Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/RA9kR943QDfswVQ2De2E5cFSYaU.roa
File:                     RA9kR943QDfswVQ2De2E5cFSYaU.roa (raw, json)
Hash identifier:          jCT5nXHXTc0Nn3QbV8+Qje22n9CHMzdTyZ/tDlKS5Ck=
Subject key identifier:   44:0F:64:47:DE:37:40:37:EC:C1:54:36:0D:ED:84:E5:C1:52:61:A5
Certificate issuer:       /CN=660899133329faa5b5716b1c95fbaf93021fbc61
Certificate serial:       019426D92AE8D4164BB831D76A6C2868A847
Authority key identifier: 66:08:99:13:33:29:FA:A5:B5:71:6B:1C:95:FB:AF:93:02:1F:BC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/RA9kR943QDfswVQ2De2E5cFSYaU.roa
Signing time:             Thu 02 Jan 2025 11:49:13 +0000
ROA not before:           Thu 02 Jan 2025 11:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201319
IP address blocks:        194.56.0.0/18 maxlen: 24
                          194.56.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:2a:e8:d4:16:4b:b8:31:d7:6a:6c:28:68:a8:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=660899133329faa5b5716b1c95fbaf93021fbc61
        Validity
            Not Before: Jan  2 11:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=440f6447de374037ecc154360ded84e5c15261a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3f:dd:cf:e3:27:d0:2b:a6:2f:27:f6:b5:36:
                    a8:6a:93:cc:f9:94:c0:cf:83:5b:e5:9e:59:1e:9e:
                    97:f6:8f:29:c0:70:62:37:c5:fc:5a:96:42:eb:c4:
                    e3:e3:19:08:e5:64:d8:9e:aa:93:b1:0c:34:d8:cc:
                    ec:71:fe:68:f3:e7:8e:02:70:c0:e6:96:cb:5b:76:
                    9e:0a:93:4f:1b:78:bb:08:59:db:2b:eb:17:0a:15:
                    21:ce:6f:68:c8:0b:cf:53:ce:cc:6a:6f:a0:dc:a7:
                    f6:57:46:61:e1:51:49:26:3f:7b:f9:13:5b:d8:d8:
                    07:8d:3d:9d:d1:77:14:da:29:b7:65:ee:1e:99:64:
                    13:8c:6d:20:9d:6e:d3:90:21:02:8d:4c:d2:35:9b:
                    da:91:e7:cf:ae:3f:aa:90:58:86:39:35:02:1c:ce:
                    47:a0:d7:a3:89:e6:b9:94:76:01:cf:8e:3e:0c:6c:
                    9d:5f:67:5e:a3:6a:e4:0c:25:ed:8f:8d:e7:d6:96:
                    54:62:4b:fe:76:04:05:17:66:67:25:ec:d3:36:25:
                    c1:f2:be:64:31:4f:14:2a:e0:dc:2c:4f:2e:ca:76:
                    be:5e:f1:ae:4c:5a:9f:c5:e3:36:e2:8a:23:12:d4:
                    b9:97:28:bc:8a:44:c6:5e:97:30:f5:b4:9a:c7:b5:
                    5b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0F:64:47:DE:37:40:37:EC:C1:54:36:0D:ED:84:E5:C1:52:61:A5
            X509v3 Authority Key Identifier:
                keyid:66:08:99:13:33:29:FA:A5:B5:71:6B:1C:95:FB:AF:93:02:1F:BC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZgiZEzMp-qW1cWsclfuvkwIfvGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/RA9kR943QDfswVQ2De2E5cFSYaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/bd75b1-174b-417c-8750-eb8a453bc56e/1/ZgiZEzMp-qW1cWsclfuvkwIfvGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.0.0-194.56.71.255

