Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/jwVbXCDeR3nwYGAlm9xN2kpKmB4.roa
File:                     jwVbXCDeR3nwYGAlm9xN2kpKmB4.roa (raw, json)
Hash identifier:          iEdaGVrMnMYhG1JWXVQ6x37AXfcN4Z18G6WNOnmwP7U=
Subject key identifier:   8F:05:5B:5C:20:DE:47:79:F0:60:60:25:9B:DC:4D:DA:4A:4A:98:1E
Certificate issuer:       /CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
Certificate serial:       019425FDA0ED3F574EE9F1339328F2F7D067
Authority key identifier: F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/jwVbXCDeR3nwYGAlm9xN2kpKmB4.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41717
IP address blocks:        193.242.106.0/24 maxlen: 32
                          193.242.109.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a0:ed:3f:57:4e:e9:f1:33:93:28:f2:f7:d0:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b8bbb1e186a599d4cc058cabf4df0e252f31fa
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f055b5c20de4779f06060259bdc4dda4a4a981e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c0:b4:1f:e9:bd:36:71:df:ff:6c:91:a6:8d:
                    df:4e:62:94:39:c1:3f:ba:46:0e:9a:67:2e:8e:fc:
                    72:6b:a3:a9:94:1d:28:4e:2d:9a:a4:43:85:cb:46:
                    8f:5c:e8:c5:98:b1:c9:6c:a5:9e:c6:ac:43:ee:8d:
                    bb:0b:1e:e9:d2:a3:b9:7b:52:72:4f:15:53:a5:1f:
                    f6:c7:f6:12:c8:20:54:6f:7d:5e:e0:15:6e:71:87:
                    9b:77:6e:5d:57:51:83:a4:fd:26:0a:b4:52:1c:59:
                    e0:d2:16:79:42:d6:5e:c2:0f:51:19:c3:00:8a:cc:
                    9b:62:6f:a7:5e:74:d2:fc:82:d2:75:e8:79:d2:77:
                    95:0a:79:f0:c6:d3:88:cb:e8:4b:90:0a:6f:2a:56:
                    fb:4e:49:4e:33:00:36:7f:23:50:99:03:3f:20:79:
                    29:51:03:b6:7e:90:56:4e:9f:14:32:6d:65:62:4d:
                    6a:4b:0c:97:fc:3f:4b:28:c0:d9:4e:d0:c1:bb:97:
                    cc:18:2c:eb:11:06:9c:1a:a1:be:90:3d:5b:51:80:
                    bc:0d:51:1e:94:8f:88:09:91:40:92:48:65:16:3d:
                    27:03:b8:1b:20:59:19:dc:3f:e9:4c:fa:65:47:cc:
                    55:b1:2e:0e:90:d5:6d:f1:49:75:5c:ef:6b:e5:16:
                    79:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:05:5B:5C:20:DE:47:79:F0:60:60:25:9B:DC:4D:DA:4A:4A:98:1E
            X509v3 Authority Key Identifier:
                keyid:F1:B8:BB:B1:E1:86:A5:99:D4:CC:05:8C:AB:F4:DF:0E:25:2F:31:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bi7seGGpZnUzAWMq_TfDiUvMfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/jwVbXCDeR3nwYGAlm9xN2kpKmB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/321ea6-eff7-4514-ab2d-5b4b85fd5ae5/1/8bi7seGGpZnUzAWMq_TfDiUvMfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.106.0/24
