Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/xEFI5TUoJPkPGru9eK_bFADIqmo.roa
File:                     xEFI5TUoJPkPGru9eK_bFADIqmo.roa (raw, json)
Hash identifier:          ONQrKtmOYMFWmsi1+QqvJdtUGVKG6dvN6OyZrpU+cxY=
Subject key identifier:   C4:41:48:E5:35:28:24:F9:0F:1A:BB:BD:78:AF:DB:14:00:C8:AA:6A
Certificate issuer:       /CN=435e41960d590e99804e90b9af0365584c712c72
Certificate serial:       0191FE4EE4A11D4F3E7FE289322E9917435D
Authority key identifier: 43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/xEFI5TUoJPkPGru9eK_bFADIqmo.roa
Signing time:             Tue 17 Sep 2024 04:47:48 +0000
ROA not before:           Tue 17 Sep 2024 04:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204686
IP address blocks:        185.196.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fe:4e:e4:a1:1d:4f:3e:7f:e2:89:32:2e:99:17:43:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435e41960d590e99804e90b9af0365584c712c72
        Validity
            Not Before: Sep 17 04:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44148e5352824f90f1abbbd78afdb1400c8aa6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:72:18:11:fd:6a:ab:1f:d0:79:56:08:77:ca:
                    88:b3:c0:f7:11:34:84:0d:83:21:29:d4:1b:c9:72:
                    0a:e1:ed:0d:9c:1e:34:bc:28:57:bb:f2:5d:6b:72:
                    58:a6:43:76:f3:ad:57:e9:13:9a:fd:70:bb:d3:10:
                    8c:53:48:cd:74:ed:84:f7:aa:ee:51:2f:67:f3:7a:
                    e7:16:f7:56:39:65:6d:e6:ad:85:26:43:86:79:7c:
                    8b:5c:70:ca:f6:b7:33:6f:14:dd:9f:f1:f9:32:fc:
                    0a:be:69:19:1c:58:6f:b2:b0:94:2a:93:b9:21:4d:
                    d4:ec:aa:06:62:30:35:d4:9c:9d:4b:a1:cf:41:72:
                    f4:19:85:02:b6:0c:b9:b6:98:b7:00:3e:b6:e9:15:
                    50:89:be:4e:f6:95:8c:19:03:97:15:9f:f0:cc:00:
                    88:5b:fb:0f:12:21:b2:02:c2:68:80:23:86:c0:3f:
                    71:3b:94:e1:28:af:17:5b:ae:99:6d:38:73:d9:62:
                    b1:14:9c:97:6e:b7:f8:87:c1:4a:8e:19:4f:41:cb:
                    ba:95:ea:14:ec:dd:7b:57:bc:25:f0:5f:b2:c4:cc:
                    a1:4d:28:d9:16:8e:8b:6f:7a:f1:51:ca:da:cd:fe:
                    52:b5:05:f3:ba:9e:00:f4:c7:ff:48:ed:d0:41:c6:
                    78:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:41:48:E5:35:28:24:F9:0F:1A:BB:BD:78:AF:DB:14:00:C8:AA:6A
            X509v3 Authority Key Identifier:
