Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/e-ekxZnIJuci57HrEPz7zGue28s.roa
File:                     e-ekxZnIJuci57HrEPz7zGue28s.roa (raw, json)
Hash identifier:          8H4l0N/E0NCOJoBHvZIBH7Jz+P9G/e+mdO0E4zzVLoo=
Subject key identifier:   7B:E7:A4:C5:99:C8:26:E7:22:E7:B1:EB:10:FC:FB:CC:6B:9E:DB:CB
Certificate issuer:       /CN=c63be75374678db3a049f6a3ef2afab70d4f6f27
Certificate serial:       01942444A3CDF81DC8B150B015F515489D44
Authority key identifier: C6:3B:E7:53:74:67:8D:B3:A0:49:F6:A3:EF:2A:FA:B7:0D:4F:6F:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/e-ekxZnIJuci57HrEPz7zGue28s.roa
Signing time:             Wed 01 Jan 2025 23:47:45 +0000
ROA not before:           Wed 01 Jan 2025 23:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197805
IP address blocks:        193.142.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a3:cd:f8:1d:c8:b1:50:b0:15:f5:15:48:9d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c63be75374678db3a049f6a3ef2afab70d4f6f27
        Validity
            Not Before: Jan  1 23:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7be7a4c599c826e722e7b1eb10fcfbcc6b9edbcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ac:5d:ee:01:4c:46:f5:22:af:9f:bd:e1:34:
                    2c:a6:ff:33:29:a6:41:e1:a6:35:3d:6a:1e:4d:16:
                    a7:db:0c:67:20:bd:d6:e2:71:2b:14:d1:80:a9:27:
                    03:ee:9b:1b:44:dc:5f:4b:3b:85:ea:71:bf:02:88:
                    9e:31:cc:ef:82:03:ea:69:76:6a:68:69:6d:ed:c7:
                    1d:07:6e:34:5f:05:01:c3:3e:b7:b1:68:86:7d:f5:
                    6e:7f:a7:3b:26:31:84:e2:da:75:e3:9f:22:0e:44:
                    44:9b:2c:43:43:d8:9e:b4:fc:7a:6d:05:b3:1c:e4:
                    55:49:df:f1:c5:8e:d4:2b:59:36:8d:16:25:72:c0:
                    14:2a:5a:ec:9f:cb:bf:35:c9:ea:4b:0d:a5:df:c1:
                    b9:3b:7c:58:65:c0:b9:05:8e:61:fd:c1:5a:16:8b:
                    57:ee:71:76:4f:96:4a:44:8a:ab:54:9e:69:d3:c3:
                    d5:d0:d7:d2:41:94:0b:c3:91:43:91:f6:4e:7f:9e:
                    ca:a2:09:fa:e0:96:47:aa:14:cf:99:3f:cd:ac:9c:
                    7c:f4:fc:6a:25:5b:aa:64:08:cb:ba:ca:87:f6:4c:
                    0f:85:ff:c7:70:d7:ae:c1:8d:5d:6b:36:b5:b2:01:
                    40:8b:b8:8b:cb:7f:79:22:8c:44:81:23:f4:ac:3a:
                    ee:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E7:A4:C5:99:C8:26:E7:22:E7:B1:EB:10:FC:FB:CC:6B:9E:DB:CB
            X509v3 Authority Key Identifier:
                keyid:C6:3B:E7:53:74:67:8D:B3:A0:49:F6:A3:EF:2A:FA:B7:0D:4F:6F:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/e-ekxZnIJuci57HrEPz7zGue28s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/056677-1a4a-48a6-a92d-6b3b867bd232/1/xjvnU3RnjbOgSfaj7yr6tw1Pbyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:05:7c:d2:c7:d6:32:a6:d0:d0:bc:b0:0f:0a:8d:b1:f5:dc:
