Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/CSj4rvQmRyDsyaDEw0jstidXLzo.roa
File:                     CSj4rvQmRyDsyaDEw0jstidXLzo.roa (raw, json)
Hash identifier:          3pSnEcRnf/ULKrT/Poc1HoH7UgR2xUCZ7SNrN3hfNmI=
Subject key identifier:   09:28:F8:AE:F4:26:47:20:EC:C9:A0:C4:C3:48:EC:B6:27:57:2F:3A
Certificate issuer:       /CN=1d9c072f2db3ef1f260505bbfa0efea18c2970b1
Certificate serial:       0194244532975EA50D213EB7FD1F0510A24C
Authority key identifier: 1D:9C:07:2F:2D:B3:EF:1F:26:05:05:BB:FA:0E:FE:A1:8C:29:70:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/CSj4rvQmRyDsyaDEw0jstidXLzo.roa
Signing time:             Wed 01 Jan 2025 23:48:22 +0000
ROA not before:           Wed 01 Jan 2025 23:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48258
IP address blocks:        185.254.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:32:97:5e:a5:0d:21:3e:b7:fd:1f:05:10:a2:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d9c072f2db3ef1f260505bbfa0efea18c2970b1
        Validity
            Not Before: Jan  1 23:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0928f8aef4264720ecc9a0c4c348ecb627572f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:95:cf:a2:61:13:3e:43:3e:95:f9:9f:69:00:
                    3e:5c:a3:df:d6:e6:60:96:e3:fb:10:61:ea:1e:4a:
                    da:de:38:8c:38:07:7b:bd:db:9e:9c:68:01:f6:3d:
                    f9:ad:67:b4:9b:0b:16:2d:54:12:03:5b:2b:f2:b5:
                    d2:fd:13:fa:b8:c8:ef:30:e2:e9:36:04:30:5c:36:
                    1a:44:12:79:99:c4:9f:53:ac:70:94:79:4d:58:38:
                    bc:df:69:e0:a0:ff:40:e0:36:07:37:7f:bd:7d:b8:
                    51:99:fd:83:04:f9:85:2b:bf:ba:3a:5d:7d:bd:67:
                    fa:24:8b:47:10:81:e1:2b:70:e6:f3:eb:85:0a:95:
                    bb:11:5d:ba:4b:86:63:b2:a2:a2:5c:31:3d:f3:5b:
                    3a:8e:9c:e5:16:bf:47:29:d9:b6:0e:c1:1e:39:ed:
                    1c:12:60:03:8f:a5:93:1c:c4:00:0c:2c:a1:90:7c:
                    a5:67:b6:cd:f9:58:df:1a:31:bd:c3:d5:f7:28:2e:
                    de:9c:86:13:c8:03:c0:55:ff:03:97:f9:7f:9a:d0:
                    3f:ed:61:7c:58:36:e2:88:a7:08:4a:23:ef:e9:87:
                    43:d3:d3:3f:3e:00:db:21:e5:20:50:86:a4:a4:4e:
                    bd:85:e6:00:d6:86:14:b2:24:b9:f5:91:ba:58:24:
                    4a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:28:F8:AE:F4:26:47:20:EC:C9:A0:C4:C3:48:EC:B6:27:57:2F:3A
            X509v3 Authority Key Identifier:
                keyid:1D:9C:07:2F:2D:B3:EF:1F:26:05:05:BB:FA:0E:FE:A1:8C:29:70:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HZwHLy2z7x8mBQW7-g7-oYwpcLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/CSj4rvQmRyDsyaDEw0jstidXLzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c550e3-f024-46b8-87ec-450e24e0891d/1/HZwHLy2z7x8mBQW7-g7-oYwpcLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:4a:7c:53:f6:2c:59:94:6b:a8:ee:c3:e0:04:01:9b:91:7b:
