Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/slxDmCt2L7uCGsUsrtR25UrWHG0.roa
File:                     slxDmCt2L7uCGsUsrtR25UrWHG0.roa (raw, json)
Hash identifier:          DyUu6++jqUZQV0Vf12twiu6zSmlHweojaxYVbm0ofdE=
Subject key identifier:   B2:5C:43:98:2B:76:2F:BB:82:1A:C5:2C:AE:D4:76:E5:4A:D6:1C:6D
Certificate issuer:       /CN=cd3dbd5fc6f91b807b7bc4cf6e646e345862af3e
Certificate serial:       0194258FC5241E06C94DCB33682E8094E64E
Authority key identifier: CD:3D:BD:5F:C6:F9:1B:80:7B:7B:C4:CF:6E:64:6E:34:58:62:AF:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/slxDmCt2L7uCGsUsrtR25UrWHG0.roa
Signing time:             Thu 02 Jan 2025 05:49:26 +0000
ROA not before:           Thu 02 Jan 2025 05:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211621
IP address blocks:        195.96.143.0/24 maxlen: 24
                          2a12:e800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c5:24:1e:06:c9:4d:cb:33:68:2e:80:94:e6:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3dbd5fc6f91b807b7bc4cf6e646e345862af3e
        Validity
            Not Before: Jan  2 05:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b25c43982b762fbb821ac52caed476e54ad61c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:70:d8:c4:3c:59:76:d0:f4:0b:6a:ff:c6:ce:
                    92:02:56:60:06:31:9b:aa:09:78:c5:9d:2c:69:f4:
                    60:e0:ad:a3:f7:c6:44:71:dd:07:0e:92:b0:b5:a8:
                    fa:4a:ce:84:4f:1d:3a:47:08:04:90:9f:c5:e0:ca:
                    cb:a2:e6:1e:b3:e1:ab:86:9c:bd:ad:68:0b:99:89:
                    b6:aa:05:5f:73:0a:e2:d2:61:bd:0a:d2:ab:d5:92:
                    8a:6b:78:1d:d9:88:9e:9a:3a:77:ac:39:20:bb:03:
                    59:a1:03:bd:e4:1d:f9:c3:19:cd:52:9e:0b:07:58:
                    2e:b8:8f:e0:be:9e:44:6b:c2:9e:36:22:76:62:75:
                    63:fa:af:54:96:fc:7f:8a:54:fa:96:a6:1b:9b:06:
                    ae:5f:b5:bc:9c:42:44:be:1a:06:27:6c:1a:8f:9e:
                    91:69:31:8e:9b:9e:71:35:56:6e:38:c5:fe:11:c4:
                    d0:eb:09:20:af:15:59:24:70:e9:75:a2:80:6c:ba:
                    c9:da:49:63:79:35:74:52:2a:d5:fd:c6:99:32:d0:
                    e9:10:ed:0b:61:9a:79:88:c6:24:b2:00:09:28:0e:
                    a9:be:45:a2:85:c0:65:34:38:b0:df:6a:8e:87:75:
                    77:b9:91:5d:23:a4:fe:05:9f:81:3e:59:a7:2b:77:
                    c6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:5C:43:98:2B:76:2F:BB:82:1A:C5:2C:AE:D4:76:E5:4A:D6:1C:6D
            X509v3 Authority Key Identifier:
                keyid:CD:3D:BD:5F:C6:F9:1B:80:7B:7B:C4:CF:6E:64:6E:34:58:62:AF:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/slxDmCt2L7uCGsUsrtR25UrWHG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.143.0/24
