Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/T6nEcoCRS4zJvOoLpVBpYfJ5byE.roa
File:                     T6nEcoCRS4zJvOoLpVBpYfJ5byE.roa (raw, json)
Hash identifier:          OEoT731VBzYCZlj5T8oXOZFmDmzxrX9V75qQxiq4Sm4=
Subject key identifier:   4F:A9:C4:72:80:91:4B:8C:C9:BC:EA:0B:A5:50:69:61:F2:79:6F:21
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019427B61672300785769A67D906C38CB894
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/T6nEcoCRS4zJvOoLpVBpYfJ5byE.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44282
IP address blocks:        147.234.24.0/24 maxlen: 24
                          147.234.30.0/23 maxlen: 23
                          147.234.30.0/24 maxlen: 24
                          147.234.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:16:72:30:07:85:76:9a:67:d9:06:c3:8c:b8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fa9c47280914b8cc9bcea0ba5506961f2796f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:35:5e:36:09:7f:0b:a7:ef:ed:e7:56:4e:e4:
                    00:c2:29:e2:f8:2a:cd:cb:37:e9:1f:0d:40:92:02:
                    71:48:a1:ce:0e:d2:4b:e5:f5:f7:b3:1b:6b:e4:66:
                    a0:70:8c:be:b6:b5:75:18:c7:41:28:9d:f8:47:ea:
                    02:29:fe:39:18:c9:2a:48:ac:dc:0b:ee:3a:20:37:
                    b3:63:90:33:b8:b5:8f:32:7b:c8:dd:b7:7a:41:95:
                    eb:31:b4:3f:9c:c7:37:e2:85:dd:cd:d8:1c:39:7f:
                    77:0f:7e:91:da:5c:45:b7:74:0f:6f:07:68:48:e4:
                    10:05:c0:20:57:fe:71:9b:81:22:aa:91:3d:5c:f6:
                    7f:71:db:c4:22:49:bf:54:d3:5c:8e:2a:09:ad:94:
                    e8:dc:30:c9:4d:c5:7e:9e:40:d0:37:7f:9b:c3:7c:
                    88:41:85:1c:be:1f:69:7f:fb:fb:61:42:45:7f:d3:
                    f7:c6:6f:df:68:6f:a2:c1:a8:4b:43:91:1f:14:f8:
                    15:a0:35:ce:4d:70:1c:13:c2:a8:2d:a7:76:a8:02:
                    57:17:a8:d9:71:3f:87:1e:64:cb:f0:38:ac:01:55:
                    35:fb:9f:0b:2c:13:b3:a0:18:75:89:30:d1:15:ae:
                    06:b5:13:ea:78:e0:b2:93:af:62:53:52:9c:9a:e8:
                    cf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A9:C4:72:80:91:4B:8C:C9:BC:EA:0B:A5:50:69:61:F2:79:6F:21
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/T6nEcoCRS4zJvOoLpVBpYfJ5byE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.24.0/24
                  147.234.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:6b:12:d7:de:0d:a3:2b:af:78:4c:6f:e1:0e:b2:72:e4:ef:
         00:f9:07:e7:ef:6d:1e:9a:c3:51:6b:00:e1:b1:ae:92:a5:5a:
         a3:28:c6:cb:fb:b2:de:48:f4:65:5d:de:be:01:cb:fe:21:88:
         28:32:38:e2:3a:42:de:7a:e2:25:3a:af:02:9e:c5:44:bc:57:
         a5:00:df:57:8f:ac:bc:bd:cc:39:c3:08:5d:55:ac:3b:b0:88:
         bb:a2:76:24:a7:e5:31:c9:65:e6:c9:8c:81:8a:2e:80:b0:b3:
         78:bf:33:4d:a9:f7:98:a0:fe:38:6a:81:9f:fc:ea:d0:8a:ab:
         6b:45:c7:e6:cd:da:5c:76:5d:36:99:a3:ac:98:ef:a7:2c:fc:
         a1:61:9f:11:97:18:4f:4b:56:a6:d7:23:f0:3f:69:d6:5f:e0:
         a8:45:20:5d:ec:94:85:5e:39:d8:f3:2f:02:51:26:eb:17:ac:
         b1:c7:3e:f6:12:b9:37:29:d0:94:22:33:be:1e:db:bc:29:30:
         e1:b8:43:7c:7c:29:38:6d:a1:33:ab:a0:e3:37:9a:a7:88:bd:
         34:df:42:fc:60:62:e9:ca:58:88:cb:b4:74:a1:0f:d1:f0:7e:
         e6:cb:26:d8:f0:a1:fd:f3:99:f3:7f:d1:a2:ca:ec:eb:53:99:
         e5:ba:be:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnthZyMAeFdppn2QbDjLiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmE5YzQ3MjgwOTE0YjhjYzliY2VhMGJhNTUwNjk2MWYyNzk2ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzVeNgl/C6fv7edWTuQAwini+CrN
yzfpHw1AkgJxSKHODtJL5fX3sxtr5GagcIy+trV1GMdBKJ34R+oCKf45GMkqSKzc
C+46IDezY5AzuLWPMnvI3bd6QZXrMbQ/nMc34oXdzdgcOX93D36R2lxFt3QPbwdo
SOQQBcAgV/5xm4EiqpE9XPZ/cdvEIkm/VNNcjioJrZTo3DDJTcV+nkDQN3+bw3yI
QYUcvh9pf/v7YUJFf9P3xm/faG+iwahLQ5EfFPgVoDXOTXAcE8KoLad2qAJXF6jZ
cT+HHmTL8DisAVU1+58LLBOzoBh1iTDRFa4GtRPqeOCyk69iU1KcmujPjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+pxHKAkUuMybzqC6VQaWHyeW8hMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvVDZuRWNvQ1JTNHpKdk9vTHBWQnBZZko1YnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk+oYAwQB
k+oeMA0GCSqGSIb3DQEBCwUAA4IBAQBhaxLX3g2jK694TG/hDrJy5O8A+Qfn720e
msNRawDhsa6SpVqjKMbL+7LeSPRlXd6+Acv+IYgoMjjiOkLeeuIlOq8CnsVEvFel
AN9Xj6y8vcw5wwhdVaw7sIi7onYkp+UxyWXmyYyBii6AsLN4vzNNqfeYoP44aoGf
/OrQiqtrRcfmzdpcdl02maOsmO+nLPyhYZ8RlxhPS1am1yPwP2nWX+CoRSBd7JSF
XjnY8y8CUSbrF6yxxz72Erk3KdCUIjO+Htu8KTDhuEN8fCk4baEzq6DjN5qniL00
30L8YGLpyliIy7R0oQ/R8H7myybY8KH985nzf9GiyuzrU5nlur6s
-----END CERTIFICATE-----