Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/X8C31I22e7AIAIjXdr_l8xIku6c.roa
File:                     X8C31I22e7AIAIjXdr_l8xIku6c.roa (raw, json)
Hash identifier:          7Qhdi1NeFgvJPaxWBB0us3PX5KoyYrtl9JfPmMsmHRs=
Subject key identifier:   5F:C0:B7:D4:8D:B6:7B:B0:08:00:88:D7:76:BF:E5:F3:12:24:BB:A7
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019426D8E967D52222D40EF03CB9E1E9792E
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/X8C31I22e7AIAIjXdr_l8xIku6c.roa
Signing time:             Thu 02 Jan 2025 11:48:57 +0000
ROA not before:           Thu 02 Jan 2025 11:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13132
IP address blocks:        153.96.251.0/24 maxlen: 24
                          153.96.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:e9:67:d5:22:22:d4:0e:f0:3c:b9:e1:e9:79:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 11:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc0b7d48db67bb0080088d776bfe5f31224bba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:56:f1:ce:b8:03:c9:8f:62:7d:66:51:45:07:
                    2e:bd:27:31:f5:d9:d6:71:9c:2b:26:9f:03:92:c4:
                    52:f9:2d:cb:83:27:48:1f:e2:5d:c1:f6:ab:db:af:
                    17:d9:93:48:31:e2:e2:29:35:d7:0c:7c:94:e2:b6:
                    69:df:8a:1b:cb:f5:3a:87:0b:4f:c6:99:3d:e8:37:
                    6c:87:89:77:d2:6d:68:96:21:c9:98:14:76:a7:28:
                    17:09:f5:f8:30:f9:c7:df:71:47:01:7b:cd:61:d1:
                    ad:6a:bc:12:b1:a9:93:33:45:11:a4:40:9f:59:a1:
                    ac:75:af:d9:4e:fd:3c:b3:72:bf:55:57:13:53:3e:
                    e3:72:8d:a0:f8:e2:ad:75:6e:3a:07:36:78:c8:bf:
                    6d:d5:38:b8:fb:11:d5:be:7e:61:8d:7a:95:4b:46:
                    d6:99:3d:75:d8:e5:c5:11:a4:c9:fc:4e:4e:09:41:
                    6f:2f:6d:f6:4c:9e:61:a2:40:b1:63:ee:73:e3:56:
                    e9:03:0c:eb:54:df:f6:bd:56:81:0e:a1:88:22:32:
                    0b:d1:9b:79:83:66:3b:e2:ab:00:f2:0b:b8:1f:4a:
                    19:bd:1b:92:50:1a:ae:d0:fa:bd:d7:5e:89:b0:83:
                    63:c5:f1:49:d3:27:32:bd:5d:13:9a:af:2a:c7:8c:
                    15:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C0:B7:D4:8D:B6:7B:B0:08:00:88:D7:76:BF:E5:F3:12:24:BB:A7
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/X8C31I22e7AIAIjXdr_l8xIku6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.251.0-153.96.252.255

    Signature Algorithm: sha256WithRSAEncryption
         79:76:70:57:74:ac:6e:30:f2:c5:f0:8e:7b:bb:cb:2b:56:37:
         84:93:a3:ef:0b:e7:8b:43:49:7f:72:4d:37:5d:68:1a:a0:66:
         0a:03:55:76:3a:13:6d:09:9c:46:ad:c9:f1:03:84:a1:8f:37:
         eb:05:ac:54:7f:4a:70:15:cc:ad:fd:35:b0:d7:63:c8:07:7d:
         a5:27:08:d2:f1:8d:af:16:93:6f:44:6b:e7:5a:e4:01:b0:11:
         6e:eb:16:2f:ee:25:08:c3:81:f7:ac:e0:55:59:3d:8c:7a:61:
         fd:e1:46:c4:c8:bc:13:55:2a:42:60:b4:93:b8:85:83:46:a6:
         6e:fc:71:3f:40:e0:9a:fc:5f:b3:ee:38:bb:52:26:72:2e:75:
         99:b4:2a:f0:a2:7d:ce:b1:17:b3:b7:fb:3d:43:d1:c7:36:e6:
         d7:08:a8:2f:12:3f:7d:fb:90:6c:6f:51:20:f6:89:cf:5e:fe:
         e9:3c:ef:3d:5a:63:de:93:4c:fb:31:36:28:0b:d6:e8:a3:8a:
         fe:df:17:c7:ee:9d:19:d9:f7:bd:a0:c7:4d:5e:28:fd:8d:26:
         a0:7b:de:dd:b5:86:28:49:ab:55:bc:11:9d:95:05:66:6e:de:
         eb:e0:a3:8e:f5:aa:55:f6:a2:5c:c1:66:80:31:9e:06:83:68:
         0b:30:b7:81
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQm2Oln1SIi1A7wPLnh6XkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjUwMTAyMTE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMwYjdkNDhkYjY3YmIwMDgwMDg4ZDc3NmJmZTVmMzEyMjRiYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VbxzrgDyY9ifWZRRQcuvScx9dnW
cZwrJp8DksRS+S3LgydIH+Jdwfar268X2ZNIMeLiKTXXDHyU4rZp34oby/U6hwtP
xpk96Ddsh4l30m1oliHJmBR2pygXCfX4MPnH33FHAXvNYdGtarwSsamTM0URpECf
WaGsda/ZTv08s3K/VVcTUz7jco2g+OKtdW46BzZ4yL9t1Ti4+xHVvn5hjXqVS0bW
mT112OXFEaTJ/E5OCUFvL232TJ5hokCxY+5z41bpAwzrVN/2vVaBDqGIIjIL0Zt5
g2Y74qsA8gu4H0oZvRuSUBqu0Pq9116JsINjxfFJ0ycyvV0Tmq8qx4wVkwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF/At9SNtnuwCACI13a/5fMSJLunMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvWDhDMzFJMjJlN0FJQUlqWGRyX2w4eElrdTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACZYPsD
BACZYPwwDQYJKoZIhvcNAQELBQADggEBAHl2cFd0rG4w8sXwjnu7yytWN4STo+8L
54tDSX9yTTddaBqgZgoDVXY6E20JnEatyfEDhKGPN+sFrFR/SnAVzK39NbDXY8gH
faUnCNLxja8Wk29Ea+da5AGwEW7rFi/uJQjDgfes4FVZPYx6Yf3hRsTIvBNVKkJg
tJO4hYNGpm78cT9A4Jr8X7PuOLtSJnIudZm0KvCifc6xF7O3+z1D0cc25tcIqC8S
P337kGxvUSD2ic9e/uk87z1aY96TTPsxNigL1uijiv7fF8funRnZ972gx01eKP2N
JqB73t21hihJq1W8EZ2VBWZu3uvgo471qlX2olzBZoAxngaDaAswt4E=
-----END CERTIFICATE-----