                IPv6:
                  2a12:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:3c:c5:48:7c:90:ff:fb:07:18:3d:26:ab:3d:dc:01:a0:dd:
         6b:16:4f:f1:5b:1d:51:bb:e7:55:78:0f:b6:22:e9:5a:09:5e:
         2d:f6:90:98:0a:43:ac:e3:78:d4:81:37:76:af:51:20:66:1e:
         6c:48:58:e7:fa:90:f9:3c:45:33:2e:fd:7d:65:49:f1:10:e1:
         22:bc:de:64:c4:46:47:e2:ee:c7:10:04:e7:88:fb:67:b1:01:
         e4:1d:c4:d4:2e:cc:2f:a5:d6:9b:65:07:dc:45:94:6e:ca:d0:
         af:09:d8:b3:89:fb:20:a0:b5:cb:be:04:d3:f0:19:77:db:6e:
         19:04:29:b8:dc:94:af:bf:b6:7e:ed:16:29:b9:9f:ed:6c:85:
         7c:65:f8:5a:5a:82:46:ce:17:04:7d:46:95:5e:48:c1:89:14:
         a0:97:d1:be:ea:34:5a:74:e3:ec:1e:ed:fd:95:d6:f0:f2:cf:
         0a:70:45:8b:35:3c:23:a3:51:ca:9c:2f:66:55:bf:15:d7:cb:
         73:9a:a2:e3:2a:b9:2e:b9:b7:5a:cd:f3:bf:ae:ce:6a:bc:75:
         e1:e1:fc:f0:6e:0c:00:c7:e3:17:ae:16:24:1d:ac:13:c7:f8:
         4e:87:37:af:8d:49:ad:87:60:5d:93:89:0c:52:5c:af:30:0b:
         49:f5:1f:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj8UkHgbJTcszaC6AlOZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2RiZDVmYzZmOTFiODA3YjdiYzRjZjZlNjQ2ZTM0NTg2
MmFmM2UwHhcNMjUwMTAyMDU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjVjNDM5ODJiNzYyZmJiODIxYWM1MmNhZWQ0NzZlNTRhZDYxYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXDYxDxZdtD0C2r/xs6SAlZgBjGb
qgl4xZ0safRg4K2j98ZEcd0HDpKwtaj6Ss6ETx06RwgEkJ/F4MrLouYes+Grhpy9
rWgLmYm2qgVfcwri0mG9CtKr1ZKKa3gd2Yiemjp3rDkguwNZoQO95B35wxnNUp4L
B1guuI/gvp5Ea8KeNiJ2YnVj+q9Ulvx/ilT6lqYbmwauX7W8nEJEvhoGJ2waj56R
aTGOm55xNVZuOMX+EcTQ6wkgrxVZJHDpdaKAbLrJ2kljeTV0UirV/caZMtDpEO0L
YZp5iMYksgAJKA6pvkWihcBlNDiw32qOh3V3uZFdI6T+BZ+BPlmnK3fGewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJcQ5grdi+7ghrFLK7UduVK1hxtMB8GA1UdIwQY
MBaAFM09vV/G+RuAe3vEz25kbjRYYq8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelQyOVg4YjVHNEI3ZThUUGJtUnVORmhpcno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xNGI5MzMtN2UzNC00YTg3LWIyMTUt
OGNhYWQzZTMxYWRjLzEvc2x4RG1DdDJMN3VDR3NVc3J0UjI1VXJXSEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xNGI5MzMtN2UzNC00YTg3LWIyMTUtOGNhYWQzZTMxYWRj
LzEvelQyOVg4YjVHNEI3ZThUUGJtUnVORmhpcno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw2CPMA0E
AgACMAcDBQMqEugAMA0GCSqGSIb3DQEBCwUAA4IBAQABPMVIfJD/+wcYPSarPdwB
oN1rFk/xWx1Ru+dVeA+2IulaCV4t9pCYCkOs43jUgTd2r1EgZh5sSFjn+pD5PEUz
Lv19ZUnxEOEivN5kxEZH4u7HEATniPtnsQHkHcTULswvpdabZQfcRZRuytCvCdiz
ifsgoLXLvgTT8Bl3224ZBCm43JSvv7Z+7RYpuZ/tbIV8ZfhaWoJGzhcEfUaVXkjB
iRSgl9G+6jRadOPsHu39ldbw8s8KcEWLNTwjo1HKnC9mVb8V18tzmqLjKrkuubda
zfO/rs5qvHXh4fzwbgwAx+MXrhYkHawTx/hOhzevjUmth2Bdk4kMUlyvMAtJ9R+Q
-----END CERTIFICATE-----