Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RJ_pu626Ce_XeWRRjGCg0rBJ5No.roa
File:                     RJ_pu626Ce_XeWRRjGCg0rBJ5No.roa (raw, json)
Hash identifier:          CnjyAdkpFkqDDXWo/A5sDL6/Mzrh604ryWOcVYb0EdU=
Subject key identifier:   44:9F:E9:BB:AD:BA:09:EF:D7:79:64:51:8C:60:A0:D2:B0:49:E4:DA
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB64666BEA2D50FA96B9D69FC2E7D1
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RJ_pu626Ce_XeWRRjGCg0rBJ5No.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201320
IP address blocks:        194.48.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:64:66:6b:ea:2d:50:fa:96:b9:d6:9f:c2:e7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=449fe9bbadba09efd77964518c60a0d2b049e4da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8b:24:98:ee:f6:0a:6a:cd:dd:89:fb:87:c1:
                    be:80:3c:93:44:90:34:d3:1a:b6:67:e4:0c:35:6f:
                    50:94:7d:0f:b4:56:31:64:cb:77:89:ef:d4:45:05:
                    8d:14:72:5f:d1:06:36:c4:dd:fc:4e:65:21:f6:18:
                    41:16:5d:79:4c:de:58:61:0d:07:70:5c:39:48:db:
                    55:4e:f1:42:75:82:03:fb:b2:fd:c3:af:bf:67:59:
                    70:34:16:87:bb:55:7d:33:66:e6:d7:17:c7:9a:50:
                    dd:bb:8b:fa:43:d5:a8:ba:18:af:81:eb:7a:7e:9e:
                    53:64:73:31:1d:ee:44:7c:2e:78:94:a4:8e:4d:90:
                    65:03:82:3c:2e:41:07:fe:dd:d3:3a:be:a4:ef:2a:
                    29:9c:bd:73:1b:be:00:eb:26:b1:a2:ac:6a:d0:da:
                    51:c6:75:58:eb:74:0c:21:65:15:ea:ca:d9:4b:3b:
                    2d:e4:ce:cc:a4:af:c0:ec:a6:e5:37:6f:2e:5b:71:
                    2b:03:61:c5:12:fa:17:33:53:04:48:8f:7b:4e:f2:
                    4b:39:77:d5:e2:22:fa:d5:d0:32:78:58:86:5c:a0:
                    2a:b3:25:b4:c8:98:44:10:a3:38:74:be:88:b9:82:
                    8e:4b:d2:e0:98:79:88:c4:c7:ac:e6:ed:7e:e4:5c:
                    d5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9F:E9:BB:AD:BA:09:EF:D7:79:64:51:8C:60:A0:D2:B0:49:E4:DA
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/RJ_pu626Ce_XeWRRjGCg0rBJ5No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:89:ac:19:95:ed:85:75:e3:dc:2e:db:ff:ce:e5:8b:17:a9:
         71:64:dc:99:ce:3f:38:e0:ea:24:b8:22:0b:37:7f:e9:2b:d5:
         de:89:06:69:9f:47:25:4d:c4:be:c3:36:04:f9:45:50:8e:d7:
         39:e6:c0:eb:99:a8:95:f6:8f:f7:a4:56:30:22:f0:b5:94:d9:
         87:8d:b2:2e:5b:1b:7c:96:31:e6:7b:28:7a:02:f6:13:0f:dd:
         76:5a:54:49:0c:47:d1:bf:cb:ba:03:ab:91:a2:b2:bf:ae:f8:
         5d:be:58:be:46:ea:f7:9d:d1:a4:f8:28:c8:60:2c:a6:a6:9e:
         85:30:46:59:37:42:ed:dc:2f:b0:54:58:1c:be:92:cc:2c:76:
         84:08:2d:29:20:fd:56:41:4d:f2:05:8b:f2:38:a1:61:d6:08:
         5c:b3:5a:8e:3f:7e:a1:2a:9e:33:6f:2c:d1:4e:ad:28:68:4c:
         f1:0d:d4:40:87:13:ee:fe:f3:6d:42:88:4b:dc:09:33:f1:27:
         36:85:4e:2d:e5:23:c0:99:e4:f9:e9:00:7f:7f:02:09:3f:bb:
         b9:31:d2:ee:b7:ad:fd:ad:52:7b:d3:3d:da:2a:d0:65:b1:6b:
         71:10:d6:6b:91:bb:38:b1:4d:34:13:c4:20:62:7a:76:ec:68:
         37:aa:96:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2Rma+otUPqWudafwufRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDlmZTliYmFkYmEwOWVmZDc3OTY0NTE4YzYwYTBkMmIwNDllNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4skmO72CmrN3Yn7h8G+gDyTRJA0
0xq2Z+QMNW9QlH0PtFYxZMt3ie/URQWNFHJf0QY2xN38TmUh9hhBFl15TN5YYQ0H
cFw5SNtVTvFCdYID+7L9w6+/Z1lwNBaHu1V9M2bm1xfHmlDdu4v6Q9Wouhivget6
fp5TZHMxHe5EfC54lKSOTZBlA4I8LkEH/t3TOr6k7yopnL1zG74A6yaxoqxq0NpR
xnVY63QMIWUV6srZSzst5M7MpK/A7KblN28uW3ErA2HFEvoXM1MESI97TvJLOXfV
4iL61dAyeFiGXKAqsyW0yJhEEKM4dL6IuYKOS9LgmHmIxMes5u1+5FzV0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESf6butugnv13lkUYxgoNKwSeTaMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvUkpfcHU2MjZDZV9YZVdSUmpHQ2cwckJKNU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjBdMA0G
CSqGSIb3DQEBCwUAA4IBAQCyiawZle2FdePcLtv/zuWLF6lxZNyZzj844OokuCIL
N3/pK9XeiQZpn0clTcS+wzYE+UVQjtc55sDrmaiV9o/3pFYwIvC1lNmHjbIuWxt8
ljHmeyh6AvYTD912WlRJDEfRv8u6A6uRorK/rvhdvli+Rur3ndGk+CjIYCympp6F
MEZZN0Lt3C+wVFgcvpLMLHaECC0pIP1WQU3yBYvyOKFh1ghcs1qOP36hKp4zbyzR
Tq0oaEzxDdRAhxPu/vNtQohL3Akz8Sc2hU4t5SPAmeT56QB/fwIJP7u5MdLut639
rVJ70z3aKtBlsWtxENZrkbs4sU00E8QgYnp27Gg3qpZu
-----END CERTIFICATE-----