Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/mZO8S467jgcFzt406x0GmuRgZrg.roa
File:                     mZO8S467jgcFzt406x0GmuRgZrg.roa (raw, json)
Hash identifier:          LBo6nvo9ZS8C5pN/ZxvETZsZeRn1wNqdsDaMcfQFY7I=
Subject key identifier:   99:93:BC:4B:8E:BB:8E:07:05:CE:DE:34:EB:1D:06:9A:E4:60:66:B8
Certificate issuer:       /CN=7c1bbb08037a876230406fa67379f980b5ab3276
Certificate serial:       01941FFA602BB30C704FAD0BC35C5C806CF5
Authority key identifier: 7C:1B:BB:08:03:7A:87:62:30:40:6F:A6:73:79:F9:80:B5:AB:32:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/mZO8S467jgcFzt406x0GmuRgZrg.roa
Signing time:             Wed 01 Jan 2025 03:48:09 +0000
ROA not before:           Wed 01 Jan 2025 03:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51088
IP address blocks:        46.175.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:60:2b:b3:0c:70:4f:ad:0b:c3:5c:5c:80:6c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c1bbb08037a876230406fa67379f980b5ab3276
        Validity
            Not Before: Jan  1 03:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9993bc4b8ebb8e0705cede34eb1d069ae46066b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c2:9b:db:c0:00:52:87:24:b5:77:11:d7:e2:
                    a8:82:4d:34:a6:21:8e:c1:98:2a:ea:c2:3d:fb:d0:
                    f9:9d:e0:66:0a:7a:c1:4a:5b:68:65:6d:18:6a:e2:
                    36:a5:a5:de:c6:b1:13:a3:bb:b9:a6:ed:64:72:ff:
                    2f:de:d5:a2:81:8e:63:be:cd:ec:be:86:2a:11:76:
                    be:b5:75:64:d7:94:d8:fd:fc:4b:bc:77:16:93:e4:
                    b9:23:3e:30:5e:ae:88:d8:25:c9:85:72:9d:52:0c:
                    f5:46:c0:f7:e8:71:04:e6:e1:8a:e1:cb:45:68:2a:
                    f1:96:b0:c2:e9:f9:94:7e:fa:6f:b1:b3:a2:cc:e6:
                    4a:91:f4:ff:92:1b:aa:a0:cd:5b:e6:97:11:ee:78:
                    4e:e2:66:c7:b5:a0:7e:c4:6b:9f:14:32:3d:52:ba:
                    10:c4:63:06:ea:79:54:78:5a:1a:9d:46:63:80:70:
                    03:76:42:46:0d:ef:9c:df:99:82:7f:cf:93:e6:2a:
                    6c:53:af:43:0f:9f:2e:7d:ce:72:76:76:1b:b8:39:
                    e7:2b:66:5f:48:c2:b3:b0:3b:7d:ff:0a:51:30:c7:
                    ab:05:8f:db:61:bc:bc:11:49:af:2b:a9:68:80:9d:
                    37:8c:c8:9d:ba:38:33:6c:1f:1d:1f:cf:aa:bb:84:
                    07:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:93:BC:4B:8E:BB:8E:07:05:CE:DE:34:EB:1D:06:9A:E4:60:66:B8
            X509v3 Authority Key Identifier:
                keyid:7C:1B:BB:08:03:7A:87:62:30:40:6F:A6:73:79:F9:80:B5:AB:32:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/mZO8S467jgcFzt406x0GmuRgZrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:51:54:f7:d9:97:99:b7:48:b6:2f:7f:7a:e0:0f:21:a2:44:
         ca:f9:be:b2:4c:b6:ae:b7:bb:43:08:5a:96:5e:fe:e9:a8:70:
         f1:c7:b9:97:ca:92:7f:1d:4b:be:06:00:d9:51:99:f8:33:df:
         e2:6d:de:20:d3:4a:f4:39:de:49:d1:93:32:3d:2b:1a:e8:09:
         51:09:ec:c7:9b:85:1f:e7:d1:28:fa:2c:49:03:bb:5c:02:c3:
         8e:cb:cb:32:b3:2d:fd:b1:f5:07:af:07:97:c2:ca:38:36:b3:
         dc:7d:70:c1:51:de:b5:d1:37:22:e5:3b:21:98:a1:d1:5d:36:
         ba:7b:e6:13:26:99:1a:a2:db:2d:f5:f1:45:19:a4:b3:28:77:
         be:52:81:ee:2d:84:ea:80:7b:f7:cf:a2:9e:f5:3a:3b:30:f0:
         1b:0b:d1:32:52:de:65:11:92:6f:77:f5:bd:33:c2:4a:c0:73:
         f1:bf:6e:29:37:b8:d2:5b:10:fc:af:83:3c:1b:b3:c6:b0:4b:
         0e:e9:ba:29:2b:ca:22:26:11:e0:dd:56:f1:14:61:73:29:6c:
         34:fb:1d:75:9a:ef:b3:8b:e9:0f:47:e8:7c:b3:dd:68:12:22:
         da:56:aa:a7:39:76:e9:29:25:e0:aa:47:ee:3e:e9:65:4e:7c:
         48:a3:86:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mArswxwT60Lw1xcgGz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMWJiYjA4MDM3YTg3NjIzMDQwNmZhNjczNzlmOTgwYjVh
YjMyNzYwHhcNMjUwMTAxMDM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkzYmM0YjhlYmI4ZTA3MDVjZWRlMzRlYjFkMDY5YWU0NjA2NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysKb28AAUocktXcR1+Kogk00piGO
wZgq6sI9+9D5neBmCnrBSltoZW0YauI2paXexrETo7u5pu1kcv8v3tWigY5jvs3s
voYqEXa+tXVk15TY/fxLvHcWk+S5Iz4wXq6I2CXJhXKdUgz1RsD36HEE5uGK4ctF
aCrxlrDC6fmUfvpvsbOizOZKkfT/khuqoM1b5pcR7nhO4mbHtaB+xGufFDI9UroQ
xGMG6nlUeFoanUZjgHADdkJGDe+c35mCf8+T5ipsU69DD58ufc5ydnYbuDnnK2Zf
SMKzsDt9/wpRMMerBY/bYby8EUmvK6logJ03jMidujgzbB8dH8+qu4QHCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmTvEuOu44HBc7eNOsdBprkYGa4MB8GA1UdIwQY
MBaAFHwbuwgDeodiMEBvpnN5+YC1qzJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkJ1N0NBTjZoMkl3UUctbWMzbjVnTFdyTW5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9hY2E5OWItODJhZi00YWJhLTk5Njct
MDhkNWNkMTZmNTQ5LzEvbVpPOFM0NjdqZ2NGenQ0MDZ4MEdtdVJnWnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9hY2E5OWItODJhZi00YWJhLTk5NjctMDhkNWNkMTZmNTQ5
LzEvZkJ1N0NBTjZoMkl3UUctbWMzbjVnTFdyTW5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq+DMA0G
CSqGSIb3DQEBCwUAA4IBAQA6UVT32ZeZt0i2L3964A8hokTK+b6yTLaut7tDCFqW
Xv7pqHDxx7mXypJ/HUu+BgDZUZn4M9/ibd4g00r0Od5J0ZMyPSsa6AlRCezHm4Uf
59Eo+ixJA7tcAsOOy8sysy39sfUHrweXwso4NrPcfXDBUd610Tci5TshmKHRXTa6
e+YTJpkaotst9fFFGaSzKHe+UoHuLYTqgHv3z6Ke9To7MPAbC9EyUt5lEZJvd/W9
M8JKwHPxv24pN7jSWxD8r4M8G7PGsEsO6bopK8oiJhHg3VbxFGFzKWw0+x11mu+z
i+kPR+h8s91oEiLaVqqnOXbpKSXgqkfuPullTnxIo4au
-----END CERTIFICATE-----