Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/koGXGlmTeestynS-D79F1iRgKe8.roa
File:                     koGXGlmTeestynS-D79F1iRgKe8.roa (raw, json)
Hash identifier:          t/wGg6Ba4t68swMex8wPDhVXcBtDTQUAFrp4xf0H+oE=
Subject key identifier:   92:81:97:1A:59:93:79:EB:2D:CA:74:BE:0F:BF:45:D6:24:60:29:EF
Certificate issuer:       /CN=699710a1693710ac835f0b6745f90d2d680a1200
Certificate serial:       01942144525C7CB7F9AB52019C6D705C885A
Authority key identifier: 69:97:10:A1:69:37:10:AC:83:5F:0B:67:45:F9:0D:2D:68:0A:12:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/koGXGlmTeestynS-D79F1iRgKe8.roa
Signing time:             Wed 01 Jan 2025 09:48:33 +0000
ROA not before:           Wed 01 Jan 2025 09:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52075
IP address blocks:        193.30.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:52:5c:7c:b7:f9:ab:52:01:9c:6d:70:5c:88:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699710a1693710ac835f0b6745f90d2d680a1200
        Validity
            Not Before: Jan  1 09:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9281971a599379eb2dca74be0fbf45d6246029ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:31:3b:c5:94:86:26:7a:54:5d:2c:9d:d5:af:
                    47:09:e6:1c:3c:d4:b3:a9:e4:79:71:b6:95:37:98:
                    f1:52:81:6f:c4:29:98:8f:b7:25:d0:b4:09:46:f8:
                    53:45:85:05:25:19:88:53:0a:a4:47:d3:f0:f0:1a:
                    aa:8e:86:b1:b2:16:39:9a:b0:13:94:e2:8c:1b:69:
                    e3:10:4d:cc:63:df:00:f5:c6:a8:28:2b:7a:15:f8:
                    d8:e5:87:03:c9:6a:db:54:28:2b:47:5c:ef:90:a5:
                    06:4b:5c:e4:62:16:b2:0c:fc:d1:4d:34:37:55:99:
                    e2:9f:72:8c:a6:ec:64:8b:60:23:a8:5d:bf:d6:0a:
                    a3:e6:cb:3b:24:4f:cf:30:5b:d9:25:a3:42:df:27:
                    9a:7f:ec:b9:a2:6d:e0:65:0b:8c:db:6c:aa:74:4e:
                    0f:09:4d:a1:35:dd:e8:23:93:dc:bf:5e:4a:56:bc:
                    a0:76:2e:49:77:ae:b4:32:37:d8:46:28:a1:4f:48:
                    e9:74:3e:d0:42:bf:cb:6f:6e:4c:5e:ec:23:85:83:
                    b9:a5:8d:68:84:63:2a:8b:cf:a7:99:c2:d5:dc:59:
                    2e:8e:33:ff:98:df:6a:3c:b7:a4:06:bc:c2:84:22:
                    76:83:aa:c4:28:20:7a:f7:7e:df:73:9d:a0:21:64:
                    b5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:81:97:1A:59:93:79:EB:2D:CA:74:BE:0F:BF:45:D6:24:60:29:EF
            X509v3 Authority Key Identifier:
