Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/rbOAF9-_bLgdSF_MfAX0y_l7e30.roa
File:                     rbOAF9-_bLgdSF_MfAX0y_l7e30.roa (raw, json)
Hash identifier:          lb8JqwxQc2+Z/cl3nd42Gaa8kLo1mbBI34PCJ/ayolw=
Subject key identifier:   AD:B3:80:17:DF:BF:6C:B8:1D:48:5F:CC:7C:05:F4:CB:F9:7B:7B:7D
Certificate issuer:       /CN=0f74e5af2fa7215ca469b27c1079f1ffd5fcaef8
Certificate serial:       01905AE4218C9C79CE6D56D378D349C57650
Authority key identifier: 0F:74:E5:AF:2F:A7:21:5C:A4:69:B2:7C:10:79:F1:FF:D5:FC:AE:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D3Tlry-nIVykabJ8EHnx_9X8rvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/rbOAF9-_bLgdSF_MfAX0y_l7e30.roa
Signing time:             Thu 27 Jun 2024 18:10:18 +0000
ROA not before:           Thu 27 Jun 2024 18:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2559
IP address blocks:        198.217.240.0/24 maxlen: 24
                          198.217.241.0/24 maxlen: 24
                          198.217.242.0/24 maxlen: 24
                          198.217.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/D3Tlry-nIVykabJ8EHnx_9X8rvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/D3Tlry-nIVykabJ8EHnx_9X8rvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D3Tlry-nIVykabJ8EHnx_9X8rvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:e4:21:8c:9c:79:ce:6d:56:d3:78:d3:49:c5:76:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f74e5af2fa7215ca469b27c1079f1ffd5fcaef8
        Validity
            Not Before: Jun 27 18:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adb38017dfbf6cb81d485fcc7c05f4cbf97b7b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6c:05:06:4f:4b:31:3e:ac:74:a1:12:ba:ad:
                    26:2e:a5:c9:5e:b5:97:58:12:64:a8:aa:ff:f8:0c:
                    57:ee:44:02:8a:f7:db:f7:ff:1e:82:04:0d:6a:a2:
                    cb:2f:c2:c7:98:34:4f:4c:c2:c7:d1:63:1e:39:0a:
                    16:88:3c:72:4e:54:e4:3b:1b:dc:f2:6d:f7:12:82:
                    fe:ed:d6:b9:82:f5:b3:b0:1b:a2:af:16:3f:ac:89:
                    99:ec:7c:ee:92:bb:09:1f:ca:69:19:d1:74:6c:a8:
                    fd:4f:e4:99:c9:0f:96:a3:76:46:40:33:7b:2a:34:
                    c1:60:1f:f0:8b:79:d4:de:a6:bc:12:b7:6e:32:cc:
                    86:07:cb:69:10:84:27:03:15:18:30:38:11:97:ab:
                    a6:87:df:21:c7:de:0c:8c:67:66:c6:fb:fa:3f:5d:
                    b3:e0:20:b4:53:d9:29:93:74:70:27:39:04:68:ca:
                    01:70:05:55:c5:2d:c5:54:5a:d6:18:eb:c9:78:8e:
                    3b:a3:b1:97:3d:28:20:ba:92:96:72:2e:c3:44:ac:
                    c4:aa:1a:f5:d0:80:5a:99:cd:c2:52:60:86:97:e8:
                    64:78:d0:07:91:e0:d4:bc:73:fb:19:9a:60:95:f6:
                    a5:9a:50:e1:18:8b:51:8c:28:08:8d:2e:a4:e5:11:
                    bb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B3:80:17:DF:BF:6C:B8:1D:48:5F:CC:7C:05:F4:CB:F9:7B:7B:7D
            X509v3 Authority Key Identifier:
