Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/TJb5yqAFAEQm4bodhZvgyKGR5g8.roa
File:                     TJb5yqAFAEQm4bodhZvgyKGR5g8.roa (raw, json)
Hash identifier:          Fw+fnfUDG6i7GuiSd9SaWqD3Z7c6KWluZOqQB8rLf7g=
Subject key identifier:   4C:96:F9:CA:A0:05:00:44:26:E1:BA:1D:85:9B:E0:C8:A1:91:E6:0F
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01925E186242442C97E52786B3728795BE37
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/TJb5yqAFAEQm4bodhZvgyKGR5g8.roa
Signing time:             Sat 05 Oct 2024 19:11:49 +0000
ROA not before:           Sat 05 Oct 2024 19:11:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211327
IP address blocks:        185.249.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:18:62:42:44:2c:97:e5:27:86:b3:72:87:95:be:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct  5 19:11:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c96f9caa005004426e1ba1d859be0c8a191e60f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6b:8e:f3:09:da:97:f2:d8:c8:ea:d6:61:b6:
                    14:c2:f2:92:91:d9:31:26:da:2c:d1:48:09:27:b9:
                    a9:50:74:44:2b:05:75:5e:5d:d5:6b:1f:7f:43:f8:
                    c3:dd:2d:0d:97:4e:be:33:99:fd:1a:53:eb:de:f5:
                    c4:e9:a4:e9:25:99:12:7e:dd:af:98:97:0a:9a:af:
                    80:d7:b4:94:71:6e:c3:05:74:f7:bb:6b:bf:d0:80:
                    1b:41:fb:e1:89:b2:b3:7c:21:a5:c4:d1:fd:5b:c6:
                    46:e0:c9:ef:1c:51:cf:97:29:f6:c9:65:2d:7a:c7:
                    f6:89:8b:e0:35:11:64:c4:63:f0:d2:57:be:bb:a0:
                    2d:48:bf:c5:1f:2d:03:fa:09:3f:64:9d:1e:28:f4:
                    8f:5b:10:67:e1:e3:cd:01:a7:b8:d8:12:f4:85:73:
                    fa:66:a5:08:d1:4a:a0:5e:1e:e1:ba:f7:62:3c:e2:
                    7d:68:d1:69:fc:08:e8:50:5f:49:23:6f:b1:34:15:
                    2b:ff:83:e9:61:4e:d7:47:2f:51:24:7f:cd:db:de:
                    07:8d:ce:c5:d2:64:c2:83:74:b2:a4:b6:2c:41:a9:
                    39:bc:71:0e:da:00:fc:37:75:3b:f5:10:f1:6f:bb:
                    8d:07:0d:1f:60:81:10:95:07:02:22:37:2e:4e:36:
                    bd:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:96:F9:CA:A0:05:00:44:26:E1:BA:1D:85:9B:E0:C8:A1:91:E6:0F
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/TJb5yqAFAEQm4bodhZvgyKGR5g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:da:70:f6:27:80:8a:84:d3:43:1f:2e:a9:df:ba:d7:13:14:
         3b:b7:4b:82:6c:d3:29:54:33:5f:fb:0b:28:8c:68:7a:65:14:
         3b:84:fc:be:c4:16:18:85:8c:31:f7:b0:9c:54:db:0e:13:81:
         82:de:3a:27:84:b6:24:52:94:6a:31:77:f7:50:e2:16:17:50:
         24:a6:4b:98:5a:f1:ef:de:be:d6:f6:40:42:a7:ac:44:8d:63:
         c4:f7:f1:e9:bc:a8:90:0e:e6:a1:71:e6:9e:a3:6d:6b:eb:f6:
         23:d6:a6:e6:f4:43:39:78:a7:4a:19:28:ce:78:3c:fe:a1:7c:
         82:37:94:a9:5b:66:73:a8:60:31:19:d4:4b:98:29:05:06:78:
         bb:4f:0e:0d:e4:a8:2d:99:8c:b0:86:16:f0:80:e8:02:a2:9a:
         7b:37:00:01:28:08:a3:f9:d1:5f:69:a8:cb:dd:b8:96:da:2d:
         02:a6:5d:d7:c1:73:22:89:0d:44:f3:e1:68:d9:3d:8a:b6:38:
         63:18:fa:e5:79:30:fb:8f:bd:db:39:82:b1:cd:5f:65:cd:01:
         b0:6c:53:a1:21:b6:6b:26:49:1c:85:70:1b:ca:d3:88:f5:79:
         e9:bd:f5:d8:df:32:e7:99:e3:7a:e2:3b:57:42:ac:80:8e:8d:
         f8:e8:17:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJeGGJCRCyX5SeGs3KHlb43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMDA1MTkxMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk2ZjljYWEwMDUwMDQ0MjZlMWJhMWQ4NTliZTBjOGExOTFlNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2uO8wnal/LYyOrWYbYUwvKSkdkx
Jtos0UgJJ7mpUHREKwV1Xl3Vax9/Q/jD3S0Nl06+M5n9GlPr3vXE6aTpJZkSft2v
mJcKmq+A17SUcW7DBXT3u2u/0IAbQfvhibKzfCGlxNH9W8ZG4MnvHFHPlyn2yWUt
esf2iYvgNRFkxGPw0le+u6AtSL/FHy0D+gk/ZJ0eKPSPWxBn4ePNAae42BL0hXP6
ZqUI0UqgXh7huvdiPOJ9aNFp/AjoUF9JI2+xNBUr/4PpYU7XRy9RJH/N294Hjc7F
0mTCg3SypLYsQak5vHEO2gD8N3U79RDxb7uNBw0fYIEQlQcCIjcuTja9HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyW+cqgBQBEJuG6HYWb4MihkeYPMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvVEpiNXlxQUZBRVFtNGJvZGhadmd5S0dSNWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufnKMA0G
CSqGSIb3DQEBCwUAA4IBAQBj2nD2J4CKhNNDHy6p37rXExQ7t0uCbNMpVDNf+wso
jGh6ZRQ7hPy+xBYYhYwx97CcVNsOE4GC3jonhLYkUpRqMXf3UOIWF1AkpkuYWvHv
3r7W9kBCp6xEjWPE9/HpvKiQDuahceaeo21r6/Yj1qbm9EM5eKdKGSjOeDz+oXyC
N5SpW2ZzqGAxGdRLmCkFBni7Tw4N5KgtmYywhhbwgOgCopp7NwABKAij+dFfaajL
3biW2i0Cpl3XwXMiiQ1E8+Fo2T2KtjhjGPrleTD7j73bOYKxzV9lzQGwbFOhIbZr
JkkchXAbytOI9XnpvfXY3zLnmeN64jtXQqyAjo346BfJ
-----END CERTIFICATE-----