Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/p2NxHuHEvm6-VtLtsGR70NjnXU0.roa
File:                     p2NxHuHEvm6-VtLtsGR70NjnXU0.roa (raw, json)
Hash identifier:          6PtkYLC++irxYOaEOIumYreIOhvsWmMefI2pPa5VOAI=
Subject key identifier:   A7:63:71:1E:E1:C4:BE:6E:BE:56:D2:ED:B0:64:7B:D0:D8:E7:5D:4D
Certificate issuer:       /CN=625b5cf9e29912448cbbbc86d20561899cdb104d
Certificate serial:       0193022FB673558CD54F629968834CB0A46E
Authority key identifier: 62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/p2NxHuHEvm6-VtLtsGR70NjnXU0.roa
Signing time:             Wed 06 Nov 2024 15:55:01 +0000
ROA not before:           Wed 06 Nov 2024 15:55:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49173
IP address blocks:        185.141.240.0/22 maxlen: 22
                          194.146.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:2f:b6:73:55:8c:d5:4f:62:99:68:83:4c:b0:a4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=625b5cf9e29912448cbbbc86d20561899cdb104d
        Validity
            Not Before: Nov  6 15:55:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a763711ee1c4be6ebe56d2edb0647bd0d8e75d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ac:06:cd:19:e1:da:da:b5:c9:9e:ed:f0:1e:
                    70:80:5e:f1:7e:23:3b:95:e1:c7:82:6f:f5:90:0e:
                    db:50:38:79:ca:ef:11:e1:7f:c0:3f:45:23:56:93:
                    9c:99:04:12:44:f4:56:d8:ff:ab:1b:b5:0c:fa:f7:
                    ed:d0:49:de:f8:b6:81:73:51:38:d3:c4:44:32:fd:
                    b4:ce:f9:ce:6f:62:0f:b1:98:32:a4:22:46:3d:72:
                    07:96:f6:d0:69:e1:45:b4:27:2f:24:a9:b9:cc:18:
                    d1:a1:48:51:ab:6b:45:b8:8a:f0:03:f7:02:48:b7:
                    1c:29:df:5f:2b:b9:b7:d3:d7:54:2c:b8:0e:05:c8:
                    1a:0e:c7:48:1d:64:d4:9d:f1:2a:fd:19:ca:a0:2b:
                    b4:8c:bf:03:58:21:83:70:16:b0:d5:7b:c6:b4:bc:
                    12:ce:ed:4a:30:3c:e7:47:3b:78:69:30:30:67:66:
                    0c:e0:c5:32:6d:52:e2:4c:39:9b:90:7e:c6:fd:58:
                    f2:88:9f:89:c3:2f:96:87:d4:eb:cc:b3:09:23:99:
                    0a:6d:a6:ed:93:57:75:3c:f9:5e:db:c5:f4:9a:86:
                    5b:ea:a2:67:e4:d1:ab:97:aa:fc:69:ee:3a:fd:a6:
                    5a:39:cf:f1:79:59:8d:f8:c5:52:3c:d0:db:29:cd:
                    7e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:63:71:1E:E1:C4:BE:6E:BE:56:D2:ED:B0:64:7B:D0:D8:E7:5D:4D
            X509v3 Authority Key Identifier:
                keyid:62:5B:5C:F9:E2:99:12:44:8C:BB:BC:86:D2:05:61:89:9C:DB:10:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yltc-eKZEkSMu7yG0gVhiZzbEE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/p2NxHuHEvm6-VtLtsGR70NjnXU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/97ccab-d0c8-42e8-8725-a586b07add72/1/Yltc-eKZEkSMu7yG0gVhiZzbEE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.240.0/22
