Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/b_FpEo5mzbhghU7FQIOJJKiIivU.roa
File:                     b_FpEo5mzbhghU7FQIOJJKiIivU.roa (raw, json)
Hash identifier:          HOe4R50HkhUSwXgPcBKFKJCslwOuwtpIjbbm5rlZl9I=
Subject key identifier:   6F:F1:69:12:8E:66:CD:B8:60:85:4E:C5:40:83:89:24:A8:88:8A:F5
Certificate issuer:       /CN=265873ae2350d0e3e8c3553bf90646112764e1c0
Certificate serial:       019422FC1E59C2AD9BEE24394F75E8A9E398
Authority key identifier: 26:58:73:AE:23:50:D0:E3:E8:C3:55:3B:F9:06:46:11:27:64:E1:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/b_FpEo5mzbhghU7FQIOJJKiIivU.roa
Signing time:             Wed 01 Jan 2025 17:48:55 +0000
ROA not before:           Wed 01 Jan 2025 17:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52177
IP address blocks:        194.26.208.0/24 maxlen: 24
                          2a12:5800::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1e:59:c2:ad:9b:ee:24:39:4f:75:e8:a9:e3:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=265873ae2350d0e3e8c3553bf90646112764e1c0
        Validity
            Not Before: Jan  1 17:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff169128e66cdb860854ec540838924a8888af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a8:4f:fe:ed:b5:01:9d:7f:28:cf:76:d9:88:
                    ab:2e:cf:cd:cf:04:57:d3:32:5e:ed:ee:92:0b:71:
                    38:b4:d2:e8:6e:18:ce:af:2c:b1:43:e2:6a:b5:8f:
                    68:09:f0:ee:90:23:d6:ba:b2:bb:17:15:7b:9d:1f:
                    c6:6d:40:e1:6f:c7:60:e0:7e:a9:94:ab:5e:c7:ec:
                    82:da:8e:71:31:8b:91:8a:03:6f:53:89:0a:f2:78:
                    73:f2:25:e6:0b:4a:17:81:38:b3:74:fa:98:ae:c8:
                    31:e9:b3:2f:ef:bc:99:ee:91:29:70:c4:40:fd:23:
                    22:0f:26:a3:8d:fe:52:56:ac:74:31:84:81:81:9e:
                    1f:19:54:3e:a8:ff:56:1b:46:b8:ae:36:76:1c:30:
                    7c:77:35:2e:4f:3a:5b:f0:0b:8a:c2:d6:2b:92:9a:
                    ac:a9:65:43:27:34:cf:e1:1a:2b:1d:62:a9:06:3d:
                    89:f7:c7:d7:92:a8:54:83:da:04:4e:6c:9c:0e:31:
                    1c:1e:8f:9b:b8:7f:40:5b:c5:76:4b:49:d9:8f:b4:
                    cf:58:e3:15:d5:aa:6b:78:7f:f3:78:55:ca:67:d0:
                    7b:f2:6a:59:8f:86:39:41:44:99:c0:b1:c1:11:da:
                    5e:5e:61:80:3a:cc:70:a0:e3:f5:82:49:a0:ff:ed:
                    71:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F1:69:12:8E:66:CD:B8:60:85:4E:C5:40:83:89:24:A8:88:8A:F5
            X509v3 Authority Key Identifier:
                keyid:26:58:73:AE:23:50:D0:E3:E8:C3:55:3B:F9:06:46:11:27:64:E1:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/b_FpEo5mzbhghU7FQIOJJKiIivU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.208.0/24
