Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/kAdUvhi0iuHRl8HdWVSAKlJD5u0.roa
File:                     kAdUvhi0iuHRl8HdWVSAKlJD5u0.roa (raw, json)
Hash identifier:          2XhzY5ktX3xFgvAerywPE4VwkhUGoOOVHNmD/7mSh84=
Subject key identifier:   90:07:54:BE:18:B4:8A:E1:D1:97:C1:DD:59:54:80:2A:52:43:E6:ED
Certificate issuer:       /CN=b64e100c903d85c9661f21b41f641994903a45cc
Certificate serial:       0194228DFF669A8A7D5950E05B551E6CC6EE
Authority key identifier: B6:4E:10:0C:90:3D:85:C9:66:1F:21:B4:1F:64:19:94:90:3A:45:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tk4QDJA9hclmHyG0H2QZlJA6Rcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/kAdUvhi0iuHRl8HdWVSAKlJD5u0.roa
Signing time:             Wed 01 Jan 2025 15:48:38 +0000
ROA not before:           Wed 01 Jan 2025 15:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48955
IP address blocks:        194.169.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/tk4QDJA9hclmHyG0H2QZlJA6Rcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/tk4QDJA9hclmHyG0H2QZlJA6Rcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tk4QDJA9hclmHyG0H2QZlJA6Rcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ff:66:9a:8a:7d:59:50:e0:5b:55:1e:6c:c6:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b64e100c903d85c9661f21b41f641994903a45cc
        Validity
            Not Before: Jan  1 15:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=900754be18b48ae1d197c1dd5954802a5243e6ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cd:0f:0c:dd:99:a9:74:c7:35:88:36:6c:a2:
                    62:0d:d1:6c:c5:a0:79:3f:00:ef:b5:c2:d7:4d:be:
                    47:3f:04:e4:6c:1b:49:f5:be:fa:43:7f:7e:8b:c0:
                    d7:fd:c4:84:dc:eb:af:32:3c:bf:8e:08:09:a3:b7:
                    f9:70:d8:68:bf:94:df:31:8d:8a:c1:16:6e:3b:70:
                    a0:af:67:1f:52:5c:05:4a:a9:8f:f5:c5:1c:96:77:
                    59:bf:ff:09:57:67:80:ac:ed:8f:41:51:a0:d5:5b:
                    85:89:6b:33:39:92:d3:63:e0:ae:0b:8c:2d:b1:24:
                    9d:19:c0:a1:1b:e3:63:ca:12:06:01:4b:d5:15:c6:
                    7f:71:0d:5d:0f:ce:cf:ab:83:af:6c:19:24:40:45:
                    f2:29:e2:ac:01:94:d8:d2:12:ff:44:3f:16:90:d1:
                    26:15:cd:f5:c5:f5:37:29:c0:d7:e7:1e:43:3d:24:
                    cf:24:70:d3:94:a6:3e:94:5b:02:7e:11:5d:39:db:
                    7d:a7:06:ae:fa:fa:c7:56:57:a0:1c:88:b9:fd:62:
                    fd:27:78:bd:66:7c:38:5e:13:d5:5b:70:8d:90:e4:
                    70:9b:d4:ea:97:69:ee:25:a8:b4:ff:10:06:3c:aa:
                    9e:7b:a9:11:e1:dd:a5:98:8c:d6:53:b2:d7:47:77:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:07:54:BE:18:B4:8A:E1:D1:97:C1:DD:59:54:80:2A:52:43:E6:ED
            X509v3 Authority Key Identifier:
