Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/xPs0nDJe3R7-T_MTjBUDCpVD-P0.roa
File:                     xPs0nDJe3R7-T_MTjBUDCpVD-P0.roa (raw, json)
Hash identifier:          +ghVSq1vvvNC/Tdx1esVzP21pV4gSI94aIDbxITlk7g=
Subject key identifier:   C4:FB:34:9C:32:5E:DD:1E:FE:4F:F3:13:8C:15:03:0A:95:43:F8:FD
Certificate issuer:       /CN=b092c2c2350c590a4483fd44f250a77feeaab296
Certificate serial:       019424B3A61894F24C58FE38C69111FA7D8F
Authority key identifier: B0:92:C2:C2:35:0C:59:0A:44:83:FD:44:F2:50:A7:7F:EE:AA:B2:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sJLCwjUMWQpEg_1E8lCnf-6qspY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/xPs0nDJe3R7-T_MTjBUDCpVD-P0.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44998
IP address blocks:        93.188.136.0/21 maxlen: 24
                          2a00:c840::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/sJLCwjUMWQpEg_1E8lCnf-6qspY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/sJLCwjUMWQpEg_1E8lCnf-6qspY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sJLCwjUMWQpEg_1E8lCnf-6qspY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a6:18:94:f2:4c:58:fe:38:c6:91:11:fa:7d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b092c2c2350c590a4483fd44f250a77feeaab296
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4fb349c325edd1efe4ff3138c15030a9543f8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:94:ee:d2:6a:38:7f:b5:90:a4:ac:ec:70:1e:
                    3b:65:89:29:cd:34:00:9d:53:0e:ed:8a:0c:0c:d1:
                    83:23:07:07:35:bd:67:bb:94:85:5b:a1:15:91:29:
                    b0:c0:df:c5:0b:98:17:a8:36:fd:78:52:a5:76:97:
                    52:49:76:7a:d2:34:2e:f0:22:b5:c3:67:0d:49:41:
                    90:5b:47:dc:e9:ce:92:1f:ef:b9:1e:b9:4e:11:1f:
                    df:6a:60:05:0c:10:77:24:88:ae:5c:a9:d5:8b:b4:
                    95:29:3b:aa:0e:32:11:80:0b:16:f4:78:04:c5:99:
                    e8:46:b4:40:dd:69:d3:aa:c3:69:8e:8e:6c:7e:55:
                    04:eb:19:86:c8:8a:b0:f4:1f:ed:4a:92:95:3b:3c:
                    10:98:1b:b0:9b:83:5d:6e:7e:26:a6:a6:09:65:6b:
                    cc:5d:a6:27:2d:f5:31:24:e9:c5:cb:d6:5e:97:25:
                    9c:f3:72:82:89:13:77:0e:b0:28:80:b6:82:2e:0a:
                    3e:9f:33:e9:53:60:cc:6e:e6:45:a9:d5:53:c9:e8:
                    0c:85:6c:e6:61:fc:25:4f:02:50:db:66:fb:c6:84:
                    15:54:58:b0:9a:07:aa:e8:0d:45:e3:89:e8:8d:73:
                    d0:01:a9:0a:a2:36:c6:97:54:f8:a6:03:72:74:e6:
                    86:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FB:34:9C:32:5E:DD:1E:FE:4F:F3:13:8C:15:03:0A:95:43:F8:FD
            X509v3 Authority Key Identifier:
                keyid:B0:92:C2:C2:35:0C:59:0A:44:83:FD:44:F2:50:A7:7F:EE:AA:B2:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sJLCwjUMWQpEg_1E8lCnf-6qspY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/xPs0nDJe3R7-T_MTjBUDCpVD-P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/52c6c8-716a-4969-9b3e-49ebeb3af0ea/1/sJLCwjUMWQpEg_1E8lCnf-6qspY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.136.0/21
                IPv6:
                  2a00:c840::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:5d:f8:30:db:55:5b:17:59:fe:aa:12:68:d2:1f:3c:a6:1a:
         77:43:6c:c7:bd:72:bc:42:e8:f6:ef:ae:6b:f4:e4:cd:04:56:
         2f:a8:b7:a0:2f:ba:fe:e8:fa:9f:dc:0f:77:17:67:39:bc:ed:
         b1:65:cd:c0:cf:7e:2e:42:74:32:aa:56:e1:2d:46:7f:8a:70:
         cd:11:2a:5d:89:ca:4c:6c:dc:c3:22:39:31:34:ed:8e:bb:2a:
         b7:11:e8:f9:73:af:a8:18:2f:dd:cc:79:34:7a:84:3f:b5:88:
         cd:61:29:1e:f6:54:a5:4a:45:0e:60:6b:69:99:9c:f6:e1:08:
         8c:51:f4:e8:08:78:e5:8e:b9:c5:2d:9f:1c:54:ec:a1:f4:00:
         65:69:db:e3:4f:34:fe:61:0a:21:67:20:66:c2:31:7f:bf:39:
         06:c2:26:9a:32:75:2a:67:e7:d5:76:27:91:87:da:ab:0c:6e:
         d1:ce:99:33:d5:05:02:f5:04:80:95:c2:1e:21:ae:9a:df:eb:
         f1:3b:c1:d6:2b:a0:50:ec:fe:3b:c3:dd:48:98:9f:d3:94:a6:
         aa:f4:6a:4c:0d:d5:cf:c9:59:74:02:3e:02:44:14:c0:cf:51:
         c7:1b:a8:59:ce:db:38:76:f7:56:8a:8d:fb:72:47:69:b0:20:
         88:09:36:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks6YYlPJMWP44xpER+n2PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwOTJjMmMyMzUwYzU5MGE0NDgzZmQ0NGYyNTBhNzdmZWVh
YWIyOTYwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGZiMzQ5YzMyNWVkZDFlZmU0ZmYzMTM4YzE1MDMwYTk1NDNmOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZTu0mo4f7WQpKzscB47ZYkpzTQA
nVMO7YoMDNGDIwcHNb1nu5SFW6EVkSmwwN/FC5gXqDb9eFKldpdSSXZ60jQu8CK1
w2cNSUGQW0fc6c6SH++5HrlOER/famAFDBB3JIiuXKnVi7SVKTuqDjIRgAsW9HgE
xZnoRrRA3WnTqsNpjo5sflUE6xmGyIqw9B/tSpKVOzwQmBuwm4Ndbn4mpqYJZWvM
XaYnLfUxJOnFy9ZelyWc83KCiRN3DrAogLaCLgo+nzPpU2DMbuZFqdVTyegMhWzm
YfwlTwJQ22b7xoQVVFiwmgeq6A1F44nojXPQAakKojbGl1T4pgNydOaG3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMT7NJwyXt0e/k/zE4wVAwqVQ/j9MB8GA1UdIwQY
MBaAFLCSwsI1DFkKRIP9RPJQp3/uqrKWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0pMQ3dqVU1XUXBFZ18xRThsQ25mLTZxc3BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81MmM2YzgtNzE2YS00OTY5LTliM2Ut
NDllYmViM2FmMGVhLzEveFBzMG5ESmUzUjctVF9NVGpCVURDcFZELVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81MmM2YzgtNzE2YS00OTY5LTliM2UtNDllYmViM2FmMGVh
LzEvc0pMQ3dqVU1XUXBFZ18xRThsQ25mLTZxc3BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXbyIMA0E
AgACMAcDBQAqAMhAMA0GCSqGSIb3DQEBCwUAA4IBAQAUXfgw21VbF1n+qhJo0h88
php3Q2zHvXK8Quj2765r9OTNBFYvqLegL7r+6Pqf3A93F2c5vO2xZc3Az34uQnQy
qlbhLUZ/inDNESpdicpMbNzDIjkxNO2Ouyq3Eej5c6+oGC/dzHk0eoQ/tYjNYSke
9lSlSkUOYGtpmZz24QiMUfToCHjljrnFLZ8cVOyh9ABladvjTzT+YQohZyBmwjF/
vzkGwiaaMnUqZ+fVdieRh9qrDG7Rzpkz1QUC9QSAlcIeIa6a3+vxO8HWK6BQ7P47
w91ImJ/TlKaq9GpMDdXPyVl0Aj4CRBTAz1HHG6hZzts4dvdWio37ckdpsCCICTZK
-----END CERTIFICATE-----