Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/cFotkS6ux0_MLeGzyK_DeWIUeaM.roa
File:                     cFotkS6ux0_MLeGzyK_DeWIUeaM.roa (raw, json)
Hash identifier:          4CuT/CFbyV2w8Qh8mF53vlpw9DoBWeAo/yfxDDSS1VE=
Subject key identifier:   70:5A:2D:91:2E:AE:C7:4F:CC:2D:E1:B3:C8:AF:C3:79:62:14:79:A3
Certificate issuer:       /CN=ce7cacfa735ceeafdd2a214c09ee72469425250e
Certificate serial:       019424456CA09490C6762B83086FC8F5B093
Authority key identifier: CE:7C:AC:FA:73:5C:EE:AF:DD:2A:21:4C:09:EE:72:46:94:25:25:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/cFotkS6ux0_MLeGzyK_DeWIUeaM.roa
Signing time:             Wed 01 Jan 2025 23:48:37 +0000
ROA not before:           Wed 01 Jan 2025 23:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200200
IP address blocks:        193.58.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6c:a0:94:90:c6:76:2b:83:08:6f:c8:f5:b0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce7cacfa735ceeafdd2a214c09ee72469425250e
        Validity
            Not Before: Jan  1 23:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=705a2d912eaec74fcc2de1b3c8afc379621479a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c6:74:bc:38:a8:17:c2:f0:11:2b:fc:70:1e:
                    d6:79:7c:46:4f:29:f0:e5:e7:d7:44:43:36:c1:73:
                    f6:98:9d:4c:4e:64:5e:35:a0:3b:08:75:9e:be:38:
                    0a:39:9e:07:f6:fe:d0:60:f6:0a:2c:1d:4b:2c:9f:
                    21:c8:42:8d:21:c3:d7:84:a0:c5:8e:ea:63:10:32:
                    76:53:85:f2:7e:06:4a:cd:48:d5:d4:de:42:ff:75:
                    52:80:20:df:e1:b0:22:cc:2b:53:89:42:e3:9f:86:
                    3d:55:28:09:76:b0:0f:cf:ac:fb:e4:17:0f:ad:a3:
                    77:68:e3:50:ff:4e:9f:95:78:f9:95:f7:1d:5c:75:
                    6e:1a:c2:e1:94:fa:9c:0c:bd:ae:5a:a0:7c:77:2a:
                    b2:28:29:9d:b7:b3:73:8a:26:89:11:5d:d5:17:1b:
                    37:af:7d:3e:c9:36:9d:2f:fd:6d:d0:b1:14:3b:01:
                    7c:84:bd:ed:54:bb:8d:3a:92:80:d6:42:4b:49:ab:
                    13:1f:24:95:c8:a7:9a:44:b5:57:45:50:31:c9:73:
                    da:b7:3c:dd:7a:01:f2:22:0a:82:6d:5f:40:5a:83:
                    e8:ca:97:29:62:7a:9c:62:a8:12:81:58:94:a0:3c:
                    9a:81:f5:50:e5:a4:a0:bf:88:4b:f3:0a:59:51:7a:
                    4d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5A:2D:91:2E:AE:C7:4F:CC:2D:E1:B3:C8:AF:C3:79:62:14:79:A3
            X509v3 Authority Key Identifier:
                keyid:CE:7C:AC:FA:73:5C:EE:AF:DD:2A:21:4C:09:EE:72:46:94:25:25:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znys-nNc7q_dKiFMCe5yRpQlJQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/cFotkS6ux0_MLeGzyK_DeWIUeaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a636ed-d20f-4802-9286-b84eda2e846a/1/znys-nNc7q_dKiFMCe5yRpQlJQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:52:ca:1b:ea:7a:60:da:1e:32:44:a2:36:e8:c7:80:c3:d2:
