Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/iY_9p9rfYCrq76s6mH8iLmqZ8G4.roa
File:                     iY_9p9rfYCrq76s6mH8iLmqZ8G4.roa (raw, json)
Hash identifier:          WZh8CFIJ4XBLsbT8NvOnixg7Xgopb12vdZ21KTVanqQ=
Subject key identifier:   89:8F:FD:A7:DA:DF:60:2A:EA:EF:AB:3A:98:7F:22:2E:6A:99:F0:6E
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       0194266BF45FEC95221FE7526559956EC477
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/iY_9p9rfYCrq76s6mH8iLmqZ8G4.roa
Signing time:             Thu 02 Jan 2025 09:49:56 +0000
ROA not before:           Thu 02 Jan 2025 09:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49602
IP address blocks:        81.7.108.0/22 maxlen: 22
                          81.7.112.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 20:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f4:5f:ec:95:22:1f:e7:52:65:59:95:6e:c4:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 09:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=898ffda7dadf602aeaefab3a987f222e6a99f06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0e:c8:cb:c2:d4:2a:39:17:b9:df:37:13:af:
                    fd:37:0b:3e:22:c8:2d:4a:15:1c:ab:db:36:99:38:
                    79:5f:79:cb:7a:61:9c:f5:c3:b9:e9:b7:db:97:af:
                    32:f5:05:d7:cf:2f:e7:d5:08:a5:40:0a:ca:6d:ea:
                    2e:7f:31:f6:56:26:8f:41:be:77:33:b2:51:f1:d4:
                    5e:c8:11:58:9c:9b:ac:4f:d2:d3:b2:55:3c:fa:bc:
                    ef:4b:74:2b:77:04:80:d5:d9:fc:42:39:8a:d1:df:
                    16:49:bd:b2:72:d0:ab:ba:83:2f:43:d1:b7:e3:e1:
                    8f:71:bf:52:09:3b:24:c4:2d:2e:88:0b:f6:e8:90:
                    3c:81:de:b0:31:27:03:7f:5a:5b:54:da:68:b9:1e:
                    90:d2:c1:65:ee:ae:e6:73:0c:ec:1e:d8:ea:42:42:
                    ed:25:25:e6:59:a4:39:20:d7:4a:41:4d:0c:f9:2e:
                    d7:3d:7e:e9:ee:56:28:b7:9a:72:79:32:5a:b6:02:
                    2f:aa:b5:25:be:0e:f0:07:9c:57:bb:69:62:8c:af:
                    24:44:9c:60:c7:0c:18:36:d7:ad:67:b1:d2:d4:72:
                    7c:b1:2f:24:5c:4b:41:1f:ff:38:f3:60:c4:4b:3a:
                    c4:a2:a8:6f:f8:f4:f6:ba:f7:6a:e4:0e:42:64:d2:
                    ae:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8F:FD:A7:DA:DF:60:2A:EA:EF:AB:3A:98:7F:22:2E:6A:99:F0:6E
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/iY_9p9rfYCrq76s6mH8iLmqZ8G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.7.108.0-81.7.113.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:07:42:a7:d7:e5:11:00:fe:2b:1f:f2:6d:c8:09:52:7c:76:
         43:7a:ed:c4:4f:59:89:e6:bc:ea:a5:d8:ae:63:d1:ac:87:1b:
         44:fa:d1:3d:25:0b:b5:9f:10:3d:98:ca:21:36:82:f7:7e:41:
         58:ee:6b:45:2c:3f:00:eb:49:5c:bf:70:d7:0b:0a:fb:84:05:
         82:09:cb:a2:33:21:8f:d8:7b:00:9e:34:ca:69:80:b8:bd:a8:
         92:09:69:9c:6a:23:82:5e:43:02:6a:ed:bd:82:70:9e:f1:6c:
         1e:1a:40:da:dd:cf:09:19:e5:29:65:ed:90:a3:f0:2f:e6:a6:
         85:67:b2:66:e8:0d:13:9d:4d:27:4b:08:15:2e:66:23:0a:9d:
         4f:0c:1e:b4:56:d7:74:67:fc:50:59:90:a4:5e:67:14:5c:82:
         9d:65:ae:a7:54:cf:44:be:8f:e3:69:d5:90:33:df:da:bf:3a:
         18:6c:de:86:d0:cc:4a:bf:fa:90:c8:4f:ea:37:8a:13:dc:ad:
         65:21:64:09:52:3b:56:7f:5e:f2:bc:be:6d:39:69:e1:05:6d:
         7f:c1:49:d1:71:67:37:e8:9c:d6:68:27:da:43:4a:f4:00:5c:
         65:75:87:13:c2:66:18:80:41:4d:41:a8:7e:46:85:63:af:74:
         93:22:85:c0
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQma/Rf7JUiH+dSZVmVbsR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThmZmRhN2RhZGY2MDJhZWFlZmFiM2E5ODdmMjIyZTZhOTlmMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ7Iy8LUKjkXud83E6/9Nws+Isgt
ShUcq9s2mTh5X3nLemGc9cO56bfbl68y9QXXzy/n1QilQArKbeoufzH2ViaPQb53
M7JR8dReyBFYnJusT9LTslU8+rzvS3QrdwSA1dn8QjmK0d8WSb2yctCruoMvQ9G3
4+GPcb9SCTskxC0uiAv26JA8gd6wMScDf1pbVNpouR6Q0sFl7q7mcwzsHtjqQkLt
JSXmWaQ5INdKQU0M+S7XPX7p7lYot5pyeTJatgIvqrUlvg7wB5xXu2lijK8kRJxg
xwwYNtetZ7HS1HJ8sS8kXEtBH/8482DESzrEoqhv+PT2uvdq5A5CZNKuvwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFImP/afa32Aq6u+rOph/Ii5qmfBuMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL2lZXzlwOXJmWUNycTc2czZtSDhpTG1xWjhHNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEAlEH
bAMEAVEHcDANBgkqhkiG9w0BAQsFAAOCAQEAOgdCp9flEQD+Kx/ybcgJUnx2Q3rt
xE9Ziea86qXYrmPRrIcbRPrRPSULtZ8QPZjKITaC935BWO5rRSw/AOtJXL9w1wsK
+4QFggnLojMhj9h7AJ40ymmAuL2okglpnGojgl5DAmrtvYJwnvFsHhpA2t3PCRnl
KWXtkKPwL+amhWeyZugNE51NJ0sIFS5mIwqdTwwetFbXdGf8UFmQpF5nFFyCnWWu
p1TPRL6P42nVkDPf2r86GGzehtDMSr/6kMhP6jeKE9ytZSFkCVI7Vn9e8ry+bTlp
4QVtf8FJ0XFnN+ic1mgn2kNK9ABcZXWHE8JmGIBBTUGofkaFY690kyKFwA==
-----END CERTIFICATE-----