Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/DmHJvnXYNCZG6CwLW6LsQtmujI4.roa
File:                     DmHJvnXYNCZG6CwLW6LsQtmujI4.roa (raw, json)
Hash identifier:          x67qTlyXrzA3beyYfkqEGco6s6alggLnNjlSZnKsSr0=
Subject key identifier:   0E:61:C9:BE:75:D8:34:26:46:E8:2C:0B:5B:A2:EC:42:D9:AE:8C:8E
Certificate issuer:       /CN=5270786f17c41bd01626f72db239f208b5189bb0
Certificate serial:       0194228DEBE2C1ABF9CD05169BB1A77E9699
Authority key identifier: 52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/DmHJvnXYNCZG6CwLW6LsQtmujI4.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34814
IP address blocks:        193.0.204.0/22 maxlen: 24
                          193.46.201.0/24 maxlen: 24
                          195.191.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:eb:e2:c1:ab:f9:cd:05:16:9b:b1:a7:7e:96:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5270786f17c41bd01626f72db239f208b5189bb0
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e61c9be75d8342646e82c0b5ba2ec42d9ae8c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2d:db:b1:b0:f4:6e:76:bd:b9:c7:97:da:fc:
                    f5:58:f7:7f:15:a8:63:af:61:62:9c:66:56:cb:3f:
                    43:17:d7:14:4c:14:78:6d:9b:3d:f8:32:11:f9:e8:
                    22:34:c0:60:5b:97:7e:4e:fb:6d:af:52:0a:2e:4f:
                    ca:6a:a4:cc:3d:b2:fb:58:d1:f8:bc:b3:37:1a:68:
                    67:33:3c:16:3b:37:ea:e2:1d:40:e3:c5:26:12:43:
                    54:d1:60:2d:ab:1f:47:78:76:95:9e:f0:81:48:99:
                    ce:aa:12:da:92:4c:5f:f8:51:6f:e8:3b:a1:27:a7:
                    2b:00:e0:7d:09:8e:aa:d6:0f:d7:16:52:e5:00:59:
                    d6:b2:40:1f:26:ca:55:f7:72:cd:d9:f1:a9:b2:af:
                    9b:2f:72:c0:7e:aa:71:cc:52:14:7b:6a:9f:81:43:
                    e5:37:6a:cc:4f:ad:d4:ba:24:ce:6e:3b:c0:d3:1c:
                    2c:3d:5f:07:10:d5:7b:32:11:fa:86:e2:20:ba:fd:
                    9e:de:30:6f:4f:ac:25:d3:f5:12:77:e3:4e:13:55:
                    3b:9e:9b:67:62:ff:0c:35:88:d2:c9:8e:18:20:04:
                    be:ca:93:cb:74:a6:95:80:c1:6d:8b:0e:2d:d9:e8:
                    5d:15:44:df:21:89:99:a8:5d:aa:37:d5:d2:04:d2:
                    61:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:61:C9:BE:75:D8:34:26:46:E8:2C:0B:5B:A2:EC:42:D9:AE:8C:8E
            X509v3 Authority Key Identifier:
                keyid:52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/DmHJvnXYNCZG6CwLW6LsQtmujI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.204.0/22
                  193.46.201.0/24
                  195.191.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:13:42:35:7b:4c:f6:1b:00:23:7f:53:35:87:5d:fa:ed:fa:
         47:3e:a4:b3:20:ff:fb:cf:59:17:b3:b2:5f:ba:04:96:9c:f0:
         fd:82:96:d5:66:eb:a5:ac:3c:c0:42:8d:f0:0c:44:ca:25:40:
         1a:8a:94:2c:9a:8a:0e:44:7a:40:cf:9e:94:81:27:18:e0:a2:
         b1:ef:b7:84:99:b0:0e:ca:fb:81:f3:c4:df:ce:fa:74:cd:a2:
         99:06:49:c5:81:9c:62:e9:25:f0:2f:9f:36:57:53:ca:0d:25:
         04:82:80:1f:05:f4:72:e7:be:93:06:cc:ce:8f:1d:9e:3a:63:
         0f:c2:88:4c:75:7e:06:10:b3:90:36:ec:a3:f9:7e:2a:b2:83:
         48:66:da:ff:c6:3a:16:6e:e9:93:00:42:e3:4b:01:f3:7a:ad:
         25:ab:c2:61:ae:c0:50:01:ea:ac:00:ab:77:05:83:2a:09:86:
         5f:a8:18:42:6a:57:e9:60:8c:f5:72:55:7d:93:5a:96:80:28:
         74:6f:38:a1:7c:77:80:1b:71:db:cf:c7:68:54:9f:2f:76:69:
         4b:ab:96:c7:d8:7b:44:49:aa:44:ce:48:66:a8:67:ab:cc:57:
         a8:2f:5a:82:c4:4a:86:58:b9:69:06:1e:86:d7:78:b4:85:36:
         1a:15:ea:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijeviwav5zQUWm7GnfpaZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNzA3ODZmMTdjNDFiZDAxNjI2ZjcyZGIyMzlmMjA4YjUx
ODliYjAwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTYxYzliZTc1ZDgzNDI2NDZlODJjMGI1YmEyZWM0MmQ5YWU4YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS3bsbD0bna9uceX2vz1WPd/Fahj
r2FinGZWyz9DF9cUTBR4bZs9+DIR+egiNMBgW5d+Tvttr1IKLk/KaqTMPbL7WNH4
vLM3GmhnMzwWOzfq4h1A48UmEkNU0WAtqx9HeHaVnvCBSJnOqhLakkxf+FFv6Duh
J6crAOB9CY6q1g/XFlLlAFnWskAfJspV93LN2fGpsq+bL3LAfqpxzFIUe2qfgUPl
N2rMT63UuiTObjvA0xwsPV8HENV7MhH6huIguv2e3jBvT6wl0/USd+NOE1U7nptn
Yv8MNYjSyY4YIAS+ypPLdKaVgMFtiw4t2ehdFUTfIYmZqF2qN9XSBNJhVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA5hyb512DQmRugsC1ui7ELZroyOMB8GA1UdIwQY
MBaAFFJweG8XxBvQFib3LbI58gi1GJuwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYt
NzVmNDdmMDdjNGUzLzEvRG1ISnZuWFlOQ1pHNkN3TFc2THNRdG11akk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYtNzVmNDdmMDdjNGUz
LzEvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCwQDMAwQA
wS7JAwQBw786MA0GCSqGSIb3DQEBCwUAA4IBAQBKE0I1e0z2GwAjf1M1h1367fpH
PqSzIP/7z1kXs7JfugSWnPD9gpbVZuulrDzAQo3wDETKJUAaipQsmooORHpAz56U
gScY4KKx77eEmbAOyvuB88Tfzvp0zaKZBknFgZxi6SXwL582V1PKDSUEgoAfBfRy
576TBszOjx2eOmMPwohMdX4GELOQNuyj+X4qsoNIZtr/xjoWbumTAELjSwHzeq0l
q8JhrsBQAeqsAKt3BYMqCYZfqBhCalfpYIz1clV9k1qWgCh0bzihfHeAG3Hbz8do
VJ8vdmlLq5bH2HtESapEzkhmqGerzFeoL1qCxEqGWLlpBh6G13i0hTYaFeoP
-----END CERTIFICATE-----