Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/5uljjHiNNOaac26tRfDYMvtnMkY.roa
File:                     5uljjHiNNOaac26tRfDYMvtnMkY.roa (raw, json)
Hash identifier:          Q7M6Bp79D6O8dYm6M5ML2nLIMBbVb2sxR0r3nfKEu6U=
Subject key identifier:   E6:E9:63:8C:78:8D:34:E6:9A:73:6E:AD:45:F0:D8:32:FB:67:32:46
Certificate issuer:       /CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
Certificate serial:       01942521B1E41EDE7519AB23051830E2E172
Authority key identifier: 68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/5uljjHiNNOaac26tRfDYMvtnMkY.roa
Signing time:             Thu 02 Jan 2025 03:49:12 +0000
ROA not before:           Thu 02 Jan 2025 03:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        193.107.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b1:e4:1e:de:75:19:ab:23:05:18:30:e2:e1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
        Validity
            Not Before: Jan  2 03:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6e9638c788d34e69a736ead45f0d832fb673246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:47:54:0c:48:04:fa:6e:c5:a6:c4:f5:b9:86:
                    5e:ef:62:ef:13:67:80:6b:d1:be:bd:3d:ec:43:cf:
                    a3:ec:eb:ea:a6:5a:fd:3a:ad:62:6a:88:d5:e1:49:
                    53:04:81:9a:78:75:c8:cf:e7:da:85:8e:9c:af:96:
                    8a:59:e2:9f:1f:8a:d7:82:aa:0d:b6:f2:ff:d7:88:
                    af:13:39:b7:c1:ea:e2:2f:c8:0a:c0:c2:1b:e2:b4:
                    8c:1d:1c:d7:2f:cd:f8:ff:90:a6:15:13:e8:be:52:
                    fd:9a:33:8b:64:c5:71:0e:44:91:84:03:dd:64:db:
                    90:08:7c:65:eb:8b:e8:09:53:f8:9f:fd:c9:ef:42:
                    88:26:f9:25:f1:b1:01:1c:d7:50:81:b5:c1:ba:5d:
                    f5:a9:ee:9f:8e:9f:a5:49:6d:7c:f7:71:fe:59:9a:
                    f9:8a:5e:53:b2:65:0d:e2:4c:38:33:e0:22:a8:62:
                    9b:b2:b9:65:5f:22:07:4b:31:69:7d:ab:1f:ca:b7:
                    98:b1:06:53:19:1b:ab:f0:4e:ef:17:b4:4b:2b:12:
                    7d:f7:d9:ab:4b:7a:86:bf:08:78:04:02:40:05:30:
                    7e:58:5b:c3:4e:ab:b1:f6:32:3e:ff:68:88:f5:bb:
                    cf:44:b9:22:80:b7:74:88:68:87:16:24:e1:fb:1b:
                    82:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:E9:63:8C:78:8D:34:E6:9A:73:6E:AD:45:F0:D8:32:FB:67:32:46
            X509v3 Authority Key Identifier:
                keyid:68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/5uljjHiNNOaac26tRfDYMvtnMkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:9d:bc:43:58:1e:92:a4:67:9f:42:62:fb:19:b8:d3:3e:2f:
         36:bc:56:d9:dd:35:74:90:ac:4d:f4:bb:0e:b9:ad:d2:bf:b6:
         d9:de:e9:fa:33:b5:dc:d0:c2:63:46:d8:a2:6f:77:e9:19:3c:
         e7:58:06:f6:be:e5:6d:47:51:9c:cc:56:c6:77:5a:c6:1e:8a:
         2d:a4:07:4a:59:1f:3d:98:a8:21:5d:89:e1:a8:76:f1:16:82:
         99:d8:a6:de:1b:42:d7:c1:15:6b:ca:24:95:35:af:0f:c0:ad:
         b1:1d:70:de:f1:4f:2a:e9:c8:27:59:89:e1:5c:ea:97:e6:11:
         55:f5:80:d5:a2:e0:07:39:76:29:e0:74:58:e1:f3:66:fd:8b:
         67:50:4f:9f:64:5e:14:0b:83:10:b5:e3:d2:07:a0:7a:72:fd:
         5c:c5:34:ed:79:00:64:dd:6d:07:f5:ff:16:7a:e2:03:7b:2c:
         01:59:8c:de:31:37:bf:5b:37:4c:05:63:d0:cc:d8:e9:08:62:
         07:2a:fe:06:8f:b1:a3:37:03:6b:2e:f3:84:a8:84:0c:bf:63:
         8e:81:28:35:3e:ae:e4:40:02:0d:f0:6e:30:22:68:de:ac:5a:
         7a:24:1a:d3:f6:9e:d5:8e:18:ee:dc:5d:60:70:ba:97:63:4f:
         7a:8e:7e:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbHkHt51GasjBRgw4uFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmQxMGYxYjE0YmJiMjc2N2ZmZGNhZWM0YjQxNzI4ODBi
YTQ2MWEwHhcNMjUwMTAyMDM0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmU5NjM4Yzc4OGQzNGU2OWE3MzZlYWQ0NWYwZDgzMmZiNjczMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0dUDEgE+m7FpsT1uYZe72LvE2eA
a9G+vT3sQ8+j7Ovqplr9Oq1iaojV4UlTBIGaeHXIz+fahY6cr5aKWeKfH4rXgqoN
tvL/14ivEzm3weriL8gKwMIb4rSMHRzXL834/5CmFRPovlL9mjOLZMVxDkSRhAPd
ZNuQCHxl64voCVP4n/3J70KIJvkl8bEBHNdQgbXBul31qe6fjp+lSW1893H+WZr5
il5TsmUN4kw4M+AiqGKbsrllXyIHSzFpfasfyreYsQZTGRur8E7vF7RLKxJ999mr
S3qGvwh4BAJABTB+WFvDTqux9jI+/2iI9bvPRLkigLd0iGiHFiTh+xuC+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObpY4x4jTTmmnNurUXw2DL7ZzJGMB8GA1UdIwQY
MBaAFGi9EPGxS7snZ//crsS0FyiAukYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYt
OWZlN2Q5MjhkOWJlLzEvNXVsampIaU5OT2FhYzI2dFJmRFlNdnRuTWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYtOWZlN2Q5MjhkOWJl
LzEvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWsoMA0G
CSqGSIb3DQEBCwUAA4IBAQAZnbxDWB6SpGefQmL7GbjTPi82vFbZ3TV0kKxN9LsO
ua3Sv7bZ3un6M7Xc0MJjRtiib3fpGTznWAb2vuVtR1GczFbGd1rGHootpAdKWR89
mKghXYnhqHbxFoKZ2KbeG0LXwRVryiSVNa8PwK2xHXDe8U8q6cgnWYnhXOqX5hFV
9YDVouAHOXYp4HRY4fNm/YtnUE+fZF4UC4MQtePSB6B6cv1cxTTteQBk3W0H9f8W
euIDeywBWYzeMTe/WzdMBWPQzNjpCGIHKv4Gj7GjNwNrLvOEqIQMv2OOgSg1Pq7k
QAIN8G4wImjerFp6JBrT9p7Vjhju3F1gcLqXY096jn4b
-----END CERTIFICATE-----