Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/g5NXYnWEAdkaK-Lr_Xc0-zmGZq0.roa
File:                     g5NXYnWEAdkaK-Lr_Xc0-zmGZq0.roa (raw, json)
Hash identifier:          iRJFMsAKyY3mWv0ViO4zwD2HGWC+kyCn/YQlP9uYKFo=
Subject key identifier:   83:93:57:62:75:84:01:D9:1A:2B:E2:EB:FD:77:34:FB:39:86:66:AD
Certificate issuer:       /CN=2ee96208925d836f8d037d179980a83a1b0c1342
Certificate serial:       01941FFA370FB142F82AD70AAD02B3A82543
Authority key identifier: 2E:E9:62:08:92:5D:83:6F:8D:03:7D:17:99:80:A8:3A:1B:0C:13:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LuliCJJdg2-NA30XmYCoOhsME0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/g5NXYnWEAdkaK-Lr_Xc0-zmGZq0.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201107
IP address blocks:        193.30.96.0/24 maxlen: 24
                          193.30.97.0/24 maxlen: 24
                          193.30.98.0/24 maxlen: 24
                          193.30.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/LuliCJJdg2-NA30XmYCoOhsME0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/LuliCJJdg2-NA30XmYCoOhsME0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LuliCJJdg2-NA30XmYCoOhsME0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:37:0f:b1:42:f8:2a:d7:0a:ad:02:b3:a8:25:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ee96208925d836f8d037d179980a83a1b0c1342
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83935762758401d91a2be2ebfd7734fb398666ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b0:f5:14:c5:d0:7d:df:cb:aa:2d:af:c7:c7:
                    07:b3:f5:3a:27:e8:27:f3:4a:56:bb:17:cf:80:71:
                    55:28:47:f8:47:4c:2c:6e:23:28:77:d8:8a:2b:84:
                    7e:65:c8:4d:47:5f:4a:38:fc:9f:7a:ba:8e:e1:72:
                    cb:ea:5d:76:df:c6:ed:93:3f:5e:bb:0c:72:7a:f8:
                    3e:2e:9f:c5:4d:a6:c9:1a:57:6c:f1:a9:8d:98:d7:
                    52:66:94:f1:5c:00:78:84:b7:be:4e:f5:61:8a:a4:
                    49:4f:60:95:ed:26:43:1b:76:31:3a:54:80:50:79:
                    5b:1e:b7:63:7e:65:20:d2:ea:1d:3b:c2:d0:ac:18:
                    d8:e4:0b:c0:0f:d7:2b:c2:ae:a8:d5:35:fa:a4:81:
                    d6:8b:64:c8:b4:d6:9c:71:cd:c2:0f:3b:9c:8e:ef:
                    60:3f:4d:8a:17:18:49:ad:8c:12:0e:f2:db:b5:42:
                    26:76:1e:dc:cb:c1:45:65:5c:07:12:3e:0b:86:0e:
                    4f:f6:24:c2:c4:52:44:55:32:4f:6d:66:a0:d8:54:
                    5d:d5:bb:8a:c3:8a:ed:f2:4c:3f:a4:1e:91:5a:3b:
                    2d:28:2d:56:d8:a7:c0:c0:25:53:a0:06:4c:42:b2:
                    0a:31:b9:f4:29:3b:f4:8d:da:3d:38:64:22:f9:c6:
                    3f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:93:57:62:75:84:01:D9:1A:2B:E2:EB:FD:77:34:FB:39:86:66:AD
            X509v3 Authority Key Identifier:
