Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/G8yJSDi_qI6C3zmPW3k-kpCis5w.roa
File:                     G8yJSDi_qI6C3zmPW3k-kpCis5w.roa (raw, json)
Hash identifier:          qlE3sGxxzJA/T2NGOl/URoTdfcV9KKmY+S6/Dr5mN74=
Subject key identifier:   1B:CC:89:48:38:BF:A8:8E:82:DF:39:8F:5B:79:3E:92:90:A2:B3:9C
Certificate issuer:       /CN=e7fd8c076b53a7121b54178f5b6a7e29135bccec
Certificate serial:       0196F7BE212460444E5FB26E855AAF0C6CA1
Authority key identifier: E7:FD:8C:07:6B:53:A7:12:1B:54:17:8F:5B:6A:7E:29:13:5B:CC:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_2MB2tTpxIbVBePW2p-KRNbzOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/G8yJSDi_qI6C3zmPW3k-kpCis5w.roa
Signing time:             Thu 22 May 2025 11:25:54 +0000
ROA not before:           Thu 22 May 2025 11:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59943
IP address blocks:        193.243.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/5_2MB2tTpxIbVBePW2p-KRNbzOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/5_2MB2tTpxIbVBePW2p-KRNbzOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_2MB2tTpxIbVBePW2p-KRNbzOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:be:21:24:60:44:4e:5f:b2:6e:85:5a:af:0c:6c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7fd8c076b53a7121b54178f5b6a7e29135bccec
        Validity
            Not Before: May 22 11:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bcc894838bfa88e82df398f5b793e9290a2b39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:43:35:40:a7:a6:f9:45:35:ad:59:be:6e:39:
                    3c:72:d3:2e:cc:47:ab:fb:68:5d:e3:79:4e:f1:ba:
                    92:7e:ae:52:86:45:9d:c2:d6:cf:9b:bd:31:85:f1:
                    56:26:0f:fd:23:e7:ee:18:8a:fe:86:ff:7a:fc:ff:
                    29:76:d9:9f:a7:5a:5b:09:dc:5e:b5:2f:69:7e:0d:
                    c5:16:c5:8e:f1:8f:91:21:8c:0b:4c:60:7f:bc:b8:
                    11:1f:b9:be:e1:e0:e1:ba:90:9d:d4:25:9c:46:07:
                    04:52:17:30:80:7d:4a:5b:91:d0:b0:34:aa:26:f4:
                    ae:3b:f6:84:be:a5:38:f2:c4:fb:58:a8:0b:4a:12:
                    c2:05:8f:7f:d4:d7:15:86:03:c7:ae:85:03:a0:23:
                    5e:60:48:6b:3d:55:99:f4:ea:80:1b:b9:f3:03:26:
                    2f:0f:cf:a6:31:e4:4e:29:2f:94:0d:51:58:1c:6a:
                    30:0e:62:3b:87:81:7c:7d:d1:6c:01:5b:5c:9d:14:
                    3a:02:ad:ba:3d:72:3d:99:bc:a9:4a:55:29:bd:06:
                    a8:44:b1:42:e4:9a:fd:f3:f8:1d:a5:1e:30:07:9a:
                    f6:76:03:1c:ab:09:ff:46:83:0f:3c:5b:6c:bf:a8:
                    69:54:98:a6:f7:68:5d:d6:e4:f9:2d:39:e3:1a:37:
                    94:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:CC:89:48:38:BF:A8:8E:82:DF:39:8F:5B:79:3E:92:90:A2:B3:9C
            X509v3 Authority Key Identifier:
