Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/O4RqMFB6iMXl3vaqKCf9h6D4j-Q.roa
File:                     O4RqMFB6iMXl3vaqKCf9h6D4j-Q.roa (raw, json)
Hash identifier:          J3IKFZhZs8J5eFV/+kyk+FnDqJZPNZpidNI4lxVgoMM=
Subject key identifier:   3B:84:6A:30:50:7A:88:C5:E5:DE:F6:AA:28:27:FD:87:A0:F8:8F:E4
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F854CE1FA836EFFF6BDCD86997B51
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/O4RqMFB6iMXl3vaqKCf9h6D4j-Q.roa
Signing time:             Thu 02 Jan 2025 05:49:10 +0000
ROA not before:           Thu 02 Jan 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        195.178.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:85:4c:e1:fa:83:6e:ff:f6:bd:cd:86:99:7b:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b846a30507a88c5e5def6aa2827fd87a0f88fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a3:df:22:4f:a8:26:10:90:e4:3e:31:fb:fd:
                    5d:91:15:0a:e3:9a:17:e6:c5:84:3f:a5:a2:45:90:
                    57:c2:58:22:4b:e8:fd:4b:00:c6:55:ac:aa:5e:62:
                    6e:1a:f2:1f:a1:ba:f6:ef:99:4a:59:8c:fb:e7:00:
                    42:e1:34:d5:03:a9:63:73:68:12:c8:41:c9:e5:cd:
                    31:72:70:e6:bd:1e:9e:7d:0a:2e:b4:b4:f1:e8:5b:
                    46:30:26:45:80:3a:06:47:b8:6c:b7:1e:74:78:5a:
                    77:34:e0:94:14:ea:05:cf:02:39:21:ba:5c:f5:ea:
                    6c:b0:24:42:82:ca:a2:54:3c:12:e5:44:dc:38:6f:
                    15:37:db:80:f6:d5:86:56:68:b1:11:00:ae:86:a0:
                    cb:db:74:2a:40:4c:42:4a:e1:b5:e9:79:1c:14:7a:
                    6e:c9:9f:88:54:66:f0:fe:fe:62:2a:84:fa:16:71:
                    26:38:a4:25:98:8f:50:49:85:39:be:21:ba:a3:ac:
                    ab:5e:80:9e:b7:10:2b:8a:c6:4b:9a:52:52:0b:de:
                    ff:9a:29:63:15:f4:2f:a0:73:a5:38:91:2c:89:4a:
                    d2:04:38:c4:4f:b4:95:6f:3e:20:8f:6c:d7:d3:e6:
                    8c:99:98:1e:84:1d:dd:45:74:fe:0f:73:bd:16:8c:
                    80:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:84:6A:30:50:7A:88:C5:E5:DE:F6:AA:28:27:FD:87:A0:F8:8F:E4
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/O4RqMFB6iMXl3vaqKCf9h6D4j-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d4:1b:f8:3c:60:84:4f:ec:6c:ec:0e:52:c6:3c:16:26:ef:
         9a:d0:54:c4:18:79:3b:e1:be:db:f8:0b:66:33:f7:88:6d:31:
         61:3f:47:7e:71:6d:c8:66:2d:ca:40:81:e9:b9:dd:92:3f:94:
         1f:02:78:5a:da:9d:fa:2b:83:34:51:fc:14:1d:ae:2c:bd:61:
         e1:e2:d9:e1:1c:31:ba:7b:b2:59:4b:16:07:10:9b:e7:43:48:
         d1:ba:6c:63:3d:e5:a5:d9:bc:ac:66:48:77:83:2f:b7:be:ce:
         39:84:f6:fc:72:53:50:4c:9b:f2:46:f4:08:1f:6d:e8:9d:63:
         85:93:58:ba:c4:65:76:87:e2:af:ef:21:c6:8a:98:3a:33:1e:
         76:f8:9d:70:a0:a6:ce:80:e4:81:57:69:9e:90:36:6a:bb:63:
         7f:df:3e:9f:60:29:cf:2b:72:5f:05:24:33:c3:93:61:d3:af:
         f9:27:93:a4:f4:91:d0:8f:5e:07:20:21:6f:70:f0:97:fe:18:
         18:b8:22:8f:42:fd:22:b4:94:92:3f:1c:0a:87:26:c3:1b:48:
         89:d3:12:05:9e:0f:11:7b:6a:2b:c6:d6:b7:9c:13:35:27:ed:
         67:2f:5e:68:39:56:49:c5:8e:84:1d:d1:20:cb:3f:78:b6:bd:
         ce:99:19:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4VM4fqDbv/2vc2GmXtRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg0NmEzMDUwN2E4OGM1ZTVkZWY2YWEyODI3ZmQ4N2EwZjg4ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6PfIk+oJhCQ5D4x+/1dkRUK45oX
5sWEP6WiRZBXwlgiS+j9SwDGVayqXmJuGvIfobr275lKWYz75wBC4TTVA6ljc2gS
yEHJ5c0xcnDmvR6efQoutLTx6FtGMCZFgDoGR7hstx50eFp3NOCUFOoFzwI5Ibpc
9epssCRCgsqiVDwS5UTcOG8VN9uA9tWGVmixEQCuhqDL23QqQExCSuG16XkcFHpu
yZ+IVGbw/v5iKoT6FnEmOKQlmI9QSYU5viG6o6yrXoCetxArisZLmlJSC97/milj
FfQvoHOlOJEsiUrSBDjET7SVbz4gj2zX0+aMmZgehB3dRXT+D3O9FoyAowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuEajBQeojF5d72qign/Yeg+I/kMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvTzRScU1GQjZpTVhsM3ZhcUtDZjloNkQ0ai1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KfMA0G
CSqGSIb3DQEBCwUAA4IBAQAj1Bv4PGCET+xs7A5SxjwWJu+a0FTEGHk74b7b+Atm
M/eIbTFhP0d+cW3IZi3KQIHpud2SP5QfAnha2p36K4M0UfwUHa4svWHh4tnhHDG6
e7JZSxYHEJvnQ0jRumxjPeWl2bysZkh3gy+3vs45hPb8clNQTJvyRvQIH23onWOF
k1i6xGV2h+Kv7yHGipg6Mx52+J1woKbOgOSBV2mekDZqu2N/3z6fYCnPK3JfBSQz
w5Nh06/5J5Ok9JHQj14HICFvcPCX/hgYuCKPQv0itJSSPxwKhybDG0iJ0xIFng8R
e2orxta3nBM1J+1nL15oOVZJxY6EHdEgyz94tr3OmRkV
-----END CERTIFICATE-----