Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vRKV9S2Nnzt5vOi86g2IyLbxJJg.roa
File:                     vRKV9S2Nnzt5vOi86g2IyLbxJJg.roa (raw, json)
Hash identifier:          FxxOKVYObUs5qx7plW8uqGq5eRqe/n59+oRNtsoCp/k=
Subject key identifier:   BD:12:95:F5:2D:8D:9F:3B:79:BC:E8:BC:EA:0D:88:C8:B6:F1:24:98
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0194FEA87E9A77145A535EAD653E7DEFDD3E
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vRKV9S2Nnzt5vOi86g2IyLbxJJg.roa
Signing time:             Thu 13 Feb 2025 09:34:02 +0000
ROA not before:           Thu 13 Feb 2025 09:34:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213908
IP address blocks:        194.62.52.0/24 maxlen: 24
                          194.62.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fe:a8:7e:9a:77:14:5a:53:5e:ad:65:3e:7d:ef:dd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Feb 13 09:34:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd1295f52d8d9f3b79bce8bcea0d88c8b6f12498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d6:17:0b:30:e7:26:3d:a8:b7:b3:f3:9d:1d:
                    3e:20:d7:3c:a0:22:42:18:77:fb:4c:78:f4:5f:a8:
                    f2:f9:a4:07:7d:3d:3a:7f:c0:06:99:46:d3:80:6f:
                    8d:28:f5:76:fe:fa:f5:3b:56:a3:da:9c:72:a0:9d:
                    a7:b0:a7:8d:2f:0f:00:f5:4b:a6:bc:01:26:03:f1:
                    0d:e6:70:d2:59:e3:98:33:56:0e:cc:fa:84:7c:bf:
                    af:d3:8e:18:69:99:55:4a:86:41:b9:69:cf:26:56:
                    37:1b:38:60:b9:4c:bf:13:9f:47:3e:e5:22:b5:f0:
                    d8:55:2f:f2:3c:df:84:76:a6:30:04:74:60:39:b2:
                    04:d5:90:c0:2c:4c:07:1e:bf:e0:85:19:1c:a3:20:
                    98:79:cf:3c:5e:c8:7d:ec:38:bc:f8:2b:9d:00:b7:
                    e1:5e:50:a3:25:8d:ac:7e:da:38:ba:70:ab:25:85:
                    d0:a7:37:d0:5c:a0:42:ba:5b:1b:f8:d2:2e:c4:bb:
                    87:0e:ae:aa:bc:d9:02:c6:00:7d:1e:a8:a5:18:c8:
                    64:18:35:7c:7f:b8:e2:b7:e7:bf:2d:72:e8:8e:50:
                    3e:de:36:4b:4a:82:19:e5:74:82:fd:1c:0d:a9:3f:
                    2a:a8:9b:5a:06:81:ba:f7:13:a8:25:a6:ee:99:71:
                    d4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:12:95:F5:2D:8D:9F:3B:79:BC:E8:BC:EA:0D:88:C8:B6:F1:24:98
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vRKV9S2Nnzt5vOi86g2IyLbxJJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:b3:45:30:2c:0e:98:76:a2:aa:a0:ba:c7:71:e5:75:41:68:
         dd:2c:46:08:4c:2e:bc:87:30:a7:aa:7e:a2:b7:6f:c0:28:bf:
         fc:0a:0a:1f:f9:5d:1e:c2:0a:ed:7b:06:79:5d:c8:60:da:d5:
         b0:02:bc:53:bf:cc:98:71:5a:0d:4e:34:86:2e:fc:63:67:50:
         cc:3c:a3:78:60:54:f1:83:55:e9:1e:b9:40:24:7b:ba:80:df:
         ee:54:4c:be:a2:f0:75:0d:b6:63:e6:99:9a:26:7d:8c:f8:6e:
         7a:4f:d9:0f:fb:68:74:4c:bd:fd:1b:66:a3:e2:1a:58:4f:e8:
         fb:a4:02:4f:6a:3c:fb:04:9d:8f:7a:2e:8e:c7:ed:99:67:55:
         5c:a9:cc:b5:d0:47:3f:1c:0f:9c:94:ca:5b:76:ca:9a:98:b4:
         9f:d0:c8:91:ef:23:69:fc:a1:00:25:7a:36:a9:43:11:6b:79:
         5b:3e:17:f7:02:d1:85:66:db:06:9c:4f:19:36:37:e1:02:de:
         8e:29:7c:b6:be:27:cd:8f:2c:1e:e5:28:55:02:52:5d:f4:af:
         ac:86:c0:39:c0:33:af:d3:6a:26:62:93:f8:51:8b:c0:1a:2f:
         34:39:e4:56:55:e4:9c:e6:8a:03:04:6e:a7:67:a9:ac:7a:3a:
         7c:15:cd:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT+qH6adxRaU16tZT59790+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMjEzMDkzNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDEyOTVmNTJkOGQ5ZjNiNzliY2U4YmNlYTBkODhjOGI2ZjEyNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NYXCzDnJj2ot7PznR0+INc8oCJC
GHf7THj0X6jy+aQHfT06f8AGmUbTgG+NKPV2/vr1O1aj2pxyoJ2nsKeNLw8A9Uum
vAEmA/EN5nDSWeOYM1YOzPqEfL+v044YaZlVSoZBuWnPJlY3GzhguUy/E59HPuUi
tfDYVS/yPN+EdqYwBHRgObIE1ZDALEwHHr/ghRkcoyCYec88Xsh97Di8+CudALfh
XlCjJY2sfto4unCrJYXQpzfQXKBCulsb+NIuxLuHDq6qvNkCxgB9HqilGMhkGDV8
f7jit+e/LXLojlA+3jZLSoIZ5XSC/RwNqT8qqJtaBoG69xOoJabumXHUowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0SlfUtjZ87ebzovOoNiMi28SSYMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdlJLVjlTMk5uenQ1dk9pODZnMkl5TGJ4SkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj40MA0G
CSqGSIb3DQEBCwUAA4IBAQCgs0UwLA6YdqKqoLrHceV1QWjdLEYITC68hzCnqn6i
t2/AKL/8Cgof+V0ewgrtewZ5Xchg2tWwArxTv8yYcVoNTjSGLvxjZ1DMPKN4YFTx
g1XpHrlAJHu6gN/uVEy+ovB1DbZj5pmaJn2M+G56T9kP+2h0TL39G2aj4hpYT+j7
pAJPajz7BJ2Pei6Ox+2ZZ1Vcqcy10Ec/HA+clMpbdsqamLSf0MiR7yNp/KEAJXo2
qUMRa3lbPhf3AtGFZtsGnE8ZNjfhAt6OKXy2vifNjywe5ShVAlJd9K+shsA5wDOv
02omYpP4UYvAGi80OeRWVeSc5ooDBG6nZ6msejp8Fc14
-----END CERTIFICATE-----