Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/vnYIdpkDdS6bRMveVXglLZHbY50.roa
File:                     vnYIdpkDdS6bRMveVXglLZHbY50.roa (raw, json)
Hash identifier:          RbsMHBbR5PlZx+oytvnpiwybpf9Mt1fYmOVDql1MbsE=
Subject key identifier:   BE:76:08:76:99:03:75:2E:9B:44:CB:DE:55:78:25:2D:91:DB:63:9D
Certificate issuer:       /CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
Certificate serial:       0194228E0A03BFECC6D0C3FFA0842E3E9A73
Authority key identifier: 2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/vnYIdpkDdS6bRMveVXglLZHbY50.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        194.174.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0a:03:bf:ec:c6:d0:c3:ff:a0:84:2e:3e:9a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d58b6be9c6c033b3b126f277d02bc054499fcfb
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be7608769903752e9b44cbde5578252d91db639d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:d0:24:f2:ec:9f:48:0e:fe:7b:83:ad:a2:
                    47:95:18:8b:8c:12:0d:97:a4:80:a9:27:b4:ec:29:
                    87:f0:69:a4:85:96:34:82:00:a6:95:54:4d:2c:74:
                    6a:e2:dd:0d:96:50:a5:81:1b:af:27:4d:89:15:5c:
                    dc:74:e3:ed:83:cf:1e:3d:2b:2d:bc:24:8f:98:a8:
                    6c:c8:d3:ac:a6:a7:a6:2b:66:56:61:7f:85:bb:85:
                    2a:22:2c:b9:bb:ae:b7:ed:38:73:0d:47:e9:07:c3:
                    e2:ae:44:33:d2:35:88:01:f8:71:ae:64:4a:68:73:
                    94:7d:08:80:75:93:85:e6:7c:14:bb:ba:67:a7:37:
                    4f:9e:41:6b:ad:f3:d8:7d:ff:fe:1f:d3:c8:71:68:
                    69:7a:a4:3b:72:b1:81:26:42:ed:47:15:62:52:a1:
                    96:35:77:b8:0f:c7:a5:4b:9f:44:6e:ed:ba:2f:24:
                    78:3d:df:a8:15:db:54:1e:f9:10:2e:f0:28:0d:4f:
                    d9:ee:65:56:0a:be:2a:f3:14:b5:85:87:20:3f:bf:
                    b4:b5:30:12:c0:b3:23:b5:7c:a9:ab:8f:3e:84:4c:
                    d9:07:05:08:1e:81:46:b7:67:5b:24:76:92:20:8c:
                    f9:21:cd:65:b2:72:22:e2:31:69:9c:81:39:7e:bf:
                    6b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:76:08:76:99:03:75:2E:9B:44:CB:DE:55:78:25:2D:91:DB:63:9D
            X509v3 Authority Key Identifier:
                keyid:2D:58:B6:BE:9C:6C:03:3B:3B:12:6F:27:7D:02:BC:05:44:99:FC:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/vnYIdpkDdS6bRMveVXglLZHbY50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3798d2-28f2-4b18-a17c-cb86db350931/1/LVi2vpxsAzs7Em8nfQK8BUSZ_Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.174.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:12:90:87:25:b1:b2:29:c1:33:27:87:9a:54:6a:fc:56:64:
         8f:ed:08:49:b1:85:ba:3a:8f:5e:b0:50:fc:67:fb:a5:51:46:
         59:5b:52:3f:f4:fa:60:76:d8:b9:a8:15:cc:c4:44:97:91:d2:
         ee:98:a4:f2:2c:a9:a8:24:7d:c1:50:93:81:ac:29:f4:8e:79:
         08:bd:d8:e7:aa:1c:98:98:3e:91:cd:cd:48:76:6f:cd:42:62:
         80:ba:03:f4:24:ef:37:f1:b0:ae:52:4b:d7:56:1d:2c:6a:db:
         0e:0b:f2:6e:27:26:92:31:dc:8a:0f:bc:18:fb:9b:0e:fa:51:
         eb:0e:62:19:f8:e3:c7:10:14:31:b9:66:44:90:d4:ac:cf:e9:
         24:48:85:43:e4:d1:62:8c:8f:cb:ba:b9:16:ee:11:7e:68:50:
         f2:c1:eb:91:78:a5:3c:d0:2b:a4:ee:9b:2a:7e:2a:04:94:e0:
         ca:dc:77:03:6d:78:2f:4a:cf:d4:7f:46:3a:32:10:b1:f4:f5:
         06:69:d0:e8:0c:67:64:12:50:87:75:8b:be:e4:7f:94:00:0f:
         38:0f:58:9e:08:04:8d:b5:aa:1b:74:a9:59:3f:ff:a2:7d:a5:
         10:8d:88:e1:48:4b:11:01:3e:89:b5:85:46:48:a5:bc:69:f4:
         91:2e:4f:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgoDv+zG0MP/oIQuPppzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNThiNmJlOWM2YzAzM2IzYjEyNmYyNzdkMDJiYzA1NDQ5
OWZjZmIwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTc2MDg3Njk5MDM3NTJlOWI0NGNiZGU1NTc4MjUyZDkxZGI2MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDXQJPLsn0gO/nuDraJHlRiLjBIN
l6SAqSe07CmH8GmkhZY0ggCmlVRNLHRq4t0NllClgRuvJ02JFVzcdOPtg88ePSst
vCSPmKhsyNOspqemK2ZWYX+Fu4UqIiy5u6637ThzDUfpB8PirkQz0jWIAfhxrmRK
aHOUfQiAdZOF5nwUu7pnpzdPnkFrrfPYff/+H9PIcWhpeqQ7crGBJkLtRxViUqGW
NXe4D8elS59Ebu26LyR4Pd+oFdtUHvkQLvAoDU/Z7mVWCr4q8xS1hYcgP7+0tTAS
wLMjtXypq48+hEzZBwUIHoFGt2dbJHaSIIz5Ic1lsnIi4jFpnIE5fr9r/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL52CHaZA3Uum0TL3lV4JS2R22OdMB8GA1UdIwQY
MBaAFC1Ytr6cbAM7OxJvJ30CvAVEmfz7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2Mt
Y2I4NmRiMzUwOTMxLzEvdm5ZSWRwa0RkUzZiUk12ZVZYZ2xMWkhiWTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zNzk4ZDItMjhmMi00YjE4LWExN2MtY2I4NmRiMzUwOTMx
LzEvTFZpMnZweHNBenM3RW04bmZRSzhCVVNaX1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwq4LMA0G
CSqGSIb3DQEBCwUAA4IBAQAWEpCHJbGyKcEzJ4eaVGr8VmSP7QhJsYW6Oo9esFD8
Z/ulUUZZW1I/9Ppgdti5qBXMxESXkdLumKTyLKmoJH3BUJOBrCn0jnkIvdjnqhyY
mD6Rzc1Idm/NQmKAugP0JO838bCuUkvXVh0satsOC/JuJyaSMdyKD7wY+5sO+lHr
DmIZ+OPHEBQxuWZEkNSsz+kkSIVD5NFijI/LurkW7hF+aFDyweuReKU80Cuk7psq
fioElODK3HcDbXgvSs/Uf0Y6MhCx9PUGadDoDGdkElCHdYu+5H+UAA84D1ieCASN
taobdKlZP/+ifaUQjYjhSEsRAT6JtYVGSKW8afSRLk+J
-----END CERTIFICATE-----