         5f:84:93:8e:bf:99:87:93:14:5a:f0:72:13:ce:c0:84:cf:5d:
         c7:eb:15:74:92:30:98:d7:5c:75:53:19:60:c2:3b:53:2c:b9:
         58:09:85:ae:45:d2:f7:08:8a:d5:db:27:30:de:a9:5e:12:ac:
         d9:56:18:e1:62:9f:11:c1:2c:ae:63:df:14:52:1a:2b:cb:fb:
         d4:a2:25:e2:8a:b2:1e:8a:f6:c8:c7:7c:c3:68:4f:e8:40:f7:
         70:cd:c2:3e:ea:c9:bb:27:3c:cc:7d:ae:69:93:e3:8b:ff:b9:
         cb:fa:a3:c5:f3:c8:93:84:b7:10:e0:a8:12:c2:06:59:2a:39:
         11:32:29:24:19:dc:2f:57:be:e7:82:da:67:74:0b:ee:e7:6a:
         14:31:69:5b:50:2b:32:c5:9d:0b:07:05:b2:2b:be:e1:31:11:
         28:dc:22:b2:73:53:e0:2d:16:1d:93:04:a2:11:ae:97:30:e9:
         46:fd:db:28:c9:a2:db:f6:12:fd:40:c2:bf:15:08:df:71:ff:
         35:fe:a5:5a:48:eb:f7:e7:c3:ba:86:7c:11:3a:83:32:d3:16:
         8b:b1:5f:90:59:66:d2:a2:3a:1e:8c:87:87:2d:dd:2f:32:78:
         9b:b0:33:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKPN+B3IsVCwFfUVSJ1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2M2JlNzUzNzQ2NzhkYjNhMDQ5ZjZhM2VmMmFmYWI3MGQ0
ZjZmMjcwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmU3YTRjNTk5YzgyNmU3MjJlN2IxZWIxMGZjZmJjYzZiOWVkYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16xd7gFMRvUir5+94TQspv8zKaZB
4aY1PWoeTRan2wxnIL3W4nErFNGAqScD7psbRNxfSzuF6nG/AoieMczvggPqaXZq
aGlt7ccdB240XwUBwz63sWiGffVuf6c7JjGE4tp1458iDkREmyxDQ9ietPx6bQWz
HORVSd/xxY7UK1k2jRYlcsAUKlrsn8u/NcnqSw2l38G5O3xYZcC5BY5h/cFaFotX
7nF2T5ZKRIqrVJ5p08PV0NfSQZQLw5FDkfZOf57Kogn64JZHqhTPmT/NrJx89Pxq
JVuqZAjLusqH9kwPhf/HcNeuwY1daza1sgFAi7iLy395IoxEgSP0rDruMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvnpMWZyCbnIuex6xD8+8xrntvLMB8GA1UdIwQY
MBaAFMY751N0Z42zoEn2o+8q+rcNT28nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGp2blUzUm5qYk9nU2Zhajd5cjZ0dzFQYnljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wNTY2NzctMWE0YS00OGE2LWE5MmQt
NmIzYjg2N2JkMjMyLzEvZS1la3habklKdWNpNTdIckVQejd6R3VlMjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wNTY2NzctMWE0YS00OGE2LWE5MmQtNmIzYjg2N2JkMjMy
LzEveGp2blUzUm5qYk9nU2Zhajd5cjZ0dzFQYnljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4TMA0G
CSqGSIb3DQEBCwUAA4IBAQAZBXzSx9YyptDQvLAPCo2x9dxfhJOOv5mHkxRa8HIT
zsCEz13H6xV0kjCY11x1UxlgwjtTLLlYCYWuRdL3CIrV2ycw3qleEqzZVhjhYp8R
wSyuY98UUhory/vUoiXiirIeivbIx3zDaE/oQPdwzcI+6sm7JzzMfa5pk+OL/7nL
+qPF88iThLcQ4KgSwgZZKjkRMikkGdwvV77ngtpndAvu52oUMWlbUCsyxZ0LBwWy
K77hMREo3CKyc1PgLRYdkwSiEa6XMOlG/dsoyaLb9hL9QMK/FQjfcf81/qVaSOv3
58O6hnwROoMy0xaLsV+QWWbSojoejIeHLd0vMnibsDMO
-----END CERTIFICATE-----