    Signature Algorithm: sha256WithRSAEncryption
         72:db:32:46:95:48:cc:db:20:eb:9b:cc:2a:fe:a5:28:4e:92:
         2a:26:e4:2c:92:16:40:fd:83:9f:66:83:c9:39:1c:70:4a:11:
         28:ea:09:89:56:ad:0d:e5:b2:02:a9:f3:a1:f4:d1:0f:5f:b5:
         bd:57:48:80:f5:40:57:86:2b:9f:0c:21:e5:69:25:a4:83:41:
         aa:f6:fd:e1:9f:2f:a6:04:bb:88:a1:66:31:78:14:98:a6:b5:
         da:05:d8:3a:5d:23:19:61:03:b4:98:ec:88:4b:bb:70:10:86:
         0b:6a:7b:62:4d:60:54:45:ad:13:b4:10:09:5c:c5:ad:0c:df:
         fb:d3:80:88:ec:02:a1:b3:86:b8:92:99:7a:97:f9:4c:a8:2b:
         60:8d:dc:94:a5:c7:8e:ac:c0:7b:3e:76:0a:4d:08:46:f8:f6:
         5b:f4:46:d8:f1:66:06:8f:24:b9:cd:aa:3f:4e:3f:61:54:e2:
         22:f4:fd:f1:fa:e1:b7:31:ad:6c:8a:83:9b:4b:69:00:eb:9c:
         af:63:5e:54:a1:94:2b:b3:37:23:2b:d7:21:52:83:01:31:80:
         7a:99:d0:89:5c:92:78:69:e0:fd:0b:4d:dd:db:18:5e:6e:4f:
         86:76:c7:d6:17:64:3b:e5:5b:3e:c7:d1:51:9a:9f:60:e5:a0:
         b2:60:9f:25
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQm2Sro1BZLuDHXamwoaKhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MDg5OTEzMzMyOWZhYTViNTcxNmIxYzk1ZmJhZjkzMDIx
ZmJjNjEwHhcNMjUwMTAyMTE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBmNjQ0N2RlMzc0MDM3ZWNjMTU0MzYwZGVkODRlNWMxNTI2MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz/dz+Mn0CumLyf2tTaoapPM+ZTA
z4Nb5Z5ZHp6X9o8pwHBiN8X8WpZC68Tj4xkI5WTYnqqTsQw02Mzscf5o8+eOAnDA
5pbLW3aeCpNPG3i7CFnbK+sXChUhzm9oyAvPU87Mam+g3Kf2V0Zh4VFJJj97+RNb
2NgHjT2d0XcU2im3Ze4emWQTjG0gnW7TkCECjUzSNZvakefPrj+qkFiGOTUCHM5H
oNejiea5lHYBz44+DGydX2deo2rkDCXtj43n1pZUYkv+dgQFF2ZnJezTNiXB8r5k
MU8UKuDcLE8uyna+XvGuTFqfxeM24oojEtS5lyi8ikTGXpcw9bSax7VbKQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFEQPZEfeN0A37MFUNg3thOXBUmGlMB8GA1UdIwQY
MBaAFGYImRMzKfqltXFrHJX7r5MCH7xhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmdpWkV6TXAtcVcxY1dzY2xmdXZrd0lmdkdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9iZDc1YjEtMTc0Yi00MTdjLTg3NTAt
ZWI4YTQ1M2JjNTZlLzEvUkE5a1I5NDNRRGZzd1ZRMkRlMkU1Y0ZTWWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9iZDc1YjEtMTc0Yi00MTdjLTg3NTAtZWI4YTQ1M2JjNTZl
LzEvWmdpWkV6TXAtcVcxY1dzY2xmdXZrd0lmdkdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwPCOAME
A8I4QDANBgkqhkiG9w0BAQsFAAOCAQEActsyRpVIzNsg65vMKv6lKE6SKibkLJIW
QP2Dn2aDyTkccEoRKOoJiVatDeWyAqnzofTRD1+1vVdIgPVAV4Yrnwwh5WklpINB
qvb94Z8vpgS7iKFmMXgUmKa12gXYOl0jGWEDtJjsiEu7cBCGC2p7Yk1gVEWtE7QQ
CVzFrQzf+9OAiOwCobOGuJKZepf5TKgrYI3clKXHjqzAez52Ck0IRvj2W/RG2PFm
Bo8kuc2qP04/YVTiIvT98frhtzGtbIqDm0tpAOucr2NeVKGUK7M3IyvXIVKDATGA
epnQiVySeGng/QtN3dsYXm5PhnbH1hdkO+VbPsfRUZqfYOWgsmCfJQ==
-----END CERTIFICATE-----