Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/kQH0rNGUwrdMlE4IugVY5cbkwHk.roa
File:                     kQH0rNGUwrdMlE4IugVY5cbkwHk.roa (raw, json)
Hash identifier:          xFZ+eFzh5U3I07lK0rvZKVdUJl5UkoCtOrgHpD6DsZc=
Subject key identifier:   91:01:F4:AC:D1:94:C2:B7:4C:94:4E:08:BA:05:58:E5:C6:E4:C0:79
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747D9C35AA15C6DB5226CE239665FBA
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/kQH0rNGUwrdMlE4IugVY5cbkwHk.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199654
IP address blocks:        2.56.164.0/24 maxlen: 24
                          185.227.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d9:c3:5a:a1:5c:6d:b5:22:6c:e2:39:66:5f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9101f4acd194c2b74c944e08ba0558e5c6e4c079
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2c:19:37:f6:ba:01:b6:d5:86:ea:00:03:2f:
                    6e:3b:75:f6:a1:56:51:1f:5e:d3:91:f1:c7:ee:39:
                    8f:84:13:fc:1a:67:cd:53:78:28:cd:2f:b6:e7:88:
                    23:dd:6a:93:fb:6c:c8:f3:e4:4b:2c:05:ec:5d:d5:
                    2c:a1:20:a6:b0:a0:5a:e1:30:d2:62:6c:90:2c:b7:
                    52:aa:b1:06:c2:18:7d:af:a9:40:5b:de:c4:92:b0:
                    b1:8f:b8:2d:4b:58:f8:57:44:e3:5d:8f:a1:99:c1:
                    87:45:15:0f:23:3f:05:84:11:8a:c6:c9:3a:9a:fa:
                    39:68:56:47:29:19:89:37:6f:bd:eb:13:55:49:bc:
                    f0:7e:36:16:15:4d:da:b9:e3:fd:c4:14:35:11:41:
                    54:ed:20:8d:17:63:13:04:23:44:6a:0c:3f:21:9f:
                    0d:1c:3a:fc:6b:19:55:01:4c:1c:68:0b:69:51:b3:
                    6e:bd:ec:59:78:0c:88:f6:5b:d1:38:f6:e8:1b:e9:
                    95:37:b0:18:92:47:9b:73:a7:d8:6a:71:61:be:07:
                    92:04:9a:01:1f:44:0b:82:05:c1:d0:71:2c:b5:46:
                    7a:4e:f9:63:cb:ef:ab:c8:a7:b5:8b:64:4d:ab:1d:
                    4d:26:24:ba:7a:a9:fd:f6:45:cb:fa:8f:e2:c1:f8:
                    bd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:01:F4:AC:D1:94:C2:B7:4C:94:4E:08:BA:05:58:E5:C6:E4:C0:79
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/kQH0rNGUwrdMlE4IugVY5cbkwHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.164.0/24
                  185.227.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:12:7a:6c:69:b9:b3:30:3e:fa:60:9a:4e:a8:96:81:a9:cd:
         61:38:de:eb:52:c3:67:cb:be:72:77:85:7d:c1:48:63:72:6d:
         8c:af:2d:bb:d5:53:53:87:f9:61:5b:b8:23:a2:c1:6f:46:9b:
         f8:cc:55:82:3b:93:48:ca:4d:e1:12:3d:e2:55:cd:19:39:f2:
         e0:ec:70:9a:d7:5e:3b:4c:c8:2d:3a:ee:50:7d:e7:4c:53:69:
         b7:fb:a6:ee:3d:71:b5:04:0f:9a:a2:47:d3:56:48:7e:8e:7b:
         01:09:c1:20:a8:aa:d1:2c:7a:3d:17:39:c7:34:67:fe:0c:92:
         36:fa:74:eb:89:07:3e:3f:11:ec:6a:92:10:bc:42:80:97:f7:
         6d:de:07:f0:a6:a9:90:1e:dd:81:85:d8:2f:c1:ea:6e:ab:8b:
         2a:0a:4c:1e:9f:99:18:86:7d:1e:28:e2:0e:a4:a3:4a:d7:87:
         4e:57:d8:e7:99:6e:12:b1:14:cb:12:ba:12:94:5a:c2:38:e0:
         90:d3:95:db:d5:aa:03:04:31:5c:fc:cc:53:9f:06:5f:f7:89:
         9a:5b:83:2a:0d:bc:68:6b:c3:24:3e:af:46:7a:c6:b4:f4:b5:
         c4:88:8b:25:d0:2a:45:36:ed:87:a8:eb:a7:3d:95:d8:5e:65:
         83:97:8a:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR9nDWqFcbbUibOI5Zl+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTAxZjRhY2QxOTRjMmI3NGM5NDRlMDhiYTA1NThlNWM2ZTRjMDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliwZN/a6AbbVhuoAAy9uO3X2oVZR
H17TkfHH7jmPhBP8GmfNU3gozS+254gj3WqT+2zI8+RLLAXsXdUsoSCmsKBa4TDS
YmyQLLdSqrEGwhh9r6lAW97EkrCxj7gtS1j4V0TjXY+hmcGHRRUPIz8FhBGKxsk6
mvo5aFZHKRmJN2+96xNVSbzwfjYWFU3aueP9xBQ1EUFU7SCNF2MTBCNEagw/IZ8N
HDr8axlVAUwcaAtpUbNuvexZeAyI9lvROPboG+mVN7AYkkebc6fYanFhvgeSBJoB
H0QLggXB0HEstUZ6Tvljy++ryKe1i2RNqx1NJiS6eqn99kXL+o/iwfi9VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJEB9KzRlMK3TJROCLoFWOXG5MB5MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEva1FIMHJOR1V3cmRNbEU0SXVnVlk1Y2Jrd0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjikAwQA
ueNGMA0GCSqGSIb3DQEBCwUAA4IBAQCfEnpsabmzMD76YJpOqJaBqc1hON7rUsNn
y75yd4V9wUhjcm2Mry271VNTh/lhW7gjosFvRpv4zFWCO5NIyk3hEj3iVc0ZOfLg
7HCa1147TMgtOu5QfedMU2m3+6buPXG1BA+aokfTVkh+jnsBCcEgqKrRLHo9FznH
NGf+DJI2+nTriQc+PxHsapIQvEKAl/dt3gfwpqmQHt2Bhdgvwepuq4sqCkwen5kY
hn0eKOIOpKNK14dOV9jnmW4SsRTLEroSlFrCOOCQ05Xb1aoDBDFc/MxTnwZf94ma
W4MqDbxoa8MkPq9Gesa09LXEiIsl0CpFNu2HqOunPZXYXmWDl4oZ
-----END CERTIFICATE-----