                keyid:B6:4E:10:0C:90:3D:85:C9:66:1F:21:B4:1F:64:19:94:90:3A:45:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tk4QDJA9hclmHyG0H2QZlJA6Rcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/kAdUvhi0iuHRl8HdWVSAKlJD5u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/69eddb-2df1-4990-9c96-d06599ba7e5b/1/tk4QDJA9hclmHyG0H2QZlJA6Rcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:14:00:73:1f:11:b5:95:a4:8f:9c:cf:a8:9d:aa:25:dc:79:
         3d:e4:6b:f3:99:9d:5e:f2:50:7d:54:f5:98:3e:6d:16:13:82:
         ad:24:3b:d5:7d:0c:bc:f5:2e:94:0f:23:ef:93:1a:b1:6b:ee:
         62:d8:a7:fd:d1:43:13:39:6b:1b:e7:c2:9a:d5:93:91:c3:fd:
         39:8a:88:9c:47:ca:e5:6b:0d:2b:cd:81:07:5e:61:bc:93:6f:
         d6:81:6f:d5:c8:b9:12:a9:6d:96:72:95:a2:05:20:e8:71:1f:
         de:68:46:b9:d7:3a:c2:b2:40:97:fb:20:9f:45:c8:b5:e6:1a:
         d8:c6:fd:f0:82:c9:b0:d1:e8:1a:27:dd:75:4e:af:e3:c0:49:
         32:b2:73:1b:64:8e:c7:aa:6a:35:78:26:92:0a:fc:cf:79:fa:
         12:0f:28:77:6a:64:c5:63:49:20:70:d5:17:e3:cf:d2:0e:36:
         bd:ec:73:f5:37:d6:8b:7e:b7:cb:6d:04:72:92:2e:a3:63:1a:
         54:e2:87:ff:ad:5f:b6:9d:84:e1:e6:45:33:4b:0e:a8:a3:64:
         14:9e:80:72:ce:5f:f2:63:2d:5a:e1:33:38:74:15:99:61:cd:
         a3:27:52:d1:5f:98:fd:69:39:bf:1e:2a:50:23:4b:d6:db:c2:
         72:14:b7:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijf9mmop9WVDgW1UebMbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NGUxMDBjOTAzZDg1Yzk2NjFmMjFiNDFmNjQxOTk0OTAz
YTQ1Y2MwHhcNMjUwMTAxMTU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDA3NTRiZTE4YjQ4YWUxZDE5N2MxZGQ1OTU0ODAyYTUyNDNlNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc0PDN2ZqXTHNYg2bKJiDdFsxaB5
PwDvtcLXTb5HPwTkbBtJ9b76Q39+i8DX/cSE3OuvMjy/jggJo7f5cNhov5TfMY2K
wRZuO3Cgr2cfUlwFSqmP9cUclndZv/8JV2eArO2PQVGg1VuFiWszOZLTY+CuC4wt
sSSdGcChG+NjyhIGAUvVFcZ/cQ1dD87Pq4OvbBkkQEXyKeKsAZTY0hL/RD8WkNEm
Fc31xfU3KcDX5x5DPSTPJHDTlKY+lFsCfhFdOdt9pwau+vrHVlegHIi5/WL9J3i9
Znw4XhPVW3CNkORwm9Tql2nuJai0/xAGPKqee6kR4d2lmIzWU7LXR3fXbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAHVL4YtIrh0ZfB3VlUgCpSQ+btMB8GA1UdIwQY
MBaAFLZOEAyQPYXJZh8htB9kGZSQOkXMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGs0UURKQTloY2xtSHlHMEgyUVpsSkE2UmN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82OWVkZGItMmRmMS00OTkwLTljOTYt
ZDA2NTk5YmE3ZTViLzEva0FkVXZoaTBpdUhSbDhIZFdWU0FLbEpENXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82OWVkZGItMmRmMS00OTkwLTljOTYtZDA2NTk5YmE3ZTVi
LzEvdGs0UURKQTloY2xtSHlHMEgyUVpsSkE2UmN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnKMA0G
CSqGSIb3DQEBCwUAA4IBAQBzFABzHxG1laSPnM+onaol3Hk95GvzmZ1e8lB9VPWY
Pm0WE4KtJDvVfQy89S6UDyPvkxqxa+5i2Kf90UMTOWsb58Ka1ZORw/05ioicR8rl
aw0rzYEHXmG8k2/WgW/VyLkSqW2WcpWiBSDocR/eaEa51zrCskCX+yCfRci15hrY
xv3wgsmw0egaJ911Tq/jwEkysnMbZI7Hqmo1eCaSCvzPefoSDyh3amTFY0kgcNUX
48/SDja97HP1N9aLfrfLbQRyki6jYxpU4of/rV+2nYTh5kUzSw6oo2QUnoByzl/y
Yy1a4TM4dBWZYc2jJ1LRX5j9aTm/HipQI0vW28JyFLdu
-----END CERTIFICATE-----