Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/4iS4euTiQtItVR9HBATrZ2d1jzs.roa
File:                     4iS4euTiQtItVR9HBATrZ2d1jzs.roa (raw, json)
Hash identifier:          Nz/wJMhE4IZvQI592qdr0LdN9YN/43igAFLk6lhCh5w=
Subject key identifier:   E2:24:B8:7A:E4:E2:42:D2:2D:55:1F:47:04:04:EB:67:67:75:8F:3B
Certificate issuer:       /CN=97668547a433343dde9bb36595bc903b4f149604
Certificate serial:       01942445401CB410BCD0F73F125433E58206
Authority key identifier: 97:66:85:47:A4:33:34:3D:DE:9B:B3:65:95:BC:90:3B:4F:14:96:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l2aFR6QzND3em7NllbyQO08UlgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/4iS4euTiQtItVR9HBATrZ2d1jzs.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25400
IP address blocks:        194.54.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/l2aFR6QzND3em7NllbyQO08UlgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/l2aFR6QzND3em7NllbyQO08UlgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l2aFR6QzND3em7NllbyQO08UlgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:40:1c:b4:10:bc:d0:f7:3f:12:54:33:e5:82:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97668547a433343dde9bb36595bc903b4f149604
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e224b87ae4e242d22d551f470404eb6767758f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e6:b8:90:5f:74:e7:43:91:b6:62:80:f7:ed:
                    98:7e:74:2a:f6:94:08:6d:42:0b:bb:75:e5:2b:89:
                    f0:22:fa:0a:62:77:a5:04:15:61:e3:3f:bf:8b:75:
                    84:54:57:d2:dd:06:d4:9e:34:4a:42:72:32:5d:4f:
                    bf:b2:e5:aa:64:5f:b2:54:fb:cc:9d:ea:86:f1:cb:
                    29:9c:c9:1b:69:12:70:df:4f:df:c6:3a:35:b5:e0:
                    58:c4:aa:0e:1d:bb:10:94:3d:e3:4e:3b:8b:fe:7a:
                    44:ae:3a:d2:90:0e:77:db:ab:69:85:1b:07:b3:c5:
                    06:1f:b1:5d:6c:7f:23:16:f9:3f:73:ad:ac:f9:76:
                    06:db:1d:e2:ac:27:37:65:ce:df:10:e2:ff:01:4e:
                    b7:e7:57:9c:e5:c3:12:42:18:e5:3e:4c:7f:d5:8b:
                    ca:53:d7:63:85:89:8f:a6:18:c1:8f:e0:60:50:46:
                    74:76:2f:b1:cf:8f:39:55:a0:2e:18:8e:3d:b5:4f:
                    ef:c8:d8:f5:1f:f7:71:e9:e4:c3:a7:79:6b:db:3b:
                    db:29:c3:cd:89:03:f7:66:80:a6:80:c8:3c:8b:b6:
                    59:81:67:6f:ad:44:71:f2:2e:15:de:ab:20:91:4c:
                    b6:36:e7:9b:bd:4c:3d:0b:43:7f:c2:3c:c3:55:a6:
                    18:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:24:B8:7A:E4:E2:42:D2:2D:55:1F:47:04:04:EB:67:67:75:8F:3B
            X509v3 Authority Key Identifier:
