Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/N2B1iU0YSzB2x_40oFW-BcBZpSE.roa
File:                     N2B1iU0YSzB2x_40oFW-BcBZpSE.roa (raw, json)
Hash identifier:          3Bt9biLCnw654O83mAV6T9k7ZnWMTrPShbMbJlnWNIs=
Subject key identifier:   37:60:75:89:4D:18:4B:30:76:C7:FE:34:A0:55:BE:05:C0:59:A5:21
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       0194236A0D0C8E89E8FDA27C527C0571327D
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/N2B1iU0YSzB2x_40oFW-BcBZpSE.roa
Signing time:             Wed 01 Jan 2025 19:49:00 +0000
ROA not before:           Wed 01 Jan 2025 19:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60064
IP address blocks:        146.19.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0d:0c:8e:89:e8:fd:a2:7c:52:7c:05:71:32:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 19:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=376075894d184b3076c7fe34a055be05c059a521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2e:e2:62:9c:da:bd:62:10:b3:0f:91:49:ab:
                    de:35:bf:db:4f:27:ba:df:0a:f9:8b:52:54:ad:6a:
                    cd:48:81:ee:8a:9a:93:a7:4a:4d:a9:1e:cb:63:50:
                    78:af:f8:ef:32:18:8d:ee:c6:0e:cd:ce:6d:75:9f:
                    d1:c3:f9:19:d5:14:5d:89:31:27:35:ab:c6:aa:d0:
                    32:a9:2b:91:d9:83:25:f0:c0:37:9b:3b:69:e4:0e:
                    b5:08:db:19:a3:3a:ea:70:13:04:7e:3f:82:ab:9b:
                    0b:91:ca:d9:64:55:ca:b1:e7:4c:c4:58:a9:da:c4:
                    e0:02:47:55:27:46:44:7b:09:f4:46:c0:84:05:a1:
                    f1:5b:8a:b0:91:c7:fa:95:6f:f1:fe:26:3f:d1:dd:
                    77:32:9d:4b:bf:d8:79:cc:65:28:d9:3d:d8:87:71:
                    40:80:5e:86:60:8a:5a:f2:82:a0:e1:4f:48:47:a6:
                    09:ce:a1:45:75:f3:40:b6:37:fb:43:33:09:63:4e:
                    7e:e8:3b:2d:ac:97:6f:1b:6c:72:48:ec:3b:e0:ec:
                    15:85:13:5a:71:19:f8:b7:1e:01:a3:5d:c7:bd:f7:
                    e1:ec:47:8e:09:8f:2b:52:d9:a6:1c:fc:df:35:39:
                    dc:bd:67:81:23:0b:8e:a3:f8:1f:78:eb:14:0d:72:
                    79:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:60:75:89:4D:18:4B:30:76:C7:FE:34:A0:55:BE:05:C0:59:A5:21
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/N2B1iU0YSzB2x_40oFW-BcBZpSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a6:5e:be:c8:57:65:e2:35:26:ea:d5:cf:f8:62:8e:ac:0a:
         e7:3e:4c:77:9b:75:8e:4d:0d:c7:23:4d:17:af:6d:a3:6d:5b:
         c9:f3:8d:3a:d9:f0:5f:0f:6a:db:fa:ba:ce:0c:9e:ba:81:31:
         9c:48:bd:ba:9f:c9:c4:4d:1a:5d:25:75:56:84:fb:cc:a0:0d:
         1e:70:eb:76:ac:b9:5e:d5:f4:c4:49:23:ca:cc:1b:4d:75:14:
         78:f5:da:a6:ac:1f:e6:65:4e:8b:09:d4:4f:e9:63:16:44:8d:
         a2:b5:7e:17:c2:67:57:cc:5d:02:fa:c0:63:37:3d:23:aa:02:
         38:e3:d5:6c:1b:f9:3f:ca:90:59:05:c6:c0:c4:f7:93:3b:c5:
         a2:c6:6e:88:f3:d0:c5:0f:cf:af:09:d8:90:04:cb:16:c2:3a:
         37:90:4c:9f:31:6f:27:3c:ec:c1:d8:99:53:72:ee:c5:45:ed:
         36:72:9d:22:43:64:04:95:9e:e1:cd:ac:3b:58:6c:3f:83:45:
         de:37:b4:3a:af:83:df:ca:ed:43:1c:1e:07:ec:b0:6d:e4:07:
         63:2c:d8:5b:28:25:2d:e3:5e:97:dd:7f:4d:c7:3a:ec:6a:30:
         f1:27:97:17:f5:0d:2c:d9:3b:e4:91:81:9c:28:cc:aa:ab:75:
         d3:71:78:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjag0Mjono/aJ8UnwFcTJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzYwNzU4OTRkMTg0YjMwNzZjN2ZlMzRhMDU1YmUwNWMwNTlhNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i7iYpzavWIQsw+RSaveNb/bTye6
3wr5i1JUrWrNSIHuipqTp0pNqR7LY1B4r/jvMhiN7sYOzc5tdZ/Rw/kZ1RRdiTEn
NavGqtAyqSuR2YMl8MA3mztp5A61CNsZozrqcBMEfj+Cq5sLkcrZZFXKsedMxFip
2sTgAkdVJ0ZEewn0RsCEBaHxW4qwkcf6lW/x/iY/0d13Mp1Lv9h5zGUo2T3Yh3FA
gF6GYIpa8oKg4U9IR6YJzqFFdfNAtjf7QzMJY05+6DstrJdvG2xySOw74OwVhRNa
cRn4tx4Bo13Hvffh7EeOCY8rUtmmHPzfNTncvWeBIwuOo/gfeOsUDXJ5xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdgdYlNGEswdsf+NKBVvgXAWaUhMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvTjJCMWlVMFlTekIyeF80MG9GVy1CY0JacFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMHMA0G
CSqGSIb3DQEBCwUAA4IBAQBLpl6+yFdl4jUm6tXP+GKOrArnPkx3m3WOTQ3HI00X
r22jbVvJ84062fBfD2rb+rrODJ66gTGcSL26n8nETRpdJXVWhPvMoA0ecOt2rLle
1fTESSPKzBtNdRR49dqmrB/mZU6LCdRP6WMWRI2itX4XwmdXzF0C+sBjNz0jqgI4
49VsG/k/ypBZBcbAxPeTO8Wixm6I89DFD8+vCdiQBMsWwjo3kEyfMW8nPOzB2JlT
cu7FRe02cp0iQ2QElZ7hzaw7WGw/g0XeN7Q6r4Pfyu1DHB4H7LBt5AdjLNhbKCUt
416X3X9NxzrsajDxJ5cX9Q0s2TvkkYGcKMyqq3XTcXju
-----END CERTIFICATE-----