Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/hNku7CubiAVNwZ43L8gq_fQwcu4.roa
File:                     hNku7CubiAVNwZ43L8gq_fQwcu4.roa (raw, json)
Hash identifier:          5DRGMvx6mMymzPo0S7rs4/FW7oUd1EsXHfbLvgUHwoA=
Subject key identifier:   84:D9:2E:EC:2B:9B:88:05:4D:C1:9E:37:2F:C8:2A:FD:F4:30:72:EE
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067D04D4F8D59FFFC4D95F52BD8CEF0
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/hNku7CubiAVNwZ43L8gq_fQwcu4.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60420
IP address blocks:        212.243.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d0:4d:4f:8d:59:ff:fc:4d:95:f5:2b:d8:ce:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84d92eec2b9b88054dc19e372fc82afdf43072ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:16:a1:35:4b:75:ef:11:0a:13:1a:84:f7:3a:
                    6c:a9:1b:c2:85:cc:55:1d:d4:9f:68:ef:45:d8:00:
                    3f:b1:99:cd:3a:37:c7:22:bd:5d:07:3f:7b:1b:8b:
                    e8:ae:8e:b0:66:a3:ec:02:eb:42:db:a3:8c:4c:3a:
                    fa:71:df:5e:46:5c:58:78:0d:9e:d9:47:75:41:63:
                    10:ee:87:eb:dd:70:fe:58:ba:e5:f5:58:bb:75:46:
                    d1:57:7c:df:1e:9d:e5:ae:3e:b7:c1:bd:e3:cd:60:
                    ef:d0:7f:2f:d9:bd:8b:19:98:7c:f3:53:ca:b0:e8:
                    b6:41:33:c5:e3:39:67:07:fb:58:7e:45:e9:ad:ca:
                    30:30:82:4d:1b:02:4b:36:db:3f:2e:b5:94:e5:f6:
                    8a:55:95:71:dc:5d:bd:b3:40:6c:a4:4b:98:53:42:
                    51:21:e8:9b:f4:a9:8d:77:76:dc:38:f9:95:62:3a:
                    b2:19:a9:15:f0:61:f3:d7:77:f0:57:81:c1:af:69:
                    22:be:ae:af:14:c8:b5:db:7b:10:a7:5b:e8:cd:1b:
                    60:b8:de:e8:eb:a2:e2:41:26:d4:f9:e3:26:c2:24:
                    03:dc:c4:ca:9a:98:45:e8:3d:23:b8:ed:d5:86:b1:
                    8a:bf:3c:74:43:6c:af:1e:eb:04:16:55:f8:9f:3c:
                    73:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:D9:2E:EC:2B:9B:88:05:4D:C1:9E:37:2F:C8:2A:FD:F4:30:72:EE
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/hNku7CubiAVNwZ43L8gq_fQwcu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:50:f6:82:f0:27:9b:19:5b:c6:3e:f3:74:98:07:89:4e:37:
         80:fd:94:61:49:a3:91:74:80:74:91:0b:a9:77:6b:01:b6:7c:
         32:9a:24:cf:c4:96:71:02:4d:b7:4c:b9:ef:49:fb:c4:fb:80:
         10:b1:ef:83:72:88:af:84:bf:2e:32:0f:63:b3:c9:e0:41:6e:
         ab:85:8e:52:84:8c:29:1d:7f:4d:b0:a2:87:09:e9:e9:b2:1d:
         13:87:88:33:19:96:2e:e5:40:99:fb:f9:69:98:28:97:f9:e0:
         f8:ae:4c:1f:fb:8c:9d:1a:03:8e:c1:e7:40:c3:1f:43:e5:ad:
         6d:d9:ab:db:e4:69:23:d3:4f:18:8a:48:b1:9e:7f:2e:2d:b4:
         2e:32:61:7d:1f:d9:b0:13:1d:d8:67:61:26:9e:d8:7f:33:eb:
         40:9b:90:33:5b:e6:4a:13:c5:ef:53:8b:5a:56:a1:d3:2d:5b:
         56:a4:b9:41:f8:0f:68:11:0b:48:31:64:98:8c:91:96:8f:9a:
         f2:51:86:33:cf:b8:7a:33:e6:8d:79:cc:2b:3e:44:24:ad:33:
         73:23:3f:21:de:ea:c5:10:af:5c:17:97:6f:61:cf:e0:77:1f:
         ea:a1:07:42:c0:8a:4a:92:49:d4:2f:5b:ec:40:aa:93:d2:99:
         a2:8d:2e:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9BNT41Z//xNlfUr2M7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQ5MmVlYzJiOWI4ODA1NGRjMTllMzcyZmM4MmFmZGY0MzA3MmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xahNUt17xEKExqE9zpsqRvChcxV
HdSfaO9F2AA/sZnNOjfHIr1dBz97G4voro6wZqPsAutC26OMTDr6cd9eRlxYeA2e
2Ud1QWMQ7ofr3XD+WLrl9Vi7dUbRV3zfHp3lrj63wb3jzWDv0H8v2b2LGZh881PK
sOi2QTPF4zlnB/tYfkXprcowMIJNGwJLNts/LrWU5faKVZVx3F29s0BspEuYU0JR
Ieib9KmNd3bcOPmVYjqyGakV8GHz13fwV4HBr2kivq6vFMi123sQp1vozRtguN7o
66LiQSbU+eMmwiQD3MTKmphF6D0juO3VhrGKvzx0Q2yvHusEFlX4nzxzywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITZLuwrm4gFTcGeNy/IKv30MHLuMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvaE5rdTdDdWJpQVZOd1o0M0w4Z3FfZlF3Y3U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1PN/MA0G
CSqGSIb3DQEBCwUAA4IBAQChUPaC8CebGVvGPvN0mAeJTjeA/ZRhSaORdIB0kQup
d2sBtnwymiTPxJZxAk23TLnvSfvE+4AQse+DcoivhL8uMg9js8ngQW6rhY5ShIwp
HX9NsKKHCenpsh0Th4gzGZYu5UCZ+/lpmCiX+eD4rkwf+4ydGgOOwedAwx9D5a1t
2avb5Gkj008Yikixnn8uLbQuMmF9H9mwEx3YZ2Emnth/M+tAm5AzW+ZKE8XvU4ta
VqHTLVtWpLlB+A9oEQtIMWSYjJGWj5ryUYYzz7h6M+aNecwrPkQkrTNzIz8h3urF
EK9cF5dvYc/gdx/qoQdCwIpKkknUL1vsQKqT0pmijS5Z
-----END CERTIFICATE-----