Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XZET7dFa5OoJqf73WGd1UHo9Trs.roa
File:                     XZET7dFa5OoJqf73WGd1UHo9Trs.roa (raw, json)
Hash identifier:          FbxqvpbDfsQRYaW0n//PgGX2T+UQY1wiBpKlSWUYJQg=
Subject key identifier:   5D:91:13:ED:D1:5A:E4:EA:09:A9:FE:F7:58:67:75:50:7A:3D:4E:BB
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E3018B98809D403356CDB80F8C9E
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XZET7dFa5OoJqf73WGd1UHo9Trs.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48347
IP address blocks:        212.22.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e3:01:8b:98:80:9d:40:33:56:cd:b8:0f:8c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d9113edd15ae4ea09a9fef7586775507a3d4ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:38:86:45:66:e7:40:c7:c5:5b:af:22:66:da:
                    5b:63:e4:74:ff:43:2c:ac:10:6f:67:40:a8:ac:2f:
                    3b:83:04:b7:e0:f3:d8:38:1a:53:6b:ec:cf:84:4c:
                    0f:79:eb:9a:8b:3c:7a:5f:ff:f9:a6:bb:0a:95:2f:
                    26:83:b3:ad:b6:64:2a:4f:e2:92:13:53:69:3e:fe:
                    3a:cb:7e:58:77:09:bb:25:fb:be:f2:eb:e3:7d:2e:
                    44:61:46:7a:9a:49:85:43:5f:50:81:43:50:31:6b:
                    4f:e6:74:2e:ee:35:de:e8:a3:a2:62:f6:13:fe:d3:
                    64:68:3a:c4:5e:48:84:bd:72:7a:d8:8f:d3:26:c1:
                    6c:3d:7d:13:20:06:22:bb:55:71:89:e4:e4:e3:d1:
                    29:4a:b7:6e:6d:75:07:b6:ea:59:6c:1b:42:53:b7:
                    e0:0a:83:ec:fb:16:dd:b4:b9:35:b4:71:77:0e:20:
                    ac:68:01:f6:b0:35:b1:15:ed:a4:2a:0b:32:ef:41:
                    4e:ab:a9:9a:e4:ad:a2:0d:d5:02:89:08:b6:da:05:
                    cb:b2:ff:8c:4e:e5:34:5d:a8:19:3a:22:6b:bd:02:
                    ca:2d:4a:57:e4:20:01:59:a5:e2:8f:a5:7f:bd:14:
                    30:eb:b8:d1:55:ac:0a:d7:7d:5b:b3:3a:94:8e:54:
                    6f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:91:13:ED:D1:5A:E4:EA:09:A9:FE:F7:58:67:75:50:7A:3D:4E:BB
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/XZET7dFa5OoJqf73WGd1UHo9Trs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:61:1b:14:b3:c3:4f:04:ea:b0:6f:01:7c:6d:a5:09:c7:ae:
         d3:1a:cc:2e:da:85:14:9f:52:0e:db:9a:96:ee:a8:7d:1f:a5:
         89:5a:91:c4:c3:a0:47:56:98:ed:77:ae:aa:60:dd:63:42:1a:
         f9:49:c7:fe:5d:d3:f6:b1:16:3a:26:f2:cb:0e:29:cb:79:df:
         0a:ae:e4:87:58:f7:c9:da:da:25:83:62:1b:7a:3f:96:d9:7b:
         37:ec:e8:82:f3:74:c2:68:49:38:73:5e:2a:13:28:4c:76:91:
         44:9c:b5:0a:13:a8:bd:84:77:4c:16:3b:23:24:4e:68:08:37:
         f5:17:cc:26:9f:33:8d:b0:1d:e4:1b:5e:be:f6:a6:72:d8:2a:
         08:2e:22:ad:30:4d:e6:55:2e:8f:3e:82:b8:fe:8b:4f:70:7a:
         27:83:e4:b8:b2:e3:39:64:a9:07:2f:ce:2e:76:ff:a9:dd:b0:
         c7:76:69:b2:72:ac:7d:7b:9a:86:fe:7d:19:8a:b8:46:91:de:
         a2:b5:59:7b:5e:41:6d:f5:e1:33:12:60:69:78:e3:24:7e:0d:
         40:bd:a7:df:a7:5c:8d:d6:45:b6:db:9d:00:25:5d:8f:b3:65:
         52:e6:41:a4:fe:0e:7c:bd:26:87:1c:73:9f:11:93:fe:8b:52:
         cd:dc:4d:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+MBi5iAnUAzVs24D4yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDkxMTNlZGQxNWFlNGVhMDlhOWZlZjc1ODY3NzU1MDdhM2Q0ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TiGRWbnQMfFW68iZtpbY+R0/0Ms
rBBvZ0CorC87gwS34PPYOBpTa+zPhEwPeeuaizx6X//5prsKlS8mg7OttmQqT+KS
E1NpPv46y35Ydwm7Jfu+8uvjfS5EYUZ6mkmFQ19QgUNQMWtP5nQu7jXe6KOiYvYT
/tNkaDrEXkiEvXJ62I/TJsFsPX0TIAYiu1VxieTk49EpSrdubXUHtupZbBtCU7fg
CoPs+xbdtLk1tHF3DiCsaAH2sDWxFe2kKgsy70FOq6ma5K2iDdUCiQi22gXLsv+M
TuU0XagZOiJrvQLKLUpX5CABWaXij6V/vRQw67jRVawK131bszqUjlRvrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2RE+3RWuTqCan+91hndVB6PU67MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvWFpFVDdkRmE1T29KcWY3M1dHZDFVSG85VHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZSMA0G
CSqGSIb3DQEBCwUAA4IBAQBmYRsUs8NPBOqwbwF8baUJx67TGswu2oUUn1IO25qW
7qh9H6WJWpHEw6BHVpjtd66qYN1jQhr5Scf+XdP2sRY6JvLLDinLed8KruSHWPfJ
2tolg2Ibej+W2Xs37OiC83TCaEk4c14qEyhMdpFEnLUKE6i9hHdMFjsjJE5oCDf1
F8wmnzONsB3kG16+9qZy2CoILiKtME3mVS6PPoK4/otPcHong+S4suM5ZKkHL84u
dv+p3bDHdmmycqx9e5qG/n0ZirhGkd6itVl7XkFt9eEzEmBpeOMkfg1Avaffp1yN
1kW2250AJV2Ps2VS5kGk/g58vSaHHHOfEZP+i1LN3E2i
-----END CERTIFICATE-----