Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKiPm9TAvbuh_hM-_lIBxDZv6rg.roa
File:                     RKiPm9TAvbuh_hM-_lIBxDZv6rg.roa (raw, json)
Hash identifier:          wmQF1xmI2xLjnYrkheVh+QF2nwc1FwtPu4Q6cucZc/A=
Subject key identifier:   44:A8:8F:9B:D4:C0:BD:BB:A1:FE:13:3E:FE:52:01:C4:36:6F:EA:B8
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019421B1AE5ED040FE905B50A177E3C5D57C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKiPm9TAvbuh_hM-_lIBxDZv6rg.roa
Signing time:             Wed 01 Jan 2025 11:48:00 +0000
ROA not before:           Wed 01 Jan 2025 11:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        176.57.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ae:5e:d0:40:fe:90:5b:50:a1:77:e3:c5:d5:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 11:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44a88f9bd4c0bdbba1fe133efe5201c4366feab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1a:a8:f9:59:0a:73:31:d4:68:b5:4b:50:68:
                    34:1a:d5:4b:9a:f1:c0:d4:88:fc:5d:ba:29:8a:f9:
                    be:b2:af:38:61:83:52:78:c8:12:4e:02:d3:98:14:
                    45:7b:a3:62:f2:09:8b:c5:60:38:0a:6b:b3:97:d1:
                    2b:b2:e9:86:0f:a5:36:77:f1:36:c7:0a:33:07:51:
                    63:18:dd:07:f8:85:a1:62:0e:05:c9:38:ce:be:3a:
                    5b:b3:f8:26:86:34:40:9a:14:06:6a:c6:6a:fa:9e:
                    bb:fd:67:c5:90:f6:74:34:57:f7:38:96:7d:8e:3a:
                    94:5a:3f:3a:c9:0f:89:42:21:b4:80:70:c8:01:37:
                    51:b1:0e:86:34:51:43:93:f6:a7:8c:08:13:01:e4:
                    7b:30:c6:73:f0:51:60:69:49:95:a1:a2:58:29:c8:
                    d6:fa:dd:97:0e:95:96:9c:af:eb:af:a0:7d:ee:76:
                    cb:29:1e:54:c8:f6:4d:ac:9b:ea:81:09:5d:70:ff:
                    a3:eb:36:89:a4:d4:3e:fe:90:4e:c3:f0:e3:37:b9:
                    07:30:ec:46:f2:87:70:9e:f3:a0:c1:a1:be:a1:7d:
                    ea:36:37:2c:75:d4:e0:2f:44:8e:3e:3b:74:e2:ae:
                    da:b8:85:a5:76:b5:2c:de:b2:0c:11:e8:eb:0c:74:
                    0b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A8:8F:9B:D4:C0:BD:BB:A1:FE:13:3E:FE:52:01:C4:36:6F:EA:B8
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/RKiPm9TAvbuh_hM-_lIBxDZv6rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:8a:18:84:34:62:ba:70:a9:d2:b8:c3:eb:95:3d:f9:b9:d2:
         d3:bc:af:a8:9c:99:ad:65:1f:cd:84:f6:7b:2b:54:55:c7:e4:
         e3:f6:f9:84:70:41:44:1a:ab:56:72:e1:d5:c9:5e:1c:ce:89:
         02:c0:7e:26:43:29:bb:d3:bd:72:aa:16:56:26:e0:15:49:29:
         25:40:20:c6:be:67:59:b5:cd:0c:f2:02:b2:02:cb:76:d2:1f:
         33:7f:08:ec:d6:84:e9:a9:5e:48:6d:b5:d3:29:93:ea:27:71:
         88:ec:d1:ef:49:51:48:63:44:e8:9e:b9:93:78:60:0b:6b:21:
         a4:cc:e4:c3:47:dc:73:ba:ad:3a:f1:ae:cf:ca:6d:5f:64:ed:
         1e:ef:45:4e:e9:7e:6a:f5:6c:14:1d:0f:16:88:5e:85:10:ca:
         d3:81:46:90:1b:14:7b:27:1c:a6:19:13:b6:7a:fe:83:5a:d9:
         0e:d4:ed:eb:80:e6:e1:0b:f5:26:24:58:21:4f:28:5f:50:33:
         ae:05:f9:c4:f6:13:33:56:8f:0b:47:80:be:47:c7:0f:9e:8b:
         a9:1f:a0:ad:b5:26:0a:fa:44:ed:4f:a5:b7:4d:33:9e:7c:3e:
         a9:0f:11:e6:0f:c0:ff:09:46:8b:11:27:5c:98:9d:84:a0:97:
         31:9f:5d:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsa5e0ED+kFtQoXfjxdV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMTAxMTE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE4OGY5YmQ0YzBiZGJiYTFmZTEzM2VmZTUyMDFjNDM2NmZlYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhqo+VkKczHUaLVLUGg0GtVLmvHA
1Ij8Xbopivm+sq84YYNSeMgSTgLTmBRFe6Ni8gmLxWA4Cmuzl9ErsumGD6U2d/E2
xwozB1FjGN0H+IWhYg4FyTjOvjpbs/gmhjRAmhQGasZq+p67/WfFkPZ0NFf3OJZ9
jjqUWj86yQ+JQiG0gHDIATdRsQ6GNFFDk/anjAgTAeR7MMZz8FFgaUmVoaJYKcjW
+t2XDpWWnK/rr6B97nbLKR5UyPZNrJvqgQldcP+j6zaJpNQ+/pBOw/DjN7kHMOxG
8odwnvOgwaG+oX3qNjcsddTgL0SOPjt04q7auIWldrUs3rIMEejrDHQLSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESoj5vUwL27of4TPv5SAcQ2b+q4MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUktpUG05VEF2YnVoX2hNLV9sSUJ4RFp2NnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkwMA0G
CSqGSIb3DQEBCwUAA4IBAQDCihiENGK6cKnSuMPrlT35udLTvK+onJmtZR/NhPZ7
K1RVx+Tj9vmEcEFEGqtWcuHVyV4czokCwH4mQym7071yqhZWJuAVSSklQCDGvmdZ
tc0M8gKyAst20h8zfwjs1oTpqV5IbbXTKZPqJ3GI7NHvSVFIY0TonrmTeGALayGk
zOTDR9xzuq068a7Pym1fZO0e70VO6X5q9WwUHQ8WiF6FEMrTgUaQGxR7JxymGRO2
ev6DWtkO1O3rgObhC/UmJFghTyhfUDOuBfnE9hMzVo8LR4C+R8cPnoupH6CttSYK
+kTtT6W3TTOefD6pDxHmD8D/CUaLESdcmJ2EoJcxn124
-----END CERTIFICATE-----