                  194.146.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:b9:63:2f:cf:92:2d:73:21:ba:a4:1e:6c:be:6a:15:8b:f9:
         ea:47:a8:92:2e:64:70:d2:b8:54:98:c9:08:37:87:b3:b2:03:
         23:73:85:65:73:22:3d:ea:d6:a0:8d:db:70:e1:71:8a:94:ac:
         e8:60:9d:76:28:e4:79:45:f2:e4:d3:8c:b3:d8:78:81:ca:ce:
         e0:0d:1e:74:d4:68:d0:f8:52:8a:ed:2f:88:b5:c0:e7:93:f8:
         1f:1e:34:7a:5b:ce:cd:96:96:25:f8:28:c9:a5:c9:84:95:f6:
         b3:65:38:19:2f:4f:b2:0e:e4:81:b6:33:35:7d:58:c3:53:d0:
         5c:4b:60:d3:56:48:d9:f8:07:c1:f5:03:49:8d:c2:27:13:7d:
         35:40:62:1f:00:78:04:55:52:cf:25:76:b4:f0:2f:38:41:ff:
         47:2d:7f:51:88:a1:69:e3:13:13:cf:af:f6:3c:cb:4a:00:c1:
         ae:81:d2:de:9e:3c:e0:ea:b4:30:d3:60:d6:b9:8c:ba:a4:ae:
         64:2b:27:56:c3:01:3a:3a:b7:f7:e1:1d:84:f1:00:de:72:f1:
         fc:4a:8f:46:bb:e5:20:75:af:96:cd:3f:d9:91:4f:fd:19:d8:
         94:be:29:58:19:b4:2a:d6:2f:38:c7:8c:0a:00:6a:a8:66:55:
         b0:77:1b:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMCL7ZzVYzVT2KZaINMsKRuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNWI1Y2Y5ZTI5OTEyNDQ4Y2JiYmM4NmQyMDU2MTg5OWNk
YjEwNGQwHhcNMjQxMTA2MTU1NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzYzNzExZWUxYzRiZTZlYmU1NmQyZWRiMDY0N2JkMGQ4ZTc1ZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKwGzRnh2tq1yZ7t8B5wgF7xfiM7
leHHgm/1kA7bUDh5yu8R4X/AP0UjVpOcmQQSRPRW2P+rG7UM+vft0Ene+LaBc1E4
08REMv20zvnOb2IPsZgypCJGPXIHlvbQaeFFtCcvJKm5zBjRoUhRq2tFuIrwA/cC
SLccKd9fK7m309dULLgOBcgaDsdIHWTUnfEq/RnKoCu0jL8DWCGDcBaw1XvGtLwS
zu1KMDznRzt4aTAwZ2YM4MUybVLiTDmbkH7G/VjyiJ+Jwy+Wh9TrzLMJI5kKbabt
k1d1PPle28X0moZb6qJn5NGrl6r8ae46/aZaOc/xeVmN+MVSPNDbKc1+VQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKdjcR7hxL5uvlbS7bBke9DY511NMB8GA1UdIwQY
MBaAFGJbXPnimRJEjLu8htIFYYmc2xBNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUt
YTU4NmIwN2FkZDcyLzEvcDJOeEh1SEV2bTYtVnRMdHNHUjcwTmpuWFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85N2NjYWItZDBjOC00MmU4LTg3MjUtYTU4NmIwN2FkZDcy
LzEvWWx0Yy1lS1pFa1NNdTd5RzBnVmhpWnpiRUUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuY3wAwQC
wpIcMA0GCSqGSIb3DQEBCwUAA4IBAQCFuWMvz5ItcyG6pB5svmoVi/nqR6iSLmRw
0rhUmMkIN4ezsgMjc4VlcyI96tagjdtw4XGKlKzoYJ12KOR5RfLk04yz2HiBys7g
DR501GjQ+FKK7S+ItcDnk/gfHjR6W87NlpYl+CjJpcmElfazZTgZL0+yDuSBtjM1
fVjDU9BcS2DTVkjZ+AfB9QNJjcInE301QGIfAHgEVVLPJXa08C84Qf9HLX9RiKFp
4xMTz6/2PMtKAMGugdLenjzg6rQw02DWuYy6pK5kKydWwwE6Orf34R2E8QDecvH8
So9Gu+Ugda+WzT/ZkU/9GdiUvilYGbQq1i84x4wKAGqoZlWwdxvn
-----END CERTIFICATE-----