Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/OAvO94RPxpfjbpElzF3WC3cYyd8.roa
File:                     OAvO94RPxpfjbpElzF3WC3cYyd8.roa (raw, json)
Hash identifier:          qNMDfnWjPw8LtLYzmMD++L6T1Klk5i6kY22iXg/Gb4c=
Subject key identifier:   38:0B:CE:F7:84:4F:C6:97:E3:6E:91:25:CC:5D:D6:0B:77:18:C9:DF
Certificate issuer:       /CN=e9e5b014e569186fb84a2024954cccc9c91b1e3f
Certificate serial:       019420D60725D4CFD7908581C60E127BF38A
Authority key identifier: E9:E5:B0:14:E5:69:18:6F:B8:4A:20:24:95:4C:CC:C9:C9:1B:1E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6eWwFOVpGG-4SiAklUzMyckbHj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/OAvO94RPxpfjbpElzF3WC3cYyd8.roa
Signing time:             Wed 01 Jan 2025 07:48:04 +0000
ROA not before:           Wed 01 Jan 2025 07:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201719
IP address blocks:        85.92.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/6eWwFOVpGG-4SiAklUzMyckbHj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/6eWwFOVpGG-4SiAklUzMyckbHj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6eWwFOVpGG-4SiAklUzMyckbHj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:07:25:d4:cf:d7:90:85:81:c6:0e:12:7b:f3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9e5b014e569186fb84a2024954cccc9c91b1e3f
        Validity
            Not Before: Jan  1 07:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=380bcef7844fc697e36e9125cc5dd60b7718c9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:50:bc:38:a7:14:7f:62:5d:71:a6:e0:68:db:
                    ed:65:7e:d6:15:ae:d4:2e:f5:3a:b1:3c:62:58:c7:
                    2e:e5:a3:8d:49:88:b6:ef:ae:df:c2:3a:b3:b4:df:
                    99:7c:16:d0:25:67:f8:94:69:61:d3:9e:58:9f:80:
                    19:19:f6:ca:57:2b:90:ad:8a:d3:51:59:da:8f:92:
                    ec:ad:a5:a2:3e:98:32:89:11:82:c9:b1:36:98:2c:
                    7d:12:de:5a:f5:7e:46:99:5e:0c:64:41:ef:5a:28:
                    cc:76:20:1a:75:c5:c0:3c:0d:82:b3:c2:66:93:3c:
                    0f:e4:42:52:db:f5:5e:82:4a:53:7e:bd:04:fe:8d:
                    f7:de:94:ac:5d:4a:31:d1:ff:20:04:ad:5f:a5:79:
                    ed:fc:80:b4:0a:05:47:51:01:a8:f4:8b:96:1d:1a:
                    c8:e2:5d:ba:0e:35:64:61:6e:6a:c6:e1:b1:50:aa:
                    82:2d:f2:28:94:bb:a5:83:98:d7:fa:37:dd:f8:35:
                    b9:56:0d:a0:ac:67:49:de:72:bf:bd:d5:00:43:3c:
                    42:26:38:4b:50:87:50:52:a6:67:af:15:0b:83:6d:
                    0a:7a:70:cb:d5:17:4d:04:d8:17:80:59:47:b2:39:
                    d2:80:a9:da:90:ec:d8:e5:59:27:e6:54:64:c9:66:
                    4e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0B:CE:F7:84:4F:C6:97:E3:6E:91:25:CC:5D:D6:0B:77:18:C9:DF
            X509v3 Authority Key Identifier:
