Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/HdJxPdso7JVrZYx9UQ0nvOnNryo.roa
File:                     HdJxPdso7JVrZYx9UQ0nvOnNryo.roa (raw, json)
Hash identifier:          zqP1nETzTGVCqbMo3I/K5MwH+sEDXTpAb5N+eSbyenQ=
Subject key identifier:   1D:D2:71:3D:DB:28:EC:95:6B:65:8C:7D:51:0D:27:BC:E9:CD:AF:2A
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       01955C70A28FE83092423DEEC3360F5237DA
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/HdJxPdso7JVrZYx9UQ0nvOnNryo.roa
Signing time:             Mon 03 Mar 2025 14:37:20 +0000
ROA not before:           Mon 03 Mar 2025 14:37:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        194.120.171.0/24 maxlen: 24
                          194.120.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5c:70:a2:8f:e8:30:92:42:3d:ee:c3:36:0f:52:37:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Mar  3 14:37:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dd2713ddb28ec956b658c7d510d27bce9cdaf2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:30:33:9e:94:f9:f2:69:3d:b5:de:32:cc:ef:
                    3c:b5:d8:a3:ff:e2:4c:73:51:32:d8:e8:ee:53:d9:
                    68:c2:95:07:b1:2f:71:81:73:80:8c:7a:30:fe:38:
                    86:79:fd:73:f6:8f:23:63:ef:56:b3:dc:14:10:a4:
                    87:06:29:ce:17:66:fd:61:77:c8:d3:5d:51:56:9d:
                    7d:a0:da:db:10:95:12:8c:b1:ff:eb:a4:89:81:44:
                    17:5d:70:e1:9d:c0:2f:4e:5b:e3:d8:0a:f2:ed:6a:
                    5b:09:d7:d6:e1:b6:68:87:58:11:2b:44:cb:86:ec:
                    35:97:62:9e:bb:54:6d:d4:ea:09:c7:3a:fc:5a:56:
                    c7:07:fa:3c:08:96:e6:a6:1f:8f:a9:59:4e:30:50:
                    4c:0b:ff:da:c4:c4:64:f0:ec:3f:37:f4:60:99:c0:
                    39:41:f1:7c:db:e5:46:72:9e:95:fa:b2:2e:2c:cd:
                    08:0b:26:b9:2e:07:3f:ef:07:98:f4:2f:82:2c:f9:
                    1d:8b:75:4c:54:31:77:6a:fb:4a:38:f2:cc:27:e3:
                    a0:cb:56:2e:59:de:cd:05:fe:98:19:1b:19:80:d2:
                    37:b0:b8:97:28:ff:71:13:78:48:86:fc:09:cc:15:
                    aa:7c:77:80:d5:c0:07:29:87:64:d4:97:7d:d5:1c:
                    29:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D2:71:3D:DB:28:EC:95:6B:65:8C:7D:51:0D:27:BC:E9:CD:AF:2A
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/HdJxPdso7JVrZYx9UQ0nvOnNryo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.171.0/24
                  194.120.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4a:86:72:b5:74:aa:24:b8:95:37:a5:a9:1e:e5:f0:e1:2d:
         34:d0:ff:a8:0e:04:de:71:1a:a3:e0:87:3b:9e:6e:d3:b1:ab:
         cc:76:e4:33:10:a6:ea:1d:b6:00:ac:33:eb:5e:61:a0:5d:b3:
         e5:19:ad:67:9a:5a:76:10:65:9b:68:f2:b0:2e:49:e3:bc:8c:
         e1:2c:7b:00:88:88:39:dc:e4:04:d0:bd:85:1b:64:bc:51:f2:
         e1:16:3e:25:c2:44:5e:a4:d7:75:36:55:c0:0d:0f:c3:f9:83:
         83:e7:0f:41:28:30:b7:f7:12:e5:c0:c9:c2:be:df:0a:1a:92:
         10:7c:9d:ad:30:db:f9:8f:0f:9b:14:ae:50:61:60:b6:59:bc:
         95:19:6d:4f:71:dc:2a:3b:61:e8:6b:e6:7f:3f:d6:96:71:dd:
         a1:ae:c1:4f:ff:6d:05:34:ac:bb:8d:0d:56:b9:5f:22:1f:4f:
         67:08:4e:3f:1e:c1:95:85:50:64:1d:bd:ab:b9:29:c4:de:68:
         06:1b:6e:07:3f:5b:f0:d3:83:b9:81:68:fe:e9:0a:e8:c0:26:
         90:b8:9f:6b:54:70:e5:85:11:ce:29:56:9f:1d:f4:2f:43:02:
         d9:7f:13:53:53:c0:28:98:a5:93:16:c1:77:bb:ba:c7:ca:77:
         55:a6:2e:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVccKKP6DCSQj3uwzYPUjfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwMzAzMTQzNzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQyNzEzZGRiMjhlYzk1NmI2NThjN2Q1MTBkMjdiY2U5Y2RhZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zAznpT58mk9td4yzO88tdij/+JM
c1Ey2OjuU9lowpUHsS9xgXOAjHow/jiGef1z9o8jY+9Ws9wUEKSHBinOF2b9YXfI
011RVp19oNrbEJUSjLH/66SJgUQXXXDhncAvTlvj2Ary7WpbCdfW4bZoh1gRK0TL
huw1l2Keu1Rt1OoJxzr8WlbHB/o8CJbmph+PqVlOMFBMC//axMRk8Ow/N/RgmcA5
QfF82+VGcp6V+rIuLM0ICya5Lgc/7weY9C+CLPkdi3VMVDF3avtKOPLMJ+Ogy1Yu
Wd7NBf6YGRsZgNI3sLiXKP9xE3hIhvwJzBWqfHeA1cAHKYdk1Jd91Rwp7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB3ScT3bKOyVa2WMfVENJ7zpza8qMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvSGRKeFBkc283SlZyWll4OVVRMG52T25OcnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwnirAwQA
wnjmMA0GCSqGSIb3DQEBCwUAA4IBAQCZSoZytXSqJLiVN6WpHuXw4S000P+oDgTe
cRqj4Ic7nm7TsavMduQzEKbqHbYArDPrXmGgXbPlGa1nmlp2EGWbaPKwLknjvIzh
LHsAiIg53OQE0L2FG2S8UfLhFj4lwkRepNd1NlXADQ/D+YOD5w9BKDC39xLlwMnC
vt8KGpIQfJ2tMNv5jw+bFK5QYWC2WbyVGW1PcdwqO2Hoa+Z/P9aWcd2hrsFP/20F
NKy7jQ1WuV8iH09nCE4/HsGVhVBkHb2ruSnE3mgGG24HP1vw04O5gWj+6QrowCaQ
uJ9rVHDlhRHOKVafHfQvQwLZfxNTU8AomKWTFsF3u7rHyndVpi6v
-----END CERTIFICATE-----