Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SvSRiBbRcu49jkThTVT2-t8qF4M.roa
File:                     SvSRiBbRcu49jkThTVT2-t8qF4M.roa (raw, json)
Hash identifier:          KjcdxZl/stBbM5j5zVJQD9i4mWbXxkhMyNqt6P4zr70=
Subject key identifier:   4A:F4:91:88:16:D1:72:EE:3D:8E:44:E1:4D:54:F6:FA:DF:2A:17:83
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5A3D17013417B9DF0270DA31917DD
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SvSRiBbRcu49jkThTVT2-t8qF4M.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15422
IP address blocks:        194.206.254.0/24 maxlen: 24
                          217.109.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a3:d1:70:13:41:7b:9d:f0:27:0d:a3:19:17:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4af4918816d172ee3d8e44e14d54f6fadf2a1783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9d:eb:5e:93:f6:0c:d3:82:47:a0:15:44:d6:
                    15:5c:f2:c0:a6:d7:62:2d:a4:71:2b:89:9e:d2:d8:
                    1b:09:72:a3:7b:79:5c:92:86:57:0d:c1:83:51:e2:
                    35:4e:57:f3:3d:02:3e:d1:44:85:b9:9d:7b:58:5a:
                    9b:9e:df:5f:f4:ee:ae:0a:02:12:8f:42:a0:21:50:
                    f7:e6:f1:71:d1:c8:14:29:9e:29:de:21:6a:2d:a8:
                    bb:1a:36:38:1c:17:5a:e0:01:8b:9f:13:23:67:1b:
                    ad:27:3c:ed:f8:8f:32:6e:1f:d9:19:37:da:16:12:
                    b1:97:91:da:fc:5e:f4:a6:62:42:4a:3c:f1:57:15:
                    38:db:dc:27:7e:82:fb:bf:0f:49:a9:4a:c0:fe:dc:
                    19:d3:42:e9:ce:77:7c:6d:aa:74:2e:d6:d6:c4:20:
                    2d:19:7b:8d:0b:d2:2a:3f:4f:83:0f:9e:b2:a4:a5:
                    2a:06:02:2c:0d:e7:7f:6b:0a:9c:64:59:c7:06:ca:
                    5f:67:cc:f2:71:d6:f6:78:16:c8:c6:4a:d8:41:8e:
                    9a:38:d5:61:8b:bc:e9:b9:00:21:e6:9b:bb:7f:4b:
                    d3:67:b0:b3:ce:72:6c:62:40:de:8b:4b:36:e3:b7:
                    3c:1f:bb:49:6e:8d:2c:e4:e4:93:98:3f:4d:ac:36:
                    12:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:F4:91:88:16:D1:72:EE:3D:8E:44:E1:4D:54:F6:FA:DF:2A:17:83
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/SvSRiBbRcu49jkThTVT2-t8qF4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.206.254.0/24
                  217.109.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:3c:ce:05:dc:8d:81:5b:48:06:2f:57:ab:68:fd:90:00:b5:
         8e:5b:ca:6e:77:c1:16:76:7f:f0:3d:1b:f5:6e:29:f9:da:88:
         18:89:c8:39:13:71:81:49:9d:be:54:28:29:55:35:89:6c:b3:
         8e:07:fb:6b:7c:51:41:3d:e9:c4:12:2e:e6:e1:50:56:ab:26:
         59:85:4f:5f:e2:61:fd:7f:57:ec:7f:8b:10:54:1c:83:94:49:
         97:95:c2:9b:0d:53:7c:ca:8a:1e:85:f5:87:cb:42:f7:b8:b3:
         32:16:6e:1b:aa:c6:f4:62:3d:f7:40:7c:2d:17:72:26:f6:70:
         52:b1:af:00:68:3f:2e:f0:05:77:8d:a8:9e:18:d1:5b:25:2d:
         44:03:d7:b4:28:b2:b0:1a:d4:45:3a:69:b0:db:10:f0:03:8f:
         98:55:f8:c7:6d:85:d2:8b:58:a1:e1:5e:6b:5c:81:1d:34:31:
         7f:97:c3:92:47:47:ed:36:ed:e5:5f:c9:ac:bb:bb:0d:69:d3:
         77:48:ec:1e:7f:bb:65:a6:ae:a7:d9:8a:89:f9:3c:bd:b3:c9:
         55:51:78:ed:d2:67:6e:99:11:3e:ef:06:aa:76:df:20:6e:0c:
         33:d8:bc:5b:08:33:e0:1b:91:b4:b6:1d:68:a7:3e:01:96:1b:
         20:c8:eb:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1aPRcBNBe53wJw2jGRfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWY0OTE4ODE2ZDE3MmVlM2Q4ZTQ0ZTE0ZDU0ZjZmYWRmMmExNzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu53rXpP2DNOCR6AVRNYVXPLAptdi
LaRxK4me0tgbCXKje3lckoZXDcGDUeI1TlfzPQI+0USFuZ17WFqbnt9f9O6uCgIS
j0KgIVD35vFx0cgUKZ4p3iFqLai7GjY4HBda4AGLnxMjZxutJzzt+I8ybh/ZGTfa
FhKxl5Ha/F70pmJCSjzxVxU429wnfoL7vw9JqUrA/twZ00Lpznd8bap0LtbWxCAt
GXuNC9IqP0+DD56ypKUqBgIsDed/awqcZFnHBspfZ8zycdb2eBbIxkrYQY6aONVh
i7zpuQAh5pu7f0vTZ7CzznJsYkDei0s247c8H7tJbo0s5OSTmD9NrDYSMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEr0kYgW0XLuPY5E4U1U9vrfKheDMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvU3ZTUmlCYlJjdTQ5amtUaFRWVDItdDhxRjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAws7+AwQA
2W1DMA0GCSqGSIb3DQEBCwUAA4IBAQASPM4F3I2BW0gGL1eraP2QALWOW8pud8EW
dn/wPRv1bin52ogYicg5E3GBSZ2+VCgpVTWJbLOOB/trfFFBPenEEi7m4VBWqyZZ
hU9f4mH9f1fsf4sQVByDlEmXlcKbDVN8yooehfWHy0L3uLMyFm4bqsb0Yj33QHwt
F3Im9nBSsa8AaD8u8AV3jaieGNFbJS1EA9e0KLKwGtRFOmmw2xDwA4+YVfjHbYXS
i1ih4V5rXIEdNDF/l8OSR0ftNu3lX8msu7sNadN3SOwef7tlpq6n2YqJ+Ty9s8lV
UXjt0mdumRE+7waqdt8gbgwz2LxbCDPgG5G0th1opz4BlhsgyOuL
-----END CERTIFICATE-----