Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NfUnQ-O42D51XKIYtUM-enrgq28.roa
File:                     NfUnQ-O42D51XKIYtUM-enrgq28.roa (raw, json)
Hash identifier:          QhgxpbRg3wpHFfse32zYgTIu0IaNj22usVCm4EOvDbg=
Subject key identifier:   35:F5:27:43:E3:B8:D8:3E:75:5C:A2:18:B5:43:3E:7A:7A:E0:AB:6F
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0194221FF2223E1EDDB24826A931A72D89E2
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NfUnQ-O42D51XKIYtUM-enrgq28.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62068
IP address blocks:        43.240.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f2:22:3e:1e:dd:b2:48:26:a9:31:a7:2d:89:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35f52743e3b8d83e755ca218b5433e7a7ae0ab6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:0c:87:7d:83:ed:46:8b:29:d6:a2:c9:9c:
                    53:bc:90:81:a5:97:ba:94:b0:4c:55:a8:f0:b8:b9:
                    d7:fe:03:e3:16:c4:bd:c0:8b:77:c0:a3:5c:dc:8e:
                    6c:67:4b:27:a6:e2:a1:84:54:ee:ab:c5:5e:33:02:
                    42:c5:8a:c3:78:6a:37:02:6d:e2:3c:a2:45:54:39:
                    32:63:41:f1:b3:0c:c3:fa:10:1e:aa:ed:7e:69:c9:
                    91:f2:54:01:9b:ea:21:41:57:35:93:1d:16:b9:f2:
                    81:69:fe:a3:d9:5f:93:ad:f9:bd:da:18:81:8a:d3:
                    88:b5:66:32:e4:c5:fb:b6:42:84:6f:4e:b9:32:6f:
                    31:11:38:f4:31:36:c8:d2:06:bc:b9:be:54:25:c4:
                    d6:73:e0:82:e2:2b:38:6a:72:15:2d:ae:a7:1d:36:
                    f0:99:56:5c:fc:d7:61:c8:cb:b9:76:42:fc:d6:3e:
                    48:af:88:77:c2:7b:88:2d:b0:b9:69:85:3d:40:7e:
                    ca:b6:92:b8:03:f6:18:61:8c:6f:14:f9:df:68:9d:
                    ad:95:db:b6:7e:09:d4:e7:65:16:2c:00:7b:9f:8d:
                    27:9d:b2:3a:58:68:e9:52:36:5d:bd:45:38:fe:af:
                    25:7f:4d:46:df:b1:57:44:c6:f0:3f:99:34:36:8e:
                    b8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F5:27:43:E3:B8:D8:3E:75:5C:A2:18:B5:43:3E:7A:7A:E0:AB:6F
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/NfUnQ-O42D51XKIYtUM-enrgq28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d5:be:a1:54:3c:04:17:83:61:5d:6a:b0:59:d5:1f:1b:f1:
         2f:bb:ac:52:ec:8e:07:58:25:01:4f:a7:74:20:39:29:f6:fb:
         2f:61:32:24:41:d3:2e:9e:51:2c:af:5f:e3:1c:fb:ce:78:cc:
         7a:1e:54:08:06:0f:da:5b:5a:cb:53:7f:57:29:08:40:3a:67:
         14:b2:dc:b7:8d:6e:a7:65:f6:48:72:5c:2e:52:9e:e1:7b:3e:
         93:d5:cc:61:07:5e:40:ee:cc:b2:9c:13:00:91:5a:64:e5:ea:
         3c:c3:c0:ec:7b:48:62:ab:2d:5f:be:ea:36:81:c8:83:48:36:
         77:44:86:39:3d:68:33:0c:22:28:b3:59:dc:ba:33:06:77:95:
         82:94:b8:15:c2:31:bc:02:62:db:d7:38:3d:40:71:9c:ce:be:
         00:1b:1a:e5:90:32:23:ad:ef:25:73:e2:8c:5c:45:31:53:cc:
         e1:1a:db:1e:07:b6:79:83:e2:6d:e2:85:bb:fd:04:1c:63:f7:
         d9:1a:3d:60:65:b1:66:27:2a:59:87:62:bc:96:2b:76:70:27:
         91:20:06:b7:73:4c:c1:37:db:d6:1f:96:15:94:6a:48:b6:05:
         a7:16:43:85:cc:e0:25:a6:e1:28:83:34:49:dd:33:02:b1:59:
         a3:24:96:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/IiPh7dskgmqTGnLYniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY1Mjc0M2UzYjhkODNlNzU1Y2EyMThiNTQzM2U3YTdhZTBhYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIoMh32D7UaLKdaiyZxTvJCBpZe6
lLBMVajwuLnX/gPjFsS9wIt3wKNc3I5sZ0snpuKhhFTuq8VeMwJCxYrDeGo3Am3i
PKJFVDkyY0HxswzD+hAequ1+acmR8lQBm+ohQVc1kx0WufKBaf6j2V+Trfm92hiB
itOItWYy5MX7tkKEb065Mm8xETj0MTbI0ga8ub5UJcTWc+CC4is4anIVLa6nHTbw
mVZc/NdhyMu5dkL81j5Ir4h3wnuILbC5aYU9QH7KtpK4A/YYYYxvFPnfaJ2tldu2
fgnU52UWLAB7n40nnbI6WGjpUjZdvUU4/q8lf01G37FXRMbwP5k0No64BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX1J0PjuNg+dVyiGLVDPnp64KtvMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTmZVblEtTzQyRDUxWEtJWXRVTS1lbnJncTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/CWMA0G
CSqGSIb3DQEBCwUAA4IBAQAK1b6hVDwEF4NhXWqwWdUfG/Evu6xS7I4HWCUBT6d0
IDkp9vsvYTIkQdMunlEsr1/jHPvOeMx6HlQIBg/aW1rLU39XKQhAOmcUsty3jW6n
ZfZIclwuUp7hez6T1cxhB15A7syynBMAkVpk5eo8w8Dse0hiqy1fvuo2gciDSDZ3
RIY5PWgzDCIos1ncujMGd5WClLgVwjG8AmLb1zg9QHGczr4AGxrlkDIjre8lc+KM
XEUxU8zhGtseB7Z5g+Jt4oW7/QQcY/fZGj1gZbFmJypZh2K8lit2cCeRIAa3c0zB
N9vWH5YVlGpItgWnFkOFzOAlpuEogzRJ3TMCsVmjJJa7
-----END CERTIFICATE-----