Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/AnCLQF3AEeb0_H9PaY-lIa5EN28.roa
File:                     AnCLQF3AEeb0_H9PaY-lIa5EN28.roa (raw, json)
Hash identifier:          vbA1F66256rsCzU3mxewwVf9Afs6E5XbS6o29znFmvY=
Subject key identifier:   02:70:8B:40:5D:C0:11:E6:F4:FC:7F:4F:69:8F:A5:21:AE:44:37:6F
Certificate issuer:       /CN=d0cbf6ba097a76b610c856035bc18de797c2a677
Certificate serial:       019325C72BA6F435335DEBD59B945BBA867C
Authority key identifier: D0:CB:F6:BA:09:7A:76:B6:10:C8:56:03:5B:C1:8D:E7:97:C2:A6:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Mv2ugl6drYQyFYDW8GN55fCpnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/AnCLQF3AEeb0_H9PaY-lIa5EN28.roa
Signing time:             Wed 13 Nov 2024 13:47:10 +0000
ROA not before:           Wed 13 Nov 2024 13:47:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215419
IP address blocks:        194.61.3.0/24 maxlen: 24
                          2a0f:5840:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/0Mv2ugl6drYQyFYDW8GN55fCpnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/0Mv2ugl6drYQyFYDW8GN55fCpnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Mv2ugl6drYQyFYDW8GN55fCpnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:c7:2b:a6:f4:35:33:5d:eb:d5:9b:94:5b:ba:86:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0cbf6ba097a76b610c856035bc18de797c2a677
        Validity
            Not Before: Nov 13 13:47:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02708b405dc011e6f4fc7f4f698fa521ae44376f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:38:61:8c:a8:78:3b:d3:5c:75:ad:10:ec:c7:
                    3c:83:29:b7:50:85:59:88:9d:d5:e2:2c:a2:f9:f8:
                    bc:75:5d:90:da:80:80:e5:14:c1:7a:d8:b5:d5:e1:
                    15:d9:95:cf:7b:47:bd:85:7f:99:82:51:41:52:9d:
                    df:41:0b:67:c1:8b:aa:97:5b:f0:c6:f8:ae:a4:e4:
                    bb:84:28:e5:5f:48:64:02:6c:a1:80:97:3a:f1:34:
                    b9:18:0d:f9:72:d3:78:28:6f:b3:e1:df:c8:80:e8:
                    c0:02:3b:b3:e1:25:27:31:12:62:43:52:d9:f2:64:
                    67:86:f6:99:dc:f2:3e:7d:ce:8f:08:4a:ea:05:1e:
                    37:24:45:a9:c2:45:b6:3e:95:33:11:9a:67:00:31:
                    82:0b:b0:f9:59:91:c5:08:6b:6b:fe:fa:99:6c:f2:
                    a8:4e:d2:17:f4:77:34:8b:a0:4c:30:98:b2:20:23:
                    56:9f:40:78:f9:39:aa:d6:6f:ac:24:4c:f7:13:a9:
                    8b:e6:e3:40:db:eb:42:b6:a7:0d:e1:f2:09:65:47:
                    8c:d8:62:11:27:52:74:0b:ec:74:59:84:d1:b6:13:
                    6a:96:c0:3b:a3:3f:de:03:b3:dc:ca:db:f5:64:43:
                    4d:e8:7d:91:b0:fd:2b:96:a3:a2:8e:56:98:fd:73:
                    2a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:70:8B:40:5D:C0:11:E6:F4:FC:7F:4F:69:8F:A5:21:AE:44:37:6F
            X509v3 Authority Key Identifier:
                keyid:D0:CB:F6:BA:09:7A:76:B6:10:C8:56:03:5B:C1:8D:E7:97:C2:A6:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Mv2ugl6drYQyFYDW8GN55fCpnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/AnCLQF3AEeb0_H9PaY-lIa5EN28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f99b62-b3e3-4c5d-aa86-d668c53f6612/1/0Mv2ugl6drYQyFYDW8GN55fCpnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.3.0/24
                IPv6:
                  2a0f:5840:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:46:1f:f2:10:7f:dc:5a:36:6a:7b:4e:ea:9a:4e:33:7a:17:
         ae:a0:50:9b:b2:f2:38:b4:77:78:0e:bd:a5:3f:a3:d4:01:bd:
         49:39:ff:35:9f:d4:7b:68:4e:33:09:d2:3a:ca:9d:e2:f4:b7:
         f0:3b:f5:1a:11:17:ac:d1:06:65:4d:e4:d9:4b:6e:0a:a3:eb:
         7d:4f:3e:52:45:6b:82:9f:02:b9:5e:c5:ee:cb:e1:b6:65:d0:
         2d:65:06:65:25:97:64:ba:a6:fe:09:4b:79:92:2b:88:4f:51:
         d9:6b:ef:34:1e:c3:28:b3:d2:49:3b:5d:8f:cf:de:5b:44:59:
         82:40:98:01:fd:0d:ab:47:6e:60:d9:87:07:34:bf:f5:be:0e:
         d5:69:b2:6c:bf:c5:61:39:7d:b5:f4:9d:ef:0c:ad:59:ae:7c:
         e1:2f:4c:50:ee:66:d9:36:c3:5f:7f:0f:72:e4:64:82:34:22:
         81:37:44:57:a2:2d:ac:33:a9:54:92:42:31:66:2f:16:ed:ca:
         f2:7c:61:53:62:72:bf:af:ba:aa:ea:9b:9d:54:93:84:fa:57:
         6b:15:b3:1b:f6:f2:e7:00:df:a3:f6:3c:39:a0:e2:84:e4:05:
         c3:f9:f6:58:51:6a:ce:51:b0:e6:31:1e:cf:2c:51:b1:87:b2:
         7f:08:e4:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMlxyum9DUzXevVm5RbuoZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwY2JmNmJhMDk3YTc2YjYxMGM4NTYwMzViYzE4ZGU3OTdj
MmE2NzcwHhcNMjQxMTEzMTM0NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjcwOGI0MDVkYzAxMWU2ZjRmYzdmNGY2OThmYTUyMWFlNDQzNzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqThhjKh4O9Ncda0Q7Mc8gym3UIVZ
iJ3V4iyi+fi8dV2Q2oCA5RTBeti11eEV2ZXPe0e9hX+ZglFBUp3fQQtnwYuql1vw
xviupOS7hCjlX0hkAmyhgJc68TS5GA35ctN4KG+z4d/IgOjAAjuz4SUnMRJiQ1LZ
8mRnhvaZ3PI+fc6PCErqBR43JEWpwkW2PpUzEZpnADGCC7D5WZHFCGtr/vqZbPKo
TtIX9Hc0i6BMMJiyICNWn0B4+Tmq1m+sJEz3E6mL5uNA2+tCtqcN4fIJZUeM2GIR
J1J0C+x0WYTRthNqlsA7oz/eA7Pcytv1ZENN6H2RsP0rlqOijlaY/XMqJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAJwi0BdwBHm9Px/T2mPpSGuRDdvMB8GA1UdIwQY
MBaAFNDL9roJena2EMhWA1vBjeeXwqZ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME12MnVnbDZkcllReUZZRFc4R041NWZDcG5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mOTliNjItYjNlMy00YzVkLWFhODYt
ZDY2OGM1M2Y2NjEyLzEvQW5DTFFGM0FFZWIwX0g5UGFZLWxJYTVFTjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mOTliNjItYjNlMy00YzVkLWFhODYtZDY2OGM1M2Y2NjEy
LzEvME12MnVnbDZkcllReUZZRFc4R041NWZDcG5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwj0DMA8E
AgACMAkDBwAqD1hAAAEwDQYJKoZIhvcNAQELBQADggEBADNGH/IQf9xaNmp7Tuqa
TjN6F66gUJuy8ji0d3gOvaU/o9QBvUk5/zWf1HtoTjMJ0jrKneL0t/A79RoRF6zR
BmVN5NlLbgqj631PPlJFa4KfArlexe7L4bZl0C1lBmUll2S6pv4JS3mSK4hPUdlr
7zQewyiz0kk7XY/P3ltEWYJAmAH9DatHbmDZhwc0v/W+DtVpsmy/xWE5fbX0ne8M
rVmufOEvTFDuZtk2w19/D3LkZII0IoE3RFeiLawzqVSSQjFmLxbtyvJ8YVNicr+v
uqrqm51Uk4T6V2sVsxv28ucA36P2PDmg4oTkBcP59lhRas5RsOYxHs8sUbGHsn8I
5BQ=
-----END CERTIFICATE-----