Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/CWinuPyhpx9dz9dUy6hm9U-hSH0.roa
File:                     CWinuPyhpx9dz9dUy6hm9U-hSH0.roa (raw, json)
Hash identifier:          kzRVIrmXy5CpUKL1SvqWwqKDXVmBwcHxugVImN5DgH0=
Subject key identifier:   09:68:A7:B8:FC:A1:A7:1F:5D:CF:D7:54:CB:A8:66:F5:4F:A1:48:7D
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       0194266BE159900B48BB77324C87A11E7D58
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/CWinuPyhpx9dz9dUy6hm9U-hSH0.roa
Signing time:             Thu 02 Jan 2025 09:49:51 +0000
ROA not before:           Thu 02 Jan 2025 09:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        194.99.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e1:59:90:0b:48:bb:77:32:4c:87:a1:1e:7d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  2 09:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0968a7b8fca1a71f5dcfd754cba866f54fa1487d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b3:56:a6:20:cf:db:c3:a2:d5:ef:a2:f2:52:
                    c0:d1:af:63:f5:04:92:1c:a4:a7:a8:2a:d0:b3:b0:
                    38:4e:74:61:c8:e7:2e:70:05:ab:cb:60:6b:b1:2d:
                    04:90:de:f0:51:a0:d5:21:e2:cd:34:2e:d0:8c:62:
                    c0:a8:60:27:36:e7:53:7b:2c:7a:d7:2e:1e:b6:fc:
                    4c:5a:5a:af:43:b2:12:3c:03:0e:ba:0c:5f:8e:2b:
                    34:1c:32:df:8f:24:41:32:a6:57:0e:16:a5:c1:72:
                    e7:c3:b4:54:78:8d:ca:3d:7a:78:29:9a:51:8c:1d:
                    f6:04:a1:84:15:71:74:0c:8a:88:49:ee:f4:4a:7c:
                    d7:a9:57:5f:ae:74:c5:84:1b:06:57:7a:4b:4c:ed:
                    d1:a1:35:4f:35:6b:2c:cf:4d:ff:d7:38:12:0b:a0:
                    e0:02:6e:a8:0a:89:bf:78:00:e2:f4:ec:73:36:3d:
                    cf:a2:96:af:f1:5b:ac:fe:bc:6f:3c:dc:73:78:09:
                    ec:72:b5:1d:6d:62:b6:d5:a3:b4:ac:73:15:d8:3d:
                    6c:27:41:e7:f4:ff:72:90:fe:dc:60:43:75:c3:c4:
                    49:16:4f:08:df:02:a4:b0:45:15:36:09:ca:e4:ea:
                    c6:08:76:0c:51:92:15:5c:4e:6b:09:f3:2e:db:ee:
                    48:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:68:A7:B8:FC:A1:A7:1F:5D:CF:D7:54:CB:A8:66:F5:4F:A1:48:7D
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/CWinuPyhpx9dz9dUy6hm9U-hSH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:17:2e:ac:3a:fd:9a:c3:62:a0:a1:1c:39:e0:ca:15:bf:ee:
         aa:1b:1b:8e:87:af:10:cd:a4:6a:cf:c3:91:f8:1a:e8:0e:26:
         a8:00:5f:f1:de:2e:48:64:b0:81:bd:14:22:18:dd:76:ec:c3:
         d2:56:bb:da:56:35:46:13:c7:20:23:09:c6:9e:aa:a2:66:73:
         80:cb:1a:61:6b:e4:eb:7d:41:15:bd:e6:92:5a:91:94:aa:38:
         88:f0:da:fb:7d:76:ed:a8:32:0c:f8:38:71:28:65:2f:b1:79:
         e9:b5:5b:9b:98:a7:ca:fa:75:b9:65:db:27:31:7e:22:d3:a9:
         e5:b1:96:d0:28:dc:b0:9b:52:1f:57:cd:4e:72:15:19:55:b4:
         22:16:bc:67:20:02:9d:ac:0c:03:9c:86:6a:51:22:a2:f2:ab:
         34:c8:aa:53:a2:1e:8a:a4:5c:2f:83:0d:46:b1:19:cd:9a:db:
         09:00:5c:cc:df:1f:fa:a9:44:ef:5b:0e:1e:3b:5a:c5:d6:71:
         5d:b9:3a:a1:18:8a:06:a5:91:1b:54:66:c4:20:54:2e:ea:78:
         21:30:01:ce:c2:26:0a:e3:f0:17:87:66:16:a6:cc:de:6d:76:
         f8:a5:86:aa:f3:ec:23:d8:e3:09:b6:2f:38:fd:20:c2:fd:1d:
         1c:68:d6:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+FZkAtIu3cyTIehHn1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGNlM2YzYzVlNWEyZjlkOGI4YTRjNzdhODM2MWY4YTIx
NmYzYWQwHhcNMjUwMTAyMDk0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY4YTdiOGZjYTFhNzFmNWRjZmQ3NTRjYmE4NjZmNTRmYTE0ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LNWpiDP28Oi1e+i8lLA0a9j9QSS
HKSnqCrQs7A4TnRhyOcucAWry2BrsS0EkN7wUaDVIeLNNC7QjGLAqGAnNudTeyx6
1y4etvxMWlqvQ7ISPAMOugxfjis0HDLfjyRBMqZXDhalwXLnw7RUeI3KPXp4KZpR
jB32BKGEFXF0DIqISe70SnzXqVdfrnTFhBsGV3pLTO3RoTVPNWssz03/1zgSC6Dg
Am6oCom/eADi9OxzNj3Popav8Vus/rxvPNxzeAnscrUdbWK21aO0rHMV2D1sJ0Hn
9P9ykP7cYEN1w8RJFk8I3wKksEUVNgnK5OrGCHYMUZIVXE5rCfMu2+5IMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlop7j8oacfXc/XVMuoZvVPoUh9MB8GA1UdIwQY
MBaAFLdM4/PF5aL52Likx3qDYfiiFvOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAt
NWViZGQ5ZTI4ODdjLzEvQ1dpbnVQeWhweDlkejlkVXk2aG05VS1oU0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAtNWViZGQ5ZTI4ODdj
LzEvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNgMA0G
CSqGSIb3DQEBCwUAA4IBAQCPFy6sOv2aw2KgoRw54MoVv+6qGxuOh68QzaRqz8OR
+BroDiaoAF/x3i5IZLCBvRQiGN127MPSVrvaVjVGE8cgIwnGnqqiZnOAyxpha+Tr
fUEVveaSWpGUqjiI8Nr7fXbtqDIM+DhxKGUvsXnptVubmKfK+nW5ZdsnMX4i06nl
sZbQKNywm1IfV81OchUZVbQiFrxnIAKdrAwDnIZqUSKi8qs0yKpToh6KpFwvgw1G
sRnNmtsJAFzM3x/6qUTvWw4eO1rF1nFduTqhGIoGpZEbVGbEIFQu6nghMAHOwiYK
4/AXh2YWpszebXb4pYaq8+wj2OMJti84/SDC/R0caNZv
-----END CERTIFICATE-----