Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/POu4BRKwJ9b6QnLtzzujF-OJsSQ.roa
File:                     POu4BRKwJ9b6QnLtzzujF-OJsSQ.roa (raw, json)
Hash identifier:          XnOw29GXgrIDV++SsvKlXzYrR59LZbUOXYaVKIhexjc=
Subject key identifier:   3C:EB:B8:05:12:B0:27:D6:FA:42:72:ED:CF:3B:A3:17:E3:89:B1:24
Certificate issuer:       /CN=7de963ece2f0ba9f7749aca385420f9d702eaa8b
Certificate serial:       0194228DBCB67042FEECA1626AD1B345626A
Authority key identifier: 7D:E9:63:EC:E2:F0:BA:9F:77:49:AC:A3:85:42:0F:9D:70:2E:AA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/felj7OLwup93SayjhUIPnXAuqos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/POu4BRKwJ9b6QnLtzzujF-OJsSQ.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        193.104.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/felj7OLwup93SayjhUIPnXAuqos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/felj7OLwup93SayjhUIPnXAuqos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/felj7OLwup93SayjhUIPnXAuqos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bc:b6:70:42:fe:ec:a1:62:6a:d1:b3:45:62:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7de963ece2f0ba9f7749aca385420f9d702eaa8b
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cebb80512b027d6fa4272edcf3ba317e389b124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:12:fc:8b:56:3f:1a:38:a6:5b:38:28:0f:fc:
                    06:42:bb:50:fd:cf:54:0b:c5:9f:5f:72:c2:f3:b9:
                    37:ad:3f:3e:fe:0d:a1:8f:e8:aa:14:29:4c:b4:87:
                    bf:3a:b3:e6:d0:33:fa:db:f7:56:b9:f4:30:6b:8f:
                    2a:96:ee:d2:d3:5c:2f:df:ec:c5:fb:ff:70:e9:e8:
                    67:31:65:d0:9c:5b:15:b2:97:22:8d:48:0f:4d:7e:
                    8b:54:77:b4:2a:ef:de:9d:ec:f7:e3:de:ba:05:f7:
                    7e:2a:03:26:df:73:1a:9a:37:c3:66:f7:db:dc:2b:
                    da:ee:91:8a:12:89:49:0b:ba:31:0b:ff:4b:d8:3f:
                    b0:c2:33:7c:76:ec:c0:53:fb:c6:97:2f:ae:81:ed:
                    01:06:c3:d4:07:76:ce:19:91:cb:22:9e:22:a6:67:
                    9a:d9:59:31:51:a2:6e:d8:d1:9e:16:d7:48:c6:ac:
                    3c:52:c4:16:90:1c:4c:00:79:ed:f9:81:6d:dd:58:
                    77:fc:a9:89:03:9a:54:fc:af:c4:d0:9d:c1:b8:25:
                    f9:41:1d:3f:f2:d3:29:2d:16:72:aa:0f:03:36:f4:
                    a5:a0:38:59:8d:db:cb:e3:9e:e8:22:1a:9e:49:1d:
                    be:5e:f2:46:8b:5e:99:e9:ce:94:18:44:f2:ae:61:
                    3c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:EB:B8:05:12:B0:27:D6:FA:42:72:ED:CF:3B:A3:17:E3:89:B1:24
            X509v3 Authority Key Identifier:
                keyid:7D:E9:63:EC:E2:F0:BA:9F:77:49:AC:A3:85:42:0F:9D:70:2E:AA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/felj7OLwup93SayjhUIPnXAuqos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/POu4BRKwJ9b6QnLtzzujF-OJsSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/ff6052-fa80-44b8-afca-6e2dea03d596/1/felj7OLwup93SayjhUIPnXAuqos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:be:4f:64:ec:6a:dc:cb:d5:22:6d:19:ea:ff:fd:82:71:f3:
         3b:b1:f4:fe:7e:ce:26:4c:c1:91:37:a4:82:22:56:28:e6:d7:
         9e:e7:b6:03:11:1b:fc:5a:3f:37:bb:5e:b1:03:5e:40:2b:46:
         e3:6a:74:14:59:47:c5:74:44:49:fa:40:8d:cc:0c:46:9f:d1:
         02:33:67:03:73:b9:07:1f:ad:24:25:29:9c:74:f2:9c:99:a1:
         f0:d4:24:b2:b3:4a:eb:a4:77:b3:a4:c1:77:50:09:94:9d:38:
         c1:e2:f3:fc:12:bb:28:f4:07:f2:99:35:8c:54:55:df:8f:f3:
         52:3c:c8:9b:1c:4b:28:10:7a:f2:84:d0:c2:33:88:2d:95:81:
         f7:4e:17:51:bf:fa:54:eb:1c:61:dc:be:5d:a0:1f:af:30:bc:
         a7:28:2e:e1:46:ed:41:fd:e7:62:52:cc:86:6d:a2:4e:2a:18:
         cd:1c:94:6d:c1:bc:e5:13:94:df:71:dd:5c:79:95:db:4c:fe:
         da:27:27:57:80:a4:47:c7:3c:43:d6:74:05:e3:b9:74:47:c5:
         5a:73:f8:cb:71:91:a4:03:da:48:2f:b7:e6:89:c7:e1:46:55:
         da:ec:98:cb:6a:2b:f6:38:24:46:33:33:42:d2:65:e5:bb:3a:
         6c:1e:6c:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijby2cEL+7KFiatGzRWJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZTk2M2VjZTJmMGJhOWY3NzQ5YWNhMzg1NDIwZjlkNzAy
ZWFhOGIwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ViYjgwNTEyYjAyN2Q2ZmE0MjcyZWRjZjNiYTMxN2UzODliMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxL8i1Y/GjimWzgoD/wGQrtQ/c9U
C8WfX3LC87k3rT8+/g2hj+iqFClMtIe/OrPm0DP62/dWufQwa48qlu7S01wv3+zF
+/9w6ehnMWXQnFsVspcijUgPTX6LVHe0Ku/enez34966Bfd+KgMm33MamjfDZvfb
3Cva7pGKEolJC7oxC/9L2D+wwjN8duzAU/vGly+uge0BBsPUB3bOGZHLIp4ipmea
2VkxUaJu2NGeFtdIxqw8UsQWkBxMAHnt+YFt3Vh3/KmJA5pU/K/E0J3BuCX5QR0/
8tMpLRZyqg8DNvSloDhZjdvL457oIhqeSR2+XvJGi16Z6c6UGETyrmE8eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzruAUSsCfW+kJy7c87oxfjibEkMB8GA1UdIwQY
MBaAFH3pY+zi8Lqfd0mso4VCD51wLqqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmVsajdPTHd1cDkzU2F5amhVSVBuWEF1cW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mZjYwNTItZmE4MC00NGI4LWFmY2Et
NmUyZGVhMDNkNTk2LzEvUE91NEJSS3dKOWI2UW5MdHp6dWpGLU9Kc1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mZjYwNTItZmE4MC00NGI4LWFmY2EtNmUyZGVhMDNkNTk2
LzEvZmVsajdPTHd1cDkzU2F5amhVSVBuWEF1cW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgBMA0G
CSqGSIb3DQEBCwUAA4IBAQApvk9k7Grcy9UibRnq//2CcfM7sfT+fs4mTMGRN6SC
IlYo5tee57YDERv8Wj83u16xA15AK0bjanQUWUfFdERJ+kCNzAxGn9ECM2cDc7kH
H60kJSmcdPKcmaHw1CSys0rrpHezpMF3UAmUnTjB4vP8Erso9AfymTWMVFXfj/NS
PMibHEsoEHryhNDCM4gtlYH3ThdRv/pU6xxh3L5doB+vMLynKC7hRu1B/ediUsyG
baJOKhjNHJRtwbzlE5Tfcd1ceZXbTP7aJydXgKRHxzxD1nQF47l0R8Vac/jLcZGk
A9pIL7fmicfhRlXa7JjLaiv2OCRGMzNC0mXluzpsHmzw
-----END CERTIFICATE-----