                keyid:0F:74:E5:AF:2F:A7:21:5C:A4:69:B2:7C:10:79:F1:FF:D5:FC:AE:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D3Tlry-nIVykabJ8EHnx_9X8rvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/rbOAF9-_bLgdSF_MfAX0y_l7e30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/49ace8-291d-4d4f-922e-eabcbc083f9b/1/D3Tlry-nIVykabJ8EHnx_9X8rvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.217.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:94:6c:27:c2:0e:9e:a7:9c:59:94:3a:95:09:63:ce:6a:ca:
         75:8d:63:75:38:7d:83:f7:97:3f:a2:c2:57:e3:f0:74:e8:5f:
         c7:5d:62:11:00:b2:04:fd:1d:a4:70:c9:52:9a:aa:55:43:dc:
         1a:e5:fd:1d:67:b0:7f:7b:e3:67:99:fb:ed:ce:c4:5e:67:b4:
         36:7c:29:e2:ff:8b:79:ae:71:d8:62:4b:ba:23:03:1b:cd:29:
         fb:79:f9:81:b9:eb:a3:4e:c3:f9:73:db:66:67:bc:14:02:3e:
         94:88:99:1c:d3:82:63:b7:78:78:60:f2:b9:c1:ba:4f:16:c3:
         b1:68:a9:d7:00:b3:10:33:c8:26:bf:74:fa:15:27:24:5f:84:
         3d:a2:1e:db:6e:81:58:21:ac:e1:92:e0:a0:55:2f:6e:40:52:
         8f:9f:8b:29:d8:26:df:78:34:85:13:78:10:cd:5e:2a:7e:28:
         1e:7b:ba:05:4a:51:21:45:79:dd:41:c1:c5:2d:41:61:12:ad:
         f6:eb:28:51:6f:b6:73:8e:e0:4b:fa:9f:34:de:03:f2:d2:12:
         db:a5:93:e9:85:e5:73:7c:3d:cc:17:d6:a9:0c:7f:8c:1a:d4:
         63:d0:a3:ed:67:9c:28:57:08:8b:92:d8:1b:ba:36:7c:be:fe:
         ed:0f:66:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBa5CGMnHnObVbTeNNJxXZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNzRlNWFmMmZhNzIxNWNhNDY5YjI3YzEwNzlmMWZmZDVm
Y2FlZjgwHhcNMjQwNjI3MTgxMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGIzODAxN2RmYmY2Y2I4MWQ0ODVmY2M3YzA1ZjRjYmY5N2I3YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2wFBk9LMT6sdKESuq0mLqXJXrWX
WBJkqKr/+AxX7kQCivfb9/8eggQNaqLLL8LHmDRPTMLH0WMeOQoWiDxyTlTkOxvc
8m33EoL+7da5gvWzsBuirxY/rImZ7HzukrsJH8ppGdF0bKj9T+SZyQ+Wo3ZGQDN7
KjTBYB/wi3nU3qa8ErduMsyGB8tpEIQnAxUYMDgRl6umh98hx94MjGdmxvv6P12z
4CC0U9kpk3RwJzkEaMoBcAVVxS3FVFrWGOvJeI47o7GXPSggupKWci7DRKzEqhr1
0IBamc3CUmCGl+hkeNAHkeDUvHP7GZpglfalmlDhGItRjCgIjS6k5RG7MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2zgBffv2y4HUhfzHwF9Mv5e3t9MB8GA1UdIwQY
MBaAFA905a8vpyFcpGmyfBB58f/V/K74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDNUbHJ5LW5JVnlrYWJKOEVIbnhfOVg4cnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80OWFjZTgtMjkxZC00ZDRmLTkyMmUt
ZWFiY2JjMDgzZjliLzEvcmJPQUY5LV9iTGdkU0ZfTWZBWDB5X2w3ZTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80OWFjZTgtMjkxZC00ZDRmLTkyMmUtZWFiY2JjMDgzZjli
LzEvRDNUbHJ5LW5JVnlrYWJKOEVIbnhfOVg4cnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCxtnwMA0G
CSqGSIb3DQEBCwUAA4IBAQA8lGwnwg6ep5xZlDqVCWPOasp1jWN1OH2D95c/osJX
4/B06F/HXWIRALIE/R2kcMlSmqpVQ9wa5f0dZ7B/e+NnmfvtzsReZ7Q2fCni/4t5
rnHYYku6IwMbzSn7efmBueujTsP5c9tmZ7wUAj6UiJkc04Jjt3h4YPK5wbpPFsOx
aKnXALMQM8gmv3T6FSckX4Q9oh7bboFYIazhkuCgVS9uQFKPn4sp2CbfeDSFE3gQ
zV4qfigee7oFSlEhRXndQcHFLUFhEq326yhRb7ZzjuBL+p803gPy0hLbpZPpheVz
fD3MF9apDH+MGtRj0KPtZ5woVwiLktgbujZ8vv7tD2bf
-----END CERTIFICATE-----