Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/J3IfRy5hJG3sO5FFR3klCa0Rmag.roa
File:                     J3IfRy5hJG3sO5FFR3klCa0Rmag.roa (raw, json)
Hash identifier:          y8cOLwfC28T1Q/CwomIs12ZpdB8agP1zP7ErrJL2HLM=
Subject key identifier:   27:72:1F:47:2E:61:24:6D:EC:3B:91:45:47:79:25:09:AD:11:99:A8
Certificate issuer:       /CN=5dab0b08e51f818224629fb3a211d83d5be35440
Certificate serial:       019426D9E3EF80DD40861808DFD819D87203
Authority key identifier: 5D:AB:0B:08:E5:1F:81:82:24:62:9F:B3:A2:11:D8:3D:5B:E3:54:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XasLCOUfgYIkYp-zohHYPVvjVEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/J3IfRy5hJG3sO5FFR3klCa0Rmag.roa
Signing time:             Thu 02 Jan 2025 11:50:01 +0000
ROA not before:           Thu 02 Jan 2025 11:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198951
IP address blocks:        194.56.174.0/23 maxlen: 24
                          194.56.176.0/22 maxlen: 24
                          2001:678:518::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/XasLCOUfgYIkYp-zohHYPVvjVEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/XasLCOUfgYIkYp-zohHYPVvjVEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XasLCOUfgYIkYp-zohHYPVvjVEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e3:ef:80:dd:40:86:18:08:df:d8:19:d8:72:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dab0b08e51f818224629fb3a211d83d5be35440
        Validity
            Not Before: Jan  2 11:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27721f472e61246dec3b914547792509ad1199a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a7:fa:bd:55:cc:5c:f8:17:43:f9:72:73:db:
                    9c:74:28:ef:9b:14:ac:02:b5:fd:be:34:08:65:6c:
                    29:1e:77:9b:a9:db:73:8b:4e:26:06:7b:02:3f:0b:
                    65:1c:80:d0:04:c7:13:5f:c2:4c:d1:1e:da:23:96:
                    18:65:fd:1a:be:7a:9d:19:25:4f:d6:40:e8:21:88:
                    07:6b:a1:d7:4c:46:d4:cf:8b:71:11:36:ab:6a:58:
                    ad:d1:c5:6e:02:0f:51:d2:81:a0:34:fc:d6:a7:52:
                    c1:08:40:90:02:07:65:42:52:f2:74:3a:27:25:d1:
                    d4:9a:3a:86:a6:64:60:33:57:77:e2:1e:0c:fd:5e:
                    1b:9e:4b:f7:23:5c:d6:89:4b:fa:ac:94:9a:56:41:
                    82:ba:ee:66:83:c5:d2:81:23:25:a3:de:ae:09:22:
                    b1:1e:5d:73:cd:b4:0c:3f:23:b2:05:7f:38:fd:57:
                    c9:03:f5:8f:88:a2:d3:2d:66:f4:16:9e:9c:74:be:
                    6c:7d:66:30:1a:2d:fe:9f:6a:47:e3:d6:14:d4:4c:
                    4b:5a:a4:e6:14:ee:58:34:12:81:13:25:9d:d2:a2:
                    46:e1:f5:7c:8c:69:89:8e:c9:cd:0f:26:a6:29:aa:
                    af:c7:99:e0:0b:36:5b:ef:b4:43:8c:60:e6:49:3a:
                    c8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:72:1F:47:2E:61:24:6D:EC:3B:91:45:47:79:25:09:AD:11:99:A8
            X509v3 Authority Key Identifier:
                keyid:5D:AB:0B:08:E5:1F:81:82:24:62:9F:B3:A2:11:D8:3D:5B:E3:54:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XasLCOUfgYIkYp-zohHYPVvjVEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/J3IfRy5hJG3sO5FFR3klCa0Rmag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e62089-b98a-4fdd-9c4e-62789182a0f3/1/XasLCOUfgYIkYp-zohHYPVvjVEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.174.0-194.56.179.255
                IPv6:
                  2001:678:518::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:30:27:82:c0:58:d1:14:55:ca:36:fd:03:d5:a8:c3:17:c3:
         dc:56:72:67:45:8d:27:ab:0e:4a:42:a5:cf:66:1e:86:a8:33:
         f3:2d:6b:ea:92:45:1c:73:c9:0e:22:77:a3:b9:08:ec:da:c6:
         65:44:16:f8:32:4f:04:d5:60:23:fc:6f:90:46:21:6a:65:e6:
         76:d7:38:24:1a:4b:0b:33:b3:2c:ff:9a:94:9c:ed:1d:12:c2:
         94:13:9e:02:25:be:37:48:53:51:e2:eb:83:a1:17:3e:7f:fa:
         61:cd:55:a6:48:46:4a:6c:37:ae:44:31:20:8c:42:1a:ca:29:
         42:08:07:45:0b:07:ad:1c:6e:2e:34:62:e0:a6:3f:8f:d9:5c:
         d1:2e:e1:e4:df:52:7e:1c:02:62:e4:a5:f0:78:28:ce:94:c3:
         cb:2b:11:65:23:8b:9e:1f:99:e4:1f:23:89:e0:12:92:bb:d8:
         37:9f:b1:94:d2:9b:0d:5f:8b:aa:cb:87:5f:8d:95:40:30:a0:
         25:05:ad:3c:32:2b:f4:78:52:0f:42:0e:72:3d:be:c7:d6:67:
         5a:a8:9e:93:64:a4:48:e3:07:ce:f2:7a:5a:5b:7c:de:39:dc:
         39:ae:22:7c:c2:2e:d7:8b:bf:cf:08:ba:25:8f:c1:03:41:21:
         5e:ce:a4:2f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZQm2ePvgN1AhhgI39gZ2HIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYWIwYjA4ZTUxZjgxODIyNDYyOWZiM2EyMTFkODNkNWJl
MzU0NDAwHhcNMjUwMTAyMTE1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzcyMWY0NzJlNjEyNDZkZWMzYjkxNDU0Nzc5MjUwOWFkMTE5OWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaf6vVXMXPgXQ/lyc9ucdCjvmxSs
ArX9vjQIZWwpHnebqdtzi04mBnsCPwtlHIDQBMcTX8JM0R7aI5YYZf0avnqdGSVP
1kDoIYgHa6HXTEbUz4txETaralit0cVuAg9R0oGgNPzWp1LBCECQAgdlQlLydDon
JdHUmjqGpmRgM1d34h4M/V4bnkv3I1zWiUv6rJSaVkGCuu5mg8XSgSMlo96uCSKx
Hl1zzbQMPyOyBX84/VfJA/WPiKLTLWb0Fp6cdL5sfWYwGi3+n2pH49YU1ExLWqTm
FO5YNBKBEyWd0qJG4fV8jGmJjsnNDyamKaqvx5ngCzZb77RDjGDmSTrIRwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCdyH0cuYSRt7DuRRUd5JQmtEZmoMB8GA1UdIwQY
MBaAFF2rCwjlH4GCJGKfs6IR2D1b41RAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFzTENPVWZnWUlrWXAtem9oSFlQVnZqVkVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lNjIwODktYjk4YS00ZmRkLTljNGUt
NjI3ODkxODJhMGYzLzEvSjNJZlJ5NWhKRzNzTzVGRlIza2xDYTBSbWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lNjIwODktYjk4YS00ZmRkLTljNGUtNjI3ODkxODJhMGYz
LzEvWGFzTENPVWZnWUlrWXAtem9oSFlQVnZqVkVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAHCOK4D
BALCOLAwDwQCAAIwCQMHACABBngFGDANBgkqhkiG9w0BAQsFAAOCAQEALzAngsBY
0RRVyjb9A9WowxfD3FZyZ0WNJ6sOSkKlz2Yehqgz8y1r6pJFHHPJDiJ3o7kI7NrG
ZUQW+DJPBNVgI/xvkEYhamXmdtc4JBpLCzOzLP+alJztHRLClBOeAiW+N0hTUeLr
g6EXPn/6Yc1VpkhGSmw3rkQxIIxCGsopQggHRQsHrRxuLjRi4KY/j9lc0S7h5N9S
fhwCYuSl8HgozpTDyysRZSOLnh+Z5B8jieASkrvYN5+xlNKbDV+LqsuHX42VQDCg
JQWtPDIr9HhSD0IOcj2+x9ZnWqiek2SkSOMHzvJ6Wlt83jncOa4ifMIu14u/zwi6
JY/BA0EhXs6kLw==
-----END CERTIFICATE-----