Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/CGUheZJ5jb9odIiPq7FdA6K0ldQ.roa
File:                     CGUheZJ5jb9odIiPq7FdA6K0ldQ.roa (raw, json)
Hash identifier:          c1sb2ZQ0rgAq8fN12sy6Te2LO2mSWyqLnck1dZimBv8=
Subject key identifier:   08:65:21:79:92:79:8D:BF:68:74:88:8F:AB:B1:5D:03:A2:B4:95:D4
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       0194236A266398DD0A516346FDE5381D1588
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/CGUheZJ5jb9odIiPq7FdA6K0ldQ.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24727
IP address blocks:        212.81.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:26:63:98:dd:0a:51:63:46:fd:e5:38:1d:15:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0865217992798dbf6874888fabb15d03a2b495d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:46:15:d1:42:58:a0:7b:c3:f3:25:51:d9:dd:
                    75:8a:0a:84:0a:8d:11:63:6d:41:44:3c:cb:68:4b:
                    fa:4e:fa:62:c3:4a:12:d2:20:99:97:15:16:07:b9:
                    9e:51:31:20:e7:0a:5a:1f:9e:5b:fe:7b:a6:90:cb:
                    0a:8c:1a:08:4d:da:1f:61:24:dd:91:36:fb:48:f7:
                    27:8f:bc:55:d5:55:88:3b:64:7d:de:84:29:8c:33:
                    42:e6:a8:5f:a4:7a:e6:f6:74:d3:97:40:fa:05:a7:
                    aa:b9:11:a6:33:50:e2:23:28:2c:bb:08:cd:ab:90:
                    8e:0a:98:4a:c2:e9:ff:dc:a8:4b:ab:4d:d7:b8:08:
                    67:80:d1:a0:8f:12:60:6d:c1:07:3b:5d:c9:04:d3:
                    84:ea:b9:14:38:65:38:ee:44:a6:f9:b4:c1:14:98:
                    eb:54:36:e8:53:2d:d5:10:55:1c:f3:1a:e7:78:22:
                    77:22:f4:27:9a:90:b6:60:b8:8c:94:eb:e7:b7:0d:
                    27:3f:e0:13:4c:ba:90:69:77:3d:96:9c:de:77:ab:
                    9b:74:38:d9:d8:da:fe:f1:fe:2a:44:74:e7:4e:64:
                    a4:07:df:ab:14:2f:3e:91:97:15:12:32:f1:bc:25:
                    b1:38:5b:61:8c:e0:3d:94:29:24:21:21:d6:84:e3:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:65:21:79:92:79:8D:BF:68:74:88:8F:AB:B1:5D:03:A2:B4:95:D4
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/CGUheZJ5jb9odIiPq7FdA6K0ldQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.81.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:9b:35:75:33:0b:48:88:23:14:fc:8a:49:bd:35:66:94:f8:
         ed:22:51:3e:21:11:7a:68:3e:ea:1f:42:48:fe:58:a5:ca:d7:
         51:7a:f5:43:57:fe:c3:89:f8:6a:a6:06:f2:77:62:24:ab:67:
         eb:72:91:5e:4f:d6:57:0d:41:4f:f1:2d:18:c0:a8:78:a2:b6:
         78:98:f5:91:9a:00:a6:81:8d:5e:aa:83:aa:5d:ae:01:f4:d1:
         15:cc:70:3e:10:c1:e4:75:d1:0f:1e:43:3d:67:98:f2:f1:bb:
         c0:47:fb:fa:d1:e7:9d:a3:bc:32:dc:9b:f9:ba:63:92:65:77:
         e2:71:87:3c:ac:64:42:e9:44:03:01:21:dd:b2:aa:dd:c3:0c:
         0d:92:30:08:50:48:98:62:35:09:ca:55:bd:77:9f:f0:c5:dd:
         ea:1d:8c:f2:fc:62:b7:6f:b1:71:5e:45:4e:3a:58:1b:4f:12:
         e3:30:1a:f2:85:3d:a3:ca:67:0a:2d:f0:e2:3b:ed:08:1c:9d:
         b5:4a:e9:29:d3:a5:8a:bc:d2:68:e1:fb:5e:a2:fd:28:43:f9:
         33:8b:72:d9:67:99:c7:e6:77:d4:89:b2:7f:ae:52:de:73:7a:
         44:6b:42:d5:5c:e5:6b:45:90:7e:0a:93:07:bd:85:90:e4:07:
         9f:e7:ce:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiZjmN0KUWNG/eU4HRWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY1MjE3OTkyNzk4ZGJmNjg3NDg4OGZhYmIxNWQwM2EyYjQ5NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUYV0UJYoHvD8yVR2d11igqECo0R
Y21BRDzLaEv6Tvpiw0oS0iCZlxUWB7meUTEg5wpaH55b/numkMsKjBoITdofYSTd
kTb7SPcnj7xV1VWIO2R93oQpjDNC5qhfpHrm9nTTl0D6BaequRGmM1DiIygsuwjN
q5COCphKwun/3KhLq03XuAhngNGgjxJgbcEHO13JBNOE6rkUOGU47kSm+bTBFJjr
VDboUy3VEFUc8xrneCJ3IvQnmpC2YLiMlOvntw0nP+ATTLqQaXc9lpzed6ubdDjZ
2Nr+8f4qRHTnTmSkB9+rFC8+kZcVEjLxvCWxOFthjOA9lCkkISHWhONpxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhlIXmSeY2/aHSIj6uxXQOitJXUMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvQ0dVaGVaSjVqYjlvZElpUHE3RmRBNkswbGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FEQMA0G
CSqGSIb3DQEBCwUAA4IBAQCxmzV1MwtIiCMU/IpJvTVmlPjtIlE+IRF6aD7qH0JI
/lilytdRevVDV/7Difhqpgbyd2Ikq2frcpFeT9ZXDUFP8S0YwKh4orZ4mPWRmgCm
gY1eqoOqXa4B9NEVzHA+EMHkddEPHkM9Z5jy8bvAR/v60eedo7wy3Jv5umOSZXfi
cYc8rGRC6UQDASHdsqrdwwwNkjAIUEiYYjUJylW9d5/wxd3qHYzy/GK3b7FxXkVO
OlgbTxLjMBryhT2jymcKLfDiO+0IHJ21Sukp06WKvNJo4fteov0oQ/kzi3LZZ5nH
5nfUibJ/rlLec3pEa0LVXOVrRZB+CpMHvYWQ5Aef587P
-----END CERTIFICATE-----