                keyid:E9:E5:B0:14:E5:69:18:6F:B8:4A:20:24:95:4C:CC:C9:C9:1B:1E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eWwFOVpGG-4SiAklUzMyckbHj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/OAvO94RPxpfjbpElzF3WC3cYyd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d7367d-7bbf-4697-96cd-2bb1efc57a86/1/6eWwFOVpGG-4SiAklUzMyckbHj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.92.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:fd:94:90:80:d6:c6:9d:9b:e9:d5:a6:56:cf:10:ed:5e:02:
         79:71:4c:62:4c:01:18:fc:c6:05:fd:67:1d:65:17:30:98:72:
         55:fb:fc:0a:bd:3d:d9:79:40:40:cd:96:4c:49:5e:8f:c7:0c:
         a5:4e:53:a0:c2:76:fa:7d:39:b1:96:a7:37:18:4d:7a:74:ad:
         36:14:da:5b:f2:f0:ca:c5:16:79:2e:39:12:8e:25:c7:61:70:
         83:27:13:58:bd:98:37:f1:55:f2:06:dd:24:93:66:5d:4a:ca:
         14:a3:2e:ea:37:1e:6f:9a:d1:ed:1c:3e:b1:64:8b:b6:4a:82:
         9d:46:b7:3b:9e:5f:ac:1f:cc:8a:33:45:94:3e:fe:5c:9b:78:
         b2:2f:ad:09:d5:91:dd:38:42:3d:e1:47:41:ae:6d:47:d5:c4:
         be:83:d3:8e:88:1d:8d:32:b2:05:16:8d:26:d9:4e:c2:61:81:
         dd:87:b7:29:1b:80:7d:ff:0a:63:e8:e0:8c:35:dc:9f:8f:da:
         ff:e8:9a:a7:48:4f:08:10:87:6d:22:b0:04:30:20:b4:f0:87:
         3e:f2:a4:94:19:79:3a:40:5b:3a:9b:11:b3:ba:e2:e1:11:22:
         6f:40:ca:b6:c6:48:aa:e7:cd:13:c0:8d:3c:17:25:71:0c:3b:
         b2:2a:b9:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gcl1M/XkIWBxg4Se/OKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTViMDE0ZTU2OTE4NmZiODRhMjAyNDk1NGNjY2M5Yzkx
YjFlM2YwHhcNMjUwMTAxMDc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBiY2VmNzg0NGZjNjk3ZTM2ZTkxMjVjYzVkZDYwYjc3MThjOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFC8OKcUf2JdcabgaNvtZX7WFa7U
LvU6sTxiWMcu5aONSYi2767fwjqztN+ZfBbQJWf4lGlh055Yn4AZGfbKVyuQrYrT
UVnaj5LsraWiPpgyiRGCybE2mCx9Et5a9X5GmV4MZEHvWijMdiAadcXAPA2Cs8Jm
kzwP5EJS2/VegkpTfr0E/o333pSsXUox0f8gBK1fpXnt/IC0CgVHUQGo9IuWHRrI
4l26DjVkYW5qxuGxUKqCLfIolLulg5jX+jfd+DW5Vg2grGdJ3nK/vdUAQzxCJjhL
UIdQUqZnrxULg20KenDL1RdNBNgXgFlHsjnSgKnakOzY5Vkn5lRkyWZOpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgLzveET8aX426RJcxd1gt3GMnfMB8GA1UdIwQY
MBaAFOnlsBTlaRhvuEogJJVMzMnJGx4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVXd0ZPVnBHRy00U2lBa2xVek15Y2tiSGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kNzM2N2QtN2JiZi00Njk3LTk2Y2Qt
MmJiMWVmYzU3YTg2LzEvT0F2Tzk0UlB4cGZqYnBFbHpGM1dDM2NZeWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kNzM2N2QtN2JiZi00Njk3LTk2Y2QtMmJiMWVmYzU3YTg2
LzEvNmVXd0ZPVnBHRy00U2lBa2xVek15Y2tiSGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVVz4MA0G
CSqGSIb3DQEBCwUAA4IBAQAM/ZSQgNbGnZvp1aZWzxDtXgJ5cUxiTAEY/MYF/Wcd
ZRcwmHJV+/wKvT3ZeUBAzZZMSV6PxwylTlOgwnb6fTmxlqc3GE16dK02FNpb8vDK
xRZ5LjkSjiXHYXCDJxNYvZg38VXyBt0kk2ZdSsoUoy7qNx5vmtHtHD6xZIu2SoKd
Rrc7nl+sH8yKM0WUPv5cm3iyL60J1ZHdOEI94UdBrm1H1cS+g9OOiB2NMrIFFo0m
2U7CYYHdh7cpG4B9/wpj6OCMNdyfj9r/6JqnSE8IEIdtIrAEMCC08Ic+8qSUGXk6
QFs6mxGzuuLhESJvQMq2xkiq580TwI08FyVxDDuyKrk1
-----END CERTIFICATE-----