Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/Sz2bdOCE_Wcxx_Cr6328GnhL2kg.roa
File:                     Sz2bdOCE_Wcxx_Cr6328GnhL2kg.roa (raw, json)
Hash identifier:          xLto0l4O/7LoweUajPoDbmBCNQiQzqcGIgLGSKNHb6A=
Subject key identifier:   4B:3D:9B:74:E0:84:FD:67:31:C7:F0:AB:EB:7D:BC:1A:78:4B:DA:48
Certificate issuer:       /CN=ff29a4b3f0a3af8bbed6029a8b265dc93204e7de
Certificate serial:       01941F8C238430601ACB9DAEBEDDF7BE483E
Authority key identifier: FF:29:A4:B3:F0:A3:AF:8B:BE:D6:02:9A:8B:26:5D:C9:32:04:E7:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ymks_Cjr4u-1gKaiyZdyTIE594.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/Sz2bdOCE_Wcxx_Cr6328GnhL2kg.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215687
IP address blocks:        193.56.200.0/23 maxlen: 24
                          193.56.226.0/23 maxlen: 24
                          2a13:4300::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/_ymks_Cjr4u-1gKaiyZdyTIE594.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/_ymks_Cjr4u-1gKaiyZdyTIE594.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ymks_Cjr4u-1gKaiyZdyTIE594.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:23:84:30:60:1a:cb:9d:ae:be:dd:f7:be:48:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff29a4b3f0a3af8bbed6029a8b265dc93204e7de
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b3d9b74e084fd6731c7f0abeb7dbc1a784bda48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:58:7c:5f:7c:8e:8e:d0:75:a8:d2:b8:ac:10:
                    87:28:50:a1:09:ac:16:9c:a3:9e:59:93:af:e0:c3:
                    9d:74:2c:0c:ac:d3:42:01:5e:63:ba:62:9b:e6:f6:
                    69:78:e3:c3:5e:22:57:e7:a8:c3:a2:29:92:93:79:
                    75:48:aa:8b:a5:97:e8:44:69:fb:5c:e5:4c:95:fc:
                    79:47:ff:2b:41:45:8c:67:ef:7e:93:85:df:85:70:
                    db:a5:71:65:83:c6:34:16:63:31:17:31:55:2f:89:
                    79:ff:4e:34:16:b9:65:51:57:04:af:bf:a2:a5:f5:
                    2a:ba:4f:b5:05:63:12:e3:d2:01:ed:21:57:55:e6:
                    ef:e6:ac:b9:44:d9:38:1e:32:24:72:39:11:11:42:
                    24:51:5b:ff:eb:f0:0b:8d:59:29:78:15:b2:4c:41:
                    c2:2d:6a:46:0c:bc:5a:0c:c8:f4:31:98:2a:b3:f7:
                    dc:12:4f:2f:62:40:d1:11:b3:80:8d:f0:04:75:14:
                    ef:01:81:b7:3c:73:dc:df:e3:62:d6:cf:97:e9:21:
                    e7:c5:3b:fe:11:b9:f6:db:30:43:32:a3:9e:48:51:
                    e1:09:2e:e8:7e:a0:f8:f7:66:d5:5d:81:c6:b6:63:
                    7e:ab:92:ae:f3:70:6f:03:f2:c3:6a:5b:be:ef:15:
                    c6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:3D:9B:74:E0:84:FD:67:31:C7:F0:AB:EB:7D:BC:1A:78:4B:DA:48
            X509v3 Authority Key Identifier:
                keyid:FF:29:A4:B3:F0:A3:AF:8B:BE:D6:02:9A:8B:26:5D:C9:32:04:E7:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ymks_Cjr4u-1gKaiyZdyTIE594.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/Sz2bdOCE_Wcxx_Cr6328GnhL2kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/d7a484-3d4a-48bf-b516-caf2f7a5b5f4/1/_ymks_Cjr4u-1gKaiyZdyTIE594.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.200.0/23
                  193.56.226.0/23
                IPv6:
                  2a13:4300::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:ca:42:71:1f:13:c1:e5:84:0c:14:38:ea:19:06:49:ba:e0:
         8e:dc:70:40:61:9b:6f:a7:68:e3:1e:8a:ee:49:1c:c0:4f:1c:
         c7:b6:03:49:16:ff:e4:c4:d3:60:3b:be:bc:52:86:22:ea:cf:
         7d:e5:30:52:ae:2a:9d:6b:e9:1e:20:43:4d:a0:03:17:9a:1f:
         27:99:ea:22:e7:f0:5b:ad:7b:c7:f3:ec:87:96:51:ac:20:d6:
         04:5d:e9:ad:ff:c9:f4:0b:46:78:ed:33:2c:ee:af:82:2f:ae:
         dc:9d:0f:31:a4:63:94:13:f4:45:ba:1e:d4:29:c9:04:08:97:
         a3:01:b0:7d:9e:5a:31:09:82:8b:93:c6:b2:c3:1e:31:ef:78:
         9e:9a:f4:54:6d:25:1a:5d:11:32:a6:09:5c:70:f7:47:88:ad:
         00:8a:0d:1d:6f:68:f7:e9:b6:1f:19:92:00:4a:bb:af:93:f1:
         e8:fb:9d:36:d2:22:d5:e6:a0:92:af:0e:e9:9a:07:bd:2c:8a:
         3c:27:65:a9:db:4a:61:c2:fb:22:32:46:c9:eb:b3:0a:90:19:
         7d:59:0b:50:ba:63:01:60:86:e6:7e:d5:0f:c9:04:cd:20:24:
         f7:60:95:8a:e7:8c:22:f5:bc:5c:3a:13:a8:05:9c:c1:71:82:
         b1:0e:7f:16
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjCOEMGAay52uvt33vkg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMjlhNGIzZjBhM2FmOGJiZWQ2MDI5YThiMjY1ZGM5MzIw
NGU3ZGUwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNkOWI3NGUwODRmZDY3MzFjN2YwYWJlYjdkYmMxYTc4NGJkYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslh8X3yOjtB1qNK4rBCHKFChCawW
nKOeWZOv4MOddCwMrNNCAV5jumKb5vZpeOPDXiJX56jDoimSk3l1SKqLpZfoRGn7
XOVMlfx5R/8rQUWMZ+9+k4XfhXDbpXFlg8Y0FmMxFzFVL4l5/040FrllUVcEr7+i
pfUquk+1BWMS49IB7SFXVebv5qy5RNk4HjIkcjkREUIkUVv/6/ALjVkpeBWyTEHC
LWpGDLxaDMj0MZgqs/fcEk8vYkDREbOAjfAEdRTvAYG3PHPc3+Ni1s+X6SHnxTv+
Ebn22zBDMqOeSFHhCS7ofqD492bVXYHGtmN+q5Ku83BvA/LDalu+7xXGJwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEs9m3TghP1nMcfwq+t9vBp4S9pIMB8GA1UdIwQY
MBaAFP8ppLPwo6+LvtYCmosmXckyBOfeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lta3NfQ2pyNHUtMWdLYWl5WmR5VElFNTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kN2E0ODQtM2Q0YS00OGJmLWI1MTYt
Y2FmMmY3YTViNWY0LzEvU3oyYmRPQ0VfV2N4eF9DcjYzMjhHbmhMMmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kN2E0ODQtM2Q0YS00OGJmLWI1MTYtY2FmMmY3YTViNWY0
LzEvX3lta3NfQ2pyNHUtMWdLYWl5WmR5VElFNTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwTjIAwQB
wTjiMA0EAgACMAcDBQMqE0MAMA0GCSqGSIb3DQEBCwUAA4IBAQB4ykJxHxPB5YQM
FDjqGQZJuuCO3HBAYZtvp2jjHoruSRzATxzHtgNJFv/kxNNgO768UoYi6s995TBS
riqda+keIENNoAMXmh8nmeoi5/BbrXvH8+yHllGsINYEXemt/8n0C0Z47TMs7q+C
L67cnQ8xpGOUE/RFuh7UKckECJejAbB9nloxCYKLk8aywx4x73iemvRUbSUaXREy
pglccPdHiK0Aig0db2j36bYfGZIASruvk/Ho+5020iLV5qCSrw7pmge9LIo8J2Wp
20phwvsiMkbJ67MKkBl9WQtQumMBYIbmftUPyQTNICT3YJWK54wi9bxcOhOoBZzB
cYKxDn8W
-----END CERTIFICATE-----