Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/u_p2C5aQJzX-icij0XhLaXVX6ic.roa
File:                     u_p2C5aQJzX-icij0XhLaXVX6ic.roa (raw, json)
Hash identifier:          67d33GNtK4BwqiV1z3KJwzzBd1ffe0et+bbnIAXnFvE=
Subject key identifier:   BB:FA:76:0B:96:90:27:35:FE:89:C8:A3:D1:78:4B:69:75:57:EA:27
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       019527DA7374EECB305865C7EB42A50756EB
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/u_p2C5aQJzX-icij0XhLaXVX6ic.roa
Signing time:             Fri 21 Feb 2025 09:33:02 +0000
ROA not before:           Fri 21 Feb 2025 09:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11404
IP address blocks:        217.9.12.0/24 maxlen: 24
                          217.9.14.0/24 maxlen: 24
                          217.9.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:da:73:74:ee:cb:30:58:65:c7:eb:42:a5:07:56:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Feb 21 09:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbfa760b96902735fe89c8a3d1784b697557ea27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a5:f0:a3:5b:5b:58:0c:30:2d:ae:51:17:dd:
                    e3:ce:44:5a:1e:fd:65:7c:ce:e8:01:43:ff:b7:0b:
                    6e:7b:cc:a8:db:b2:e1:7e:e1:ab:00:0f:44:06:02:
                    7b:13:07:8a:56:6e:eb:5e:11:b5:74:bf:df:e4:46:
                    d4:06:ed:96:8c:7d:22:e3:c7:db:69:70:2c:31:e5:
                    6d:56:20:1f:97:2d:72:da:3d:e3:a2:d2:7a:d5:24:
                    18:d9:4e:d3:54:77:fd:86:c2:43:43:8f:11:d2:05:
                    61:14:1e:6d:c5:54:2d:25:93:88:6c:0e:ff:50:9c:
                    15:e1:3c:f2:2e:f8:c3:14:ee:62:a8:37:ce:8f:8b:
                    15:1e:6c:ce:93:80:f5:cf:e8:40:1a:fa:ec:5b:c3:
                    98:66:64:e9:7a:e5:fb:2c:f7:93:bd:d3:19:7d:43:
                    cd:e5:af:be:83:1a:35:bf:f1:86:f0:ed:ab:64:8f:
                    7e:82:6a:df:cb:c2:66:d3:b3:09:13:62:a5:03:2b:
                    8a:f5:bc:04:d1:1e:44:3d:67:81:8c:07:7d:48:ab:
                    54:a8:02:f7:87:99:3d:db:b7:fd:53:ab:c6:ec:da:
                    51:98:e1:db:0f:27:8d:68:40:03:2c:b0:22:65:1e:
                    7f:b1:f8:a2:fc:82:75:70:d8:79:62:51:53:af:8e:
                    d1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FA:76:0B:96:90:27:35:FE:89:C8:A3:D1:78:4B:69:75:57:EA:27
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/u_p2C5aQJzX-icij0XhLaXVX6ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.12.0/24
                  217.9.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:45:bf:39:b2:f0:cf:58:24:a5:e9:e8:3f:31:ec:84:3d:45:
         e0:4d:38:23:58:e5:e3:99:e5:e3:14:53:3f:62:54:90:7f:b8:
         be:4e:f8:16:1c:18:b0:20:9e:0f:a1:12:76:98:b4:cd:b1:ff:
         54:f7:9f:7d:20:c1:2a:68:9b:6a:97:9e:5f:b7:f3:24:63:20:
         fb:e8:c4:c2:df:48:da:30:06:25:f5:b1:f0:0e:24:3e:31:02:
         21:d1:f1:0b:cd:c2:8a:ef:88:59:c4:8d:6d:4d:48:2b:db:40:
         74:6e:7e:01:fe:85:b0:1b:c4:d7:83:82:05:6b:d6:e6:16:cd:
         8d:c1:42:d6:eb:ad:85:b7:b5:b1:93:5d:9a:7e:49:43:04:f5:
         ed:d2:8f:33:13:8f:d4:68:7a:c0:e3:65:8b:06:59:f9:82:cf:
         d5:da:5e:34:f8:30:95:ba:b2:29:2f:ef:3c:a0:66:c1:98:86:
         8c:dc:72:83:2e:79:f3:d6:f9:82:16:70:a1:45:21:29:32:ce:
         81:ea:80:b2:ae:e3:11:48:a0:72:a7:46:bf:08:81:a2:23:e6:
         44:0e:d1:17:87:eb:60:3e:b8:33:4b:49:4d:33:49:de:cc:3a:
         3c:7e:0e:c8:bd:e0:a2:11:91:b0:4c:76:d0:3a:62:95:b2:4a:
         73:c5:40:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUn2nN07sswWGXH60KlB1brMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjUwMjIxMDkzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZhNzYwYjk2OTAyNzM1ZmU4OWM4YTNkMTc4NGI2OTc1NTdlYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKXwo1tbWAwwLa5RF93jzkRaHv1l
fM7oAUP/twtue8yo27LhfuGrAA9EBgJ7EweKVm7rXhG1dL/f5EbUBu2WjH0i48fb
aXAsMeVtViAfly1y2j3jotJ61SQY2U7TVHf9hsJDQ48R0gVhFB5txVQtJZOIbA7/
UJwV4TzyLvjDFO5iqDfOj4sVHmzOk4D1z+hAGvrsW8OYZmTpeuX7LPeTvdMZfUPN
5a++gxo1v/GG8O2rZI9+gmrfy8Jm07MJE2KlAyuK9bwE0R5EPWeBjAd9SKtUqAL3
h5k927f9U6vG7NpRmOHbDyeNaEADLLAiZR5/sfii/IJ1cNh5YlFTr47RnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLv6dguWkCc1/onIo9F4S2l1V+onMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvdV9wMkM1YVFKelgtaWNpajBYaExhWFZYNmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2QkMAwQB
2QkOMA0GCSqGSIb3DQEBCwUAA4IBAQCLRb85svDPWCSl6eg/MeyEPUXgTTgjWOXj
meXjFFM/YlSQf7i+TvgWHBiwIJ4PoRJ2mLTNsf9U9599IMEqaJtql55ft/MkYyD7
6MTC30jaMAYl9bHwDiQ+MQIh0fELzcKK74hZxI1tTUgr20B0bn4B/oWwG8TXg4IF
a9bmFs2NwULW662Ft7Wxk12afklDBPXt0o8zE4/UaHrA42WLBln5gs/V2l40+DCV
urIpL+88oGbBmIaM3HKDLnnz1vmCFnChRSEpMs6B6oCyruMRSKByp0a/CIGiI+ZE
DtEXh+tgPrgzS0lNM0nezDo8fg7IveCiEZGwTHbQOmKVskpzxUBN
-----END CERTIFICATE-----