         50:d3:85:c4:d8:6e:c7:e9:39:13:48:f2:5d:be:51:ad:b8:d6:
         3d:ec:6a:e9:9c:e5:3a:33:16:2b:81:ed:8a:1c:e0:3a:bd:c4:
         c4:c6:97:60:0c:9f:2c:c7:dc:a4:c6:6d:cd:31:84:d4:cd:84:
         05:b1:09:d9:ab:73:9e:81:4d:1a:90:e0:1e:be:25:c9:76:33:
         1d:30:88:8a:2f:85:ff:de:a3:99:b3:f2:ff:32:14:58:96:fc:
         00:86:e7:f3:ec:34:ff:81:50:67:60:1c:53:7e:8d:02:b4:70:
         14:08:c6:73:a6:7a:2f:b0:f3:06:90:bc:ed:42:f9:b5:5e:ec:
         43:fb:62:61:f1:12:c0:99:e9:1a:ba:27:a6:02:c9:ad:9e:56:
         e0:02:a6:88:72:df:c0:1d:7b:75:8e:2d:13:9b:b6:36:19:d5:
         96:37:07:a6:5f:b4:88:c0:4d:1a:35:bb:35:b9:55:1c:25:95:
         81:16:98:7c:08:48:9c:1a:2b:35:ec:d9:b8:cf:52:53:aa:78:
         74:6c:17:3f:26:21:74:54:e3:27:11:0a:ff:3e:a5:6e:60:5f:
         d3:9d:55:f6:bf:05:0c:b4:6c:bd:94:70:05:f0:95:d2:03:53:
         b4:cd:a2:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRTKXXqUNIT63/R8FEKJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkOWMwNzJmMmRiM2VmMWYyNjA1MDViYmZhMGVmZWExOGMy
OTcwYjEwHhcNMjUwMTAxMjM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTI4ZjhhZWY0MjY0NzIwZWNjOWEwYzRjMzQ4ZWNiNjI3NTcyZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZXPomETPkM+lfmfaQA+XKPf1uZg
luP7EGHqHkra3jiMOAd7vduenGgB9j35rWe0mwsWLVQSA1sr8rXS/RP6uMjvMOLp
NgQwXDYaRBJ5mcSfU6xwlHlNWDi832ngoP9A4DYHN3+9fbhRmf2DBPmFK7+6Ol19
vWf6JItHEIHhK3Dm8+uFCpW7EV26S4ZjsqKiXDE981s6jpzlFr9HKdm2DsEeOe0c
EmADj6WTHMQADCyhkHylZ7bN+VjfGjG9w9X3KC7enIYTyAPAVf8Dl/l/mtA/7WF8
WDbiiKcISiPv6YdD09M/PgDbIeUgUIakpE69heYA1oYUsiS59ZG6WCRKEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAko+K70Jkcg7MmgxMNI7LYnVy86MB8GA1UdIwQY
MBaAFB2cBy8ts+8fJgUFu/oO/qGMKXCxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFp3SEx5Mno3eDhtQlFXNy1nNy1vWXdwY0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jNTUwZTMtZjAyNC00NmI4LTg3ZWMt
NDUwZTI0ZTA4OTFkLzEvQ1NqNHJ2UW1SeURzeWFERXcwanN0aWRYTHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jNTUwZTMtZjAyNC00NmI4LTg3ZWMtNDUwZTI0ZTA4OTFk
LzEvSFp3SEx5Mno3eDhtQlFXNy1nNy1vWXdwY0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf7gMA0G
CSqGSIb3DQEBCwUAA4IBAQA9SnxT9ixZlGuo7sPgBAGbkXtQ04XE2G7H6TkTSPJd
vlGtuNY97GrpnOU6MxYrge2KHOA6vcTExpdgDJ8sx9ykxm3NMYTUzYQFsQnZq3Oe
gU0akOAeviXJdjMdMIiKL4X/3qOZs/L/MhRYlvwAhufz7DT/gVBnYBxTfo0CtHAU
CMZzpnovsPMGkLztQvm1XuxD+2Jh8RLAmekauiemAsmtnlbgAqaIct/AHXt1ji0T
m7Y2GdWWNwemX7SIwE0aNbs1uVUcJZWBFph8CEicGis17Nm4z1JTqnh0bBc/JiF0
VOMnEQr/PqVuYF/TnVX2vwUMtGy9lHAF8JXSA1O0zaLD
-----END CERTIFICATE-----