Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zY78a5ViA6-TOxTfbPiAJ9Inm_Y.roa
File:                     zY78a5ViA6-TOxTfbPiAJ9Inm_Y.roa (raw, json)
Hash identifier:          og5b/BcFOY+IjLcDutjJV+OJ1zegWiBInLo9K8sBHic=
Subject key identifier:   CD:8E:FC:6B:95:62:03:AF:93:3B:14:DF:6C:F8:80:27:D2:27:9B:F6
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       0194282334E666E038AED392511E262231F8
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zY78a5ViA6-TOxTfbPiAJ9Inm_Y.roa
Signing time:             Thu 02 Jan 2025 17:49:43 +0000
ROA not before:           Thu 02 Jan 2025 17:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215443
IP address blocks:        212.113.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:34:e6:66:e0:38:ae:d3:92:51:1e:26:22:31:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  2 17:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd8efc6b956203af933b14df6cf88027d2279bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6d:1c:18:1c:c5:89:68:45:5f:50:ef:85:c7:
                    54:3d:01:34:d4:f7:23:f8:c1:48:6b:59:07:0a:6c:
                    f6:b1:45:e0:df:4a:48:f0:2f:17:b8:90:95:34:75:
                    99:62:95:24:2b:9e:97:c2:df:60:61:b6:69:06:1a:
                    36:a0:ab:b2:3e:ca:9a:83:12:c9:01:67:a2:9e:f7:
                    72:0f:db:95:6e:0e:dd:de:fa:90:e6:5c:3a:af:5b:
                    02:4d:03:be:60:c5:05:af:79:b7:65:45:a0:57:b0:
                    b9:e9:fd:33:7e:cf:d0:7e:69:de:c6:bd:10:2e:00:
                    4c:12:aa:4a:47:99:e2:48:2d:ea:57:06:6d:d1:e9:
                    ff:b0:8e:59:67:61:2c:73:23:45:4b:bc:6d:28:d5:
                    13:62:08:6a:11:62:00:c8:6d:18:24:a7:6b:e0:31:
                    0c:1e:f3:30:45:d3:22:85:78:d3:ff:90:41:21:6e:
                    b9:bb:15:bb:5a:e7:dd:3a:ea:21:29:23:c5:7e:07:
                    13:87:fb:a6:0f:b9:de:9c:f2:9d:3e:ce:39:0a:35:
                    f6:e8:bc:2f:ae:5b:39:f0:dd:6e:63:07:e0:ca:a5:
                    84:99:64:e3:2c:5f:7f:ca:ee:24:2e:14:58:90:09:
                    3a:9d:aa:44:c6:20:1f:6d:89:e4:b5:ee:b4:88:04:
                    b2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8E:FC:6B:95:62:03:AF:93:3B:14:DF:6C:F8:80:27:D2:27:9B:F6
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/zY78a5ViA6-TOxTfbPiAJ9Inm_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:fa:92:b6:b0:37:b6:6f:47:67:87:81:63:d1:f6:8c:d3:55:
         47:d4:f7:72:81:ba:cd:c7:eb:9c:50:93:e8:96:92:df:66:7e:
         e5:66:73:bb:4b:7c:15:48:87:84:84:0f:30:46:b0:3d:c2:f1:
         81:a4:34:38:7c:f5:57:27:d0:09:e8:95:0f:a1:f2:15:a2:10:
         da:ea:78:53:dc:a9:59:86:bc:4e:97:75:3b:fb:20:4d:56:2f:
         54:29:2c:6c:be:52:d5:ae:66:7c:60:03:ec:40:5e:10:86:c9:
         f6:ff:74:d0:7c:fd:d8:71:e0:9d:c1:36:c1:8f:78:25:dc:d6:
         d7:6b:50:87:7d:3c:be:16:95:df:fd:06:2b:88:8b:d0:ac:20:
         31:58:3b:86:84:87:2e:10:64:fd:88:1a:da:3c:c5:18:45:b1:
         8d:74:20:6d:d6:fb:95:eb:9a:8e:16:39:81:44:ee:e6:88:7e:
         c5:a6:4d:df:c8:1e:af:dc:35:54:62:b7:e8:54:54:8e:b3:2d:
         bb:d1:40:04:44:04:23:4b:27:94:d1:55:80:3b:6f:5e:57:61:
         8f:85:2b:95:d1:9e:75:13:7b:25:c8:f0:e2:ee:60:47:3b:70:
         9f:24:8a:09:e5:ab:55:2f:9a:85:33:5a:d4:b5:98:d5:55:dc:
         af:f5:78:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzTmZuA4rtOSUR4mIjH4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwMTAyMTc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDhlZmM2Yjk1NjIwM2FmOTMzYjE0ZGY2Y2Y4ODAyN2QyMjc5YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw20cGBzFiWhFX1DvhcdUPQE01Pcj
+MFIa1kHCmz2sUXg30pI8C8XuJCVNHWZYpUkK56Xwt9gYbZpBho2oKuyPsqagxLJ
AWeinvdyD9uVbg7d3vqQ5lw6r1sCTQO+YMUFr3m3ZUWgV7C56f0zfs/Qfmnexr0Q
LgBMEqpKR5niSC3qVwZt0en/sI5ZZ2EscyNFS7xtKNUTYghqEWIAyG0YJKdr4DEM
HvMwRdMihXjT/5BBIW65uxW7WufdOuohKSPFfgcTh/umD7nenPKdPs45CjX26Lwv
rls58N1uYwfgyqWEmWTjLF9/yu4kLhRYkAk6napExiAfbYnkte60iASydQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2O/GuVYgOvkzsU32z4gCfSJ5v2MB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvelk3OGE1VmlBNi1UT3hUZmJQaUFKOUlubV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HFjMA0G
CSqGSIb3DQEBCwUAA4IBAQBk+pK2sDe2b0dnh4Fj0faM01VH1PdygbrNx+ucUJPo
lpLfZn7lZnO7S3wVSIeEhA8wRrA9wvGBpDQ4fPVXJ9AJ6JUPofIVohDa6nhT3KlZ
hrxOl3U7+yBNVi9UKSxsvlLVrmZ8YAPsQF4Qhsn2/3TQfP3YceCdwTbBj3gl3NbX
a1CHfTy+FpXf/QYriIvQrCAxWDuGhIcuEGT9iBraPMUYRbGNdCBt1vuV65qOFjmB
RO7miH7Fpk3fyB6v3DVUYrfoVFSOsy270UAERAQjSyeU0VWAO29eV2GPhSuV0Z51
E3slyPDi7mBHO3CfJIoJ5atVL5qFM1rUtZjVVdyv9XgD
-----END CERTIFICATE-----