Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/U7nNEW5XGU3Qw3Z5TlXa8n1A0Xo.roa
File:                     U7nNEW5XGU3Qw3Z5TlXa8n1A0Xo.roa (raw, json)
Hash identifier:          El8KNdvpLmelwHnPspzpd+ZkXP2SnewzZSQOjMbCymQ=
Subject key identifier:   53:B9:CD:11:6E:57:19:4D:D0:C3:76:79:4E:55:DA:F2:7D:40:D1:7A
Certificate issuer:       /CN=a4c2b593d98c092fd30a601ea5d244aabd3cb14d
Certificate serial:       019425FDE1A6820582C63B54E44EEFE2519B
Authority key identifier: A4:C2:B5:93:D9:8C:09:2F:D3:0A:60:1E:A5:D2:44:AA:BD:3C:B1:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/U7nNEW5XGU3Qw3Z5TlXa8n1A0Xo.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35023
IP address blocks:        193.221.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e1:a6:82:05:82:c6:3b:54:e4:4e:ef:e2:51:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4c2b593d98c092fd30a601ea5d244aabd3cb14d
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53b9cd116e57194dd0c376794e55daf27d40d17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:4a:95:38:a8:3f:a5:c3:8a:30:32:db:38:72:
                    ba:80:ac:79:30:97:32:13:55:27:61:a1:cb:39:6b:
                    44:ee:9a:df:74:27:f9:2e:7a:b3:b3:e9:5f:26:8e:
                    9f:20:2d:cf:a2:5d:b6:01:98:11:53:8c:2a:58:46:
                    ef:28:e2:f4:59:90:46:3f:d0:5e:43:1d:01:0c:b1:
                    8b:9d:6d:92:33:59:43:0b:a3:2f:d5:4d:98:c1:cc:
                    22:97:b8:e0:71:2c:31:c0:4a:5e:68:98:64:3d:09:
                    23:79:a5:c1:19:29:50:4e:a2:6d:0b:71:81:59:33:
                    2e:b3:8f:5c:ef:30:54:ec:b1:6e:c5:e8:2f:7f:4a:
                    ea:61:f4:58:4a:ce:71:e8:88:37:e9:24:f1:30:fe:
                    7e:f8:42:68:48:e8:e5:b4:e8:d3:13:35:48:00:83:
                    a0:ab:fc:22:6a:27:f7:13:7a:25:fe:0d:c1:4f:68:
                    66:3b:78:dd:ab:fb:e3:d1:9f:ee:51:19:e5:d2:fc:
                    c1:7c:e8:f8:23:55:c9:23:4d:f8:85:46:dc:53:5e:
                    b1:8d:bf:0e:a9:31:18:46:4a:8c:54:b3:74:f2:2a:
                    48:46:89:6d:d4:ab:f2:60:d3:96:f5:a9:70:37:fe:
                    f8:aa:5d:f0:e6:eb:9d:4a:90:c3:e4:5a:2c:55:54:
                    1b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B9:CD:11:6E:57:19:4D:D0:C3:76:79:4E:55:DA:F2:7D:40:D1:7A
            X509v3 Authority Key Identifier:
                keyid:A4:C2:B5:93:D9:8C:09:2F:D3:0A:60:1E:A5:D2:44:AA:BD:3C:B1:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/U7nNEW5XGU3Qw3Z5TlXa8n1A0Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f3:dc:8b:08:3c:7e:7c:e7:7e:eb:92:48:58:35:ad:1a:73:
         ad:ce:0d:8a:2d:d2:5e:27:68:5a:4c:16:f7:b5:f3:fd:09:9e:
         04:66:0b:d7:17:ba:0e:3a:d2:4a:fb:6c:3d:7c:fc:ba:bf:e3:
         68:25:e7:d6:ff:4a:88:c5:d8:6e:a1:6d:aa:2c:45:de:27:13:
         c9:ee:e2:8c:b7:9b:2a:64:98:30:66:2b:f6:fd:a9:0e:d7:61:
         d5:e6:7c:8d:b2:cf:a7:c6:a5:5b:e8:99:25:77:ff:76:0c:a1:
         5f:65:0b:98:3b:70:49:15:53:c1:65:bf:28:e9:e1:25:99:4c:
         18:1b:15:df:e3:7c:8e:13:48:34:cd:e9:93:fd:3f:05:2e:88:
         d7:32:3c:ba:72:d6:56:30:10:13:b3:d1:68:fc:69:9d:8f:8f:
         8d:d3:3c:b3:1e:4c:d1:b9:18:e0:90:2d:16:73:70:46:0f:80:
         5f:d3:fe:4d:9f:03:ad:62:1e:ce:55:9f:d0:f4:59:3e:1e:61:
         03:b3:e7:8a:39:5a:bf:c7:7e:cd:66:88:c1:e5:36:fd:d7:cb:
         67:dc:b6:7b:46:d7:52:66:ea:70:eb:e0:9b:18:58:8b:57:29:
         ee:86:ff:8a:29:98:bf:34:e1:0c:87:e6:74:d0:f3:4d:7b:a5:
         70:96:0f:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eGmggWCxjtU5E7v4lGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YzJiNTkzZDk4YzA5MmZkMzBhNjAxZWE1ZDI0NGFhYmQz
Y2IxNGQwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2I5Y2QxMTZlNTcxOTRkZDBjMzc2Nzk0ZTU1ZGFmMjdkNDBkMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/EqVOKg/pcOKMDLbOHK6gKx5MJcy
E1UnYaHLOWtE7prfdCf5Lnqzs+lfJo6fIC3Pol22AZgRU4wqWEbvKOL0WZBGP9Be
Qx0BDLGLnW2SM1lDC6Mv1U2Ywcwil7jgcSwxwEpeaJhkPQkjeaXBGSlQTqJtC3GB
WTMus49c7zBU7LFuxegvf0rqYfRYSs5x6Ig36STxMP5++EJoSOjltOjTEzVIAIOg
q/wiaif3E3ol/g3BT2hmO3jdq/vj0Z/uURnl0vzBfOj4I1XJI034hUbcU16xjb8O
qTEYRkqMVLN08ipIRolt1KvyYNOW9alwN/74ql3w5uudSpDD5FosVVQb1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFO5zRFuVxlN0MN2eU5V2vJ9QNF6MB8GA1UdIwQY
MBaAFKTCtZPZjAkv0wpgHqXSRKq9PLFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1LMWs5bU1DU19UQ21BZXBkSkVxcjA4c1UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85NDIyYjAtZGM3OS00YzcxLWJmZDgt
ZmNmOTk0NzBiOTg1LzEvVTduTkVXNVhHVTNRdzNaNVRsWGE4bjFBMFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85NDIyYjAtZGM3OS00YzcxLWJmZDgtZmNmOTk0NzBiOTg1
LzEvcE1LMWs5bU1DU19UQ21BZXBkSkVxcjA4c1UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAg89yLCDx+fOd+65JIWDWtGnOtzg2KLdJeJ2haTBb3
tfP9CZ4EZgvXF7oOOtJK+2w9fPy6v+NoJefW/0qIxdhuoW2qLEXeJxPJ7uKMt5sq
ZJgwZiv2/akO12HV5nyNss+nxqVb6Jkld/92DKFfZQuYO3BJFVPBZb8o6eElmUwY
GxXf43yOE0g0zemT/T8FLojXMjy6ctZWMBATs9Fo/Gmdj4+N0zyzHkzRuRjgkC0W
c3BGD4Bf0/5NnwOtYh7OVZ/Q9Fk+HmEDs+eKOVq/x37NZojB5Tb918tn3LZ7RtdS
Zupw6+CbGFiLVynuhv+KKZi/NOEMh+Z00PNNe6Vwlg8o
-----END CERTIFICATE-----