                keyid:97:66:85:47:A4:33:34:3D:DE:9B:B3:65:95:BC:90:3B:4F:14:96:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l2aFR6QzND3em7NllbyQO08UlgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/4iS4euTiQtItVR9HBATrZ2d1jzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/978c2e-1b76-48b0-a603-64c1c279ccc0/1/l2aFR6QzND3em7NllbyQO08UlgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:83:f3:ec:87:81:d5:c4:b1:cb:41:e7:13:33:21:bf:fd:d1:
         f6:6f:bf:36:0a:8a:0a:a5:b1:98:7b:0b:5c:ad:00:82:f7:b1:
         d0:2e:e9:9e:72:6b:b1:c8:fd:f0:d8:d4:a9:67:38:b7:97:74:
         3b:2b:27:fd:89:29:dd:b4:2e:db:91:3f:23:ec:ba:f9:c3:19:
         55:4c:18:9a:79:b9:b0:95:b7:cc:c1:1c:b3:0a:f0:b2:28:97:
         05:25:85:2b:08:f5:8d:f3:1e:13:74:9d:ca:a1:37:c0:43:03:
         f9:2b:89:40:66:d9:95:83:05:fa:24:d3:45:6c:4b:e0:bb:38:
         c9:35:88:c0:28:79:6e:b6:04:ec:0b:ca:97:cc:09:99:6f:58:
         a1:77:84:c9:d6:ae:2f:b4:a5:d9:55:71:0d:14:c2:3d:b1:49:
         45:b5:8e:ff:d5:f9:6f:55:e0:1f:1c:19:75:9f:2d:21:1f:48:
         81:a8:d8:29:26:6a:39:68:fb:4e:be:c8:7d:6d:36:2b:87:3c:
         c2:74:66:6f:83:be:21:7d:a0:7d:4b:eb:a5:4f:35:1d:ed:6d:
         ac:9f:4e:26:ed:32:56:9c:68:75:28:62:f3:9e:bd:d7:b3:48:
         51:05:c2:c7:0f:80:ca:f7:e1:93:d8:1b:b2:46:e8:c0:ed:62:
         39:e4:6f:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUActBC80Pc/ElQz5YIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NjY4NTQ3YTQzMzM0M2RkZTliYjM2NTk1YmM5MDNiNGYx
NDk2MDQwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI0Yjg3YWU0ZTI0MmQyMmQ1NTFmNDcwNDA0ZWI2NzY3NzU4ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+a4kF9050ORtmKA9+2YfnQq9pQI
bUILu3XlK4nwIvoKYnelBBVh4z+/i3WEVFfS3QbUnjRKQnIyXU+/suWqZF+yVPvM
neqG8cspnMkbaRJw30/fxjo1teBYxKoOHbsQlD3jTjuL/npErjrSkA5326tphRsH
s8UGH7FdbH8jFvk/c62s+XYG2x3irCc3Zc7fEOL/AU6351ec5cMSQhjlPkx/1YvK
U9djhYmPphjBj+BgUEZ0di+xz485VaAuGI49tU/vyNj1H/dx6eTDp3lr2zvbKcPN
iQP3ZoCmgMg8i7ZZgWdvrURx8i4V3qsgkUy2NuebvUw9C0N/wjzDVaYYxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIkuHrk4kLSLVUfRwQE62dndY87MB8GA1UdIwQY
MBaAFJdmhUekMzQ93puzZZW8kDtPFJYEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDJhRlI2UXpORDNlbTdObGxieVFPMDhVbGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS85NzhjMmUtMWI3Ni00OGIwLWE2MDMt
NjRjMWMyNzljY2MwLzEvNGlTNGV1VGlRdEl0VlI5SEJBVHJaMmQxanpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS85NzhjMmUtMWI3Ni00OGIwLWE2MDMtNjRjMWMyNzljY2Mw
LzEvbDJhRlI2UXpORDNlbTdObGxieVFPMDhVbGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjZEMA0G
CSqGSIb3DQEBCwUAA4IBAQBWg/Psh4HVxLHLQecTMyG//dH2b782CooKpbGYewtc
rQCC97HQLumecmuxyP3w2NSpZzi3l3Q7Kyf9iSndtC7bkT8j7Lr5wxlVTBiaebmw
lbfMwRyzCvCyKJcFJYUrCPWN8x4TdJ3KoTfAQwP5K4lAZtmVgwX6JNNFbEvguzjJ
NYjAKHlutgTsC8qXzAmZb1ihd4TJ1q4vtKXZVXENFMI9sUlFtY7/1flvVeAfHBl1
ny0hH0iBqNgpJmo5aPtOvsh9bTYrhzzCdGZvg74hfaB9S+ulTzUd7W2sn04m7TJW
nGh1KGLznr3Xs0hRBcLHD4DK9+GT2BuyRujA7WI55G+L
-----END CERTIFICATE-----