Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/ibQxcJ8BcsDznHwW8cvvdWCtIaQ.roa
File:                     ibQxcJ8BcsDznHwW8cvvdWCtIaQ.roa (raw, json)
Hash identifier:          pIty12QAvgK/GvUKpxuo60iKFff8hEDBVoxlkVE06EU=
Subject key identifier:   89:B4:31:70:9F:01:72:C0:F3:9C:7C:16:F1:CB:EF:75:60:AD:21:A4
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       019426D9B0293708E68F1092CC8CF4FDA56B
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/ibQxcJ8BcsDznHwW8cvvdWCtIaQ.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29209
IP address blocks:        217.66.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b0:29:37:08:e6:8f:10:92:cc:8c:f4:fd:a5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89b431709f0172c0f39c7c16f1cbef7560ad21a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:2d:fd:8e:4d:ad:85:a9:99:ed:6e:77:13:e4:
                    7c:31:1e:21:ec:18:bc:22:0a:72:10:4a:3f:92:fd:
                    cf:3c:b7:a9:c4:bd:7f:6e:89:21:61:ec:57:e9:dc:
                    19:18:89:00:bb:c3:1a:83:66:90:30:b1:c6:e4:90:
                    66:2b:d7:83:54:40:61:43:71:d5:9a:c0:e6:f2:a5:
                    af:ac:07:03:9c:6e:0f:fb:4b:70:8c:a5:d4:90:83:
                    ab:47:b8:c6:cd:1e:05:ea:78:e7:23:17:fa:0d:74:
                    4e:ee:83:2a:0e:97:d3:1e:0f:c8:02:3c:62:33:14:
                    17:ad:da:16:fd:0e:21:a8:ca:85:0b:88:89:02:16:
                    08:54:d8:bd:e9:4a:18:03:83:db:52:38:49:3e:a1:
                    e1:16:56:a7:06:3c:5a:b8:56:15:cd:da:3b:f9:c2:
                    3d:fc:dc:fa:84:20:f5:bd:9e:78:c5:38:ce:75:17:
                    bf:6d:49:4b:8d:ed:e9:c2:9f:37:da:8a:ce:4c:e3:
                    69:8e:06:f4:21:2f:b6:70:ad:fe:cb:c5:59:76:4f:
                    3e:fd:0c:24:da:24:62:10:63:ba:74:12:9d:68:46:
                    b3:d3:a8:23:28:87:7b:63:17:85:d7:a8:31:bd:4d:
                    96:41:27:18:b7:b4:4a:bc:d9:31:ed:bd:42:6b:e2:
                    ff:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B4:31:70:9F:01:72:C0:F3:9C:7C:16:F1:CB:EF:75:60:AD:21:A4
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/ibQxcJ8BcsDznHwW8cvvdWCtIaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.66.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:6f:15:cf:87:51:b4:7d:e2:32:3e:14:31:e4:1b:76:e4:59:
         f4:f7:7e:85:89:21:54:45:8d:76:3c:3f:33:7a:a4:24:49:3d:
         7e:e1:c4:05:13:89:86:49:aa:38:e9:fb:a6:b4:15:52:f8:49:
         e2:09:91:52:7c:bf:f8:42:28:2d:e8:c3:a2:33:48:3e:83:11:
         06:ad:02:53:ec:77:58:80:a3:cf:19:30:fa:69:29:51:8f:50:
         d6:77:9a:b8:fe:b9:61:08:21:a0:5f:e0:88:af:d1:71:91:b7:
         73:6c:cf:73:ef:cf:79:3a:da:d3:cb:ff:a8:fc:0a:ec:9c:15:
         29:a4:bf:62:d9:2e:53:d9:df:3e:9f:c7:db:de:07:f0:a9:30:
         fc:3a:1a:b1:59:46:00:a7:bc:06:8e:9b:6a:c1:f2:5c:10:d0:
         db:00:05:cd:f7:8a:aa:8d:62:3a:a9:99:10:cf:b4:45:03:38:
         16:45:89:9f:6e:6b:2d:39:5f:2d:1b:65:ae:c9:21:47:28:16:
         64:98:db:79:ff:c3:28:f8:92:38:f8:97:7c:cb:42:a9:21:4a:
         0e:78:7c:6b:31:d0:6e:5e:82:b2:9f:b6:91:30:1a:45:2a:27:
         03:43:c8:3b:08:11:d7:77:9e:da:4d:de:3c:7f:86:a4:3f:97:
         f1:67:f1:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2bApNwjmjxCSzIz0/aVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWI0MzE3MDlmMDE3MmMwZjM5YzdjMTZmMWNiZWY3NTYwYWQyMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S39jk2thamZ7W53E+R8MR4h7Bi8
IgpyEEo/kv3PPLepxL1/bokhYexX6dwZGIkAu8Mag2aQMLHG5JBmK9eDVEBhQ3HV
msDm8qWvrAcDnG4P+0twjKXUkIOrR7jGzR4F6njnIxf6DXRO7oMqDpfTHg/IAjxi
MxQXrdoW/Q4hqMqFC4iJAhYIVNi96UoYA4PbUjhJPqHhFlanBjxauFYVzdo7+cI9
/Nz6hCD1vZ54xTjOdRe/bUlLje3pwp832orOTONpjgb0IS+2cK3+y8VZdk8+/Qwk
2iRiEGO6dBKdaEaz06gjKId7YxeF16gxvU2WQScYt7RKvNkx7b1Ca+L/IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIm0MXCfAXLA85x8FvHL73VgrSGkMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvaWJReGNKOEJjc0R6bkh3VzhjdnZkV0N0SWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UKQMA0G
CSqGSIb3DQEBCwUAA4IBAQAibxXPh1G0feIyPhQx5Bt25Fn0936FiSFURY12PD8z
eqQkST1+4cQFE4mGSao46fumtBVS+EniCZFSfL/4Qigt6MOiM0g+gxEGrQJT7HdY
gKPPGTD6aSlRj1DWd5q4/rlhCCGgX+CIr9FxkbdzbM9z7895OtrTy/+o/ArsnBUp
pL9i2S5T2d8+n8fb3gfwqTD8OhqxWUYAp7wGjptqwfJcENDbAAXN94qqjWI6qZkQ
z7RFAzgWRYmfbmstOV8tG2WuySFHKBZkmNt5/8Mo+JI4+Jd8y0KpIUoOeHxrMdBu
XoKyn7aRMBpFKicDQ8g7CBHXd57aTd48f4akP5fxZ/E8
-----END CERTIFICATE-----