                IPv6:
                  2a12:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:91:86:63:7d:20:79:75:d3:eb:20:ef:a0:9b:7c:80:ac:64:
         b1:4a:99:eb:49:c9:d6:58:92:ee:88:42:5c:27:a8:de:e5:c6:
         bd:b5:27:61:f2:be:3d:46:1e:8f:b0:22:df:b0:49:c1:47:45:
         b6:e5:91:6f:36:dc:2d:33:fd:65:18:59:59:e9:ca:cf:1f:de:
         5b:70:b2:c6:98:81:b5:0c:6f:db:ac:db:d3:b4:b9:8b:1c:28:
         d0:f3:31:fc:78:d9:4a:23:96:57:3a:b3:4d:28:79:e1:c0:6c:
         fe:e6:02:f5:a2:8c:ae:5d:80:6b:cb:27:de:70:7d:cb:6c:4a:
         6a:67:e6:ef:71:26:3d:72:1a:17:a2:33:9c:e8:a2:37:22:63:
         da:38:8e:6f:92:42:3b:4d:d9:d9:7a:12:61:ad:eb:52:ab:c5:
         45:71:19:1f:b9:32:09:fe:ce:36:13:33:6b:4e:07:be:09:7a:
         1e:df:db:6a:2d:fc:e2:8a:4f:f1:84:d3:c1:7f:a9:32:92:73:
         1e:4d:94:8c:d0:36:01:50:62:8c:0c:12:08:7b:02:c6:de:d3:
         f4:9f:7b:ad:be:28:b9:a8:06:ef:45:f9:09:9a:2f:c9:af:17:
         0a:f2:d9:b5:70:e7:2a:75:69:36:13:78:96:2e:10:e8:62:ec:
         61:75:62:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi/B5Zwq2b7iQ5T3XoqeOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NTg3M2FlMjM1MGQwZTNlOGMzNTUzYmY5MDY0NjExMjc2
NGUxYzAwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYxNjkxMjhlNjZjZGI4NjA4NTRlYzU0MDgzODkyNGE4ODg4YWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjahP/u21AZ1/KM922YirLs/NzwRX
0zJe7e6SC3E4tNLobhjOryyxQ+JqtY9oCfDukCPWurK7FxV7nR/GbUDhb8dg4H6p
lKtex+yC2o5xMYuRigNvU4kK8nhz8iXmC0oXgTizdPqYrsgx6bMv77yZ7pEpcMRA
/SMiDyajjf5SVqx0MYSBgZ4fGVQ+qP9WG0a4rjZ2HDB8dzUuTzpb8AuKwtYrkpqs
qWVDJzTP4RorHWKpBj2J98fXkqhUg9oETmycDjEcHo+buH9AW8V2S0nZj7TPWOMV
1apreH/zeFXKZ9B78mpZj4Y5QUSZwLHBEdpeXmGAOsxwoOP1gkmg/+1xYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG/xaRKOZs24YIVOxUCDiSSoiIr1MB8GA1UdIwQY
MBaAFCZYc64jUNDj6MNVO/kGRhEnZOHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmxoenJpTlEwT1BvdzFVNy1RWkdFU2RrNGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82M2MzNDQtYjUwZS00YWYwLTllOWUt
ZmNkNGY3OTdkMzU2LzEvYl9GcEVvNW16YmhnaFU3RlFJT0pKS2lJaXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82M2MzNDQtYjUwZS00YWYwLTllOWUtZmNkNGY3OTdkMzU2
LzEvSmxoenJpTlEwT1BvdzFVNy1RWkdFU2RrNGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwhrQMA0E
AgACMAcDBQMqElgAMA0GCSqGSIb3DQEBCwUAA4IBAQASkYZjfSB5ddPrIO+gm3yA
rGSxSpnrScnWWJLuiEJcJ6je5ca9tSdh8r49Rh6PsCLfsEnBR0W25ZFvNtwtM/1l
GFlZ6crPH95bcLLGmIG1DG/brNvTtLmLHCjQ8zH8eNlKI5ZXOrNNKHnhwGz+5gL1
ooyuXYBryyfecH3LbEpqZ+bvcSY9choXojOc6KI3ImPaOI5vkkI7TdnZehJhretS
q8VFcRkfuTIJ/s42EzNrTge+CXoe39tqLfziik/xhNPBf6kyknMeTZSM0DYBUGKM
DBIIewLG3tP0n3utvii5qAbvRfkJmi/JrxcK8tm1cOcqdWk2E3iWLhDoYuxhdWIa
-----END CERTIFICATE-----