Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/rIWLbuRWn6FYu5bbpY5MMG45yrY.roa
File:                     rIWLbuRWn6FYu5bbpY5MMG45yrY.roa (raw, json)
Hash identifier:          krN6offcByVQ0C0gcvcYLKJ889DH4uFaIMSTwQ2u2Eg=
Subject key identifier:   AC:85:8B:6E:E4:56:9F:A1:58:BB:96:DB:A5:8E:4C:30:6E:39:CA:B6
Certificate issuer:       /CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
Certificate serial:       019421445151958B7DAD0A16F3C454AC7BC9
Authority key identifier: 5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/rIWLbuRWn6FYu5bbpY5MMG45yrY.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57344
IP address blocks:        147.78.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:51:51:95:8b:7d:ad:0a:16:f3:c4:54:ac:7b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac858b6ee4569fa158bb96dba58e4c306e39cab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:27:f2:aa:a8:b0:1d:cf:a9:d1:55:a6:c1:f1:
                    f9:4e:31:34:d8:01:ff:01:b9:0d:24:0e:3d:cf:aa:
                    f8:a7:44:de:59:7b:72:c0:1e:72:3b:e0:bd:90:f2:
                    9d:d1:88:24:4f:eb:55:8d:5a:a9:1c:ba:d4:02:93:
                    7b:e6:4b:74:ab:8b:67:13:83:6e:2e:2c:53:ec:12:
                    39:ea:f7:ff:f9:90:8a:bb:87:5b:f6:cb:b4:e0:cb:
                    d7:eb:a4:f1:98:1f:b4:9a:e9:f1:dd:a6:a3:e1:06:
                    6e:9e:66:bf:50:99:a9:2f:37:9d:2f:a9:33:b1:88:
                    03:a2:2a:40:b4:a9:ae:b3:7a:9a:99:4e:d1:03:88:
                    03:62:40:1b:4a:57:2f:0a:24:74:5d:58:6a:63:bc:
                    15:4f:b7:78:d1:f5:e2:8e:77:9a:75:bb:c9:ea:75:
                    50:30:4a:f0:19:f3:c2:b1:dd:b4:f8:01:0d:00:eb:
                    37:cb:b4:e1:8c:fa:c5:fb:93:2f:31:e2:7b:11:05:
                    b6:ab:7e:fd:0c:f9:e3:87:d1:3c:4c:97:2a:6d:09:
                    64:4b:4d:7c:71:a5:16:a2:0c:f8:05:73:5f:fa:ac:
                    d8:a7:c5:84:da:3f:b3:09:d3:b9:5c:02:40:62:f4:
                    1e:8a:30:af:38:5f:bc:e8:fb:1f:87:3a:37:cd:8e:
                    bb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:85:8B:6E:E4:56:9F:A1:58:BB:96:DB:A5:8E:4C:30:6E:39:CA:B6
            X509v3 Authority Key Identifier:
                keyid:5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/rIWLbuRWn6FYu5bbpY5MMG45yrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e2:98:d5:e5:ac:88:db:d5:47:e0:73:fe:eb:8d:c9:2e:1f:
         d6:f1:b3:41:53:e5:8d:b6:d0:9e:e5:52:1a:8c:e1:50:31:cf:
         10:40:99:c9:f8:5a:2f:85:aa:e5:91:5f:2c:dd:b9:1a:bf:0b:
         e6:12:fe:1c:08:03:fe:b5:ec:dd:b7:d8:e7:3b:d4:72:e7:0b:
         8d:d5:59:2e:96:e3:da:96:3e:e3:c0:92:d8:aa:30:98:d0:1b:
         19:e4:2d:69:f3:41:65:44:23:49:ca:d7:fc:64:10:0b:b0:61:
         5f:0e:a4:40:07:92:66:2b:be:f5:9f:73:b8:37:6a:7a:8e:18:
         48:31:8b:b4:d1:c7:11:fe:c0:85:f7:ba:40:dc:8e:bf:da:72:
         1f:38:e0:68:a9:96:be:bf:24:01:bc:18:00:e3:19:ce:bc:6e:
         82:3d:fc:68:f5:ff:36:33:bf:bd:e3:65:0a:dd:ee:cd:c2:da:
         46:a0:78:ae:e3:0f:96:70:f1:a3:1f:50:ed:9e:cf:c5:50:58:
         23:55:80:0f:3e:2e:4d:51:5f:f0:e3:4c:78:91:a8:f1:87:07:
         6d:72:cf:b6:a8:66:20:19:52:1c:15:b0:30:4f:a3:73:c2:8a:
         3e:da:b9:8c:3a:05:32:d1:52:d2:c1:e3:d8:4c:8c:90:f9:64:
         e5:96:d4:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRFFRlYt9rQoW88RUrHvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDY5ZDlmNzQ5NjMwZjAyNTZjZjBjZWFiNTg4MzZiNDkx
YTU4ZjYwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzg1OGI2ZWU0NTY5ZmExNThiYjk2ZGJhNThlNGMzMDZlMzljYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmifyqqiwHc+p0VWmwfH5TjE02AH/
AbkNJA49z6r4p0TeWXtywB5yO+C9kPKd0YgkT+tVjVqpHLrUApN75kt0q4tnE4Nu
LixT7BI56vf/+ZCKu4db9su04MvX66TxmB+0munx3aaj4QZunma/UJmpLzedL6kz
sYgDoipAtKmus3qamU7RA4gDYkAbSlcvCiR0XVhqY7wVT7d40fXijneadbvJ6nVQ
MErwGfPCsd20+AENAOs3y7ThjPrF+5MvMeJ7EQW2q379DPnjh9E8TJcqbQlkS018
caUWogz4BXNf+qzYp8WE2j+zCdO5XAJAYvQeijCvOF+86Psfhzo3zY672QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyFi27kVp+hWLuW26WOTDBuOcq2MB8GA1UdIwQY
MBaAFF3WnZ90ljDwJWzwzqtYg2tJGlj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWIt
ZjNmZDY0MzMxNzA5LzEvcklXTGJ1UlduNkZZdTViYnBZNU1NRzQ1eXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWItZjNmZDY0MzMxNzA5
LzEvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk06NMA0G
CSqGSIb3DQEBCwUAA4IBAQAD4pjV5ayI29VH4HP+643JLh/W8bNBU+WNttCe5VIa
jOFQMc8QQJnJ+FovharlkV8s3bkavwvmEv4cCAP+tezdt9jnO9Ry5wuN1VkuluPa
lj7jwJLYqjCY0BsZ5C1p80FlRCNJytf8ZBALsGFfDqRAB5JmK771n3O4N2p6jhhI
MYu00ccR/sCF97pA3I6/2nIfOOBoqZa+vyQBvBgA4xnOvG6CPfxo9f82M7+942UK
3e7NwtpGoHiu4w+WcPGjH1Dtns/FUFgjVYAPPi5NUV/w40x4kajxhwdtcs+2qGYg
GVIcFbAwT6Nzwoo+2rmMOgUy0VLSwePYTIyQ+WTlltTe
-----END CERTIFICATE-----