                keyid:43:5E:41:96:0D:59:0E:99:80:4E:90:B9:AF:03:65:58:4C:71:2C:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q15Blg1ZDpmATpC5rwNlWExxLHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/xEFI5TUoJPkPGru9eK_bFADIqmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7e2f28-5cae-4e6f-a5f0-01bb5fd534f5/1/Q15Blg1ZDpmATpC5rwNlWExxLHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4a:88:eb:98:9b:c1:69:50:49:11:2c:81:cf:a4:b2:28:e1:
         bc:1a:a5:72:7d:a5:2a:82:f7:aa:00:da:06:12:04:83:7f:38:
         02:2d:de:fe:f9:a9:d5:88:1a:13:64:93:62:5f:6e:9b:08:5d:
         88:fb:4d:32:89:6d:b3:b7:a5:c5:68:f2:e1:bb:72:67:83:8d:
         04:04:e9:07:f4:fc:cb:f9:fe:87:93:ce:9b:c7:08:e1:96:ad:
         6d:56:60:4a:fd:20:16:ae:af:95:de:aa:12:8f:86:4f:de:2f:
         8c:4b:77:75:ec:2b:52:cb:67:d6:3e:6c:c6:09:9b:86:db:21:
         95:3e:36:7f:c4:2d:4f:f5:18:c8:80:a3:db:45:a5:99:95:88:
         14:8a:d1:9d:e8:75:2c:ed:1a:91:7b:bb:5b:16:cf:51:40:ab:
         f2:b7:74:f8:9f:ee:3d:80:53:04:74:13:e7:16:69:8f:7d:58:
         50:b8:45:27:9f:b0:01:32:cb:f1:b6:a2:d3:63:46:39:52:00:
         6d:e1:a5:82:f4:0c:b4:50:9f:ff:ff:8c:a2:aa:02:30:79:3b:
         96:68:56:53:17:34:57:bb:60:04:54:ea:8d:a9:cb:5f:c7:b1:
         2d:98:6f:99:b2:0e:59:57:2f:e8:b3:af:40:2f:b2:dc:c9:83:
         e4:7f:50:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH+TuShHU8+f+KJMi6ZF0NdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNWU0MTk2MGQ1OTBlOTk4MDRlOTBiOWFmMDM2NTU4NGM3
MTJjNzIwHhcNMjQwOTE3MDQ0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQxNDhlNTM1MjgyNGY5MGYxYWJiYmQ3OGFmZGIxNDAwYzhhYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03IYEf1qqx/QeVYId8qIs8D3ETSE
DYMhKdQbyXIK4e0NnB40vChXu/Jda3JYpkN2861X6ROa/XC70xCMU0jNdO2E96ru
US9n83rnFvdWOWVt5q2FJkOGeXyLXHDK9rczbxTdn/H5MvwKvmkZHFhvsrCUKpO5
IU3U7KoGYjA11JydS6HPQXL0GYUCtgy5tpi3AD626RVQib5O9pWMGQOXFZ/wzACI
W/sPEiGyAsJogCOGwD9xO5ThKK8XW66ZbThz2WKxFJyXbrf4h8FKjhlPQcu6leoU
7N17V7wl8F+yxMyhTSjZFo6Lb3rxUcrazf5StQXzup4A9Mf/SO3QQcZ4WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRBSOU1KCT5Dxq7vXiv2xQAyKpqMB8GA1UdIwQY
MBaAFENeQZYNWQ6ZgE6Qua8DZVhMcSxyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAt
MDFiYjVmZDUzNGY1LzEveEVGSTVUVW9KUGtQR3J1OWVLX2JGQURJcW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZTJmMjgtNWNhZS00ZTZmLWE1ZjAtMDFiYjVmZDUzNGY1
LzEvUTE1QmxnMVpEcG1BVHBDNXJ3TmxXRXh4TEhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucSWMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SojrmJvBaVBJESyBz6SyKOG8GqVyfaUqgveqANoG
EgSDfzgCLd7++anViBoTZJNiX26bCF2I+00yiW2zt6XFaPLhu3Jng40EBOkH9PzL
+f6Hk86bxwjhlq1tVmBK/SAWrq+V3qoSj4ZP3i+MS3d17CtSy2fWPmzGCZuG2yGV
PjZ/xC1P9RjIgKPbRaWZlYgUitGd6HUs7RqRe7tbFs9RQKvyt3T4n+49gFMEdBPn
FmmPfVhQuEUnn7ABMsvxtqLTY0Y5UgBt4aWC9Ay0UJ///4yiqgIweTuWaFZTFzRX
u2AEVOqNqctfx7EtmG+Zsg5ZVy/os69AL7LcyYPkf1CI
-----END CERTIFICATE-----