Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/kBFDTimH0wXzN6bZHwFh18BZ9YQ.roa
File:                     kBFDTimH0wXzN6bZHwFh18BZ9YQ.roa (raw, json)
Hash identifier:          gXdNyTqShsEpC9gTq8XtRziYkmToBDMK/+q0FeGIxLk=
Subject key identifier:   90:11:43:4E:29:87:D3:05:F3:37:A6:D9:1F:01:61:D7:C0:59:F5:84
Certificate issuer:       /CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Certificate serial:       0194221FAD4D08C8E53E1105F138C3E4CB6D
Authority key identifier: 7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/kBFDTimH0wXzN6bZHwFh18BZ9YQ.roa
Signing time:             Wed 01 Jan 2025 13:48:08 +0000
ROA not before:           Wed 01 Jan 2025 13:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49825
IP address blocks:        84.23.50.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ad:4d:08:c8:e5:3e:11:05:f1:38:c3:e4:cb:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
        Validity
            Not Before: Jan  1 13:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9011434e2987d305f337a6d91f0161d7c059f584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:41:e7:52:5a:21:bb:06:e0:a4:17:01:c2:33:
                    ec:4a:19:48:08:0d:eb:2a:98:d8:84:a1:67:53:b2:
                    07:bb:9b:63:37:d5:b2:ca:a6:8a:1b:b9:7f:17:41:
                    37:eb:5e:71:fd:3f:d0:9a:00:ce:68:68:93:51:a2:
                    a3:3a:5f:00:d4:31:3e:0c:a8:f2:69:78:59:9e:da:
                    51:74:df:6a:24:fa:8b:e3:fd:9c:a6:ef:50:02:7f:
                    e2:b9:30:15:ad:b5:71:29:41:28:fd:f5:da:01:41:
                    48:60:7d:47:f3:52:57:6b:81:c9:5c:86:d0:25:06:
                    85:d6:28:b6:7b:22:d6:28:dc:a7:aa:7d:cb:97:38:
                    c3:a2:31:59:ad:fb:b3:4b:70:fc:1a:fd:3e:dc:55:
                    95:69:1b:e5:e8:9b:35:dd:ff:05:ea:56:9a:32:ca:
                    2d:fc:b4:bd:73:b8:b9:45:9b:9b:94:3a:20:3d:b0:
                    aa:64:2c:ac:cc:ab:78:ad:32:0b:f1:34:dd:7d:12:
                    98:88:46:c5:0c:49:aa:25:23:86:76:d7:06:a8:8d:
                    76:10:a3:ec:f3:82:da:48:5e:e7:c9:f7:fd:8b:43:
                    9a:b3:2f:48:b6:aa:27:5d:a1:38:89:30:cc:dd:e6:
                    29:9f:51:a4:7f:e1:b5:73:ef:61:de:04:bc:7a:b1:
                    2d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:11:43:4E:29:87:D3:05:F3:37:A6:D9:1F:01:61:D7:C0:59:F5:84
            X509v3 Authority Key Identifier:
                keyid:7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/kBFDTimH0wXzN6bZHwFh18BZ9YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.23.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:57:24:42:70:bc:4e:be:6c:c0:0d:3d:4e:c3:d4:d7:a1:48:
         9a:7d:cf:89:d0:a6:60:10:63:98:87:fd:d0:51:9d:54:38:04:
         ac:8d:e6:0b:3b:97:96:78:94:54:cd:d0:77:88:9b:b1:d7:b0:
         ac:cf:91:2f:a2:17:05:b9:09:cd:e1:36:e2:17:20:50:90:3f:
         a4:63:dd:22:7b:32:41:e0:93:9a:a5:c2:60:19:a9:86:e1:71:
         8f:ab:72:39:9c:05:1c:81:02:e8:12:a7:a7:5f:9d:1d:22:ca:
         ef:d6:af:31:af:6e:53:48:71:9a:71:9f:7d:ca:9b:ec:16:f3:
         44:22:ff:e4:b5:42:16:0a:5d:bd:8e:20:7b:f7:7a:bb:86:42:
         f0:7c:ff:a3:93:08:d9:7b:e8:19:e9:07:97:a1:95:52:20:a2:
         35:80:30:03:97:6c:91:3a:73:5e:08:f4:c0:d7:c5:84:a2:0c:
         18:66:f9:1f:28:0c:00:d2:de:11:7f:d6:63:82:aa:a1:2a:00:
         d8:9f:4c:b3:d0:30:41:1a:e3:05:5b:46:98:07:49:2e:70:e0:
         78:b0:33:2d:4c:55:a7:b2:40:4f:9b:56:64:ef:ae:47:6b:a4:
         5f:da:39:e3:28:c6:f4:c3:a5:2d:1a:fd:d7:39:ae:8f:a6:40:
         fd:40:8b:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH61NCMjlPhEF8TjD5MttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGJjZGVlOGNlODM5YzRkMjA0MTNjODYyNDIzY2NhMDRm
ZGM2MGEwHhcNMjUwMTAxMTM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDExNDM0ZTI5ODdkMzA1ZjMzN2E2ZDkxZjAxNjFkN2MwNTlmNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kHnUlohuwbgpBcBwjPsShlICA3r
KpjYhKFnU7IHu5tjN9WyyqaKG7l/F0E3615x/T/QmgDOaGiTUaKjOl8A1DE+DKjy
aXhZntpRdN9qJPqL4/2cpu9QAn/iuTAVrbVxKUEo/fXaAUFIYH1H81JXa4HJXIbQ
JQaF1ii2eyLWKNynqn3LlzjDojFZrfuzS3D8Gv0+3FWVaRvl6Js13f8F6laaMsot
/LS9c7i5RZublDogPbCqZCyszKt4rTIL8TTdfRKYiEbFDEmqJSOGdtcGqI12EKPs
84LaSF7nyff9i0Oasy9ItqonXaE4iTDM3eYpn1Gkf+G1c+9h3gS8erEt4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJARQ04ph9MF8zem2R8BYdfAWfWEMB8GA1UdIwQY
MBaAFHoLze6M6DnE0gQTyGJCPMoE/cYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMt
NGRlZjU3MzY1MTY5LzEva0JGRFRpbUgwd1h6TjZiWkh3RmgxOEJaOVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMtNGRlZjU3MzY1MTY5
LzEvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBcyMA0G
CSqGSIb3DQEBCwUAA4IBAQCaVyRCcLxOvmzADT1Ow9TXoUiafc+J0KZgEGOYh/3Q
UZ1UOASsjeYLO5eWeJRUzdB3iJux17Csz5EvohcFuQnN4TbiFyBQkD+kY90iezJB
4JOapcJgGamG4XGPq3I5nAUcgQLoEqenX50dIsrv1q8xr25TSHGacZ99ypvsFvNE
Iv/ktUIWCl29jiB793q7hkLwfP+jkwjZe+gZ6QeXoZVSIKI1gDADl2yROnNeCPTA
18WEogwYZvkfKAwA0t4Rf9ZjgqqhKgDYn0yz0DBBGuMFW0aYB0kucOB4sDMtTFWn
skBPm1Zk765Ha6Rf2jnjKMb0w6UtGv3XOa6PpkD9QIsz
-----END CERTIFICATE-----