                keyid:2E:E9:62:08:92:5D:83:6F:8D:03:7D:17:99:80:A8:3A:1B:0C:13:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LuliCJJdg2-NA30XmYCoOhsME0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/g5NXYnWEAdkaK-Lr_Xc0-zmGZq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/71c608-1cc2-4899-a5fa-846aaf0eb1ad/1/LuliCJJdg2-NA30XmYCoOhsME0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:e9:9c:5d:4e:8d:43:0b:bc:c6:7f:2b:d3:b9:96:f6:f6:7b:
         7e:f8:ad:95:6f:a2:01:61:f2:ea:92:09:71:ff:95:b4:53:25:
         39:28:7d:b6:83:56:bf:a0:88:b4:39:d2:81:70:44:82:bd:f2:
         8a:09:84:80:25:82:02:94:9a:37:dd:ca:df:ec:dc:b7:a2:7a:
         fa:86:f7:9c:d8:59:27:16:c0:76:09:6b:94:cc:bb:cf:ce:f9:
         fe:f7:f4:d5:e0:58:16:84:9c:d6:09:03:04:54:17:08:8c:e9:
         66:2d:3e:ed:bf:b6:a1:4e:02:4f:93:92:e6:22:2c:9d:91:1b:
         32:be:7d:3d:b8:02:15:63:cd:99:6d:a9:8f:43:83:03:6d:cb:
         00:73:4c:91:19:43:88:af:cb:ed:e1:b6:a8:37:76:64:fa:7e:
         44:19:ce:a9:82:c5:92:31:b0:2b:dc:be:c6:a7:2a:0f:43:a6:
         b2:9c:fd:27:06:bc:3c:06:fe:45:a4:a4:35:fb:fa:96:df:83:
         6a:2b:90:41:1b:b7:16:1a:12:11:ea:df:11:b1:c0:cd:cc:96:
         c6:03:20:92:58:06:38:a6:ea:65:c4:02:63:52:a4:26:68:72:
         76:6f:5f:e8:df:25:19:63:b7:c0:fe:30:e8:86:57:f0:85:9f:
         8e:50:af:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jcPsUL4KtcKrQKzqCVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZTk2MjA4OTI1ZDgzNmY4ZDAzN2QxNzk5ODBhODNhMWIw
YzEzNDIwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzkzNTc2Mjc1ODQwMWQ5MWEyYmUyZWJmZDc3MzRmYjM5ODY2NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrD1FMXQfd/Lqi2vx8cHs/U6J+gn
80pWuxfPgHFVKEf4R0wsbiMod9iKK4R+ZchNR19KOPyferqO4XLL6l1238btkz9e
uwxyevg+Lp/FTabJGlds8amNmNdSZpTxXAB4hLe+TvVhiqRJT2CV7SZDG3YxOlSA
UHlbHrdjfmUg0uodO8LQrBjY5AvAD9crwq6o1TX6pIHWi2TItNaccc3CDzucju9g
P02KFxhJrYwSDvLbtUImdh7cy8FFZVwHEj4Lhg5P9iTCxFJEVTJPbWag2FRd1buK
w4rt8kw/pB6RWjstKC1W2KfAwCVToAZMQrIKMbn0KTv0jdo9OGQi+cY/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOTV2J1hAHZGivi6/13NPs5hmatMB8GA1UdIwQY
MBaAFC7pYgiSXYNvjQN9F5mAqDobDBNCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHVsaUNKSmRnMi1OQTMwWG1ZQ29PaHNNRTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83MWM2MDgtMWNjMi00ODk5LWE1ZmEt
ODQ2YWFmMGViMWFkLzEvZzVOWFluV0VBZGthSy1Mcl9YYzAtem1HWnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83MWM2MDgtMWNjMi00ODk5LWE1ZmEtODQ2YWFmMGViMWFk
LzEvTHVsaUNKSmRnMi1OQTMwWG1ZQ29PaHNNRTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwR5gMA0G
CSqGSIb3DQEBCwUAA4IBAQBP6ZxdTo1DC7zGfyvTuZb29nt++K2Vb6IBYfLqkglx
/5W0UyU5KH22g1a/oIi0OdKBcESCvfKKCYSAJYIClJo33crf7Ny3onr6hvec2Fkn
FsB2CWuUzLvPzvn+9/TV4FgWhJzWCQMEVBcIjOlmLT7tv7ahTgJPk5LmIiydkRsy
vn09uAIVY82ZbamPQ4MDbcsAc0yRGUOIr8vt4baoN3Zk+n5EGc6pgsWSMbAr3L7G
pyoPQ6aynP0nBrw8Bv5FpKQ1+/qW34NqK5BBG7cWGhIR6t8RscDNzJbGAyCSWAY4
puplxAJjUqQmaHJ2b1/o3yUZY7fA/jDohlfwhZ+OUK+8
-----END CERTIFICATE-----