Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cx4D5YI97Cdc_NaYj835r33qumg.roa
File:                     cx4D5YI97Cdc_NaYj835r33qumg.roa (raw, json)
Hash identifier:          YrItbHH7YLoDiEeTmv7NON7iliOb3z+nfBFH88fyUSg=
Subject key identifier:   73:1E:03:E5:82:3D:EC:27:5C:FC:D6:98:8F:CD:F9:AF:7D:EA:BA:68
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE5C653BF79C0CD980BBC72132C7E01
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cx4D5YI97Cdc_NaYj835r33qumg.roa
Signing time:             Tue 28 Jan 2025 12:32:07 +0000
ROA not before:           Tue 28 Jan 2025 12:32:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        212.192.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e5:c6:53:bf:79:c0:cd:98:0b:bc:72:13:2c:7e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:32:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=731e03e5823dec275cfcd6988fcdf9af7deaba68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:29:91:4e:80:9d:47:6c:ea:08:4b:55:a3:1b:
                    09:44:dd:5c:13:0a:ed:ef:e7:f8:f1:48:65:a7:db:
                    fb:55:0f:b7:37:4e:32:d0:bf:41:16:fc:a5:b3:8f:
                    6a:41:83:b2:48:8b:a7:72:92:f4:5e:b3:b2:fd:eb:
                    01:3f:86:20:6e:62:fe:ba:3c:61:cc:05:4c:5e:15:
                    a6:46:bc:72:94:3d:46:18:ec:f7:f9:11:9b:b5:d4:
                    f0:27:5b:3c:2e:65:5a:cb:4a:6d:67:3e:fa:06:d4:
                    07:eb:54:54:1b:a4:61:16:a2:b9:a5:e2:05:92:7d:
                    64:d1:b3:8f:eb:c1:4e:bd:f9:49:06:67:8a:a2:d9:
                    13:fa:10:b8:dd:72:ad:70:1e:4e:15:17:5f:3b:65:
                    a5:8b:76:b4:3b:e5:22:29:29:6d:14:9e:2d:eb:5f:
                    38:97:6a:d0:d4:0e:53:86:d8:1c:7e:e3:24:3b:8b:
                    f1:b9:3f:65:ae:11:77:08:05:97:cf:6a:81:5f:4d:
                    f3:eb:4b:75:7e:92:37:a6:36:b5:a5:67:c6:74:f5:
                    81:5f:4f:64:ac:fe:17:38:2d:fb:0c:28:0f:74:71:
                    31:80:97:9b:5b:d0:a5:e4:c1:ce:ca:de:5c:9f:a9:
                    5a:f5:70:4b:3e:ba:41:45:1e:de:0f:fb:aa:80:0e:
                    00:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1E:03:E5:82:3D:EC:27:5C:FC:D6:98:8F:CD:F9:AF:7D:EA:BA:68
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cx4D5YI97Cdc_NaYj835r33qumg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:3f:a1:16:af:2a:4f:a6:ac:fe:c4:aa:79:2b:4a:7b:50:e0:
         f5:f8:b7:a7:44:af:84:ff:b8:a6:ef:5c:d0:59:64:5e:36:b6:
         c5:5a:c4:6e:55:8f:ef:4e:6f:37:fd:36:ea:02:91:76:6e:96:
         90:fc:61:e3:5b:8f:87:25:91:17:07:44:dc:04:69:88:fa:ec:
         fc:ce:50:2f:91:63:e1:81:d1:5b:28:e3:70:9b:ff:1c:ed:ce:
         7e:14:17:1e:3e:94:df:2e:b2:0b:79:cb:34:e5:f5:02:85:14:
         be:b4:b6:47:c3:db:42:e0:56:dd:2c:62:16:a8:a6:8e:2b:f4:
         7e:39:dc:eb:28:02:1c:bf:e0:7a:81:36:46:3d:fc:a6:22:34:
         04:58:49:0e:08:e4:6e:0d:7f:f0:aa:78:a9:96:be:fc:a8:25:
         30:9e:24:7b:29:91:53:06:89:67:0a:14:2b:11:32:5f:c7:ef:
         d4:92:fc:c9:64:c9:f8:3e:4e:c2:31:18:72:4f:0b:e6:77:28:
         8c:fe:73:69:7e:0b:fb:33:ce:7c:84:31:ba:f8:83:48:94:37:
         9c:86:51:64:03:59:93:7b:ad:35:39:ab:1a:b1:b9:6b:ca:9a:
         b5:2e:f9:78:e4:a6:84:b0:d8:c1:f6:e2:61:31:6e:9e:5b:67:
         50:44:32:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs5cZTv3nAzZgLvHITLH4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIzMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFlMDNlNTgyM2RlYzI3NWNmY2Q2OTg4ZmNkZjlhZjdkZWFiYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7imRToCdR2zqCEtVoxsJRN1cEwrt
7+f48Uhlp9v7VQ+3N04y0L9BFvyls49qQYOySIuncpL0XrOy/esBP4YgbmL+ujxh
zAVMXhWmRrxylD1GGOz3+RGbtdTwJ1s8LmVay0ptZz76BtQH61RUG6RhFqK5peIF
kn1k0bOP68FOvflJBmeKotkT+hC43XKtcB5OFRdfO2Wli3a0O+UiKSltFJ4t6184
l2rQ1A5ThtgcfuMkO4vxuT9lrhF3CAWXz2qBX03z60t1fpI3pja1pWfGdPWBX09k
rP4XOC37DCgPdHExgJebW9Cl5MHOyt5cn6la9XBLPrpBRR7eD/uqgA4AWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMeA+WCPewnXPzWmI/N+a996rpoMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY3g0RDVZSTk3Q2RjX05hWWo4MzVyMzNxdW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDVMA0G
CSqGSIb3DQEBCwUAA4IBAQAAP6EWrypPpqz+xKp5K0p7UOD1+LenRK+E/7im71zQ
WWReNrbFWsRuVY/vTm83/TbqApF2bpaQ/GHjW4+HJZEXB0TcBGmI+uz8zlAvkWPh
gdFbKONwm/8c7c5+FBcePpTfLrILecs05fUChRS+tLZHw9tC4FbdLGIWqKaOK/R+
OdzrKAIcv+B6gTZGPfymIjQEWEkOCORuDX/wqniplr78qCUwniR7KZFTBolnChQr
ETJfx+/UkvzJZMn4Pk7CMRhyTwvmdyiM/nNpfgv7M858hDG6+INIlDechlFkA1mT
e601Oasasblrypq1Lvl45KaEsNjB9uJhMW6eW2dQRDJ8
-----END CERTIFICATE-----