Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/KRaIctUE-rZitETInW9pUZA5-JI.roa
File:                     KRaIctUE-rZitETInW9pUZA5-JI.roa (raw, json)
Hash identifier:          F0LpdD3Jm6RWBP30zYmM2I/78703f43RisZN4Wq/qOk=
Subject key identifier:   29:16:88:72:D5:04:FA:B6:62:B4:44:C8:9D:6F:69:51:90:39:F8:92
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       01914F073D0BC93F47293916A445204F87ED
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/KRaIctUE-rZitETInW9pUZA5-JI.roa
Signing time:             Wed 14 Aug 2024 03:55:59 +0000
ROA not before:           Wed 14 Aug 2024 03:55:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211126
IP address blocks:        195.250.27.0/24 maxlen: 24
                          195.250.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4f:07:3d:0b:c9:3f:47:29:39:16:a4:45:20:4f:87:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Aug 14 03:55:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29168872d504fab662b444c89d6f69519039f892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:af:50:d3:35:26:ce:e0:f6:8d:50:ec:66:6f:
                    92:b1:53:2e:30:2f:74:af:fe:60:e9:b6:01:f1:1c:
                    6b:a0:f0:a2:be:da:4c:b1:e9:83:7a:4c:fb:08:d4:
                    bc:d7:85:e6:e7:42:7b:b5:81:18:6b:94:5c:01:12:
                    a4:d0:a6:21:cd:76:05:28:09:a7:2a:96:91:b0:2f:
                    d7:b4:7a:74:fb:05:70:8f:78:b7:c5:2d:25:58:fa:
                    6d:ab:1b:e7:69:ae:0f:c0:af:ba:93:5f:f3:47:e4:
                    78:9d:d3:79:9a:67:68:53:1c:5f:d6:55:92:fe:ec:
                    3b:e7:19:20:d9:6c:e2:a6:b9:ef:81:50:bb:0f:52:
                    0d:cf:91:fc:d7:86:d6:a3:04:dc:b8:1c:9f:7e:7f:
                    18:a4:02:1c:c7:11:f3:a5:06:4a:63:b1:30:41:f5:
                    aa:13:13:1e:fd:6c:4f:79:d8:9c:79:06:c0:72:6b:
                    13:c7:6c:4b:49:1a:7b:e6:ec:4a:e6:99:02:f7:8b:
                    95:ea:13:9d:c2:f3:cf:07:87:7d:e3:89:e0:e8:6e:
                    3c:80:c4:82:7f:e5:b1:ca:6f:d7:08:27:9a:4f:8a:
                    0d:26:d9:f2:69:87:f9:50:a1:af:6b:c6:1b:cb:b1:
                    77:a9:e3:d7:1c:d6:77:11:ab:da:06:ac:26:8d:cc:
                    f8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:16:88:72:D5:04:FA:B6:62:B4:44:C8:9D:6F:69:51:90:39:F8:92
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/KRaIctUE-rZitETInW9pUZA5-JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.27.0-195.250.28.255

    Signature Algorithm: sha256WithRSAEncryption
         31:9f:e1:7c:dc:b0:72:3f:7d:66:c8:63:29:c4:e0:00:e4:a2:
         a8:0b:b9:07:33:c8:a8:bf:35:82:36:e2:5f:15:ba:f5:4a:83:
         91:0f:46:21:bf:91:d8:16:e0:5e:6d:31:2e:40:c4:4b:d5:9d:
         c1:0f:a3:b8:65:aa:19:18:77:a4:36:95:55:5c:f3:82:5f:d1:
         58:e1:cb:af:56:fb:0c:9a:7a:36:c0:f2:c5:44:a6:60:6b:2f:
         0d:d0:69:cc:7c:a8:58:82:db:70:69:24:16:c1:40:10:33:56:
         be:9b:62:93:b0:b2:75:64:58:66:50:a9:56:95:12:40:88:dd:
         ba:b0:3a:cc:3e:fd:c9:19:bb:f4:c9:ac:94:c1:a6:82:bc:28:
         35:17:af:4d:f8:d8:4d:9c:1b:13:1b:20:d2:25:b1:21:6d:31:
         0c:10:65:14:d8:cb:f9:06:dc:2f:16:3b:23:90:b0:a8:22:9e:
         56:72:32:a6:91:2a:18:1c:88:02:10:69:96:8f:e0:f9:1e:71:
         49:db:93:4e:94:da:53:bc:1c:a5:23:66:be:e8:24:e7:82:0a:
         8d:38:54:58:1c:6d:d5:fd:78:43:08:72:7a:49:83:80:c9:67:
         a2:c7:6b:6e:26:06:d7:5b:0e:2b:35:62:1e:33:38:ca:e0:c0:
         65:50:b2:45
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFPBz0LyT9HKTkWpEUgT4ftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjQwODE0MDM1NTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE2ODg3MmQ1MDRmYWI2NjJiNDQ0Yzg5ZDZmNjk1MTkwMzlmODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva9Q0zUmzuD2jVDsZm+SsVMuMC90
r/5g6bYB8RxroPCivtpMsemDekz7CNS814Xm50J7tYEYa5RcARKk0KYhzXYFKAmn
KpaRsC/XtHp0+wVwj3i3xS0lWPptqxvnaa4PwK+6k1/zR+R4ndN5mmdoUxxf1lWS
/uw75xkg2WziprnvgVC7D1INz5H814bWowTcuByffn8YpAIcxxHzpQZKY7EwQfWq
ExMe/WxPediceQbAcmsTx2xLSRp75uxK5pkC94uV6hOdwvPPB4d944ng6G48gMSC
f+Wxym/XCCeaT4oNJtnyaYf5UKGva8Yby7F3qePXHNZ3EavaBqwmjcz4SwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCkWiHLVBPq2YrREyJ1vaVGQOfiSMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvS1JhSWN0VUUtclppdEVUSW5XOXBVWkE1LUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADD+hsD
BADD+hwwDQYJKoZIhvcNAQELBQADggEBADGf4XzcsHI/fWbIYynE4ADkoqgLuQcz
yKi/NYI24l8VuvVKg5EPRiG/kdgW4F5tMS5AxEvVncEPo7hlqhkYd6Q2lVVc84Jf
0Vjhy69W+wyaejbA8sVEpmBrLw3Qacx8qFiC23BpJBbBQBAzVr6bYpOwsnVkWGZQ
qVaVEkCI3bqwOsw+/ckZu/TJrJTBpoK8KDUXr0342E2cGxMbINIlsSFtMQwQZRTY
y/kG3C8WOyOQsKginlZyMqaRKhgciAIQaZaP4PkecUnbk06U2lO8HKUjZr7oJOeC
Co04VFgcbdX9eEMIcnpJg4DJZ6LHa24mBtdbDis1Yh4zOMrgwGVQskU=
-----END CERTIFICATE-----