Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LE9pGh9q9oTrXTBFWMBs1XeoJdc.roa
File:                     LE9pGh9q9oTrXTBFWMBs1XeoJdc.roa (raw, json)
Hash identifier:          zhDStxjbmAfbceuugzkEeBMKdvAXg8UlfX0nT+iiJ9I=
Subject key identifier:   2C:4F:69:1A:1F:6A:F6:84:EB:5D:30:45:58:C0:6C:D5:77:A8:25:D7
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244516E51AA4F81DE5566E5B5017C2C9
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LE9pGh9q9oTrXTBFWMBs1XeoJdc.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43278
IP address blocks:        152.89.199.0/24 maxlen: 24
                          185.207.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:16:e5:1a:a4:f8:1d:e5:56:6e:5b:50:17:c2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c4f691a1f6af684eb5d304558c06cd577a825d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cb:9a:53:e1:91:05:b9:47:d6:ff:02:d7:df:
                    03:fd:b2:50:f8:bd:e1:b0:4a:67:9d:64:37:3a:ab:
                    42:fb:3d:89:fb:6f:f7:97:3c:1c:cd:98:ba:f0:46:
                    44:c7:c8:14:0d:4f:91:ec:8a:7f:6a:08:8f:cb:64:
                    7c:ec:d2:32:a2:a1:ad:c7:b9:bb:54:30:db:6c:96:
                    dc:1e:d3:46:07:c8:6a:24:46:cd:18:d3:fc:3b:99:
                    d2:1d:47:a9:7e:0c:13:2c:e7:19:71:32:be:d0:39:
                    4f:0d:27:c0:9b:e1:36:61:c6:c0:da:7b:f9:80:2e:
                    d4:95:f8:17:56:a1:64:b5:cd:5b:02:4d:15:88:f1:
                    58:00:4c:38:29:bb:ef:f3:16:c4:3b:fb:0c:76:c9:
                    4d:70:9c:a0:e7:67:a7:4b:ca:c7:b8:83:54:f1:20:
                    00:e1:92:ec:e4:0d:2e:ac:9e:c2:21:ec:46:58:7e:
                    3c:73:e9:7a:d4:67:22:f3:18:8c:81:6d:05:9a:6e:
                    af:3d:ac:1b:e0:e1:12:72:45:1a:46:68:45:49:31:
                    b5:02:40:b3:21:3b:21:5a:f3:a0:d5:f9:a4:c4:0c:
                    df:c9:31:f8:f6:a7:17:02:a8:4a:be:3d:83:b6:42:
                    b9:90:22:19:a8:b2:35:71:d6:d1:d7:db:17:d9:5c:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4F:69:1A:1F:6A:F6:84:EB:5D:30:45:58:C0:6C:D5:77:A8:25:D7
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LE9pGh9q9oTrXTBFWMBs1XeoJdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.199.0/24
                  185.207.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ba:f9:1d:20:22:d6:2d:d0:20:ea:b4:39:15:5a:ee:53:2e:
         21:7b:39:b3:49:97:0e:c0:db:26:dd:eb:9c:c5:63:00:25:63:
         cf:33:83:ad:60:9e:45:72:26:00:9f:ca:a3:22:f7:8c:61:6c:
         1e:12:b4:85:41:4c:fc:3e:c9:1e:16:d3:e9:e4:45:17:4b:27:
         2a:f3:0e:de:84:53:25:44:2e:86:34:20:5d:00:a8:b4:1f:47:
         af:f4:bb:0b:1a:4c:1d:e1:52:1a:ad:75:44:d9:4a:9d:18:d5:
         72:6a:b2:b7:12:59:1b:00:3e:eb:b9:2b:fe:01:18:2e:68:46:
         6f:08:46:c5:85:f9:c1:94:29:3f:28:1a:43:fa:be:4d:c6:55:
         75:42:ba:00:73:0f:64:8a:26:0f:2c:57:44:9c:85:1c:9d:9e:
         63:19:fd:d0:69:ab:57:03:35:df:8f:7b:b5:64:76:e0:3d:e3:
         25:62:da:1c:af:4e:8b:1a:68:46:9e:38:fb:ff:d1:95:38:6f:
         d2:b4:3f:b1:11:5e:a6:e6:6f:aa:6b:d1:ca:92:79:18:e0:6e:
         19:f8:60:cd:e1:4d:18:d0:63:e3:b9:96:f0:fc:f5:df:23:22:
         18:e7:d2:07:70:e5:ad:df:e9:ac:40:60:8d:b0:f8:60:ad:22:
         a5:e3:ea:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRRblGqT4HeVWbltQF8LJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRmNjkxYTFmNmFmNjg0ZWI1ZDMwNDU1OGMwNmNkNTc3YTgyNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMuaU+GRBblH1v8C198D/bJQ+L3h
sEpnnWQ3OqtC+z2J+2/3lzwczZi68EZEx8gUDU+R7Ip/agiPy2R87NIyoqGtx7m7
VDDbbJbcHtNGB8hqJEbNGNP8O5nSHUepfgwTLOcZcTK+0DlPDSfAm+E2YcbA2nv5
gC7UlfgXVqFktc1bAk0ViPFYAEw4Kbvv8xbEO/sMdslNcJyg52enS8rHuINU8SAA
4ZLs5A0urJ7CIexGWH48c+l61Gci8xiMgW0Fmm6vPawb4OESckUaRmhFSTG1AkCz
ITshWvOg1fmkxAzfyTH49qcXAqhKvj2DtkK5kCIZqLI1cdbR19sX2VwBmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCxPaRofavaE610wRVjAbNV3qCXXMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTEU5cEdoOXE5b1RyWFRCRldNQnMxWGVvSmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmFnHAwQA
uc/WMA0GCSqGSIb3DQEBCwUAA4IBAQChuvkdICLWLdAg6rQ5FVruUy4hezmzSZcO
wNsm3eucxWMAJWPPM4OtYJ5FciYAn8qjIveMYWweErSFQUz8PskeFtPp5EUXSycq
8w7ehFMlRC6GNCBdAKi0H0ev9LsLGkwd4VIarXVE2UqdGNVyarK3ElkbAD7ruSv+
ARguaEZvCEbFhfnBlCk/KBpD+r5NxlV1QroAcw9kiiYPLFdEnIUcnZ5jGf3QaatX
AzXfj3u1ZHbgPeMlYtocr06LGmhGnjj7/9GVOG/StD+xEV6m5m+qa9HKknkY4G4Z
+GDN4U0Y0GPjuZbw/PXfIyIY59IHcOWt3+msQGCNsPhgrSKl4+rJ
-----END CERTIFICATE-----