Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/p0WThpG_MdNvN5PcmLOinicnMKU.roa
File:                     p0WThpG_MdNvN5PcmLOinicnMKU.roa (raw, json)
Hash identifier:          mWE6tAtdJrB/Zm93V43/E521MfBc5yD2nOmUvWByQN4=
Subject key identifier:   A7:45:93:86:91:BF:31:D3:6F:37:93:DC:98:B3:A2:9E:27:27:30:A5
Certificate issuer:       /CN=6279db14ac018be3b67d20b67e0d9ba376dbd9bf
Certificate serial:       0194252189DDD753FA8BD9CFB36501D70C34
Authority key identifier: 62:79:DB:14:AC:01:8B:E3:B6:7D:20:B6:7E:0D:9B:A3:76:DB:D9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/p0WThpG_MdNvN5PcmLOinicnMKU.roa
Signing time:             Thu 02 Jan 2025 03:49:02 +0000
ROA not before:           Thu 02 Jan 2025 03:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200043
IP address blocks:        217.18.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 21:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:89:dd:d7:53:fa:8b:d9:cf:b3:65:01:d7:0c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6279db14ac018be3b67d20b67e0d9ba376dbd9bf
        Validity
            Not Before: Jan  2 03:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a745938691bf31d36f3793dc98b3a29e272730a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8c:ca:d0:51:78:95:a8:ae:3a:bc:d5:06:4e:
                    ef:d4:ff:12:b3:60:c0:92:7d:f3:47:d2:fd:21:08:
                    a9:62:46:0b:8d:39:28:f3:9b:ec:61:97:3e:70:57:
                    d4:7a:60:62:78:20:4d:58:ef:78:a9:11:1a:87:4b:
                    3f:7b:a8:a0:c7:27:b4:bb:fe:38:10:8f:08:b6:62:
                    ce:9d:6c:81:42:90:3b:87:94:c1:5a:3c:ac:a0:0e:
                    68:bb:c4:04:4f:be:67:27:ac:e4:3d:40:63:de:d8:
                    f1:f9:5b:dc:b2:c7:64:1e:6b:a6:79:a9:2f:86:6b:
                    7d:51:89:78:24:f8:57:13:68:b4:ea:15:08:48:de:
                    f1:eb:03:4a:f0:47:df:21:5a:69:3b:f7:16:91:ff:
                    b2:fc:9b:c3:2d:43:9e:eb:ad:08:ac:eb:e2:f8:ef:
                    86:ec:41:c6:0e:2d:34:dc:a8:3b:55:6d:0c:0e:a6:
                    e1:24:4b:22:94:09:1c:c5:61:f5:05:10:06:36:ac:
                    6e:8f:53:3a:31:66:18:ab:d9:d3:9c:26:ba:39:78:
                    a8:50:a7:cd:ea:ea:24:83:5a:b9:ba:c0:39:af:55:
                    f8:17:60:12:bb:49:68:27:be:8b:60:76:1f:f3:01:
                    93:5a:93:4d:bd:f3:27:26:75:0d:f5:a9:ff:7b:33:
                    47:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:45:93:86:91:BF:31:D3:6F:37:93:DC:98:B3:A2:9E:27:27:30:A5
            X509v3 Authority Key Identifier:
                keyid:62:79:DB:14:AC:01:8B:E3:B6:7D:20:B6:7E:0D:9B:A3:76:DB:D9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnnbFKwBi-O2fSC2fg2bo3bb2b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/p0WThpG_MdNvN5PcmLOinicnMKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2753dd-7444-4b97-b73b-0b34edc418d8/1/YnnbFKwBi-O2fSC2fg2bo3bb2b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:6c:79:6e:91:be:8a:4f:63:3c:7b:8a:da:13:57:f4:93:6b:
         0c:7d:03:a3:14:00:b2:a3:26:d0:d1:4b:5a:23:ad:49:59:83:
         07:01:c9:39:03:14:fc:0a:38:6d:bf:7a:27:f5:29:91:8d:0a:
         9f:25:e2:e7:9f:13:f3:ab:e2:8e:d7:5b:bd:1f:bd:ee:15:56:
         f3:d3:f1:a5:51:c4:eb:2f:d6:c7:64:b3:14:80:59:62:46:dd:
         8f:2d:49:ff:17:da:cc:2c:eb:78:e3:e0:eb:ea:30:0a:6e:0e:
         4e:7d:61:98:39:a3:f9:4b:a1:5b:32:c5:b6:6e:6d:d6:7d:4c:
         c8:c2:0b:e1:9a:85:ce:bf:3c:a3:d2:2e:37:95:56:38:0a:57:
         29:3e:90:37:e3:0b:85:dc:73:a8:81:75:a6:27:59:eb:5f:92:
         07:83:cc:25:64:ed:b3:39:83:e7:f0:41:1a:e7:ba:e4:2c:04:
         54:d7:b2:93:47:1d:e4:43:10:60:14:25:3a:69:0a:14:35:13:
         3b:fa:5b:87:67:71:74:f4:3f:42:27:c4:bb:9c:44:6d:16:4e:
         c7:d9:27:4c:9a:4b:ef:c2:1d:8b:bd:77:96:ea:a5:f8:23:1c:
         db:a3:b2:9f:67:ac:fd:01:34:c0:21:4a:33:1c:48:c2:ea:5c:
         64:fa:60:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYnd11P6i9nPs2UB1ww0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzlkYjE0YWMwMThiZTNiNjdkMjBiNjdlMGQ5YmEzNzZk
YmQ5YmYwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQ1OTM4NjkxYmYzMWQzNmYzNzkzZGM5OGIzYTI5ZTI3MjczMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4zK0FF4laiuOrzVBk7v1P8Ss2DA
kn3zR9L9IQipYkYLjTko85vsYZc+cFfUemBieCBNWO94qREah0s/e6igxye0u/44
EI8ItmLOnWyBQpA7h5TBWjysoA5ou8QET75nJ6zkPUBj3tjx+VvcssdkHmumeakv
hmt9UYl4JPhXE2i06hUISN7x6wNK8EffIVppO/cWkf+y/JvDLUOe660IrOvi+O+G
7EHGDi003Kg7VW0MDqbhJEsilAkcxWH1BRAGNqxuj1M6MWYYq9nTnCa6OXioUKfN
6uokg1q5usA5r1X4F2ASu0loJ76LYHYf8wGTWpNNvfMnJnUN9an/ezNHRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdFk4aRvzHTbzeT3Jizop4nJzClMB8GA1UdIwQY
MBaAFGJ52xSsAYvjtn0gtn4Nm6N229m/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5uYkZLd0JpLU8yZlNDMmZnMmJvM2JiMmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yNzUzZGQtNzQ0NC00Yjk3LWI3M2It
MGIzNGVkYzQxOGQ4LzEvcDBXVGhwR19NZE52TjVQY21MT2luaWNuTUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yNzUzZGQtNzQ0NC00Yjk3LWI3M2ItMGIzNGVkYzQxOGQ4
LzEvWW5uYkZLd0JpLU8yZlNDMmZnMmJvM2JiMmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJcMA0G
CSqGSIb3DQEBCwUAA4IBAQAnbHlukb6KT2M8e4raE1f0k2sMfQOjFACyoybQ0Uta
I61JWYMHAck5AxT8Cjhtv3on9SmRjQqfJeLnnxPzq+KO11u9H73uFVbz0/GlUcTr
L9bHZLMUgFliRt2PLUn/F9rMLOt44+Dr6jAKbg5OfWGYOaP5S6FbMsW2bm3WfUzI
wgvhmoXOvzyj0i43lVY4ClcpPpA34wuF3HOogXWmJ1nrX5IHg8wlZO2zOYPn8EEa
57rkLARU17KTRx3kQxBgFCU6aQoUNRM7+luHZ3F09D9CJ8S7nERtFk7H2SdMmkvv
wh2LvXeW6qX4Ixzbo7KfZ6z9ATTAIUozHEjC6lxk+mAU
-----END CERTIFICATE-----