Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/gZrmTs3ukQIINjYb9akCKLL_iZM.roa
File:                     gZrmTs3ukQIINjYb9akCKLL_iZM.roa (raw, json)
Hash identifier:          WbSg2tywBgMqpLgEuUZPOKgd7CPp10c7QuJJvyuvaco=
Subject key identifier:   81:9A:E6:4E:CD:EE:91:02:08:36:36:1B:F5:A9:02:28:B2:FF:89:93
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       019422FB2FFC7E74C54DBE343F92EC2B82D6
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/gZrmTs3ukQIINjYb9akCKLL_iZM.roa
Signing time:             Wed 01 Jan 2025 17:47:54 +0000
ROA not before:           Wed 01 Jan 2025 17:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47957
IP address blocks:        160.92.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:2f:fc:7e:74:c5:4d:be:34:3f:92:ec:2b:82:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 17:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=819ae64ecdee91020836361bf5a90228b2ff8993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:42:56:e1:ad:70:24:b4:59:62:2e:20:83:24:
                    be:f3:4e:60:ab:0f:38:6f:86:34:ee:a7:e5:17:99:
                    35:aa:41:1d:db:f5:93:00:f3:f6:b7:1d:0e:a6:74:
                    59:c9:e3:75:b8:55:8d:a8:13:c2:c6:00:5b:fc:f3:
                    63:07:1f:00:45:7e:73:6a:fc:49:20:e9:24:4d:d7:
                    fc:43:ac:77:50:31:4d:7c:e9:24:de:5e:a3:c2:ad:
                    3c:b0:59:b9:93:8e:96:43:57:d8:8a:98:ef:2e:40:
                    6b:20:80:18:12:a6:73:52:a5:d6:36:fc:35:28:38:
                    f6:e6:c5:13:50:a1:05:8e:02:96:8b:c7:d4:96:a0:
                    ad:bb:ab:f4:aa:70:ea:c1:75:1f:92:c3:a9:bc:fc:
                    1f:7a:f0:ea:b2:b9:34:ea:bf:c5:40:11:b8:df:4f:
                    d3:50:95:e8:5a:8a:9b:8b:7a:a1:81:07:9d:ab:56:
                    f8:65:58:aa:c7:63:e1:1c:54:34:b6:34:5f:3a:ff:
                    d7:0c:de:df:1d:bb:b3:60:a5:c2:26:c5:a7:a4:a1:
                    d0:73:45:62:f8:fc:4f:a5:44:97:c4:e1:4b:79:fc:
                    16:ba:36:4b:48:4d:ad:f9:09:47:a9:5e:ad:92:c3:
                    e1:98:30:2f:da:24:1a:18:b5:86:90:d0:fb:1f:cb:
                    de:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:9A:E6:4E:CD:EE:91:02:08:36:36:1B:F5:A9:02:28:B2:FF:89:93
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/gZrmTs3ukQIINjYb9akCKLL_iZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.92.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:38:52:46:ab:e1:33:11:5d:45:d4:31:71:d8:13:27:8e:55:
         47:9b:8c:cc:ae:78:bc:30:93:19:e4:b3:51:94:ff:55:ca:81:
         e7:ba:5d:a4:fa:b9:08:7a:6d:ab:5d:b5:15:31:7e:d0:3e:fd:
         be:77:f6:18:87:da:86:f7:9c:6a:a0:ca:4f:03:b0:b2:1b:9f:
         63:fc:ab:04:1b:92:70:35:8a:2e:fb:2a:ce:e5:07:23:35:44:
         0e:3d:5a:66:45:ac:e0:d3:b7:27:74:ae:32:8f:71:23:a2:fe:
         b5:c9:f6:a3:a6:df:49:7a:53:d4:c9:91:6b:5f:a9:6b:aa:dd:
         68:c4:dd:62:4c:35:53:24:e9:44:0a:8c:fe:13:a6:ab:16:b1:
         c0:97:51:7d:94:95:f5:fc:ce:4b:89:86:ff:c0:2e:7a:5e:ab:
         9f:18:6c:b1:6e:cd:96:3c:be:bd:85:78:07:fb:d7:09:8f:32:
         b4:b8:fb:b1:51:d1:45:39:d0:20:a7:22:7e:92:d0:14:52:50:
         1e:9c:30:ba:b6:cd:d3:9c:72:5c:ce:bf:39:ee:ff:70:5d:e8:
         8b:29:68:8d:c6:ec:04:38:5e:27:e6:18:0c:ca:25:e0:87:8a:
         5e:0b:eb:65:d3:4a:56:54:bf:07:cd:aa:e8:a2:2e:a1:d1:17:
         33:83:ea:36
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQi+y/8fnTFTb40P5LsK4LWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjUwMTAxMTc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTlhZTY0ZWNkZWU5MTAyMDgzNjM2MWJmNWE5MDIyOGIyZmY4OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkJW4a1wJLRZYi4ggyS+805gqw84
b4Y07qflF5k1qkEd2/WTAPP2tx0OpnRZyeN1uFWNqBPCxgBb/PNjBx8ARX5zavxJ
IOkkTdf8Q6x3UDFNfOkk3l6jwq08sFm5k46WQ1fYipjvLkBrIIAYEqZzUqXWNvw1
KDj25sUTUKEFjgKWi8fUlqCtu6v0qnDqwXUfksOpvPwfevDqsrk06r/FQBG430/T
UJXoWoqbi3qhgQedq1b4ZViqx2PhHFQ0tjRfOv/XDN7fHbuzYKXCJsWnpKHQc0Vi
+PxPpUSXxOFLefwWujZLSE2t+QlHqV6tksPhmDAv2iQaGLWGkND7H8veBQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIGa5k7N7pECCDY2G/WpAiiy/4mTMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvZ1pybVRzM3VrUUlJTmpZYjlha0NLTExfaVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoFwwDQYJ
KoZIhvcNAQELBQADggEBALI4Ukar4TMRXUXUMXHYEyeOVUebjMyueLwwkxnks1GU
/1XKgee6XaT6uQh6batdtRUxftA+/b539hiH2ob3nGqgyk8DsLIbn2P8qwQbknA1
ii77Ks7lByM1RA49WmZFrODTtyd0rjKPcSOi/rXJ9qOm30l6U9TJkWtfqWuq3WjE
3WJMNVMk6UQKjP4TpqsWscCXUX2UlfX8zkuJhv/ALnpeq58YbLFuzZY8vr2FeAf7
1wmPMrS4+7FR0UU50CCnIn6S0BRSUB6cMLq2zdOcclzOvznu/3Bd6IspaI3G7AQ4
XifmGAzKJeCHil4L62XTSlZUvwfNquiiLqHRFzOD6jY=
-----END CERTIFICATE-----