Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/cpm1MJFdWjEQeCJ1LBHfzw5iKXY.roa
File:                     cpm1MJFdWjEQeCJ1LBHfzw5iKXY.roa (raw, json)
Hash identifier:          gbGURzXBFbe9SdreBkh+gl3ChVchhLD0ie8p4XE7DdU=
Subject key identifier:   72:99:B5:30:91:5D:5A:31:10:78:22:75:2C:11:DF:CF:0E:62:29:76
Certificate issuer:       /CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
Certificate serial:       019422FBC6853798FA499EAB09CB8117118D
Authority key identifier: 31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/cpm1MJFdWjEQeCJ1LBHfzw5iKXY.roa
Signing time:             Wed 01 Jan 2025 17:48:33 +0000
ROA not before:           Wed 01 Jan 2025 17:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42473
IP address blocks:        185.93.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c6:85:37:98:fa:49:9e:ab:09:cb:81:17:11:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
        Validity
            Not Before: Jan  1 17:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7299b530915d5a31107822752c11dfcf0e622976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:86:56:bc:16:ac:8e:2f:0f:47:6f:43:c5:b7:
                    40:d5:d3:03:8e:21:88:5d:5e:0f:88:11:0a:4c:48:
                    9e:98:65:7f:77:87:41:97:82:32:a1:7f:1f:b3:e2:
                    ed:74:6f:fe:d4:b2:fe:19:f9:de:c8:76:82:0b:14:
                    3c:79:ac:5a:bd:72:62:da:f8:65:e5:0b:b5:00:aa:
                    e7:15:70:de:a1:a0:2a:99:57:60:38:e1:46:85:32:
                    18:3b:aa:ff:79:e8:3f:77:b1:96:49:ad:34:3c:13:
                    c0:b3:ba:d6:9f:f7:88:77:df:8a:97:fd:e9:91:1e:
                    aa:3a:dc:e2:bb:43:09:19:ed:95:e4:25:cc:eb:b7:
                    83:da:fc:fb:99:f1:e1:c0:a6:8c:fd:a2:9e:4c:2c:
                    89:5e:88:57:bd:e4:66:8c:2d:7a:22:75:cd:e1:f6:
                    2e:fa:7e:24:4e:86:b3:ca:9b:1f:12:f6:81:42:0c:
                    c6:68:5d:33:04:81:a0:90:d3:7e:57:b8:48:3d:52:
                    4d:21:16:3b:a0:57:15:80:a6:db:22:ea:92:9a:b7:
                    8e:a6:cf:2e:4b:bd:d0:b5:4c:42:2e:f4:fb:40:1c:
                    65:1a:48:45:ec:72:f0:16:e9:9c:fe:69:52:f5:da:
                    14:b5:1c:ee:29:4c:b4:fc:b6:99:72:7a:36:5c:5d:
                    17:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:99:B5:30:91:5D:5A:31:10:78:22:75:2C:11:DF:CF:0E:62:29:76
            X509v3 Authority Key Identifier:
                keyid:31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/cpm1MJFdWjEQeCJ1LBHfzw5iKXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e3:b2:1c:55:a4:0d:75:2d:73:0e:35:30:76:35:af:2a:31:48:
         cd:21:0f:60:1d:86:e1:47:de:2f:c1:5e:45:58:ba:ff:61:22:
         4e:d8:8a:ca:fb:c3:12:2b:4f:d0:ff:35:ca:5a:9c:f0:15:de:
         14:05:9c:1f:97:18:8e:ec:a9:f6:8e:51:82:5f:3c:59:27:d4:
         80:73:49:b0:23:92:c0:16:c0:45:9d:04:63:08:57:c5:db:62:
         e9:2e:6d:02:52:a5:92:9f:c7:2f:a1:62:9f:97:18:89:50:f7:
         2a:ff:fa:5a:d0:e0:11:37:9a:d3:72:a6:f5:d1:ab:e1:cc:4a:
         8b:e4:85:bf:bf:ff:ac:3e:12:a9:1f:b7:dd:60:b4:7d:a8:ca:
         48:ec:b3:d4:9d:a1:4e:ce:00:de:42:57:f1:c9:83:35:b2:a8:
         bf:36:dd:0b:9e:e8:a1:97:ff:93:de:85:07:fd:af:12:e3:70:
         ef:a9:42:5f:23:41:8d:38:bb:51:40:bf:8c:ff:56:d7:1f:04:
         bb:b3:70:ea:47:35:bb:93:04:b9:a1:79:27:5f:fb:85:35:67:
         9e:84:e4:c3:7c:91:fe:2f:dc:46:29:32:8d:68:e8:d3:b7:dd:
         16:c5:5e:6a:a3:4a:83:30:fb:62:bc:33:5e:4b:d8:b4:d3:8c:
         fe:2e:e6:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8aFN5j6SZ6rCcuBFxGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2I4MTQ3NTAzZWExOWY1ODFjYTAwZDI4ZGJlZTVlNThj
YjhmNDgwHhcNMjUwMTAxMTc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk5YjUzMDkxNWQ1YTMxMTA3ODIyNzUyYzExZGZjZjBlNjIyOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIZWvBasji8PR29DxbdA1dMDjiGI
XV4PiBEKTEiemGV/d4dBl4IyoX8fs+LtdG/+1LL+GfneyHaCCxQ8eaxavXJi2vhl
5Qu1AKrnFXDeoaAqmVdgOOFGhTIYO6r/eeg/d7GWSa00PBPAs7rWn/eId9+Kl/3p
kR6qOtziu0MJGe2V5CXM67eD2vz7mfHhwKaM/aKeTCyJXohXveRmjC16InXN4fYu
+n4kToazypsfEvaBQgzGaF0zBIGgkNN+V7hIPVJNIRY7oFcVgKbbIuqSmreOps8u
S73QtUxCLvT7QBxlGkhF7HLwFumc/mlS9doUtRzuKUy0/LaZcno2XF0XXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKZtTCRXVoxEHgidSwR388OYil2MB8GA1UdIwQY
MBaAFDF7gUdQPqGfWBygDSjb7l5Yy49IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEt
NzU0NjFhYmJiNWE0LzEvY3BtMU1KRmRXakVRZUNKMUxCSGZ6dzVpS1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEtNzU0NjFhYmJiNWE0
LzEvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV3VMA0G
CSqGSIb3DQEBCwUAA4IBAQDjshxVpA11LXMONTB2Na8qMUjNIQ9gHYbhR94vwV5F
WLr/YSJO2IrK+8MSK0/Q/zXKWpzwFd4UBZwflxiO7Kn2jlGCXzxZJ9SAc0mwI5LA
FsBFnQRjCFfF22LpLm0CUqWSn8cvoWKflxiJUPcq//pa0OARN5rTcqb10avhzEqL
5IW/v/+sPhKpH7fdYLR9qMpI7LPUnaFOzgDeQlfxyYM1sqi/Nt0Lnuihl/+T3oUH
/a8S43DvqUJfI0GNOLtRQL+M/1bXHwS7s3DqRzW7kwS5oXknX/uFNWeehOTDfJH+
L9xGKTKNaOjTt90WxV5qo0qDMPtivDNeS9i004z+LuZI
-----END CERTIFICATE-----