Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/tMCKKQ7T7_7JMjdc5UvMftnS0Sc.roa
File:                     tMCKKQ7T7_7JMjdc5UvMftnS0Sc.roa (raw, json)
Hash identifier:          kzZ53feDoHQUM5QIs7aC6l1igadYhsq3pYnx3tG/SUI=
Subject key identifier:   B4:C0:8A:29:0E:D3:EF:FE:C9:32:37:5C:E5:4B:CC:7E:D9:D2:D1:27
Certificate issuer:       /CN=7b385e86167d5ccc22fd85892560ae760b5f2898
Certificate serial:       019427B5C6E604F82C608FFC317F138B7CA4
Authority key identifier: 7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/tMCKKQ7T7_7JMjdc5UvMftnS0Sc.roa
Signing time:             Thu 02 Jan 2025 15:50:11 +0000
ROA not before:           Thu 02 Jan 2025 15:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        185.226.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c6:e6:04:f8:2c:60:8f:fc:31:7f:13:8b:7c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b385e86167d5ccc22fd85892560ae760b5f2898
        Validity
            Not Before: Jan  2 15:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4c08a290ed3effec932375ce54bcc7ed9d2d127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:0a:75:32:19:b1:a4:c7:91:f3:0c:9a:93:e1:
                    3f:5a:8d:01:c9:af:14:19:94:34:87:cf:7f:31:ff:
                    e9:74:5e:b1:17:33:57:89:f1:72:66:37:30:65:7e:
                    e1:dd:03:d9:69:38:9c:63:a4:8e:1a:f9:86:8e:bd:
                    d2:bc:06:74:72:e2:9b:0e:14:8a:80:58:4f:77:77:
                    7e:6e:4f:4d:65:27:1f:e2:59:7b:31:ae:04:5e:d0:
                    c7:85:e0:82:6e:b1:1c:2a:4b:59:c2:2f:ae:a5:b1:
                    76:20:e4:86:fe:bb:54:ea:cc:e2:a5:0a:d4:e1:4e:
                    d8:f6:85:25:98:b0:40:76:ab:44:ad:0b:e5:80:ae:
                    d0:43:d0:dc:d0:1c:f9:91:b4:ee:00:12:f7:90:49:
                    22:84:e5:a5:2a:0d:8e:50:97:e0:82:e7:dc:c0:48:
                    64:41:d3:08:bd:14:df:e9:8f:1c:a3:92:f1:79:f3:
                    43:79:50:2c:7f:a0:95:79:32:4d:e2:7d:3e:9f:f8:
                    c9:75:0f:6f:c3:7b:6e:a4:26:0c:a5:5b:78:a9:9a:
                    1e:26:4a:5b:d4:a6:74:ef:57:a7:af:4d:4c:47:f8:
                    25:d0:85:7f:23:49:3e:a3:00:7e:3f:da:03:45:12:
                    94:ba:37:b6:2d:0c:dd:4b:23:a4:c4:13:26:f1:8b:
                    89:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C0:8A:29:0E:D3:EF:FE:C9:32:37:5C:E5:4B:CC:7E:D9:D2:D1:27
            X509v3 Authority Key Identifier:
                keyid:7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/tMCKKQ7T7_7JMjdc5UvMftnS0Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:91:82:34:7c:d1:db:e0:a0:8c:cd:e5:61:e7:8a:44:0f:2f:
         53:88:54:b4:e3:32:da:ef:c4:22:35:80:1a:e3:41:bf:f4:86:
         dd:d2:a6:9a:b8:a8:64:8a:a7:b5:26:fa:a6:10:c9:62:c1:79:
         7e:19:77:76:80:b6:34:8e:5c:b2:00:1c:6e:ae:52:10:75:e4:
         e6:03:75:b8:67:d3:af:14:8d:85:9a:d3:4d:56:1a:08:92:03:
         7f:df:72:a7:80:5c:ea:25:21:ea:f4:b2:5e:47:01:7b:00:57:
         e1:9f:03:0d:d9:07:78:58:e4:98:84:5f:15:b7:a4:57:8e:c0:
         70:1a:ce:4d:00:ad:b9:34:75:f0:ca:72:ee:d6:3a:8d:2a:db:
         46:d9:b1:26:42:d4:43:67:e4:ed:91:26:31:4e:e8:4c:72:e3:
         5d:9b:b4:25:1c:a9:f6:a6:d5:a4:3b:c9:9e:38:e6:d0:c2:5d:
         ac:fe:41:39:13:fd:6d:57:04:45:bb:dd:cb:75:6c:66:89:73:
         a5:03:e9:05:c2:a9:4b:dc:c1:2e:63:5a:f5:d0:a7:8b:9a:8d:
         1d:0d:20:07:cf:ee:40:02:83:97:f8:ca:d5:de:10:ca:33:56:
         6e:23:62:8f:e0:55:80:d3:63:d1:98:63:51:56:af:3e:84:ab:
         7d:e1:14:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcbmBPgsYI/8MX8Ti3ykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMzg1ZTg2MTY3ZDVjY2MyMmZkODU4OTI1NjBhZTc2MGI1
ZjI4OTgwHhcNMjUwMTAyMTU1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGMwOGEyOTBlZDNlZmZlYzkzMjM3NWNlNTRiY2M3ZWQ5ZDJkMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gp1MhmxpMeR8wyak+E/Wo0Bya8U
GZQ0h89/Mf/pdF6xFzNXifFyZjcwZX7h3QPZaTicY6SOGvmGjr3SvAZ0cuKbDhSK
gFhPd3d+bk9NZScf4ll7Ma4EXtDHheCCbrEcKktZwi+upbF2IOSG/rtU6szipQrU
4U7Y9oUlmLBAdqtErQvlgK7QQ9Dc0Bz5kbTuABL3kEkihOWlKg2OUJfggufcwEhk
QdMIvRTf6Y8co5LxefNDeVAsf6CVeTJN4n0+n/jJdQ9vw3tupCYMpVt4qZoeJkpb
1KZ071enr01MR/gl0IV/I0k+owB+P9oDRRKUuje2LQzdSyOkxBMm8YuJ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTAiikO0+/+yTI3XOVLzH7Z0tEnMB8GA1UdIwQY
MBaAFHs4XoYWfVzMIv2FiSVgrnYLXyiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmIt
ZWE3ODhhZDMyOTZhLzEvdE1DS0tRN1Q3XzdKTWpkYzVVdk1mdG5TMFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmItZWE3ODhhZDMyOTZh
LzEvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKKMA0G
CSqGSIb3DQEBCwUAA4IBAQC1kYI0fNHb4KCMzeVh54pEDy9TiFS04zLa78QiNYAa
40G/9Ibd0qaauKhkiqe1JvqmEMliwXl+GXd2gLY0jlyyABxurlIQdeTmA3W4Z9Ov
FI2FmtNNVhoIkgN/33KngFzqJSHq9LJeRwF7AFfhnwMN2Qd4WOSYhF8Vt6RXjsBw
Gs5NAK25NHXwynLu1jqNKttG2bEmQtRDZ+TtkSYxTuhMcuNdm7QlHKn2ptWkO8me
OObQwl2s/kE5E/1tVwRFu93LdWxmiXOlA+kFwqlL3MEuY1r10KeLmo0dDSAHz+5A
AoOX+MrV3hDKM1ZuI2KP4FWA02PRmGNRVq8+hKt94RRa
-----END CERTIFICATE-----