Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/Xse_q1SIOApT0uJ4kO_NUiDFU1A.roa
File:                     Xse_q1SIOApT0uJ4kO_NUiDFU1A.roa (raw, json)
Hash identifier:          OR/vMeRN3fqz9meXU3XlPM8D3UPTvqtP1NKBnNpirBI=
Subject key identifier:   5E:C7:BF:AB:54:88:38:0A:53:D2:E2:78:90:EF:CD:52:20:C5:53:50
Certificate issuer:       /CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
Certificate serial:       0194221FB1CF544422E89514DD5C75BD3A2F
Authority key identifier: E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/Xse_q1SIOApT0uJ4kO_NUiDFU1A.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        92.249.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b1:cf:54:44:22:e8:95:14:dd:5c:75:bd:3a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ec7bfab5488380a53d2e27890efcd5220c55350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:56:1b:38:06:ed:56:fd:0b:7a:b7:a7:17:32:
                    81:65:85:bd:7c:8b:bd:0e:18:24:d4:40:c8:a6:46:
                    cf:8d:19:98:a0:69:9d:96:d8:9d:cd:72:68:00:9b:
                    34:0e:67:0e:31:18:2f:33:26:6b:11:2f:59:d7:fd:
                    38:c5:50:73:1f:d3:fc:b8:fc:b7:c8:34:55:23:4f:
                    1c:22:36:ff:06:49:0d:19:80:e5:a7:e7:33:d7:0e:
                    2b:68:7b:e3:e6:e7:1f:1d:75:1d:88:09:ba:b9:1c:
                    19:5d:cc:bf:c4:69:ae:27:30:da:92:0c:a0:49:bd:
                    fb:d7:dd:32:85:4e:35:50:e2:49:ba:8f:5d:78:5e:
                    5e:9d:b7:0d:e5:f1:d8:64:01:8d:7f:3f:70:1f:d2:
                    dd:af:8e:b1:0e:84:8e:58:10:32:7d:85:8a:70:49:
                    31:54:80:5a:e2:a3:bb:15:39:94:1c:b3:0e:04:1c:
                    88:68:46:17:6d:b0:7a:86:a7:d2:ff:00:e3:a6:48:
                    b4:20:c0:e8:97:60:6c:bf:47:f4:84:63:6b:3b:fa:
                    de:49:b1:2d:da:b3:4d:00:04:b0:4d:4d:3e:75:c7:
                    46:ee:44:cf:b6:c0:8a:2a:04:f4:fc:41:27:da:ed:
                    8c:3e:75:16:7c:e5:fd:41:ed:ef:46:c1:f5:db:80:
                    ab:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C7:BF:AB:54:88:38:0A:53:D2:E2:78:90:EF:CD:52:20:C5:53:50
            X509v3 Authority Key Identifier:
                keyid:E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/Xse_q1SIOApT0uJ4kO_NUiDFU1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:49:54:71:59:a9:dc:1c:b6:e7:d3:9c:74:ec:d9:41:00:69:
         6f:d7:53:88:ea:40:4e:45:b7:78:60:56:e4:33:fd:06:fd:f9:
         26:d4:e0:68:78:a7:5c:54:3b:10:10:85:7a:3d:bf:4d:42:dc:
         b1:1a:71:a5:f3:82:bd:06:5c:6e:b4:f8:a0:76:d7:fc:99:6b:
         90:3c:e9:bc:bc:dc:2d:ee:4e:f5:f1:90:b3:ab:1a:91:c7:14:
         79:c1:2b:07:a3:6a:0f:5f:66:45:d7:85:4e:79:70:ec:a4:85:
         6c:af:c2:bf:9d:0e:66:a0:c2:54:0d:09:d6:5c:21:56:1f:b6:
         f6:9b:38:a0:7e:8e:98:f7:1c:34:1e:88:54:e1:83:6b:c8:d1:
         0e:27:9d:1a:2c:91:b8:48:a9:70:dc:66:7c:a8:34:f4:2a:35:
         78:64:59:e7:b5:b5:a3:54:90:28:5a:8a:d2:c4:b7:f7:b0:df:
         3a:e4:dd:11:92:f7:65:20:d2:58:19:f7:45:98:29:59:f4:bb:
         6a:dd:66:af:8f:80:b1:18:ce:b5:fb:63:4e:e1:1b:10:b2:3e:
         42:60:f2:74:de:1e:a8:74:ae:09:de:c1:38:cf:0e:83:96:5b:
         1b:4f:51:80:45:b4:25:dd:04:13:3a:17:f1:24:a8:e5:64:c6:
         db:e9:63:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7HPVEQi6JUU3Vx1vTovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWYzNjU2YzZlZDlhM2Y5YTQyYzY3OGE3OGEyZTM3NGY4
ZTU3ZDMwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWM3YmZhYjU0ODgzODBhNTNkMmUyNzg5MGVmY2Q1MjIwYzU1MzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVYbOAbtVv0LerenFzKBZYW9fIu9
Dhgk1EDIpkbPjRmYoGmdltidzXJoAJs0DmcOMRgvMyZrES9Z1/04xVBzH9P8uPy3
yDRVI08cIjb/BkkNGYDlp+cz1w4raHvj5ucfHXUdiAm6uRwZXcy/xGmuJzDakgyg
Sb37190yhU41UOJJuo9deF5enbcN5fHYZAGNfz9wH9Ldr46xDoSOWBAyfYWKcEkx
VIBa4qO7FTmUHLMOBByIaEYXbbB6hqfS/wDjpki0IMDol2Bsv0f0hGNrO/reSbEt
2rNNAASwTU0+dcdG7kTPtsCKKgT0/EEn2u2MPnUWfOX9Qe3vRsH124Cr3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7Hv6tUiDgKU9LieJDvzVIgxVNQMB8GA1UdIwQY
MBaAFOMfNlbG7Zo/mkLGeKeKLjdPjlfTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUt
ZTczM2MyNjJhMzgyLzEvWHNlX3ExU0lPQXBUMHVKNGtPX05VaURGVTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUtZTczM2MyNjJhMzgy
LzEvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPkZMA0G
CSqGSIb3DQEBCwUAA4IBAQCySVRxWancHLbn05x07NlBAGlv11OI6kBORbd4YFbk
M/0G/fkm1OBoeKdcVDsQEIV6Pb9NQtyxGnGl84K9BlxutPigdtf8mWuQPOm8vNwt
7k718ZCzqxqRxxR5wSsHo2oPX2ZF14VOeXDspIVsr8K/nQ5moMJUDQnWXCFWH7b2
mzigfo6Y9xw0HohU4YNryNEOJ50aLJG4SKlw3GZ8qDT0KjV4ZFnntbWjVJAoWorS
xLf3sN865N0RkvdlINJYGfdFmClZ9Ltq3Wavj4CxGM61+2NO4RsQsj5CYPJ03h6o
dK4J3sE4zw6DllsbT1GARbQl3QQTOhfxJKjlZMbb6WOe
-----END CERTIFICATE-----