Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VSoOrgsYwTu2KVdExU_bFQ0ANdo.roa
File:                     VSoOrgsYwTu2KVdExU_bFQ0ANdo.roa (raw, json)
Hash identifier:          TsGqTcbtxgB13NRyB2ElzmSgNOVuipo7gDboWaoxZH0=
Subject key identifier:   55:2A:0E:AE:0B:18:C1:3B:B6:29:57:44:C5:4F:DB:15:0D:00:35:DA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01942369C886658981786E4D4DD80196CADC
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VSoOrgsYwTu2KVdExU_bFQ0ANdo.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142299
IP address blocks:        107.150.167.0/24 maxlen: 24
                          167.160.13.0/24 maxlen: 24
                          170.62.194.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c8:86:65:89:81:78:6e:4d:4d:d8:01:96:ca:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=552a0eae0b18c13bb6295744c54fdb150d0035da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:f5:af:ad:cb:68:e1:21:7f:8e:d2:8f:a4:65:
                    d5:f6:89:11:8d:3a:ac:b8:75:fd:15:ff:e6:b7:4d:
                    b0:34:81:f6:c4:3c:9c:b7:2c:5c:39:85:9e:14:36:
                    c8:62:e8:7b:b0:9a:bc:a9:d9:d9:fb:75:ff:c4:8f:
                    1f:24:9a:fd:3a:80:f6:be:d1:a2:f9:bc:e7:67:4c:
                    f0:33:38:c0:c4:cc:b7:9e:86:9e:00:c0:4d:9b:53:
                    86:01:1d:dd:a0:3b:75:f5:4b:76:c5:36:b2:69:83:
                    a4:d0:c9:d6:e6:0c:67:9b:16:fa:1f:e0:cb:ed:41:
                    9f:5a:d8:15:91:0c:cd:cf:dc:07:28:68:1a:17:0a:
                    fa:c8:1b:32:c9:3c:b4:13:13:e4:30:60:b6:71:6d:
                    48:0d:aa:47:f6:92:86:b7:01:75:16:49:d0:80:a9:
                    51:18:67:f9:35:15:1d:9d:3c:18:8e:c9:73:65:94:
                    50:01:78:ac:7a:c3:46:48:03:b4:88:50:a4:9e:05:
                    40:e0:ed:20:fb:56:c0:50:82:62:7e:ea:8c:f2:27:
                    71:67:5a:d2:60:6d:38:97:bd:a3:2d:c9:89:14:a6:
                    56:0f:0f:8c:89:d3:61:dc:df:19:2d:d9:18:96:4b:
                    d8:dd:ee:48:e0:f7:75:c0:5b:9a:c5:d7:b7:d3:e5:
                    ff:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2A:0E:AE:0B:18:C1:3B:B6:29:57:44:C5:4F:DB:15:0D:00:35:DA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/VSoOrgsYwTu2KVdExU_bFQ0ANdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.167.0/24
                  167.160.13.0/24
                  170.62.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:7e:d5:1f:d2:00:1d:a9:01:4e:08:d8:bc:70:1f:b0:f2:b1:
         64:92:16:2c:e5:b4:bd:ae:a5:34:29:35:57:a1:4b:92:36:ae:
         a1:65:95:55:b6:6d:6f:58:34:c5:8a:b5:a2:ad:05:1f:25:8a:
         bf:55:91:7e:8d:69:ec:2e:d0:0d:fb:e2:a3:c3:28:ae:9e:0c:
         08:23:fc:4a:49:f0:e2:83:f7:d6:8c:5f:4b:d3:e3:58:7e:83:
         c8:05:bb:e8:af:e8:52:54:98:4b:64:d1:6e:25:99:65:31:ca:
         85:0d:31:d1:d6:5e:09:86:26:b4:c8:a5:5e:c0:6c:76:8c:d7:
         87:f9:10:0a:6a:af:dc:44:2f:7e:82:6a:cb:84:b0:d6:d2:a1:
         05:8d:9e:b4:36:42:f1:35:e5:29:8e:f5:e4:a2:c1:3c:06:f0:
         cf:ed:e7:a0:48:6c:61:8a:b0:b6:9c:28:e9:a4:20:f8:a5:04:
         31:f2:f9:5c:2c:b6:a6:e9:15:75:86:4a:38:32:b7:4a:6b:32:
         26:61:c8:1e:73:c3:27:97:93:83:25:27:fc:c2:c2:94:4b:74:
         99:19:db:d7:91:96:7b:5c:67:e7:d9:86:14:7a:f4:4a:1f:53:
         af:44:bc:3b:66:3a:46:78:c7:f8:74:d0:6f:a0:81:83:09:04:
         df:01:3b:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaciGZYmBeG5NTdgBlsrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJhMGVhZTBiMThjMTNiYjYyOTU3NDRjNTRmZGIxNTBkMDAzNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+PWvrcto4SF/jtKPpGXV9okRjTqs
uHX9Ff/mt02wNIH2xDyctyxcOYWeFDbIYuh7sJq8qdnZ+3X/xI8fJJr9OoD2vtGi
+bznZ0zwMzjAxMy3noaeAMBNm1OGAR3doDt19Ut2xTayaYOk0MnW5gxnmxb6H+DL
7UGfWtgVkQzNz9wHKGgaFwr6yBsyyTy0ExPkMGC2cW1IDapH9pKGtwF1FknQgKlR
GGf5NRUdnTwYjslzZZRQAXisesNGSAO0iFCkngVA4O0g+1bAUIJifuqM8idxZ1rS
YG04l72jLcmJFKZWDw+MidNh3N8ZLdkYlkvY3e5I4Pd1wFuaxde30+X/uwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFUqDq4LGME7tilXRMVP2xUNADXaMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVlNvT3Jnc1l3VHUyS1ZkRXhVX2JGUTBBTmRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAa5anAwQA
p6ANAwQBqj7CMA0GCSqGSIb3DQEBCwUAA4IBAQC3ftUf0gAdqQFOCNi8cB+w8rFk
khYs5bS9rqU0KTVXoUuSNq6hZZVVtm1vWDTFirWirQUfJYq/VZF+jWnsLtAN++Kj
wyiungwII/xKSfDig/fWjF9L0+NYfoPIBbvor+hSVJhLZNFuJZllMcqFDTHR1l4J
hia0yKVewGx2jNeH+RAKaq/cRC9+gmrLhLDW0qEFjZ60NkLxNeUpjvXkosE8BvDP
7eegSGxhirC2nCjppCD4pQQx8vlcLLam6RV1hko4MrdKazImYcgec8Mnl5ODJSf8
wsKUS3SZGdvXkZZ7XGfn2YYUevRKH1OvRLw7ZjpGeMf4dNBvoIGDCQTfATso
-----END CERTIFICATE-----