Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/TmnfGeDZcMHkeNSpz9aAiikcPEE.roa
File:                     TmnfGeDZcMHkeNSpz9aAiikcPEE.roa (raw, json)
Hash identifier:          fajQM2JiS1bJ7qE76R8SN8MECL+JRFmrHjGZVJEufFg=
Subject key identifier:   4E:69:DF:19:E0:D9:70:C1:E4:78:D4:A9:CF:D6:80:8A:29:1C:3C:41
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA9AB5B9D1BF9751801A2D70F1917
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/TmnfGeDZcMHkeNSpz9aAiikcPEE.roa
Signing time:             Thu 02 Jan 2025 09:49:37 +0000
ROA not before:           Thu 02 Jan 2025 09:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        194.53.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a9:ab:5b:9d:1b:f9:75:18:01:a2:d7:0f:19:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e69df19e0d970c1e478d4a9cfd6808a291c3c41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e9:c6:25:8a:24:8f:2e:c6:8d:14:af:63:d6:
                    55:e6:9e:ad:16:70:73:f5:e6:37:dd:fc:71:61:16:
                    95:8d:1f:16:c5:97:aa:b3:23:72:d3:2b:c6:55:79:
                    cb:c5:4a:2d:3c:ff:55:86:7d:42:18:97:14:d4:b9:
                    38:58:af:d8:a8:3a:79:c2:14:04:50:94:dc:b6:a3:
                    34:f3:9c:4d:dc:cb:dd:15:a9:22:f3:f9:c7:67:05:
                    cc:7b:2d:4a:d7:ab:1f:96:58:cd:c5:9d:d3:e5:b2:
                    f8:76:21:2a:0c:c0:c5:05:e3:b8:f3:58:31:b6:ec:
                    87:f2:ec:72:d4:1b:a7:0a:84:3b:18:f0:f7:7f:53:
                    83:ad:bc:c2:1b:00:90:d2:19:58:de:43:c9:0d:c9:
                    1e:d7:23:de:60:54:c3:b6:00:8c:ef:b7:50:40:d3:
                    9a:23:59:71:0d:b1:20:fd:81:7b:26:8e:4b:38:9c:
                    c6:3d:da:27:e5:78:1b:05:28:29:63:6a:4e:7e:66:
                    30:ec:04:ec:cd:65:5e:7d:b3:97:81:e6:7a:a1:e6:
                    6e:71:7b:e9:b3:50:af:36:3d:8f:e7:ca:06:ba:ab:
                    9a:c7:fe:4f:e7:dc:fe:7a:b9:5f:d7:27:15:79:c3:
                    4a:22:a7:f4:82:7c:6b:ec:a7:d4:96:8c:a8:a6:d4:
                    b5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:69:DF:19:E0:D9:70:C1:E4:78:D4:A9:CF:D6:80:8A:29:1C:3C:41
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/TmnfGeDZcMHkeNSpz9aAiikcPEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:02:03:27:9f:08:55:84:7c:74:03:d8:84:94:9c:ec:83:fc:
         c8:c0:16:39:c0:ef:e4:38:d1:87:91:ad:1f:92:90:35:32:76:
         6c:32:fc:67:23:65:12:94:bb:ec:f6:24:96:6e:e6:df:11:56:
         63:0d:60:7e:f9:80:1d:a8:61:5e:d7:e3:52:99:8e:43:6e:9b:
         ee:ca:51:cd:d2:b8:c2:b8:ae:85:2f:6c:d3:bd:a3:6b:40:1f:
         f4:88:07:77:71:d7:a6:73:95:9f:c0:d4:06:74:75:3c:10:83:
         8e:bd:c1:1b:00:99:42:11:34:3a:2c:72:20:52:24:81:e0:c7:
         33:71:fb:c3:a3:ee:3f:8e:85:58:2a:37:44:52:bb:4d:67:c0:
         8b:6d:eb:a5:5c:f0:62:99:41:4e:43:66:5c:d5:e3:5f:cb:cd:
         4a:60:2e:dd:51:01:9e:d1:76:b0:2a:67:21:9c:32:2e:42:7a:
         e4:47:50:50:8f:98:fe:3c:86:ef:f1:26:ed:e1:7e:fe:6a:dd:
         f5:fa:a6:b1:c0:2c:c5:f9:82:d7:54:04:84:0f:0e:42:f1:ae:
         67:f6:da:ab:66:eb:e2:b0:3a:71:b9:e7:3e:cc:b5:e4:b2:09:
         aa:68:bf:b5:1a:f0:61:3e:43:d2:45:e7:b4:bf:cf:73:24:dc:
         e8:cc:4f:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6mrW50b+XUYAaLXDxkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY5ZGYxOWUwZDk3MGMxZTQ3OGQ0YTljZmQ2ODA4YTI5MWMzYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOnGJYokjy7GjRSvY9ZV5p6tFnBz
9eY33fxxYRaVjR8WxZeqsyNy0yvGVXnLxUotPP9Vhn1CGJcU1Lk4WK/YqDp5whQE
UJTctqM085xN3MvdFaki8/nHZwXMey1K16sflljNxZ3T5bL4diEqDMDFBeO481gx
tuyH8uxy1BunCoQ7GPD3f1ODrbzCGwCQ0hlY3kPJDcke1yPeYFTDtgCM77dQQNOa
I1lxDbEg/YF7Jo5LOJzGPdon5XgbBSgpY2pOfmYw7ATszWVefbOXgeZ6oeZucXvp
s1CvNj2P58oGuquax/5P59z+erlf1ycVecNKIqf0gnxr7KfUloyoptS1WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5p3xng2XDB5HjUqc/WgIopHDxBMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvVG1uZkdlRFpjTUhrZU5TcHo5YUFpaWtjUEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjW8MA0G
CSqGSIb3DQEBCwUAA4IBAQBmAgMnnwhVhHx0A9iElJzsg/zIwBY5wO/kONGHka0f
kpA1MnZsMvxnI2USlLvs9iSWbubfEVZjDWB++YAdqGFe1+NSmY5DbpvuylHN0rjC
uK6FL2zTvaNrQB/0iAd3cdemc5WfwNQGdHU8EIOOvcEbAJlCETQ6LHIgUiSB4Mcz
cfvDo+4/joVYKjdEUrtNZ8CLbeulXPBimUFOQ2Zc1eNfy81KYC7dUQGe0XawKmch
nDIuQnrkR1BQj5j+PIbv8Sbt4X7+at31+qaxwCzF+YLXVASEDw5C8a5n9tqrZuvi
sDpxuec+zLXksgmqaL+1GvBhPkPSRee0v89zJNzozE80
-----END CERTIFICATE-----