Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/HeWtxOQwTN1uf0xfcq_bZw71XkA.roa
File:                     HeWtxOQwTN1uf0xfcq_bZw71XkA.roa (raw, json)
Hash identifier:          Q3cAdwW00NmkMkDNixCTZhHEBzWnPkDYpvdoFVzzSP4=
Subject key identifier:   1D:E5:AD:C4:E4:30:4C:DD:6E:7F:4C:5F:72:AF:DB:67:0E:F5:5E:40
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       019424458C924EA054BE56B5091A8D72AEC2
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/HeWtxOQwTN1uf0xfcq_bZw71XkA.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198099
IP address blocks:        188.247.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8c:92:4e:a0:54:be:56:b5:09:1a:8d:72:ae:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1de5adc4e4304cdd6e7f4c5f72afdb670ef55e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a8:0d:98:b5:08:3c:2a:4a:fa:bd:0e:54:4a:
                    20:bb:c5:35:4e:3c:0c:15:8d:54:a1:57:d5:53:97:
                    4e:89:4a:57:bf:50:27:4b:03:f7:ad:84:9b:a5:0c:
                    95:0f:7e:60:7f:7e:39:67:21:32:df:cc:b1:a9:fa:
                    71:5d:a8:2b:42:57:30:a4:ee:57:8c:76:90:81:bf:
                    d3:a6:f2:44:7f:f5:cf:1e:47:9d:ff:ef:fc:19:5d:
                    9a:1c:96:3b:12:81:bb:1b:58:8e:17:ec:09:96:96:
                    83:aa:66:d6:15:99:b4:22:96:f0:f7:05:34:c2:72:
                    66:cf:2b:66:d3:21:ff:f5:4c:63:22:4e:0c:ea:1c:
                    29:80:0f:4c:34:8b:85:85:7f:2f:6a:6e:d9:6a:5d:
                    5a:d1:bb:05:a0:26:f9:03:ef:19:4d:1c:d1:14:57:
                    4f:74:a6:29:5a:93:2b:57:a6:e4:09:5f:96:49:dd:
                    3f:c5:26:a2:13:e5:6a:57:51:30:4b:2d:f4:26:12:
                    6c:62:40:f0:5f:f7:e6:da:92:72:b0:00:07:83:61:
                    78:f8:d4:b2:a3:af:56:4b:2f:26:14:46:cd:ef:fd:
                    d6:5b:cc:08:1a:49:25:67:60:5f:49:a0:48:5f:bd:
                    1f:c9:1a:d0:06:5e:d1:29:eb:bc:fa:43:ac:ff:23:
                    54:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E5:AD:C4:E4:30:4C:DD:6E:7F:4C:5F:72:AF:DB:67:0E:F5:5E:40
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/HeWtxOQwTN1uf0xfcq_bZw71XkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:8b:8f:62:80:34:44:39:c9:e2:7d:ce:d1:17:d4:90:0f:13:
         a0:84:c9:ed:b2:76:d3:3b:e1:b6:95:4a:e4:00:44:55:51:87:
         ed:4d:09:da:f9:1a:2a:5f:16:ad:dd:90:ca:7c:42:04:3d:4a:
         bd:a1:35:e9:96:88:27:70:00:26:d6:2c:0d:4a:0d:a2:ad:8d:
         79:40:da:fd:7f:a5:0a:cb:4f:e7:1d:29:2f:ba:76:33:81:54:
         cf:26:47:ec:83:e1:a6:37:8e:81:ee:43:55:f3:ba:b4:be:01:
         82:6a:85:47:11:20:76:ab:de:b3:98:e3:75:a3:59:74:31:ac:
         dc:0f:66:e5:a7:0b:6a:4e:8d:e2:d1:7a:2f:31:4f:64:88:29:
         28:26:12:f5:98:03:be:7e:fb:dd:12:58:21:4a:19:a7:5c:4d:
         4b:eb:76:9b:cc:63:fd:4c:37:af:10:44:da:a7:52:be:0a:72:
         61:7e:14:aa:37:78:25:14:ba:bc:d4:ee:59:83:aa:62:3a:f5:
         84:5b:80:13:27:46:28:54:6a:19:ba:e1:ab:3d:ac:be:a4:4e:
         db:bb:f4:b4:a9:f1:6f:bb:ff:d4:11:e1:1f:c3:00:2c:ec:a0:
         fc:91:dd:35:b0:30:a8:29:5c:c6:55:e1:f2:89:72:da:7b:54:
         14:d2:da:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYySTqBUvla1CRqNcq7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU1YWRjNGU0MzA0Y2RkNmU3ZjRjNWY3MmFmZGI2NzBlZjU1ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6gNmLUIPCpK+r0OVEogu8U1TjwM
FY1UoVfVU5dOiUpXv1AnSwP3rYSbpQyVD35gf345ZyEy38yxqfpxXagrQlcwpO5X
jHaQgb/TpvJEf/XPHked/+/8GV2aHJY7EoG7G1iOF+wJlpaDqmbWFZm0Ipbw9wU0
wnJmzytm0yH/9UxjIk4M6hwpgA9MNIuFhX8vam7Zal1a0bsFoCb5A+8ZTRzRFFdP
dKYpWpMrV6bkCV+WSd0/xSaiE+VqV1EwSy30JhJsYkDwX/fm2pJysAAHg2F4+NSy
o69WSy8mFEbN7/3WW8wIGkklZ2BfSaBIX70fyRrQBl7RKeu8+kOs/yNUIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3lrcTkMEzdbn9MX3Kv22cO9V5AMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvSGVXdHhPUXdUTjF1ZjB4ZmNxX2JadzcxWGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPeGMA0G
CSqGSIb3DQEBCwUAA4IBAQAfi49igDREOcnifc7RF9SQDxOghMntsnbTO+G2lUrk
AERVUYftTQna+RoqXxat3ZDKfEIEPUq9oTXplogncAAm1iwNSg2irY15QNr9f6UK
y0/nHSkvunYzgVTPJkfsg+GmN46B7kNV87q0vgGCaoVHESB2q96zmON1o1l0Mazc
D2blpwtqTo3i0XovMU9kiCkoJhL1mAO+fvvdElghShmnXE1L63abzGP9TDevEETa
p1K+CnJhfhSqN3glFLq81O5Zg6piOvWEW4ATJ0YoVGoZuuGrPay+pE7bu/S0qfFv
u//UEeEfwwAs7KD8kd01sDCoKVzGVeHyiXLae1QU0tq5
-----END CERTIFICATE-----