Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jIfoMhT2Fw5KN5QTxKy_59TapUA.roa
File:                     jIfoMhT2Fw5KN5QTxKy_59TapUA.roa (raw, json)
Hash identifier:          3+G/bBr8L/0IOjg8ZDZTC94WXpGJBSDkyWYGC/U0/hg=
Subject key identifier:   8C:87:E8:32:14:F6:17:0E:4A:37:94:13:C4:AC:BF:E7:D4:DA:A5:40
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019424B3C91833DDC1CE1AC0F766A58D4B4E
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jIfoMhT2Fw5KN5QTxKy_59TapUA.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50635
IP address blocks:        217.113.10.0/23 maxlen: 23
                          217.113.10.0/24 maxlen: 24
                          217.113.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c9:18:33:dd:c1:ce:1a:c0:f7:66:a5:8d:4b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c87e83214f6170e4a379413c4acbfe7d4daa540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6f:1b:5e:c0:73:7c:ba:bd:78:e2:b6:9c:a2:
                    09:a9:0c:ff:50:95:3b:8b:80:cc:58:ac:b8:7a:8d:
                    10:83:16:2a:17:22:4f:1a:4a:1d:11:78:fb:cd:08:
                    61:b5:c1:ed:b9:be:a9:42:d3:3c:e1:c9:68:f3:ed:
                    87:b7:bb:41:67:72:b0:d7:7e:7b:98:e8:22:b2:6a:
                    bb:57:2c:74:2a:fb:51:69:22:70:f1:f0:56:54:9c:
                    0c:f2:54:84:8f:e1:d2:4c:9b:65:5e:3b:84:5d:20:
                    1c:81:9e:4d:76:81:89:8b:01:1f:d9:bd:82:35:08:
                    a0:bd:67:20:91:06:ca:d0:70:01:ba:ed:b5:1e:6a:
                    1e:9a:52:13:7b:8d:d0:ba:b6:aa:f3:95:37:8e:7c:
                    c4:2c:95:2d:67:b9:d4:ea:d7:cb:3e:4b:86:8c:47:
                    bd:b7:0b:53:68:2a:7a:db:c7:8f:a5:94:94:8c:af:
                    1c:bb:97:49:5c:c5:91:e7:6c:7c:4b:67:a0:91:27:
                    4c:05:a5:6a:74:82:65:55:30:43:98:f3:5b:e5:d7:
                    37:5f:dd:45:31:1a:db:36:70:90:0b:0c:ed:11:26:
                    3d:b9:da:55:fd:31:ef:b6:1e:36:55:bd:bb:f9:37:
                    c3:d0:7c:4c:68:ea:fe:33:94:32:da:7f:95:a5:43:
                    46:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:87:E8:32:14:F6:17:0E:4A:37:94:13:C4:AC:BF:E7:D4:DA:A5:40
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/jIfoMhT2Fw5KN5QTxKy_59TapUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:a1:ab:b5:bb:59:38:e3:34:fc:d1:b1:f9:19:0b:0b:5e:95:
         70:74:fd:29:ec:3e:b7:30:ee:94:17:64:95:85:1f:74:91:84:
         3a:67:bf:fa:c9:f6:7d:87:b1:bb:bd:fe:df:f4:8e:10:cb:53:
         e8:80:aa:ad:e3:61:08:63:b2:35:e6:bc:a5:82:37:45:05:4e:
         67:31:ee:24:ef:2d:cc:99:d1:8e:d1:3f:60:9b:20:7c:85:de:
         06:f5:52:f6:d4:54:be:84:10:15:fc:3c:c6:db:70:e1:73:79:
         d8:4a:d3:2b:e8:fb:4a:88:40:40:12:8c:62:ab:96:39:4a:eb:
         2f:4b:e2:da:4e:86:dd:0b:0c:0f:9e:59:0c:d2:df:49:14:7b:
         a3:2e:27:44:c8:05:46:46:86:30:3f:da:4f:63:bf:2c:bf:2c:
         b0:d4:24:e8:0b:81:b7:fb:3f:68:e3:ea:48:c9:1d:26:26:22:
         82:93:3f:2a:da:5d:78:92:af:31:c5:ff:d2:b7:29:50:76:3b:
         3e:66:a8:e6:59:b4:ac:eb:3c:e9:81:e3:96:ee:34:d9:92:b1:
         2c:d6:a0:b6:b5:76:37:47:25:a6:37:87:20:42:fb:d3:8d:b5:
         ab:08:79:17:96:9b:04:db:8b:94:cc:9c:a4:3b:46:3c:52:2d:
         d9:68:80:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8kYM93BzhrA92aljUtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzg3ZTgzMjE0ZjYxNzBlNGEzNzk0MTNjNGFjYmZlN2Q0ZGFhNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsW8bXsBzfLq9eOK2nKIJqQz/UJU7
i4DMWKy4eo0QgxYqFyJPGkodEXj7zQhhtcHtub6pQtM84clo8+2Ht7tBZ3Kw1357
mOgismq7Vyx0KvtRaSJw8fBWVJwM8lSEj+HSTJtlXjuEXSAcgZ5NdoGJiwEf2b2C
NQigvWcgkQbK0HABuu21HmoemlITe43Quraq85U3jnzELJUtZ7nU6tfLPkuGjEe9
twtTaCp628ePpZSUjK8cu5dJXMWR52x8S2egkSdMBaVqdIJlVTBDmPNb5dc3X91F
MRrbNnCQCwztESY9udpV/THvth42Vb27+TfD0HxMaOr+M5Qy2n+VpUNGfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyH6DIU9hcOSjeUE8Ssv+fU2qVAMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvaklmb01oVDJGdzVLTjVRVHhLeV81OVRhcFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2XEKMA0G
CSqGSIb3DQEBCwUAA4IBAQBJoau1u1k44zT80bH5GQsLXpVwdP0p7D63MO6UF2SV
hR90kYQ6Z7/6yfZ9h7G7vf7f9I4Qy1PogKqt42EIY7I15rylgjdFBU5nMe4k7y3M
mdGO0T9gmyB8hd4G9VL21FS+hBAV/DzG23Dhc3nYStMr6PtKiEBAEoxiq5Y5Susv
S+LaTobdCwwPnlkM0t9JFHujLidEyAVGRoYwP9pPY78svyyw1CToC4G3+z9o4+pI
yR0mJiKCkz8q2l14kq8xxf/StylQdjs+ZqjmWbSs6zzpgeOW7jTZkrEs1qC2tXY3
RyWmN4cgQvvTjbWrCHkXlpsE24uUzJykO0Y8Ui3ZaIBC
-----END CERTIFICATE-----