Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/efe5amh4jlMydhivq3OF5qbDCpI.roa
File:                     efe5amh4jlMydhivq3OF5qbDCpI.roa (raw, json)
Hash identifier:          6iw2gnDcZP6ZZJX73WBgPOkeEQEpMVtjxP8058iyjOk=
Subject key identifier:   79:F7:B9:6A:68:78:8E:53:32:76:18:AF:AB:73:85:E6:A6:C3:0A:92
Certificate issuer:       /CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
Certificate serial:       01942067F9ED7423E890DD0BF52A03BF3ACD
Authority key identifier: D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/efe5amh4jlMydhivq3OF5qbDCpI.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        185.69.248.0/24 maxlen: 24
                          185.69.249.0/24 maxlen: 24
                          185.69.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f9:ed:74:23:e8:90:dd:0b:f5:2a:03:bf:3a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79f7b96a68788e53327618afab7385e6a6c30a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:74:08:a2:61:a9:20:ad:aa:30:82:30:cb:d5:
                    fc:e7:9a:43:d9:b1:cf:07:f5:09:5b:ad:4e:20:a5:
                    c1:ab:bd:95:f4:27:e2:df:e2:95:6e:b2:16:e8:21:
                    e5:aa:de:3e:79:dc:b8:4c:dc:06:dd:14:c3:09:07:
                    2e:48:6f:ad:95:7e:eb:f4:7f:00:71:ae:f0:20:db:
                    99:57:a0:be:b5:0e:18:8f:53:41:fd:0e:07:7f:b2:
                    62:0b:c3:88:47:26:06:b7:35:4d:9f:0f:98:ee:b7:
                    1d:40:8e:49:e4:17:4e:a8:48:76:21:8d:a0:ca:61:
                    10:32:82:1f:da:fc:42:53:b4:09:e8:1d:b7:93:5c:
                    a9:4b:92:d7:cc:40:c2:5c:79:1c:00:57:78:86:f9:
                    67:a5:e6:a2:3c:21:da:c1:f7:73:75:6a:bd:39:85:
                    b8:2a:41:d8:04:b5:a5:41:d8:6a:fc:4f:ec:33:fa:
                    48:2a:3b:35:39:bf:4c:9a:e3:7a:8a:73:a7:9d:1e:
                    a1:64:24:83:97:c0:78:57:af:a3:2c:44:1c:16:a3:
                    a8:72:43:47:4d:4c:2e:66:55:6b:fd:a7:af:36:90:
                    4a:08:20:1c:6b:d9:dc:dc:dd:b8:bb:36:eb:32:66:
                    90:cf:8d:15:b1:99:42:0d:1e:75:f0:01:1a:5d:6a:
                    5a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F7:B9:6A:68:78:8E:53:32:76:18:AF:AB:73:85:E6:A6:C3:0A:92
            X509v3 Authority Key Identifier:
                keyid:D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/efe5amh4jlMydhivq3OF5qbDCpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.248.0-185.69.250.255

    Signature Algorithm: sha256WithRSAEncryption
         6e:17:71:98:09:f9:36:fd:87:96:01:d2:db:62:2e:13:2a:96:
         64:9c:09:ba:f9:f8:b5:15:f3:f0:fa:91:0c:08:6b:8b:10:8c:
         0e:73:4b:62:32:19:ae:31:be:5d:19:e3:ac:7d:14:e8:75:25:
         b1:8d:e4:82:78:71:73:46:68:20:15:19:19:82:38:85:3e:21:
         0c:35:ca:f9:b4:d5:e3:4e:35:94:a9:08:40:88:cf:05:22:79:
         5b:55:a0:97:c4:1a:be:48:43:da:99:53:02:eb:cd:24:5f:42:
         97:6b:d2:d9:4a:15:f7:1a:33:47:55:dc:5a:65:f4:da:ff:42:
         78:1c:34:c0:6a:cb:d2:fd:22:57:6b:eb:2e:b7:5b:eb:08:52:
         60:3a:31:fa:ca:2c:79:d3:22:c8:d8:5e:70:ba:23:a3:66:51:
         b0:e9:50:34:13:84:dd:88:04:9b:75:d5:a3:83:21:a2:b1:b8:
         9c:d1:99:12:5f:06:3c:ca:4e:3b:f1:1f:2f:b7:cc:60:a4:53:
         50:9c:f1:b1:37:94:59:cd:e8:d7:82:a5:61:6e:2e:ae:44:c6:
         5b:ef:eb:33:52:df:28:c3:2c:da:37:99:ec:bd:81:28:43:62:
         af:df:94:d1:1b:ba:92:c8:5d:40:cb:c6:94:62:08:a8:f0:33:
         59:82:24:b9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgZ/ntdCPokN0L9SoDvzrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWE3ZjdmZGQ1NGExN2NlNWUxMmE0MTgyZWI2NTI0Nzlm
OWQ3NTgwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWY3Yjk2YTY4Nzg4ZTUzMzI3NjE4YWZhYjczODVlNmE2YzMwYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHQIomGpIK2qMIIwy9X855pD2bHP
B/UJW61OIKXBq72V9Cfi3+KVbrIW6CHlqt4+edy4TNwG3RTDCQcuSG+tlX7r9H8A
ca7wINuZV6C+tQ4Yj1NB/Q4Hf7JiC8OIRyYGtzVNnw+Y7rcdQI5J5BdOqEh2IY2g
ymEQMoIf2vxCU7QJ6B23k1ypS5LXzEDCXHkcAFd4hvlnpeaiPCHawfdzdWq9OYW4
KkHYBLWlQdhq/E/sM/pIKjs1Ob9MmuN6inOnnR6hZCSDl8B4V6+jLEQcFqOockNH
TUwuZlVr/aevNpBKCCAca9nc3N24uzbrMmaQz40VsZlCDR518AEaXWpaEQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHn3uWpoeI5TMnYYr6tzheamwwqSMB8GA1UdIwQY
MBaAFNCaf3/dVKF85eEqQYLrZSR5+ddYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgt
NTg3NWE0NDg5ZGJhLzEvZWZlNWFtaDRqbE15ZGhpdnEzT0Y1cWJEQ3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgtNTg3NWE0NDg5ZGJh
LzEvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5RfgD
BAC5RfowDQYJKoZIhvcNAQELBQADggEBAG4XcZgJ+Tb9h5YB0ttiLhMqlmScCbr5
+LUV8/D6kQwIa4sQjA5zS2IyGa4xvl0Z46x9FOh1JbGN5IJ4cXNGaCAVGRmCOIU+
IQw1yvm01eNONZSpCECIzwUieVtVoJfEGr5IQ9qZUwLrzSRfQpdr0tlKFfcaM0dV
3Fpl9Nr/QngcNMBqy9L9Ildr6y63W+sIUmA6MfrKLHnTIsjYXnC6I6NmUbDpUDQT
hN2IBJt11aODIaKxuJzRmRJfBjzKTjvxHy+3zGCkU1Cc8bE3lFnN6NeCpWFuLq5E
xlvv6zNS3yjDLNo3mey9gShDYq/flNEbupLIXUDLxpRiCKjwM1mCJLk=
-----END CERTIFICATE-----