                keyid:E7:FD:8C:07:6B:53:A7:12:1B:54:17:8F:5B:6A:7E:29:13:5B:CC:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_2MB2tTpxIbVBePW2p-KRNbzOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/G8yJSDi_qI6C3zmPW3k-kpCis5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/b6ab7b-b348-4763-97ec-16c63c426c33/1/5_2MB2tTpxIbVBePW2p-KRNbzOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.243.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d5:5c:85:d0:09:a5:a7:44:3e:8f:91:8e:65:41:74:34:f0:
         7e:60:c0:49:a5:b7:97:11:87:a9:9d:a7:29:51:89:a6:e0:0e:
         c5:d0:45:c3:a3:a3:fc:55:d7:4f:e9:87:51:15:75:90:cf:4e:
         ca:b5:9b:7b:87:71:e8:90:c7:17:fa:af:62:a4:61:9d:46:92:
         66:63:39:ce:f8:c2:43:17:24:07:ed:d0:bc:2b:02:7a:42:85:
         d0:58:b2:2a:31:5f:a9:35:63:e7:e2:f1:a1:9b:9b:ac:f5:e5:
         14:d7:f3:a8:44:71:05:55:0c:01:79:1f:84:f8:0f:20:2e:29:
         d4:cd:65:f3:3d:df:65:2a:7c:32:a0:e0:6c:c8:0f:6e:08:7d:
         d2:98:c5:82:41:94:88:f7:c4:95:f3:ad:ee:fb:a7:4b:28:4f:
         d2:f5:3b:78:f3:5c:ec:2a:dc:05:83:24:85:88:87:cd:29:81:
         12:28:af:4b:ef:30:bb:e2:9c:09:79:69:47:db:b9:e9:3d:0d:
         8c:d2:3e:a2:b1:96:9e:3d:fb:a3:47:67:30:1a:19:93:03:57:
         1a:03:67:fa:28:48:dc:c2:d9:d3:c4:1b:d5:81:b1:80:41:b1:
         cf:81:87:d4:e4:96:eb:ad:c1:3c:d2:a3:cc:24:c4:54:88:f5:
         97:da:ae:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3viEkYEROX7JuhVqvDGyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZmQ4YzA3NmI1M2E3MTIxYjU0MTc4ZjViNmE3ZTI5MTM1
YmNjZWMwHhcNMjUwNTIyMTEyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmNjODk0ODM4YmZhODhlODJkZjM5OGY1Yjc5M2U5MjkwYTJiMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kM1QKem+UU1rVm+bjk8ctMuzEer
+2hd43lO8bqSfq5ShkWdwtbPm70xhfFWJg/9I+fuGIr+hv96/P8pdtmfp1pbCdxe
tS9pfg3FFsWO8Y+RIYwLTGB/vLgRH7m+4eDhupCd1CWcRgcEUhcwgH1KW5HQsDSq
JvSuO/aEvqU48sT7WKgLShLCBY9/1NcVhgPHroUDoCNeYEhrPVWZ9OqAG7nzAyYv
D8+mMeROKS+UDVFYHGowDmI7h4F8fdFsAVtcnRQ6Aq26PXI9mbypSlUpvQaoRLFC
5Jr98/gdpR4wB5r2dgMcqwn/RoMPPFtsv6hpVJim92hd1uT5LTnjGjeUgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvMiUg4v6iOgt85j1t5PpKQorOcMB8GA1UdIwQY
MBaAFOf9jAdrU6cSG1QXj1tqfikTW8zsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV8yTUIydFRweEliVkJlUFcycC1LUk5iek93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9iNmFiN2ItYjM0OC00NzYzLTk3ZWMt
MTZjNjNjNDI2YzMzLzEvRzh5SlNEaV9xSTZDM3ptUFczay1rcENpczV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9iNmFiN2ItYjM0OC00NzYzLTk3ZWMtMTZjNjNjNDI2YzMz
LzEvNV8yTUIydFRweEliVkJlUFcycC1LUk5iek93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfOUMA0G
CSqGSIb3DQEBCwUAA4IBAQCK1VyF0Amlp0Q+j5GOZUF0NPB+YMBJpbeXEYepnacp
UYmm4A7F0EXDo6P8VddP6YdRFXWQz07KtZt7h3HokMcX+q9ipGGdRpJmYznO+MJD
FyQH7dC8KwJ6QoXQWLIqMV+pNWPn4vGhm5us9eUU1/OoRHEFVQwBeR+E+A8gLinU
zWXzPd9lKnwyoOBsyA9uCH3SmMWCQZSI98SV863u+6dLKE/S9Tt481zsKtwFgySF
iIfNKYESKK9L7zC74pwJeWlH27npPQ2M0j6isZaePfujR2cwGhmTA1caA2f6KEjc
wtnTxBvVgbGAQbHPgYfU5JbrrcE80qPMJMRUiPWX2q5z
-----END CERTIFICATE-----