Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/GZldOEJkrutoTjn3MQnXcf09taM.roa
File:                     GZldOEJkrutoTjn3MQnXcf09taM.roa (raw, json)
Hash identifier:          vlltg4veeHpXkbEneS2WFuhIZv9HwJeSmQM3GzCbD1k=
Subject key identifier:   19:99:5D:38:42:64:AE:EB:68:4E:39:F7:31:09:D7:71:FD:3D:B5:A3
Certificate issuer:       /CN=53a84b523dfe32b8a89b9cdd30a9f8711007fdb9
Certificate serial:       019422FB99E9E9024ED95C7ABB1EF6581785
Authority key identifier: 53:A8:4B:52:3D:FE:32:B8:A8:9B:9C:DD:30:A9:F8:71:10:07:FD:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U6hLUj3-Mriom5zdMKn4cRAH_bk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/GZldOEJkrutoTjn3MQnXcf09taM.roa
Signing time:             Wed 01 Jan 2025 17:48:21 +0000
ROA not before:           Wed 01 Jan 2025 17:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39502
IP address blocks:        194.50.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/U6hLUj3-Mriom5zdMKn4cRAH_bk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/U6hLUj3-Mriom5zdMKn4cRAH_bk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U6hLUj3-Mriom5zdMKn4cRAH_bk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:99:e9:e9:02:4e:d9:5c:7a:bb:1e:f6:58:17:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53a84b523dfe32b8a89b9cdd30a9f8711007fdb9
        Validity
            Not Before: Jan  1 17:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19995d384264aeeb684e39f73109d771fd3db5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:85:5f:60:6e:44:91:3a:c4:ce:26:d4:c2:7a:
                    60:fa:57:55:81:90:59:d9:2d:11:1e:f1:ee:19:99:
                    17:da:ea:20:74:38:13:b0:2a:b3:54:78:3e:ea:54:
                    99:4c:26:e2:ad:c7:8b:7b:a8:e7:64:92:6a:7c:ee:
                    00:62:15:10:af:56:eb:06:d2:d7:38:d2:c6:d4:bc:
                    24:2d:5f:8d:03:66:34:94:19:a7:01:1d:ca:c1:5c:
                    87:66:44:55:65:2b:01:d8:8b:24:77:3e:25:f3:fa:
                    99:3f:a7:b8:c6:3e:ab:4a:f9:b7:89:72:7b:af:c0:
                    c6:86:39:11:f4:7f:9f:fb:4a:4f:43:cd:15:52:c6:
                    86:e5:95:37:1c:b9:7e:7f:7d:09:b6:46:5c:aa:1a:
                    68:98:a4:bf:0c:ba:10:57:e1:67:dd:75:34:40:87:
                    b7:70:a2:34:4e:d6:1e:5f:8a:01:99:70:3e:eb:cd:
                    df:7d:9c:6c:31:72:ed:4a:c5:42:18:53:96:00:eb:
                    15:01:36:95:e8:f9:90:72:58:9a:86:02:69:c3:ce:
                    fa:b8:9a:b7:05:39:5a:3f:e1:5e:e3:06:d3:b7:f9:
                    3d:b1:94:63:ad:ea:67:93:44:4d:03:ce:60:2b:e5:
                    ae:7f:e0:a4:79:8a:5c:27:a0:98:e9:b4:d2:69:68:
                    c6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:99:5D:38:42:64:AE:EB:68:4E:39:F7:31:09:D7:71:FD:3D:B5:A3
            X509v3 Authority Key Identifier:
                keyid:53:A8:4B:52:3D:FE:32:B8:A8:9B:9C:DD:30:A9:F8:71:10:07:FD:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U6hLUj3-Mriom5zdMKn4cRAH_bk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/GZldOEJkrutoTjn3MQnXcf09taM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/07e105-5680-40aa-8c9d-0d66c75b026d/1/U6hLUj3-Mriom5zdMKn4cRAH_bk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0e:66:d1:23:62:99:9f:51:1c:88:c8:ab:8a:3a:5d:a3:7c:
         a8:d3:50:3b:30:de:17:d0:9b:45:bc:83:ab:78:64:9e:c0:fc:
         82:6a:d0:93:d6:b8:3d:a6:50:a8:2a:02:be:05:a6:59:fe:bc:
         77:8a:31:e9:bf:3d:6b:de:b8:c1:9e:b4:f2:d4:b0:f7:5f:c9:
         20:94:80:34:f0:8a:83:42:3e:23:fc:b3:6d:89:8f:ba:0c:5f:
         e0:ab:07:0a:ee:94:99:d7:0a:50:34:8f:91:08:ce:3d:fe:7c:
         54:c2:62:d1:52:b1:ed:92:c9:fa:c5:0d:5b:68:22:25:ac:ed:
         5d:01:e1:f0:54:1b:f1:23:50:ea:ec:50:71:98:50:d5:a2:d2:
         66:e7:3f:cc:2c:e3:1c:a0:95:a8:94:ff:99:31:e1:cc:76:cb:
         fa:38:5e:0c:66:99:6a:8d:90:a1:9f:55:4d:90:eb:18:f2:3f:
         6f:b3:38:dd:47:d3:91:44:1a:0e:62:56:dd:85:4c:c3:51:ce:
         93:e0:17:9b:87:49:35:cb:e4:71:59:77:ba:c8:c1:e4:b5:ed:
         89:12:76:8c:50:62:12:2f:a0:11:bc:5f:35:20:e5:f9:0a:86:
         88:18:e2:02:0d:89:cb:09:13:8b:a3:b9:47:58:b5:08:6c:b5:
         13:58:cb:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+5np6QJO2Vx6ux72WBeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYTg0YjUyM2RmZTMyYjhhODliOWNkZDMwYTlmODcxMTAw
N2ZkYjkwHhcNMjUwMTAxMTc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk5NWQzODQyNjRhZWViNjg0ZTM5ZjczMTA5ZDc3MWZkM2RiNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4VfYG5EkTrEzibUwnpg+ldVgZBZ
2S0RHvHuGZkX2uogdDgTsCqzVHg+6lSZTCbirceLe6jnZJJqfO4AYhUQr1brBtLX
ONLG1LwkLV+NA2Y0lBmnAR3KwVyHZkRVZSsB2Iskdz4l8/qZP6e4xj6rSvm3iXJ7
r8DGhjkR9H+f+0pPQ80VUsaG5ZU3HLl+f30JtkZcqhpomKS/DLoQV+Fn3XU0QIe3
cKI0TtYeX4oBmXA+683ffZxsMXLtSsVCGFOWAOsVATaV6PmQcliahgJpw876uJq3
BTlaP+Fe4wbTt/k9sZRjrepnk0RNA85gK+Wuf+CkeYpcJ6CY6bTSaWjGJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmZXThCZK7raE459zEJ13H9PbWjMB8GA1UdIwQY
MBaAFFOoS1I9/jK4qJuc3TCp+HEQB/25MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTZoTFVqMy1NcmlvbTV6ZE1LbjRjUkFIX2JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8wN2UxMDUtNTY4MC00MGFhLThjOWQt
MGQ2NmM3NWIwMjZkLzEvR1psZE9FSmtydXRvVGpuM01RblhjZjA5dGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8wN2UxMDUtNTY4MC00MGFhLThjOWQtMGQ2NmM3NWIwMjZk
LzEvVTZoTFVqMy1NcmlvbTV6ZE1LbjRjUkFIX2JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjILMA0G
CSqGSIb3DQEBCwUAA4IBAQATDmbRI2KZn1EciMirijpdo3yo01A7MN4X0JtFvIOr
eGSewPyCatCT1rg9plCoKgK+BaZZ/rx3ijHpvz1r3rjBnrTy1LD3X8kglIA08IqD
Qj4j/LNtiY+6DF/gqwcK7pSZ1wpQNI+RCM49/nxUwmLRUrHtksn6xQ1baCIlrO1d
AeHwVBvxI1Dq7FBxmFDVotJm5z/MLOMcoJWolP+ZMeHMdsv6OF4MZplqjZChn1VN
kOsY8j9vszjdR9ORRBoOYlbdhUzDUc6T4Bebh0k1y+RxWXe6yMHkte2JEnaMUGIS
L6ARvF81IOX5CoaIGOICDYnLCROLo7lHWLUIbLUTWMs+
-----END CERTIFICATE-----