Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NC7UtxAdSnlB6Bq7fq-mSLYpLww.roa
File:                     NC7UtxAdSnlB6Bq7fq-mSLYpLww.roa (raw, json)
Hash identifier:          OZCWHlVioRVO6ZaPXn8MFlEEI90Mcy+dolxDHjMdZ2c=
Subject key identifier:   34:2E:D4:B7:10:1D:4A:79:41:E8:1A:BB:7E:AF:A6:48:B6:29:2F:0C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942825044D531BA58AE85F67C4F23B1851
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NC7UtxAdSnlB6Bq7fq-mSLYpLww.roa
Signing time:             Thu 02 Jan 2025 17:51:42 +0000
ROA not before:           Thu 02 Jan 2025 17:51:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207994
IP address blocks:        193.124.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:04:4d:53:1b:a5:8a:e8:5f:67:c4:f2:3b:18:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=342ed4b7101d4a7941e81abb7eafa648b6292f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c1:b7:03:9d:58:24:56:d2:70:12:6b:23:4e:
                    1a:f1:71:8d:0e:6d:8f:05:2d:8b:fc:76:b5:51:60:
                    77:c8:53:5c:42:9a:ee:db:77:1b:da:3a:19:1e:fa:
                    32:d0:5e:f5:3d:ec:76:f4:89:04:d5:ba:91:1a:38:
                    28:54:4c:2c:f1:ec:6a:6d:66:a9:92:4f:d3:8e:85:
                    f5:06:8a:93:aa:b3:63:9b:ff:e4:86:b4:1e:c7:74:
                    a7:f4:83:35:4b:6f:12:6e:26:17:9d:13:da:f1:fa:
                    6c:66:29:ce:bb:ab:36:17:45:52:b0:c9:5a:c0:58:
                    ca:91:25:90:ae:78:6c:00:c6:2c:ed:1c:70:6a:ab:
                    df:f6:fc:72:8b:fc:00:a4:42:aa:01:47:f9:ee:4a:
                    f0:29:db:cc:f0:12:a5:3f:cc:87:04:8b:ed:79:2d:
                    ac:82:86:59:b9:dc:74:94:ea:e6:ce:96:61:a0:13:
                    e3:ba:11:a1:dd:df:86:1e:eb:2f:8c:8b:e3:0a:bf:
                    3b:ea:1b:b3:28:df:1f:7b:02:6f:da:86:f5:90:a1:
                    12:67:35:ed:9f:e5:2a:aa:07:9d:3b:39:f7:1a:80:
                    53:e0:63:c4:61:f2:e9:bf:ed:d3:8c:77:b5:e4:e6:
                    ff:94:33:b6:99:f5:78:52:a2:e6:36:be:66:a2:25:
                    04:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2E:D4:B7:10:1D:4A:79:41:E8:1A:BB:7E:AF:A6:48:B6:29:2F:0C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NC7UtxAdSnlB6Bq7fq-mSLYpLww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:66:67:2a:57:ed:f5:98:0f:f4:b3:c3:60:31:83:f8:c9:8b:
         05:57:33:c4:be:92:7b:65:52:90:83:d4:e5:c7:bb:3f:99:94:
         e7:d2:f6:38:99:f9:4a:88:59:e5:6d:f8:56:61:61:85:c7:a1:
         2d:43:04:5f:a5:20:71:60:72:51:56:ce:a9:d9:7e:d7:de:8a:
         9b:40:ca:a2:d2:10:bf:4b:c2:c4:dd:b9:e4:7a:01:c7:a9:13:
         56:8e:2d:2e:bc:b4:1e:c6:63:fc:bf:28:61:a8:66:ca:f3:3f:
         a9:4f:ca:14:42:03:34:1b:12:3a:19:07:d4:13:5d:e8:14:c1:
         c4:09:b5:cd:c2:a0:c9:4a:95:68:e2:c9:f4:44:cf:5f:e3:f4:
         2a:1a:ce:a3:e6:7f:16:b5:92:86:d1:4e:83:6f:09:d8:48:7c:
         b7:93:20:c0:53:3b:46:6e:e5:f6:24:9f:fe:42:fc:f9:2f:8b:
         89:27:ee:52:bf:f0:b0:c8:66:69:4a:e0:50:99:e7:da:d3:77:
         d2:98:0e:eb:48:4d:81:3f:c6:f4:e5:11:f2:86:dd:c2:2c:e0:
         76:6e:e9:91:81:9d:da:cb:03:b9:5b:2a:ff:1e:5a:7c:c4:0f:
         51:bf:76:e2:5c:1a:fb:a2:80:b9:a4:53:a4:3b:63:15:c5:dd:
         9b:37:c6:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQRNUxuliuhfZ8TyOxhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJlZDRiNzEwMWQ0YTc5NDFlODFhYmI3ZWFmYTY0OGI2MjkyZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocG3A51YJFbScBJrI04a8XGNDm2P
BS2L/Ha1UWB3yFNcQpru23cb2joZHvoy0F71Pex29IkE1bqRGjgoVEws8exqbWap
kk/TjoX1BoqTqrNjm//khrQex3Sn9IM1S28SbiYXnRPa8fpsZinOu6s2F0VSsMla
wFjKkSWQrnhsAMYs7Rxwaqvf9vxyi/wApEKqAUf57krwKdvM8BKlP8yHBIvteS2s
goZZudx0lOrmzpZhoBPjuhGh3d+GHusvjIvjCr876huzKN8fewJv2ob1kKESZzXt
n+UqqgedOzn3GoBT4GPEYfLpv+3TjHe15Ob/lDO2mfV4UqLmNr5moiUEqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQu1LcQHUp5Qegau36vpki2KS8MMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTkM3VXR4QWRTbmxCNkJxN2ZxLW1TTFlwTHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXzNMA0G
CSqGSIb3DQEBCwUAA4IBAQCYZmcqV+31mA/0s8NgMYP4yYsFVzPEvpJ7ZVKQg9Tl
x7s/mZTn0vY4mflKiFnlbfhWYWGFx6EtQwRfpSBxYHJRVs6p2X7X3oqbQMqi0hC/
S8LE3bnkegHHqRNWji0uvLQexmP8vyhhqGbK8z+pT8oUQgM0GxI6GQfUE13oFMHE
CbXNwqDJSpVo4sn0RM9f4/QqGs6j5n8WtZKG0U6DbwnYSHy3kyDAUztGbuX2JJ/+
Qvz5L4uJJ+5Sv/CwyGZpSuBQmefa03fSmA7rSE2BP8b05RHyht3CLOB2bumRgZ3a
ywO5Wyr/Hlp8xA9Rv3biXBr7ooC5pFOkO2MVxd2bN8Yy
-----END CERTIFICATE-----