Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/1-BW4odJAyxl12AYDgfFuFOqGWeE.roa
File:                     1-BW4odJAyxl12AYDgfFuFOqGWeE.roa (raw, json)
Hash identifier:          qq64q7wVgL8AHerH5wdm8XW+pg0/VDQN8uM/uUKTeDM=
Subject key identifier:   F8:15:B8:A1:D2:40:CB:19:75:D8:06:03:81:F1:6E:14:EA:86:59:E1
Certificate issuer:       /CN=216462c8c0065a0a6ceaf243985b697cf1357bfb
Certificate serial:       01941F8C85BA4119F6F071785021E0AB9976
Authority key identifier: 21:64:62:C8:C0:06:5A:0A:6C:EA:F2:43:98:5B:69:7C:F1:35:7B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWRiyMAGWgps6vJDmFtpfPE1e_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/1-BW4odJAyxl12AYDgfFuFOqGWeE.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34720
IP address blocks:        193.178.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/IWRiyMAGWgps6vJDmFtpfPE1e_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/IWRiyMAGWgps6vJDmFtpfPE1e_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWRiyMAGWgps6vJDmFtpfPE1e_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:85:ba:41:19:f6:f0:71:78:50:21:e0:ab:99:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=216462c8c0065a0a6ceaf243985b697cf1357bfb
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f815b8a1d240cb1975d8060381f16e14ea8659e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cc:ec:55:85:51:d3:e2:a1:73:bd:b4:d2:1b:
                    7b:bc:09:55:92:6d:88:57:f3:c3:5d:40:f9:9e:bb:
                    e9:00:58:90:f3:44:50:b7:4a:d5:57:d3:a0:a3:58:
                    9f:8a:67:cd:4a:67:36:6e:71:f5:90:54:21:df:07:
                    0c:f0:01:bf:3d:48:a9:a0:2f:2c:2f:f4:0d:90:74:
                    30:38:ff:7d:8f:10:8f:58:87:20:99:8d:b9:86:c2:
                    39:50:e7:03:2e:47:a1:bc:86:3a:eb:17:98:1e:e0:
                    03:41:4e:2a:d0:da:bc:40:77:9d:94:0a:d0:de:b7:
                    ca:d2:c1:fc:17:15:48:09:50:87:98:7c:4b:b4:42:
                    64:0e:80:6b:90:1c:34:9b:73:08:fb:d9:ab:15:e0:
                    35:67:85:1d:a4:6b:a6:51:ee:77:e6:44:87:1d:fb:
                    6c:c3:0c:d2:61:96:27:5b:ce:9d:7e:9f:23:c1:63:
                    ac:ba:ce:10:01:f9:83:a8:52:e7:eb:df:ed:d2:a2:
                    5d:37:ab:01:18:51:fa:89:4c:46:98:f2:9f:8c:85:
                    e8:b3:53:59:6a:b1:33:31:9c:0c:9b:b5:f0:e4:09:
                    65:4f:cd:e2:da:a1:59:bb:b8:b4:1f:6b:c6:be:0d:
                    da:6d:51:40:3c:47:33:17:75:23:77:cc:bf:b4:4f:
                    54:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:15:B8:A1:D2:40:CB:19:75:D8:06:03:81:F1:6E:14:EA:86:59:E1
            X509v3 Authority Key Identifier:
                keyid:21:64:62:C8:C0:06:5A:0A:6C:EA:F2:43:98:5B:69:7C:F1:35:7B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWRiyMAGWgps6vJDmFtpfPE1e_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/1-BW4odJAyxl12AYDgfFuFOqGWeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/fd90c5-183c-4d69-92f1-56bc70967885/1/IWRiyMAGWgps6vJDmFtpfPE1e_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:70:e1:7c:fe:e8:3e:c1:29:cc:ff:4b:d7:66:40:35:96:cd:
         14:2c:52:c0:cb:f1:9d:23:26:bf:35:6a:ce:47:85:4d:16:4b:
         72:11:6c:ae:63:8e:73:5d:2e:8b:d1:db:49:9a:49:4d:59:49:
         46:90:ab:1c:49:a3:bf:d0:e2:a4:01:7e:3e:6a:91:e3:b1:d7:
         1b:12:eb:a8:11:9b:67:c0:36:48:6b:b0:1b:83:91:c1:5f:0c:
         89:c8:7c:e2:94:b0:6d:68:aa:4f:2a:67:ee:b9:50:be:6f:33:
         60:55:0a:f5:04:4b:6f:6e:79:ff:b3:2d:a7:f3:bd:79:6d:bf:
         4b:91:98:ac:5c:2b:98:6d:95:8b:54:3a:12:0f:30:e6:3c:c4:
         16:fb:3f:6f:cb:87:6d:e3:6b:76:d1:9c:45:3a:09:29:ae:10:
         4e:2e:c7:5e:87:34:cc:ae:d3:66:e7:be:c5:9f:02:2a:76:cf:
         38:86:22:83:65:6c:be:fc:35:41:45:22:c5:b9:c5:02:54:ab:
         2f:59:45:d6:08:47:e4:d3:9c:41:cb:71:08:1b:43:fd:3e:75:
         8b:45:3d:0b:c4:db:6a:7f:83:8d:af:ee:2e:db:0a:8b:e3:07:
         03:e6:16:93:21:85:70:cf:a2:56:72:c6:9d:22:22:13:ce:92:
         1c:f0:b5:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjIW6QRn28HF4UCHgq5l2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjQ2MmM4YzAwNjVhMGE2Y2VhZjI0Mzk4NWI2OTdjZjEz
NTdiZmIwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODE1YjhhMWQyNDBjYjE5NzVkODA2MDM4MWYxNmUxNGVhODY1OWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoczsVYVR0+Khc7200ht7vAlVkm2I
V/PDXUD5nrvpAFiQ80RQt0rVV9Ogo1ifimfNSmc2bnH1kFQh3wcM8AG/PUipoC8s
L/QNkHQwOP99jxCPWIcgmY25hsI5UOcDLkehvIY66xeYHuADQU4q0Nq8QHedlArQ
3rfK0sH8FxVICVCHmHxLtEJkDoBrkBw0m3MI+9mrFeA1Z4UdpGumUe535kSHHfts
wwzSYZYnW86dfp8jwWOsus4QAfmDqFLn69/t0qJdN6sBGFH6iUxGmPKfjIXos1NZ
arEzMZwMm7Xw5AllT83i2qFZu7i0H2vGvg3abVFAPEczF3Ujd8y/tE9UaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgVuKHSQMsZddgGA4HxbhTqhlnhMB8GA1UdIwQY
MBaAFCFkYsjABloKbOryQ5hbaXzxNXv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdSaXlNQUdXZ3BzNnZKRG1GdHBmUEUxZV9zLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9mZDkwYzUtMTgzYy00ZDY5LTkyZjEt
NTZiYzcwOTY3ODg1LzEvMS1CVzRvZEpBeXhsMTJBWURnZkZ1Rk9xR1dlRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDgvZmQ5MGM1LTE4M2MtNGQ2OS05MmYxLTU2YmM3MDk2Nzg4
NS8xL0lXUml5TUFHV2dwczZ2SkRtRnRwZlBFMWVfcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGyojAN
BgkqhkiG9w0BAQsFAAOCAQEAEnDhfP7oPsEpzP9L12ZANZbNFCxSwMvxnSMmvzVq
zkeFTRZLchFsrmOOc10ui9HbSZpJTVlJRpCrHEmjv9DipAF+PmqR47HXGxLrqBGb
Z8A2SGuwG4ORwV8Mich84pSwbWiqTypn7rlQvm8zYFUK9QRLb255/7Mtp/O9eW2/
S5GYrFwrmG2Vi1Q6Eg8w5jzEFvs/b8uHbeNrdtGcRToJKa4QTi7HXoc0zK7TZue+
xZ8CKnbPOIYig2Vsvvw1QUUixbnFAlSrL1lF1ghH5NOcQctxCBtD/T51i0U9C8Tb
an+Dja/uLtsKi+MHA+YWkyGFcM+iVnLGnSIiE86SHPC1lA==
-----END CERTIFICATE-----