                keyid:69:97:10:A1:69:37:10:AC:83:5F:0B:67:45:F9:0D:2D:68:0A:12:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZcQoWk3EKyDXwtnRfkNLWgKEgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/koGXGlmTeestynS-D79F1iRgKe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07745c-47c1-4002-950f-29b98ecdff12/1/aZcQoWk3EKyDXwtnRfkNLWgKEgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:cd:46:f9:fd:61:e0:89:88:ac:95:3e:d0:cf:67:d3:d8:46:
         13:fa:ce:86:e1:70:74:ad:f4:5c:f4:71:52:c5:d8:06:e6:de:
         9f:a6:8f:f7:4c:55:53:4c:25:f4:c9:49:9f:5f:fb:8e:33:31:
         6b:51:6b:16:51:f3:d1:2f:90:2e:03:26:71:df:8f:b3:0a:22:
         1f:fa:b0:99:08:18:0a:84:60:a8:8b:06:3c:5f:bd:20:db:f3:
         45:50:5e:5d:9f:c3:ad:0f:f2:92:7b:12:a6:b7:e4:9b:9d:92:
         bc:76:55:9d:6b:ca:a3:14:6f:92:30:b8:50:84:f3:6b:75:4a:
         e5:9b:5c:69:0d:02:a3:97:b8:b8:b8:e5:0b:b2:1a:19:a3:11:
         11:9a:10:54:13:08:ff:e2:75:4d:de:de:97:be:05:aa:cb:21:
         dd:46:48:f1:a3:f2:a7:e5:89:f8:70:38:5a:ce:67:b7:da:74:
         ea:91:f4:a5:70:68:d4:71:8d:83:9c:e2:aa:f4:06:86:f0:b4:
         a5:7e:00:ba:bd:85:b8:46:1c:10:e9:b8:66:a2:21:53:95:22:
         68:e7:e1:bf:d2:c5:5e:7e:98:37:20:83:00:9e:ca:9b:d6:6f:
         c6:39:8d:1d:42:27:ae:93:31:ab:51:25:29:dd:f7:38:32:8e:
         3a:c0:4f:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRFJcfLf5q1IBnG1wXIhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTcxMGExNjkzNzEwYWM4MzVmMGI2NzQ1ZjkwZDJkNjgw
YTEyMDAwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjgxOTcxYTU5OTM3OWViMmRjYTc0YmUwZmJmNDVkNjI0NjAyOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTE7xZSGJnpUXSyd1a9HCeYcPNSz
qeR5cbaVN5jxUoFvxCmYj7cl0LQJRvhTRYUFJRmIUwqkR9Pw8BqqjoaxshY5mrAT
lOKMG2njEE3MY98A9caoKCt6FfjY5YcDyWrbVCgrR1zvkKUGS1zkYhayDPzRTTQ3
VZnin3KMpuxki2AjqF2/1gqj5ss7JE/PMFvZJaNC3yeaf+y5om3gZQuM22yqdE4P
CU2hNd3oI5Pcv15KVrygdi5Jd660MjfYRiihT0jpdD7QQr/Lb25MXuwjhYO5pY1o
hGMqi8+nmcLV3FkujjP/mN9qPLekBrzChCJ2g6rEKCB6937fc52gIWS1HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKBlxpZk3nrLcp0vg+/RdYkYCnvMB8GA1UdIwQY
MBaAFGmXEKFpNxCsg18LZ0X5DS1oChIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpjUW9XazNFS3lEWHd0blJma05MV2dLRWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wNzc0NWMtNDdjMS00MDAyLTk1MGYt
MjliOThlY2RmZjEyLzEva29HWEdsbVRlZXN0eW5TLUQ3OUYxaVJnS2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wNzc0NWMtNDdjMS00MDAyLTk1MGYtMjliOThlY2RmZjEy
LzEvYVpjUW9XazNFS3lEWHd0blJma05MV2dLRWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5vMA0G
CSqGSIb3DQEBCwUAA4IBAQC9zUb5/WHgiYislT7Qz2fT2EYT+s6G4XB0rfRc9HFS
xdgG5t6fpo/3TFVTTCX0yUmfX/uOMzFrUWsWUfPRL5AuAyZx34+zCiIf+rCZCBgK
hGCoiwY8X70g2/NFUF5dn8OtD/KSexKmt+SbnZK8dlWda8qjFG+SMLhQhPNrdUrl
m1xpDQKjl7i4uOULshoZoxERmhBUEwj/4nVN3t6XvgWqyyHdRkjxo/Kn5Yn4cDha
zme32nTqkfSlcGjUcY2DnOKq9AaG8LSlfgC6vYW4RhwQ6bhmoiFTlSJo5+G/0sVe
fpg3IIMAnsqb1m/GOY0dQieukzGrUSUp3fc4Mo46wE/y
-----END CERTIFICATE-----