Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/kw7v7XIdDlOFFxPCLz9j9GFRHDw.roa
File:                     kw7v7XIdDlOFFxPCLz9j9GFRHDw.roa (raw, json)
Hash identifier:          WCuWnyJr7kl7+4uWtyO3wOduL7dWBm9hLwsujYS0e00=
Subject key identifier:   93:0E:EF:ED:72:1D:0E:53:85:17:13:C2:2F:3F:63:F4:61:51:1C:3C
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0194B9AC0BFB79DD3ADA7FD397C4F63ED57B
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/kw7v7XIdDlOFFxPCLz9j9GFRHDw.roa
Signing time:             Fri 31 Jan 2025 00:04:07 +0000
ROA not before:           Fri 31 Jan 2025 00:04:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        83.147.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:ac:0b:fb:79:dd:3a:da:7f:d3:97:c4:f6:3e:d5:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jan 31 00:04:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=930eefed721d0e53851713c22f3f63f461511c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:17:38:71:ab:c8:6e:9d:8c:37:2f:46:87:
                    e4:f7:c1:4f:1d:dc:51:65:49:56:fa:11:16:c1:e9:
                    b9:42:22:24:cb:7d:be:e7:cd:7a:11:f5:c6:fe:8a:
                    ad:ae:41:2a:e7:12:da:77:cd:48:14:28:35:77:e6:
                    ff:e7:28:82:68:54:70:99:84:8e:5a:7a:c2:66:3a:
                    2a:3d:31:89:a8:c4:1b:e9:84:25:9a:1c:30:9b:98:
                    34:b7:f0:bb:87:cb:34:c9:d4:4a:b7:80:be:f4:5d:
                    8b:f0:4e:12:f4:f2:2c:34:46:9b:b1:63:02:a0:c4:
                    f8:3b:28:94:f2:2b:9c:fd:0b:dd:6c:f0:3b:58:93:
                    41:df:24:40:b5:ec:b3:ef:54:b4:22:3f:27:d2:2b:
                    f9:45:0b:ad:a2:e6:02:07:3b:5c:12:48:17:27:8e:
                    d7:2f:1e:0b:c1:1b:bd:e9:d3:39:ef:d7:fd:3c:9c:
                    a9:b8:13:24:64:ac:31:9f:5f:01:7e:57:9f:5a:65:
                    03:dd:ac:d9:c2:f2:5a:00:d7:0d:b4:d5:14:a7:8a:
                    26:e7:47:ae:7b:46:8f:ef:c7:4a:e4:dd:78:53:18:
                    54:d0:f2:30:e1:32:10:a1:1c:30:5a:af:91:a8:9d:
                    28:c8:ab:44:67:f9:7f:47:f8:be:6b:1b:3a:5d:76:
                    9d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:0E:EF:ED:72:1D:0E:53:85:17:13:C2:2F:3F:63:F4:61:51:1C:3C
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/kw7v7XIdDlOFFxPCLz9j9GFRHDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:86:7c:0d:6c:76:64:f3:71:b5:9d:4b:20:90:22:f8:5e:e5:
         0b:b6:2f:26:4d:5c:6c:f4:07:cd:66:5c:ae:72:8a:e6:8d:4d:
         02:9f:4b:67:c5:dc:37:92:65:47:62:dc:0e:2f:55:53:89:2b:
         aa:9d:a4:cf:45:8a:22:38:aa:d1:b9:7a:23:36:16:2f:c2:14:
         0b:e4:25:a9:59:c9:a6:de:df:df:ad:cc:b7:32:74:69:47:3f:
         2a:ae:2a:eb:ad:57:31:2c:c9:82:36:32:d4:8f:61:50:47:11:
         8d:1e:78:b2:9a:80:0c:37:80:94:9f:55:eb:c1:20:d4:c8:57:
         40:6a:e1:12:bd:75:2b:35:29:f5:d1:9a:e1:47:8b:a7:1c:2f:
         6b:73:51:67:50:07:75:70:f9:54:4f:99:7b:71:55:f5:7d:d6:
         fe:f6:77:8a:d3:0b:ee:9a:c8:ce:da:73:51:bc:14:f8:bf:d9:
         ff:e9:06:c4:fc:cc:02:97:a3:96:fa:56:bf:5c:be:3b:4a:b6:
         c0:66:0a:d2:39:5c:3b:d3:27:ec:aa:e1:31:35:fa:f8:2b:e6:
         4f:58:12:78:16:a5:3c:51:34:90:a8:64:70:fa:c0:4a:52:fc:
         5e:8f:7e:d9:6a:1d:05:bf:46:e1:dc:80:bd:27:b0:15:a4:21:
         82:5f:59:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS5rAv7ed062n/Tl8T2PtV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwMTMxMDAwNDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzBlZWZlZDcyMWQwZTUzODUxNzEzYzIyZjNmNjNmNDYxNTExYzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtioXOHGryG6djDcvRofk98FPHdxR
ZUlW+hEWwem5QiIky32+5816EfXG/oqtrkEq5xLad81IFCg1d+b/5yiCaFRwmYSO
WnrCZjoqPTGJqMQb6YQlmhwwm5g0t/C7h8s0ydRKt4C+9F2L8E4S9PIsNEabsWMC
oMT4OyiU8iuc/QvdbPA7WJNB3yRAteyz71S0Ij8n0iv5RQutouYCBztcEkgXJ47X
Lx4LwRu96dM579f9PJypuBMkZKwxn18BflefWmUD3azZwvJaANcNtNUUp4om50eu
e0aP78dK5N14UxhU0PIw4TIQoRwwWq+RqJ0oyKtEZ/l/R/i+axs6XXadiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMO7+1yHQ5ThRcTwi8/Y/RhURw8MB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEva3c3djdYSWREbE9GRnhQQ0x6OWo5R0ZSSER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PZMA0G
CSqGSIb3DQEBCwUAA4IBAQBGhnwNbHZk83G1nUsgkCL4XuULti8mTVxs9AfNZlyu
cormjU0Cn0tnxdw3kmVHYtwOL1VTiSuqnaTPRYoiOKrRuXojNhYvwhQL5CWpWcmm
3t/frcy3MnRpRz8qrirrrVcxLMmCNjLUj2FQRxGNHniymoAMN4CUn1XrwSDUyFdA
auESvXUrNSn10ZrhR4unHC9rc1FnUAd1cPlUT5l7cVX1fdb+9neK0wvumsjO2nNR
vBT4v9n/6QbE/MwCl6OW+la/XL47SrbAZgrSOVw70yfsquExNfr4K+ZPWBJ4FqU8
UTSQqGRw+sBKUvxej37Zah0Fv0bh3IC9J7AVpCGCX1ni
-----END CERTIFICATE-----