Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/CGPoOJknrvd8SI5T8ORU1Iqt9Hc.roa
File:                     CGPoOJknrvd8SI5T8ORU1Iqt9Hc.roa (raw, json)
Hash identifier:          hep1Wj/UUlgL43jUgR9ytYwV+6+e7lZrxraYcWtC/JE=
Subject key identifier:   08:63:E8:38:99:27:AE:F7:7C:48:8E:53:F0:E4:54:D4:8A:AD:F4:77
Certificate issuer:       /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial:       019420D5F6CE73360A01E86F52F262DFA137
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/CGPoOJknrvd8SI5T8ORU1Iqt9Hc.roa
Signing time:             Wed 01 Jan 2025 07:48:00 +0000
ROA not before:           Wed 01 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        185.252.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f6:ce:73:36:0a:01:e8:6f:52:f2:62:df:a1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
        Validity
            Not Before: Jan  1 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0863e8389927aef77c488e53f0e454d48aadf477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b9:df:80:31:1d:b6:b5:5a:77:66:2b:26:5b:
                    94:49:a3:cc:a2:7b:6d:38:b4:90:b2:c9:6d:51:6b:
                    84:08:68:8f:6c:39:1d:0d:79:17:cc:48:fc:27:04:
                    4c:42:69:7f:fa:67:45:e6:d4:6e:57:67:ad:c2:83:
                    f3:1d:b3:99:7e:f4:26:c3:e6:34:ae:a7:ca:42:8c:
                    77:16:6f:9a:60:50:4f:5c:69:1a:60:39:5a:af:b1:
                    d1:17:87:ec:c7:fd:d1:0d:ff:ef:8a:ed:62:94:2a:
                    1a:a4:62:6d:1f:e1:51:90:3c:70:e8:a0:92:ee:4a:
                    44:34:c6:39:93:e2:69:06:28:5e:ce:64:7f:4f:d7:
                    cb:e6:29:44:7f:af:e4:9a:1a:40:a2:64:76:bf:30:
                    3b:b7:e8:2d:9d:d9:60:a9:8a:2b:2e:8b:ae:01:c9:
                    b0:47:d2:42:9b:93:5f:71:3c:2d:9f:88:2e:aa:b0:
                    b9:8c:db:9c:32:34:eb:bb:ad:7c:4b:b5:f6:c0:47:
                    24:8d:74:02:f7:67:05:24:7c:01:0a:ce:53:4a:f2:
                    cd:0c:20:60:a7:22:f5:64:2f:4b:7d:c8:8a:00:04:
                    97:ff:74:97:e6:95:9d:ca:b9:a7:1c:1d:d7:97:b6:
                    4f:f2:af:c6:09:2c:02:3c:c6:26:0a:db:b1:9c:a6:
                    04:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:63:E8:38:99:27:AE:F7:7C:48:8E:53:F0:E4:54:D4:8A:AD:F4:77
            X509v3 Authority Key Identifier:
                keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/CGPoOJknrvd8SI5T8ORU1Iqt9Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ad:91:ee:db:57:fa:82:e9:82:24:89:4d:e8:63:83:95:8d:
         ce:84:a4:5c:b0:85:cb:31:89:c4:d3:28:ac:7f:61:0f:b7:a4:
         b3:09:da:c5:c5:d3:59:78:43:04:9b:2b:7e:fd:08:45:9d:e2:
         67:f7:24:11:e8:f6:9d:07:62:39:84:24:7f:8d:f3:d3:5b:b3:
         45:6c:17:21:1b:89:c9:91:b6:3e:76:c2:e4:cd:45:9b:c2:70:
         b3:04:e6:e5:ef:74:99:33:3f:fe:b9:17:ac:c4:0a:ba:6a:18:
         55:bb:4f:75:7e:78:43:00:81:b9:41:62:47:ce:d5:06:11:ed:
         66:a6:6d:95:cf:f0:4d:8a:90:b4:13:bb:34:33:6d:5e:7b:c0:
         dd:d5:b5:2b:c0:cf:54:5f:3c:a4:7a:96:0d:d8:fa:37:40:ce:
         3b:b1:ab:23:d7:b9:e8:1d:60:c7:2d:c8:a7:ad:b1:af:b8:cf:
         ad:cb:f6:91:bb:08:a0:a1:28:5a:ff:e3:32:d2:d7:29:32:4a:
         1e:4e:10:d9:8a:c4:0b:70:ba:f9:e6:5c:65:bd:59:c1:0c:f3:
         79:4d:94:4b:71:78:43:5f:a0:c9:dd:87:5d:96:f5:09:d5:0d:
         91:da:e9:7c:3d:a0:d8:0f:27:89:7f:1a:c4:e7:54:0f:00:68:
         63:76:90:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1fbOczYKAehvUvJi36E3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjUwMTAxMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYzZTgzODk5MjdhZWY3N2M0ODhlNTNmMGU0NTRkNDhhYWRmNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbnfgDEdtrVad2YrJluUSaPMontt
OLSQssltUWuECGiPbDkdDXkXzEj8JwRMQml/+mdF5tRuV2etwoPzHbOZfvQmw+Y0
rqfKQox3Fm+aYFBPXGkaYDlar7HRF4fsx/3RDf/viu1ilCoapGJtH+FRkDxw6KCS
7kpENMY5k+JpBihezmR/T9fL5ilEf6/kmhpAomR2vzA7t+gtndlgqYorLouuAcmw
R9JCm5NfcTwtn4guqrC5jNucMjTru618S7X2wEckjXQC92cFJHwBCs5TSvLNDCBg
pyL1ZC9LfciKAASX/3SX5pWdyrmnHB3Xl7ZP8q/GCSwCPMYmCtuxnKYEWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhj6DiZJ673fEiOU/DkVNSKrfR3MB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvQ0dQb09Ka25ydmQ4U0k1VDhPUlUxSXF0OUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxyMA0G
CSqGSIb3DQEBCwUAA4IBAQCJrZHu21f6gumCJIlN6GODlY3OhKRcsIXLMYnE0yis
f2EPt6SzCdrFxdNZeEMEmyt+/QhFneJn9yQR6PadB2I5hCR/jfPTW7NFbBchG4nJ
kbY+dsLkzUWbwnCzBObl73SZMz/+uResxAq6ahhVu091fnhDAIG5QWJHztUGEe1m
pm2Vz/BNipC0E7s0M21ee8Dd1bUrwM9UXzykepYN2Po3QM47sasj17noHWDHLcin
rbGvuM+ty/aRuwigoSha/+My0tcpMkoeThDZisQLcLr55lxlvVnBDPN5TZRLcXhD
X6DJ3YddlvUJ1Q2R2ul8PaDYDyeJfxrE51QPAGhjdpBq
-----END CERTIFICATE-----