Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/C_9wJpC7N12kOu0pJ_D7XheLG4E.roa
File:                     C_9wJpC7N12kOu0pJ_D7XheLG4E.roa (raw, json)
Hash identifier:          gH4AEfeN7fzJJXj/ip3PiHbGkEFNAd9HeLBxlPcZ0hQ=
Subject key identifier:   0B:FF:70:26:90:BB:37:5D:A4:3A:ED:29:27:F0:FB:5E:17:8B:1B:81
Certificate issuer:       /CN=f296e25812116807c8bf7abac5c695beb41b85cf
Certificate serial:       0195B308BF5D5D26FF4E415B1570DEEACB9F
Authority key identifier: F2:96:E2:58:12:11:68:07:C8:BF:7A:BA:C5:C6:95:BE:B4:1B:85:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8pbiWBIRaAfIv3q6xcaVvrQbhc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/C_9wJpC7N12kOu0pJ_D7XheLG4E.roa
Signing time:             Thu 20 Mar 2025 10:10:49 +0000
ROA not before:           Thu 20 Mar 2025 10:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35512
IP address blocks:        194.88.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/8pbiWBIRaAfIv3q6xcaVvrQbhc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/8pbiWBIRaAfIv3q6xcaVvrQbhc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8pbiWBIRaAfIv3q6xcaVvrQbhc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:08:bf:5d:5d:26:ff:4e:41:5b:15:70:de:ea:cb:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f296e25812116807c8bf7abac5c695beb41b85cf
        Validity
            Not Before: Mar 20 10:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bff702690bb375da43aed2927f0fb5e178b1b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4a:2d:29:0c:1a:ae:58:5b:bc:86:75:21:a9:
                    e2:4d:68:79:90:f0:4e:d9:cf:52:43:b8:dc:9d:48:
                    11:4a:e2:0f:4f:c6:90:cb:9f:8a:29:5c:c1:5e:9c:
                    b4:5c:e6:ae:bb:3c:f2:92:d8:1b:43:b8:c3:34:8c:
                    5e:d2:48:b7:da:a7:c6:1f:fd:a2:b4:59:2c:f2:20:
                    44:7b:64:c5:fa:a1:69:ee:57:c0:d3:e6:59:d9:0f:
                    dc:53:f1:64:0c:21:0e:ef:a2:1d:d8:d7:bc:cd:69:
                    8d:9e:8d:0c:cc:9d:f4:c5:ea:4a:46:5c:24:96:6b:
                    88:86:b0:cd:1f:17:90:d5:8a:24:5c:80:bf:a4:33:
                    9a:8e:04:c0:bb:b8:23:d3:43:2a:21:9c:ed:e8:64:
                    a9:bf:59:ad:c3:99:7d:52:06:55:dd:be:68:5d:e7:
                    8f:21:e9:d8:83:71:8d:9c:6a:68:3b:92:d4:69:80:
                    0c:44:13:f0:84:ec:8b:1a:9d:9a:78:d5:9b:4f:75:
                    74:da:e7:8d:ae:be:26:e2:fe:4e:07:61:0d:6c:b6:
                    d5:ec:23:0d:0c:88:e0:65:be:5e:5b:39:c0:38:f3:
                    82:e1:e5:1c:9f:f4:2e:da:29:dc:83:19:9f:43:16:
                    ef:af:01:e9:c1:a8:a5:dc:30:93:ec:8b:87:cb:82:
                    e7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FF:70:26:90:BB:37:5D:A4:3A:ED:29:27:F0:FB:5E:17:8B:1B:81
            X509v3 Authority Key Identifier:
                keyid:F2:96:E2:58:12:11:68:07:C8:BF:7A:BA:C5:C6:95:BE:B4:1B:85:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8pbiWBIRaAfIv3q6xcaVvrQbhc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/C_9wJpC7N12kOu0pJ_D7XheLG4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/17f788-1fbe-40ba-84d1-46e41202b049/1/8pbiWBIRaAfIv3q6xcaVvrQbhc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:b7:e2:02:61:3d:9e:1e:fc:2d:38:b0:7f:d1:33:8f:4b:4f:
         65:3a:9a:4b:50:bb:e5:98:16:1b:bd:f1:bb:fc:26:62:e8:90:
         6b:8d:60:cb:1f:07:16:dc:57:b0:d0:05:aa:fe:52:f5:3e:29:
         a4:66:15:a1:75:28:ce:23:a6:30:b3:f9:95:45:5d:22:6e:b2:
         f8:5c:1a:9e:af:04:14:81:e5:c1:b9:47:d8:67:8b:f6:ec:cb:
         aa:a6:35:8b:e4:4b:15:49:f6:68:fe:73:c5:09:59:6d:7f:9c:
         83:ac:7a:dc:83:97:f8:73:bc:a7:f3:60:05:ba:b2:db:cd:60:
         73:09:cd:4d:6c:ff:25:ac:03:d3:54:a8:a6:77:e1:64:4f:59:
         ad:c3:d7:f2:f5:0e:7a:b8:c1:20:d2:4c:3b:ee:9f:5e:28:0c:
         c9:ea:13:14:23:dd:2f:96:8b:ea:16:f5:04:b7:22:4f:ce:a3:
         95:7e:e3:91:d2:48:17:c2:a0:26:4c:47:ac:83:06:24:3e:14:
         b8:dc:68:a2:65:e3:e3:b8:f2:73:3d:13:7e:aa:f0:1c:4e:5f:
         ac:d4:71:1f:2e:b7:8a:eb:84:b2:b0:5c:75:b2:25:52:f4:c1:
         ec:03:85:2c:c4:95:32:2f:fa:54:fd:c4:eb:a2:11:36:c1:b7:
         fe:07:5a:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzCL9dXSb/TkFbFXDe6sufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOTZlMjU4MTIxMTY4MDdjOGJmN2FiYWM1YzY5NWJlYjQx
Yjg1Y2YwHhcNMjUwMzIwMTAxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZmNzAyNjkwYmIzNzVkYTQzYWVkMjkyN2YwZmI1ZTE3OGIxYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0otKQwarlhbvIZ1IaniTWh5kPBO
2c9SQ7jcnUgRSuIPT8aQy5+KKVzBXpy0XOauuzzyktgbQ7jDNIxe0ki32qfGH/2i
tFks8iBEe2TF+qFp7lfA0+ZZ2Q/cU/FkDCEO76Id2Ne8zWmNno0MzJ30xepKRlwk
lmuIhrDNHxeQ1YokXIC/pDOajgTAu7gj00MqIZzt6GSpv1mtw5l9UgZV3b5oXeeP
IenYg3GNnGpoO5LUaYAMRBPwhOyLGp2aeNWbT3V02ueNrr4m4v5OB2ENbLbV7CMN
DIjgZb5eWznAOPOC4eUcn/Qu2incgxmfQxbvrwHpwail3DCT7IuHy4LnIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv/cCaQuzddpDrtKSfw+14XixuBMB8GA1UdIwQY
MBaAFPKW4lgSEWgHyL96usXGlb60G4XPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHBiaVdCSVJhQWZJdjNxNnhjYVZ2clFiaGM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xN2Y3ODgtMWZiZS00MGJhLTg0ZDEt
NDZlNDEyMDJiMDQ5LzEvQ185d0pwQzdOMTJrT3UwcEpfRDdYaGVMRzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xN2Y3ODgtMWZiZS00MGJhLTg0ZDEtNDZlNDEyMDJiMDQ5
LzEvOHBiaVdCSVJhQWZJdjNxNnhjYVZ2clFiaGM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljKMA0G
CSqGSIb3DQEBCwUAA4IBAQCCt+ICYT2eHvwtOLB/0TOPS09lOppLULvlmBYbvfG7
/CZi6JBrjWDLHwcW3Few0AWq/lL1PimkZhWhdSjOI6Yws/mVRV0ibrL4XBqerwQU
geXBuUfYZ4v27MuqpjWL5EsVSfZo/nPFCVltf5yDrHrcg5f4c7yn82AFurLbzWBz
Cc1NbP8lrAPTVKimd+FkT1mtw9fy9Q56uMEg0kw77p9eKAzJ6hMUI90vlovqFvUE
tyJPzqOVfuOR0kgXwqAmTEesgwYkPhS43GiiZePjuPJzPRN+qvAcTl+s1HEfLreK
64SysFx1siVS9MHsA4UsxJUyL/pU/cTrohE2wbf+B1qk
-----END CERTIFICATE-----