRGU3MtYYx93kWm773j8G4.roa
File:                     prsVOyRGU3MtYYx93kWm773j8G4.roa (raw, json)
Hash identifier:          XFsscFozdK/fanLtH4eqsqCTvm9rcJcpt7EZvhsiimc=
Subject key identifier:   A6:BB:15:3B:24:46:53:73:2D:61:8C:7D:DE:45:A6:EF:BD:E3:F0:6E
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       019427B3D8E4B4038630B225BCD0E47D526F
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/prsVOyRGU3MtYYx93kWm773j8G4.roa
Signing time:             Thu 02 Jan 2025 15:48:05 +0000
ROA not before:           Thu 02 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9989
IP address blocks:        57.250.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:d8:e4:b4:03:86:30:b2:25:bc:d0:e4:7d:52:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6bb153b244653732d618c7dde45a6efbde3f06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e8:c6:6a:95:ec:5a:be:94:f8:a7:37:a9:c7:
                    7c:c3:41:11:26:95:b0:72:1d:5b:57:c3:2b:dc:1d:
                    71:38:e4:be:26:4b:3e:9c:c9:42:b3:6b:f8:33:91:
                    2f:1b:40:12:73:9b:4f:20:4c:39:fa:25:bb:f6:a2:
                    20:b9:85:86:72:f2:74:80:04:45:86:16:0c:d1:74:
                    36:a5:6c:84:d3:bc:29:70:cc:e1:fd:75:ac:96:6f:
                    31:b0:5a:65:ec:0c:e6:b8:9a:f0:4f:31:62:37:fa:
                    9e:56:b7:27:95:88:6e:b0:3f:0a:ea:59:ef:69:1c:
                    9c:49:83:65:ea:c4:9f:e6:d0:f7:7c:58:35:21:af:
                    8d:20:be:e1:27:1c:16:9a:8e:d4:b0:70:78:da:bd:
                    2e:21:bc:85:83:fa:0c:15:a3:2c:7f:70:f9:8c:79:
                    d7:79:7e:3f:53:48:c7:0c:f6:5a:5a:cb:3e:f6:d9:
                    43:5d:7a:9b:2d:f5:7a:d4:13:69:b1:fa:f9:7c:aa:
                    0d:3f:8a:e9:de:f3:0d:54:25:93:46:39:61:8b:a9:
                    af:fc:2e:77:f7:f2:30:da:19:a8:50:d6:35:10:01:
                    01:65:4b:95:8b:4f:57:0b:2a:b8:1c:a6:8d:83:00:
                    49:64:34:41:0b:7b:36:23:84:a2:21:cc:fc:45:b6:
                    35:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:BB:15:3B:24:46:53:73:2D:61:8C:7D:DE:45:A6:EF:BD:E3:F0:6E
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/prsVOyRGU3MtYYx93kWm773j8G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d3:a2:aa:e4:b3:45:dd:77:0a:85:87:45:cb:42:e5:28:32:
         ff:45:d9:59:00:b5:90:c6:df:f6:62:c1:50:68:02:63:2b:86:
         9a:61:6e:62:10:90:88:19:d5:f0:d7:cb:bb:b0:1e:41:e5:6c:
         e5:82:38:79:39:dd:73:80:cd:ce:60:b1:04:ec:fa:b4:95:93:
         84:08:ce:38:4d:d0:30:81:63:e0:de:07:1e:5d:a2:4b:49:a2:
         af:01:0f:b2:9d:f8:01:92:97:b7:dc:68:74:cf:9d:67:f5:4b:
         67:c9:a8:62:f5:d3:30:5d:e0:a8:2e:cd:6c:62:3b:ab:61:4e:
         54:f8:68:60:e4:50:7e:61:b2:64:99:f3:ea:3a:08:57:76:85:
         9f:68:28:52:c0:c3:7b:35:37:09:dc:53:2e:56:8e:37:ff:45:
         0f:d3:b1:5f:c8:8d:6e:81:a5:ca:ac:9f:b1:9d:1a:0f:74:ec:
         4c:c5:53:c6:33:88:3f:4c:14:db:85:46:d5:48:78:c8:19:ed:
         26:37:46:b6:c1:68:4b:8c:fc:13:af:75:2a:d5:17:4d:0a:7d:
         eb:db:a8:ec:64:30:b2:99:0a:1b:d6:2f:ad:e5:00:aa:0c:17:
         23:72:84:6d:ff:d5:6f:a3:6a:a4:6c:63:aa:de:7c:61:75:c3:
         e9:42:0f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns9jktAOGMLIlvNDkfVJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjUwMTAyMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmJiMTUzYjI0NDY1MzczMmQ2MThjN2RkZTQ1YTZlZmJkZTNmMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwejGapXsWr6U+Kc3qcd8w0ERJpWw
ch1bV8Mr3B1xOOS+Jks+nMlCs2v4M5EvG0ASc5tPIEw5+iW79qIguYWGcvJ0gARF
hhYM0XQ2pWyE07wpcMzh/XWslm8xsFpl7AzmuJrwTzFiN/qeVrcnlYhusD8K6lnv
aRycSYNl6sSf5tD3fFg1Ia+NIL7hJxwWmo7UsHB42r0uIbyFg/oMFaMsf3D5jHnX
eX4/U0jHDPZaWss+9tlDXXqbLfV61BNpsfr5fKoNP4rp3vMNVCWTRjlhi6mv/C53
9/Iw2hmoUNY1EAEBZUuVi09XCyq4HKaNgwBJZDRBC3s2I4SiIcz8RbY1kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKa7FTskRlNzLWGMfd5Fpu+94/BuMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvcHJzVk95UkdVM010WVl4OTNrV203NzNqOEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOfowMA0G
CSqGSIb3DQEBCwUAA4IBAQBO06Kq5LNF3XcKhYdFy0LlKDL/RdlZALWQxt/2YsFQ
aAJjK4aaYW5iEJCIGdXw18u7sB5B5Wzlgjh5Od1zgM3OYLEE7Pq0lZOECM44TdAw
gWPg3gceXaJLSaKvAQ+ynfgBkpe33Gh0z51n9Utnyahi9dMwXeCoLs1sYjurYU5U
+Ghg5FB+YbJkmfPqOghXdoWfaChSwMN7NTcJ3FMuVo43/0UP07FfyI1ugaXKrJ+x
nRoPdOxMxVPGM4g/TBTbhUbVSHjIGe0mN0a2wWhLjPwTr3Uq1RdNCn3r26jsZDCy
mQob1i+t5QCqDBcjcoRt/9Vvo2qkbGOq3nxhdcPpQg9R
-----END CERTIFICATE-----