         03:aa:39:6f:b7:65:2f:c4:e6:c2:30:57:f1:0b:52:dc:9d:3b:
         7e:c3:e2:77:9a:87:36:ce:f4:bf:05:9f:f9:57:79:d4:29:d6:
         f9:78:be:58:a5:bc:30:54:2c:90:34:c9:1c:a9:dd:47:9f:88:
         33:68:47:9b:2f:f8:c5:4b:61:af:50:7b:95:d1:af:1e:38:ff:
         d8:95:f5:54:cb:4e:80:ff:05:3a:b6:69:25:ed:4d:57:ae:fc:
         6e:db:5f:4a:ef:63:b1:88:1b:1c:d4:50:22:ef:d9:88:46:a0:
         9b:27:13:bb:23:4f:b8:5b:95:24:bb:ae:91:5d:82:d3:39:e2:
         18:b3:fd:62:22:61:fc:c1:23:b1:5c:46:8d:50:fa:55:83:54:
         59:ab:1d:64:ce:c6:bd:8f:5d:6d:33:cb:72:88:02:43:4c:53:
         36:71:86:3e:1f:10:6b:8e:92:d7:f9:6f:b4:04:8e:f0:c8:28:
         76:c6:bf:c1:39:d4:12:4b:c7:58:e0:a4:de:77:57:54:24:49:
         82:65:0f:1f:e3:a9:cf:f8:21:ea:b9:80:c1:93:d3:8c:ee:5d:
         f1:d3:c9:91:b8:11:54:46:1a:54:e4:1e:54:c7:75:7c:71:da:
         4b:24:f4:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWyglJDGdiuDCG/I9bCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlN2NhY2ZhNzM1Y2VlYWZkZDJhMjE0YzA5ZWU3MjQ2OTQy
NTI1MGUwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVhMmQ5MTJlYWVjNzRmY2MyZGUxYjNjOGFmYzM3OTYyMTQ3OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscZ0vDioF8LwESv8cB7WeXxGTynw
5efXREM2wXP2mJ1MTmReNaA7CHWevjgKOZ4H9v7QYPYKLB1LLJ8hyEKNIcPXhKDF
jupjEDJ2U4XyfgZKzUjV1N5C/3VSgCDf4bAizCtTiULjn4Y9VSgJdrAPz6z75BcP
raN3aONQ/06flXj5lfcdXHVuGsLhlPqcDL2uWqB8dyqyKCmdt7NziiaJEV3VFxs3
r30+yTadL/1t0LEUOwF8hL3tVLuNOpKA1kJLSasTHySVyKeaRLVXRVAxyXPatzzd
egHyIgqCbV9AWoPoypcpYnqcYqgSgViUoDyagfVQ5aSgv4hL8wpZUXpN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBaLZEursdPzC3hs8ivw3liFHmjMB8GA1UdIwQY
MBaAFM58rPpzXO6v3SohTAnuckaUJSUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem55cy1uTmM3cV9kS2lGTUNlNXlScFFsSlE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hNjM2ZWQtZDIwZi00ODAyLTkyODYt
Yjg0ZWRhMmU4NDZhLzEvY0ZvdGtTNnV4MF9NTGVHenlLX0RlV0lVZWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hNjM2ZWQtZDIwZi00ODAyLTkyODYtYjg0ZWRhMmU4NDZh
LzEvem55cy1uTmM3cV9kS2lGTUNlNXlScFFsSlE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTp1MA0G
CSqGSIb3DQEBCwUAA4IBAQAdUsob6npg2h4yRKI26MeAw9IDqjlvt2UvxObCMFfx
C1LcnTt+w+J3moc2zvS/BZ/5V3nUKdb5eL5YpbwwVCyQNMkcqd1Hn4gzaEebL/jF
S2GvUHuV0a8eOP/YlfVUy06A/wU6tmkl7U1Xrvxu219K72OxiBsc1FAi79mIRqCb
JxO7I0+4W5Uku66RXYLTOeIYs/1iImH8wSOxXEaNUPpVg1RZqx1kzsa9j11tM8ty
iAJDTFM2cYY+HxBrjpLX+W+0BI7wyCh2xr/BOdQSS8dY4KTed1dUJEmCZQ8f46nP
+CHquYDBk9OM7l3x08mRuBFURhpU5B5Ux3V8cdpLJPTB
-----END CERTIFICATE-----