Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vQamdpjRzCHWkuNxYs4OnY8fKe4.roa
File:                     vQamdpjRzCHWkuNxYs4OnY8fKe4.roa (raw, json)
Hash identifier:          hyjO1eQ7ylwx1Ewy8ldJgZOYhq/LdBPgrV5Gu8HsMhc=
Subject key identifier:   BD:06:A6:76:98:D1:CC:21:D6:92:E3:71:62:CE:0E:9D:8F:1F:29:EE
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BF8439142F9E56905220813AB690F
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vQamdpjRzCHWkuNxYs4OnY8fKe4.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207854
IP address blocks:        188.114.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f8:43:91:42:f9:e5:69:05:22:08:13:ab:69:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd06a67698d1cc21d692e37162ce0e9d8f1f29ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:11:d1:9c:7f:4d:33:65:fb:e4:b5:d8:e5:aa:
                    10:ca:da:f1:54:a9:2b:40:22:65:60:96:90:b2:4d:
                    9d:41:05:f5:73:09:ac:3c:de:07:27:bc:d7:ce:56:
                    11:d8:fb:82:6b:29:27:2a:9a:f4:80:6a:aa:0b:3c:
                    4f:ab:62:59:e3:da:28:8d:13:b8:99:49:a1:f9:1f:
                    6a:3f:52:c6:df:a1:83:87:38:59:13:1e:19:9b:1f:
                    98:a6:b9:4c:56:4a:53:3a:4e:3a:34:33:3b:57:fe:
                    6d:db:1e:c4:50:15:f7:a3:32:91:e1:fa:ae:9b:8c:
                    07:34:0b:c2:b5:67:88:de:cf:1a:d9:26:84:d0:2b:
                    57:56:ff:35:03:58:19:d6:02:92:72:c2:32:f5:41:
                    2c:f5:88:9f:bf:a5:98:88:d4:d5:6a:59:5d:ae:d0:
                    a5:f6:eb:3f:1d:c7:d2:90:e4:b3:d1:a2:1f:5a:83:
                    0f:0d:63:e1:e1:d6:ba:db:dd:f0:67:3b:66:77:fd:
                    75:f1:14:59:91:0c:8d:23:ef:b7:e3:65:d3:64:de:
                    cc:ac:98:26:15:ed:6d:35:ef:9a:1b:0f:b7:4b:55:
                    89:a5:15:bc:53:27:18:1a:48:2d:d4:db:9d:cf:f9:
                    7c:48:4d:28:10:8d:e9:bb:77:ea:30:fa:96:94:ca:
                    0a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:06:A6:76:98:D1:CC:21:D6:92:E3:71:62:CE:0E:9D:8F:1F:29:EE
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vQamdpjRzCHWkuNxYs4OnY8fKe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:1a:05:01:c6:84:60:1e:d5:40:38:ca:2c:de:71:a0:10:cb:
         00:9c:b4:1a:f5:d6:74:3d:b6:75:f4:1a:a5:52:58:14:fa:74:
         d4:01:7a:77:2d:bf:4b:f5:ce:97:2e:7f:cf:69:03:76:53:c0:
         02:60:6a:02:a9:4d:f0:c9:a3:32:dd:c2:93:05:04:8d:b3:7c:
         ea:f6:8e:b5:33:a0:4a:a5:32:83:c9:df:f5:f0:81:87:88:ca:
         39:7f:10:4e:2a:8a:8d:d7:ec:fa:c1:85:a4:3f:79:85:c0:80:
         a8:d9:20:57:70:00:b6:82:5e:3c:20:7d:c3:20:6a:d9:17:e8:
         bf:d5:99:c8:52:93:79:b0:8f:f3:01:40:5d:0d:7e:d5:6d:29:
         e7:22:20:38:c1:4d:68:85:6e:9d:97:8d:e9:02:9d:50:d7:a3:
         7c:63:da:bd:cf:82:68:94:8c:56:b1:a0:77:44:b9:79:5e:d5:
         16:d9:01:be:6a:00:0b:4f:bf:e0:75:46:33:34:9c:12:a9:aa:
         9c:3f:56:49:f6:70:dd:e9:7f:f5:40:0f:54:3c:79:14:4a:44:
         d1:47:07:3b:0c:60:bd:17:9d:c6:12:9e:a5:f0:38:1e:fe:bb:
         77:4f:d1:71:a3:cd:23:91:29:06:fc:de:fa:29:67:5b:16:fb:
         62:3d:e7:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/hDkUL55WkFIggTq2kPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDA2YTY3Njk4ZDFjYzIxZDY5MmUzNzE2MmNlMGU5ZDhmMWYyOWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6RHRnH9NM2X75LXY5aoQytrxVKkr
QCJlYJaQsk2dQQX1cwmsPN4HJ7zXzlYR2PuCayknKpr0gGqqCzxPq2JZ49oojRO4
mUmh+R9qP1LG36GDhzhZEx4Zmx+YprlMVkpTOk46NDM7V/5t2x7EUBX3ozKR4fqu
m4wHNAvCtWeI3s8a2SaE0CtXVv81A1gZ1gKScsIy9UEs9Yifv6WYiNTValldrtCl
9us/HcfSkOSz0aIfWoMPDWPh4da6293wZztmd/118RRZkQyNI++342XTZN7MrJgm
Fe1tNe+aGw+3S1WJpRW8UycYGkgt1Nudz/l8SE0oEI3pu3fqMPqWlMoKnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0GpnaY0cwh1pLjcWLODp2PHynuMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvdlFhbWRwalJ6Q0hXa3VOeFlzNE9uWThmS2U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHJBMA0G
CSqGSIb3DQEBCwUAA4IBAQAWGgUBxoRgHtVAOMos3nGgEMsAnLQa9dZ0PbZ19Bql
UlgU+nTUAXp3Lb9L9c6XLn/PaQN2U8ACYGoCqU3wyaMy3cKTBQSNs3zq9o61M6BK
pTKDyd/18IGHiMo5fxBOKoqN1+z6wYWkP3mFwICo2SBXcAC2gl48IH3DIGrZF+i/
1ZnIUpN5sI/zAUBdDX7VbSnnIiA4wU1ohW6dl43pAp1Q16N8Y9q9z4JolIxWsaB3
RLl5XtUW2QG+agALT7/gdUYzNJwSqaqcP1ZJ9nDd6X/1QA9UPHkUSkTRRwc7DGC9
F53GEp6l8Dge/rt3T9Fxo80jkSkG/N76KWdbFvtiPeek
-----END CERTIFICATE-----