Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bTR5ARGVS48NxGTPkopdh9Ggm8k.roa
File:                     bTR5ARGVS48NxGTPkopdh9Ggm8k.roa (raw, json)
Hash identifier:          aaWv4Rw2ia1K7cSGZjky7x9lBQFsZGt4c0YsGVg+gz4=
Subject key identifier:   6D:34:79:01:11:95:4B:8F:0D:C4:64:CF:92:8A:5D:87:D1:A0:9B:C9
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D8EBC070041653052AE6A693AA59B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bTR5ARGVS48NxGTPkopdh9Ggm8k.roa
Signing time:             Wed 01 Jan 2025 15:48:09 +0000
ROA not before:           Wed 01 Jan 2025 15:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12469
IP address blocks:        194.45.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8e:bc:07:00:41:65:30:52:ae:6a:69:3a:a5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d34790111954b8f0dc464cf928a5d87d1a09bc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:7f:d8:7a:10:a4:4e:10:ca:c5:78:1e:3d:
                    4c:d8:72:54:71:fc:32:35:9f:0b:30:06:07:70:20:
                    62:e8:34:01:43:63:4c:8f:e9:9e:a5:e1:ed:a2:94:
                    c6:9f:fe:d7:a5:10:38:b0:93:eb:be:10:18:66:09:
                    f5:6f:84:71:24:72:f3:2c:09:0b:de:c7:d4:9c:09:
                    4b:fb:6c:60:b4:f5:4b:92:4a:05:09:7c:ae:0f:d9:
                    d7:16:98:bc:c1:e1:cc:57:db:af:99:23:bf:10:1d:
                    85:ed:5d:27:eb:a9:29:04:b7:a5:be:30:17:53:00:
                    f3:d7:9c:90:b8:f5:45:b1:ad:15:0b:5b:9e:44:94:
                    7e:43:f7:a3:49:32:cc:0e:20:a0:6c:c5:a9:c0:1e:
                    b2:cb:97:1b:30:c8:d7:91:82:12:9d:f7:88:89:9f:
                    02:d6:3d:05:63:c4:41:73:a0:39:3a:25:dc:9e:11:
                    c2:0a:96:16:03:16:60:92:ba:f4:b8:70:22:ce:7d:
                    4e:e3:06:5a:ac:93:f3:91:26:26:68:47:a3:91:ef:
                    6f:3a:75:98:ab:0b:b9:4d:7f:8b:63:24:a6:de:f8:
                    d1:c5:41:17:41:39:0f:27:93:b2:de:e9:b2:10:ba:
                    69:70:ea:93:8e:eb:52:3d:3e:7b:46:f0:2a:59:32:
                    50:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:34:79:01:11:95:4B:8F:0D:C4:64:CF:92:8A:5D:87:D1:A0:9B:C9
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/bTR5ARGVS48NxGTPkopdh9Ggm8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e3:59:90:35:f7:4a:51:fc:9e:14:ac:eb:cb:7d:0b:53:98:
         e4:93:c0:2a:6c:69:da:e4:c5:a6:b0:43:35:28:9c:93:cf:3b:
         0f:f8:64:9a:0c:7a:7b:0e:61:24:cf:1c:a9:80:fd:8f:5c:14:
         fc:1e:e9:27:c7:6b:59:d2:3f:8e:a7:a7:6e:93:a6:a9:11:cf:
         e3:ac:65:f2:2c:b2:a8:a9:f2:a3:fe:29:b1:82:60:cd:e8:9c:
         bf:99:cc:48:34:e2:f1:b1:14:c9:09:fc:d6:a4:74:d9:67:91:
         b5:a9:f3:a5:ac:71:39:1c:e5:c5:e9:8b:cd:d2:17:0b:7a:1b:
         07:13:51:b5:c6:c3:ac:21:0a:a2:7e:a8:f9:4d:23:d1:13:50:
         c5:70:06:55:6c:64:4b:f4:5d:4d:39:fd:cb:35:3c:be:f8:7b:
         c3:21:e0:be:67:d0:03:93:e3:b3:79:39:ad:b7:8b:5f:95:db:
         f4:94:ea:43:d0:6a:07:d7:86:0b:90:43:7f:3e:c9:bf:a0:88:
         ec:a2:0b:2d:aa:a6:ae:26:e4:e4:06:0a:57:0e:b5:9f:74:3f:
         50:68:61:a6:c6:f3:87:fe:fb:39:5e:5d:97:74:be:6a:c9:ea:
         06:ae:75:b7:5f:0b:3d:eb:0b:f8:db:b0:c5:ec:1c:c1:e4:87:
         3e:00:2e:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijY68BwBBZTBSrmppOqWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDM0NzkwMTExOTU0YjhmMGRjNDY0Y2Y5MjhhNWQ4N2QxYTA5YmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5V/2HoQpE4QysV4Hj1M2HJUcfwy
NZ8LMAYHcCBi6DQBQ2NMj+mepeHtopTGn/7XpRA4sJPrvhAYZgn1b4RxJHLzLAkL
3sfUnAlL+2xgtPVLkkoFCXyuD9nXFpi8weHMV9uvmSO/EB2F7V0n66kpBLelvjAX
UwDz15yQuPVFsa0VC1ueRJR+Q/ejSTLMDiCgbMWpwB6yy5cbMMjXkYISnfeIiZ8C
1j0FY8RBc6A5OiXcnhHCCpYWAxZgkrr0uHAizn1O4wZarJPzkSYmaEejke9vOnWY
qwu5TX+LYySm3vjRxUEXQTkPJ5Oy3umyELppcOqTjutSPT57RvAqWTJQ4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG00eQERlUuPDcRkz5KKXYfRoJvJMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYlRSNUFSR1ZTNDhOeEdUUGtvcGRoOUdnbThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwi23MA0G
CSqGSIb3DQEBCwUAA4IBAQCs41mQNfdKUfyeFKzry30LU5jkk8AqbGna5MWmsEM1
KJyTzzsP+GSaDHp7DmEkzxypgP2PXBT8Huknx2tZ0j+Op6duk6apEc/jrGXyLLKo
qfKj/imxgmDN6Jy/mcxINOLxsRTJCfzWpHTZZ5G1qfOlrHE5HOXF6YvN0hcLehsH
E1G1xsOsIQqifqj5TSPRE1DFcAZVbGRL9F1NOf3LNTy++HvDIeC+Z9ADk+OzeTmt
t4tfldv0lOpD0GoH14YLkEN/Psm/oIjsogstqqauJuTkBgpXDrWfdD9QaGGmxvOH
/vs5Xl2XdL5qyeoGrnW3Xws96wv427DF7BzB5Ic+AC61
-----END CERTIFICATE-----