Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/U9ESt7XkFJMxc8hDKsx2ew3J7YE.roa
File:                     U9ESt7XkFJMxc8hDKsx2ew3J7YE.roa (raw, json)
Hash identifier:          IAjM9oVyj8oid2QGC8YSaV020xf4N3UKnDXpYd0lkxk=
Subject key identifier:   53:D1:12:B7:B5:E4:14:93:31:73:C8:43:2A:CC:76:7B:0D:C9:ED:81
Certificate issuer:       /CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
Certificate serial:       019423D6D7006B1DE8AB18E2AA44AD38C6FC
Authority key identifier: 07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/U9ESt7XkFJMxc8hDKsx2ew3J7YE.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44749
IP address blocks:        185.126.172.0/22 maxlen: 24
                          2a06:ca40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d7:00:6b:1d:e8:ab:18:e2:aa:44:ad:38:c6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53d112b7b5e414933173c8432acc767b0dc9ed81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:c1:a7:83:03:a2:16:8e:f5:6a:cc:9c:86:
                    f3:f5:24:24:18:71:ed:2a:8b:a7:0e:f9:f9:d9:bf:
                    71:88:65:13:0e:c3:a5:f0:2b:d3:d1:7b:59:45:b4:
                    4d:45:bf:c2:f2:cc:fa:88:70:21:33:ea:18:34:5f:
                    ae:bb:6f:4e:55:b9:ed:fd:0a:7b:4f:cb:3b:29:89:
                    1f:fc:24:ed:ae:1b:dd:42:b1:a3:e9:57:7b:32:b9:
                    d3:4d:ca:50:b4:55:15:24:64:95:11:88:ce:42:eb:
                    b2:c2:5c:1a:76:1c:88:62:4b:f3:6c:c6:3a:f8:e1:
                    4b:07:f3:bd:86:b2:de:80:f2:f5:e9:32:54:ed:ae:
                    9a:0e:cb:6b:df:9f:1c:38:cd:44:69:3f:70:48:f3:
                    ca:51:2d:36:19:2f:73:a0:6b:d5:28:a7:36:d7:28:
                    33:7c:bf:d7:c3:80:a8:4b:5c:a1:8a:42:b0:ec:68:
                    f5:1e:b4:76:ce:d3:b1:ba:67:14:dd:bf:e6:84:4a:
                    ec:87:93:11:be:32:76:2f:22:2d:14:70:57:08:fb:
                    7e:0c:1d:75:53:03:57:04:6c:fc:b7:4f:3d:ad:c2:
                    14:9d:f1:4e:02:91:04:a2:f8:a9:fe:72:e2:9f:7e:
                    42:d0:e2:81:e1:47:ac:b3:53:0a:00:b3:a1:cf:97:
                    bd:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D1:12:B7:B5:E4:14:93:31:73:C8:43:2A:CC:76:7B:0D:C9:ED:81
            X509v3 Authority Key Identifier:
                keyid:07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/U9ESt7XkFJMxc8hDKsx2ew3J7YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.172.0/22
                IPv6:
                  2a06:ca40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:9f:09:f4:77:77:c4:60:97:e9:e9:44:c7:37:8b:df:2c:c5:
         ae:dc:cc:7b:b7:c3:3d:5f:3a:8f:55:fa:ba:36:c8:cd:a8:81:
         1b:af:05:8d:99:f0:cc:fc:c5:35:c5:2f:a7:ae:35:e1:40:cb:
         eb:87:5a:d3:ac:79:5f:23:ab:33:7d:17:b7:b6:f7:70:29:c7:
         e6:00:93:eb:f2:7a:63:81:8b:36:76:7c:66:67:54:f4:41:4b:
         32:c5:ec:31:7a:fd:e7:3b:d4:6e:f2:9a:07:aa:19:02:0b:28:
         90:1a:1b:13:d0:d2:a1:a2:d8:9a:6e:1f:8b:4d:0f:74:4f:09:
         bf:5c:7c:59:1a:1c:22:4b:d2:ab:3a:6c:93:c6:64:39:c7:5e:
         e7:4e:17:2c:04:65:22:7a:66:94:fb:73:41:dc:3e:83:2e:09:
         cb:88:17:49:c7:9a:da:95:a3:99:f2:bc:b8:c1:f0:b3:aa:10:
         65:7d:c5:cb:22:f4:b5:27:37:c1:07:52:a4:41:7c:04:20:52:
         30:45:dd:93:6e:d3:54:21:dd:37:05:7e:e7:39:34:da:95:2c:
         1a:89:91:0e:e1:e2:3d:1a:5e:76:5d:ae:5f:99:58:88:b1:83:
         8c:a0:d4:b5:9f:40:b3:df:7c:c7:47:dc:d1:c7:77:f9:ff:07:
         05:fc:d9:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1tcAax3oqxjiqkStOMb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NDdhMzZkNzc2OGE3YjMwYTRlZWNiYjY5NjRjOGMyMzdk
NzQ0MDEwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2QxMTJiN2I1ZTQxNDkzMzE3M2M4NDMyYWNjNzY3YjBkYzllZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+/Bp4MDohaO9WrMnIbz9SQkGHHt
KounDvn52b9xiGUTDsOl8CvT0XtZRbRNRb/C8sz6iHAhM+oYNF+uu29OVbnt/Qp7
T8s7KYkf/CTtrhvdQrGj6Vd7MrnTTcpQtFUVJGSVEYjOQuuywlwadhyIYkvzbMY6
+OFLB/O9hrLegPL16TJU7a6aDstr358cOM1EaT9wSPPKUS02GS9zoGvVKKc21ygz
fL/Xw4CoS1yhikKw7Gj1HrR2ztOxumcU3b/mhErsh5MRvjJ2LyItFHBXCPt+DB11
UwNXBGz8t089rcIUnfFOApEEovip/nLin35C0OKB4Uess1MKALOhz5e9NQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFPREre15BSTMXPIQyrMdnsNye2BMB8GA1UdIwQY
MBaAFAdHo213aKezCk7su2lkyMI310QBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEt
YWFiYWRkMDcxOWJhLzEvVTlFU3Q3WGtGSk14YzhoREtzeDJldzNKN1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEtYWFiYWRkMDcxOWJh
LzEvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX6sMA0E
AgACMAcDBQMqBspAMA0GCSqGSIb3DQEBCwUAA4IBAQB7nwn0d3fEYJfp6UTHN4vf
LMWu3Mx7t8M9XzqPVfq6NsjNqIEbrwWNmfDM/MU1xS+nrjXhQMvrh1rTrHlfI6sz
fRe3tvdwKcfmAJPr8npjgYs2dnxmZ1T0QUsyxewxev3nO9Ru8poHqhkCCyiQGhsT
0NKhotiabh+LTQ90Twm/XHxZGhwiS9KrOmyTxmQ5x17nThcsBGUiemaU+3NB3D6D
LgnLiBdJx5ralaOZ8ry4wfCzqhBlfcXLIvS1JzfBB1KkQXwEIFIwRd2TbtNUId03
BX7nOTTalSwaiZEO4eI9Gl52Xa5fmViIsYOMoNS1n0Cz33zHR9zRx3f5/wcF/Nm4
-----END CERTIFICATE-----