Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/7jEmnnvVVJelmr8qrjn50rWFOcw.roa
File:                     7jEmnnvVVJelmr8qrjn50rWFOcw.roa (raw, json)
Hash identifier:          EchIPXfoij0iDBazd31BWfFW6DqbRboeZNJcaicEn4E=
Subject key identifier:   EE:31:26:9E:7B:D5:54:97:A5:9A:BF:2A:AE:39:F9:D2:B5:85:39:CC
Certificate issuer:       /CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
Certificate serial:       019423D7D160BBD58A8C33022DD90BE08292
Authority key identifier: 8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/7jEmnnvVVJelmr8qrjn50rWFOcw.roa
Signing time:             Wed 01 Jan 2025 21:48:53 +0000
ROA not before:           Wed 01 Jan 2025 21:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208727
IP address blocks:        194.48.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:d1:60:bb:d5:8a:8c:33:02:2d:d9:0b:e0:82:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
        Validity
            Not Before: Jan  1 21:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee31269e7bd55497a59abf2aae39f9d2b58539cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e5:ea:46:f9:a8:7b:68:cc:06:8b:25:3f:b8:
                    c3:0f:40:39:32:0a:15:0f:f3:23:ab:64:a0:c3:bb:
                    b9:c7:b8:22:47:6c:04:53:34:36:a8:11:98:6f:46:
                    b0:f5:7a:30:de:a4:88:58:bc:41:63:5a:e9:55:88:
                    93:27:ce:93:ba:ec:94:4f:bc:4f:36:25:b1:a2:41:
                    d9:e3:8a:f7:ce:25:28:02:9f:24:0f:36:ce:b1:c0:
                    9b:91:81:08:6e:a9:b4:48:6b:a4:63:7d:11:fc:e4:
                    a4:7b:dd:87:c0:54:aa:a4:e2:12:90:36:11:ba:42:
                    c6:f4:0a:4f:31:12:47:19:75:a9:0e:4d:06:82:c3:
                    b3:63:c5:78:db:16:06:96:5d:f9:5d:11:47:94:97:
                    fd:62:56:8e:2f:3d:42:c9:62:63:06:0b:cd:aa:70:
                    70:8d:86:42:2f:37:23:03:9d:85:bf:12:0e:b6:bf:
                    f1:8f:14:22:95:eb:87:81:07:19:0b:26:6b:1e:3a:
                    8a:ff:61:3d:9a:bb:81:b2:ed:72:28:e1:b7:f9:65:
                    75:a4:d2:2f:45:cc:60:85:ac:1b:e7:b0:66:fb:4e:
                    d6:75:b5:09:2f:66:66:a6:ec:f6:c9:0e:c6:fd:62:
                    d2:5e:89:38:5e:ad:37:bb:19:94:21:15:69:aa:07:
                    2c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:31:26:9E:7B:D5:54:97:A5:9A:BF:2A:AE:39:F9:D2:B5:85:39:CC
            X509v3 Authority Key Identifier:
                keyid:8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/7jEmnnvVVJelmr8qrjn50rWFOcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:87:87:ab:6d:3d:cb:1f:fb:7d:60:32:0d:f6:fc:19:d2:5f:
         aa:5b:89:e4:9a:01:18:30:8a:a2:95:f8:52:ac:8c:e5:87:a8:
         86:cb:72:2c:91:c7:7b:0a:1c:cb:c8:77:25:ac:59:03:4e:13:
         c0:26:35:bf:05:18:89:18:90:53:74:c9:28:58:28:19:72:3b:
         09:8a:82:20:55:63:20:7a:87:d4:8a:c1:5c:02:14:c5:b8:a1:
         57:20:dd:5c:7e:d4:d4:d4:e5:f2:39:f0:c2:c2:ea:55:8a:63:
         a9:e7:27:d2:17:4d:8c:4b:ab:cf:a7:f6:33:e9:37:a7:91:1e:
         2d:4e:a8:f1:8c:59:18:75:9f:d6:26:ce:7e:fd:11:63:4c:f5:
         ae:92:91:ff:54:35:e0:ee:b5:b6:40:ff:ad:b1:38:54:14:de:
         a9:5d:ff:80:5d:65:d5:cf:50:81:2a:7c:21:ef:0c:e9:73:68:
         ee:1f:34:f3:35:40:cb:5b:43:03:f4:69:df:91:73:c0:bf:ba:
         07:33:f5:e4:51:29:ee:83:28:b5:35:28:dd:2d:d1:89:cd:80:
         66:74:e2:40:8e:09:1b:56:98:63:2f:bb:8c:5a:26:99:f7:03:
         3c:51:44:5a:5d:fa:62:45:b4:bb:b1:99:ae:96:43:4b:e5:5b:
         e9:06:6c:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj19Fgu9WKjDMCLdkL4IKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDUyNDM5Y2FjMjcxOWI2NGU4NWIyNmZmMGVhODQ2OGQ1
Nzk2MGUwHhcNMjUwMTAxMjE0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTMxMjY5ZTdiZDU1NDk3YTU5YWJmMmFhZTM5ZjlkMmI1ODUzOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eXqRvmoe2jMBoslP7jDD0A5MgoV
D/Mjq2Sgw7u5x7giR2wEUzQ2qBGYb0aw9Xow3qSIWLxBY1rpVYiTJ86TuuyUT7xP
NiWxokHZ44r3ziUoAp8kDzbOscCbkYEIbqm0SGukY30R/OSke92HwFSqpOISkDYR
ukLG9ApPMRJHGXWpDk0GgsOzY8V42xYGll35XRFHlJf9YlaOLz1CyWJjBgvNqnBw
jYZCLzcjA52FvxIOtr/xjxQileuHgQcZCyZrHjqK/2E9mruBsu1yKOG3+WV1pNIv
Rcxghawb57Bm+07WdbUJL2Zmpuz2yQ7G/WLSXok4Xq03uxmUIRVpqgcsfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4xJp571VSXpZq/Kq45+dK1hTnMMB8GA1UdIwQY
MBaAFIzVJDnKwnGbZOhbJv8OqEaNV5YOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUt
M2U0YTAyNmRmMDAwLzEvN2pFbW5udlZWSmVsbXI4cXJqbjUwcldGT2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUtM2U0YTAyNmRmMDAw
LzEvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjDmMA0G
CSqGSIb3DQEBCwUAA4IBAQCKh4erbT3LH/t9YDIN9vwZ0l+qW4nkmgEYMIqilfhS
rIzlh6iGy3Iskcd7ChzLyHclrFkDThPAJjW/BRiJGJBTdMkoWCgZcjsJioIgVWMg
eofUisFcAhTFuKFXIN1cftTU1OXyOfDCwupVimOp5yfSF02MS6vPp/Yz6TenkR4t
TqjxjFkYdZ/WJs5+/RFjTPWukpH/VDXg7rW2QP+tsThUFN6pXf+AXWXVz1CBKnwh
7wzpc2juHzTzNUDLW0MD9GnfkXPAv7oHM/XkUSnugyi1NSjdLdGJzYBmdOJAjgkb
VphjL7uMWiaZ9wM8UURaXfpiRbS7sZmulkNL5VvpBmwG
-----END CERTIFICATE-----