                  193.242.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:77:89:96:a5:5b:e3:f9:86:59:f8:24:fb:bb:0c:45:5c:87:
         d0:34:fc:45:00:a1:c8:85:16:e7:d3:2b:67:1b:25:d3:3e:b1:
         1c:1a:b0:55:a2:55:bd:d9:da:8c:79:c1:ff:d6:13:62:ec:ed:
         eb:a9:2b:02:75:1a:1b:8c:28:e7:e1:a8:ae:be:45:67:74:74:
         9b:60:ea:6f:d2:8c:87:1b:78:02:bd:e6:0b:a3:18:1d:0e:fe:
         fc:2b:72:16:ba:73:35:c3:2b:54:b0:84:27:e4:f9:bb:3b:b1:
         75:7b:c3:3d:e9:0a:23:09:5d:08:2d:b5:dd:fa:32:1a:b5:3b:
         7f:ee:f4:cb:63:a3:f2:90:93:f4:f3:46:5a:b6:53:ac:89:85:
         0f:6c:9c:08:2e:88:c0:65:dc:a4:1a:2b:9b:ca:37:cb:49:f0:
         2c:58:14:01:78:92:cc:f0:31:e4:6e:43:bc:55:e5:60:f3:ca:
         7a:5e:03:5c:97:b1:64:12:6e:9a:64:39:8d:5f:e9:a3:62:e2:
         a6:00:23:16:55:e6:7d:47:5a:76:4b:29:28:54:98:a4:ac:3c:
         f1:05:37:3a:53:3b:4d:7e:43:a7:6f:63:9e:5f:d6:93:6f:a3:
         8f:35:1f:92:eb:23:41:a2:8e:b1:1d:67:3b:ed:24:e9:18:bc:
         0d:3c:88:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/aDtP1dO6fEzkyjy99BnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjhiYmIxZTE4NmE1OTlkNGNjMDU4Y2FiZjRkZjBlMjUy
ZjMxZmEwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA1NWI1YzIwZGU0Nzc5ZjA2MDYwMjU5YmRjNGRkYTRhNGE5ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMC0H+m9NnHf/2yRpo3fTmKUOcE/
ukYOmmcujvxya6OplB0oTi2apEOFy0aPXOjFmLHJbKWexqxD7o27Cx7p0qO5e1Jy
TxVTpR/2x/YSyCBUb31e4BVucYebd25dV1GDpP0mCrRSHFng0hZ5QtZewg9RGcMA
isybYm+nXnTS/ILSdeh50neVCnnwxtOIy+hLkApvKlb7TklOMwA2fyNQmQM/IHkp
UQO2fpBWTp8UMm1lYk1qSwyX/D9LKMDZTtDBu5fMGCzrEQacGqG+kD1bUYC8DVEe
lI+ICZFAkkhlFj0nA7gbIFkZ3D/pTPplR8xVsS4OkNVt8Ul1XO9r5RZ5BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8FW1wg3kd58GBgJZvcTdpKSpgeMB8GA1UdIwQY
MBaAFPG4u7HhhqWZ1MwFjKv03w4lLzH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQt
NWI0Yjg1ZmQ1YWU1LzEvandWYlhDRGVSM253WUdBbG05eE4ya3BLbUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjFlYTYtZWZmNy00NTE0LWFiMmQtNWI0Yjg1ZmQ1YWU1
LzEvOGJpN3NlR0dwWm5VekFXTXFfVGZEaVV2TWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwfJqAwQA
wfJtMA0GCSqGSIb3DQEBCwUAA4IBAQAtd4mWpVvj+YZZ+CT7uwxFXIfQNPxFAKHI
hRbn0ytnGyXTPrEcGrBVolW92dqMecH/1hNi7O3rqSsCdRobjCjn4aiuvkVndHSb
YOpv0oyHG3gCveYLoxgdDv78K3IWunM1wytUsIQn5Pm7O7F1e8M96QojCV0ILbXd
+jIatTt/7vTLY6PykJP080ZatlOsiYUPbJwILojAZdykGiubyjfLSfAsWBQBeJLM
8DHkbkO8VeVg88p6XgNcl7FkEm6aZDmNX+mjYuKmACMWVeZ9R1p2SykoVJikrDzx
BTc6UztNfkOnb2OeX9aTb6OPNR+S6yNBoo6xHWc77STpGLwNPIgL
-----END CERTIFICATE-----