Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pDfqDwyblFH9gTx0mUFuOfjLEgc.roa
File:                     pDfqDwyblFH9gTx0mUFuOfjLEgc.roa (raw, json)
Hash identifier:          EKiUryut3MS+yx0E4vnAekk51Ko92HgmbfpLFyrWnOM=
Subject key identifier:   A4:37:EA:0F:0C:9B:94:51:FD:81:3C:74:99:41:6E:39:F8:CB:12:07
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5B4C9538A9A38C997BA777337DD19
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pDfqDwyblFH9gTx0mUFuOfjLEgc.roa
Signing time:             Wed 01 Jan 2025 07:47:43 +0000
ROA not before:           Wed 01 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48125
IP address blocks:        217.109.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b4:c9:53:8a:9a:38:c9:97:ba:77:73:37:dd:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a437ea0f0c9b9451fd813c7499416e39f8cb1207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:f4:34:f8:3d:93:e5:ed:74:d0:35:da:d6:5a:
                    18:31:ab:22:23:88:93:fc:e5:ea:4f:29:90:d1:f2:
                    22:aa:5f:b1:8e:d0:50:d6:f1:5e:b8:d0:10:c2:fb:
                    a7:3b:49:e4:f3:ab:b2:8b:ac:0d:04:be:10:b1:5d:
                    64:cf:58:91:7f:dd:36:2f:e2:4c:a3:54:28:cb:28:
                    e1:cf:67:54:80:f3:36:8b:8c:2e:ee:0b:15:81:35:
                    7f:14:8a:df:4c:66:65:60:dc:a1:f8:12:d0:87:a2:
                    28:4c:b7:59:4d:d9:b8:8c:62:7f:c0:1d:9a:8f:b0:
                    5d:68:31:cf:79:21:6b:20:13:98:ba:d0:1b:c8:b2:
                    50:50:27:b6:cb:39:29:ff:5b:23:c6:99:70:87:c4:
                    b2:b5:46:32:5e:70:10:ff:25:7d:6c:59:a6:04:23:
                    87:d9:78:69:fb:99:6f:50:e1:76:f1:fb:c3:95:81:
                    05:33:2e:8d:bf:54:93:05:12:06:99:6b:72:4c:bb:
                    a5:a0:53:14:58:d8:ff:2d:05:49:df:0f:68:89:ef:
                    1e:2b:0d:da:1d:83:40:b5:55:fa:8d:4c:c5:2c:f0:
                    b1:04:a7:e8:5c:ce:f2:a5:9b:a2:81:fa:2c:2b:d6:
                    c4:71:2e:67:a6:de:39:02:46:b7:99:69:2d:d4:75:
                    ef:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:37:EA:0F:0C:9B:94:51:FD:81:3C:74:99:41:6E:39:F8:CB:12:07
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/pDfqDwyblFH9gTx0mUFuOfjLEgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.109.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:99:7b:65:42:b6:e7:a0:d5:02:94:73:a6:12:ef:c7:22:ac:
         05:7e:80:27:94:dc:0b:78:ec:fe:4a:48:c4:78:11:ee:06:78:
         a2:46:3a:06:57:e4:f0:3b:e9:f4:dd:14:e2:c8:81:66:bc:cb:
         17:ff:d0:b5:60:b4:62:65:1d:41:b0:08:bd:50:52:9f:03:b7:
         88:e3:db:e2:30:17:f6:ff:a5:23:39:71:c5:55:79:01:26:80:
         63:f3:55:09:59:d2:05:19:e1:92:e9:4c:31:64:c9:3e:4b:8d:
         e7:9d:27:e6:8e:94:e9:6b:79:35:ca:85:e5:f5:71:f1:6a:6e:
         5a:25:92:2a:51:04:34:c1:9b:c8:69:e3:17:11:19:ec:e4:39:
         99:fb:be:80:54:28:70:d6:94:bd:5c:d5:b1:e3:93:2e:4d:25:
         93:f5:5c:ae:f4:8e:eb:fa:04:4d:7a:a4:d6:05:bc:f8:b0:e2:
         e8:6e:d4:da:a3:c8:04:ab:c8:42:3d:3e:8c:63:9f:b7:f5:1b:
         59:3a:1f:3a:5c:17:c9:63:a2:b6:d7:88:41:01:08:39:62:84:
         cc:37:95:6f:9d:43:20:f2:81:8a:94:7f:81:46:50:6d:97:45:
         3e:b4:24:dc:1b:e1:4c:6d:28:8c:6f:f2:37:bd:93:9e:49:53:
         f9:88:d7:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bTJU4qaOMmXundzN90ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM3ZWEwZjBjOWI5NDUxZmQ4MTNjNzQ5OTQxNmUzOWY4Y2IxMjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PQ0+D2T5e100DXa1loYMasiI4iT
/OXqTymQ0fIiql+xjtBQ1vFeuNAQwvunO0nk86uyi6wNBL4QsV1kz1iRf902L+JM
o1Qoyyjhz2dUgPM2i4wu7gsVgTV/FIrfTGZlYNyh+BLQh6IoTLdZTdm4jGJ/wB2a
j7BdaDHPeSFrIBOYutAbyLJQUCe2yzkp/1sjxplwh8SytUYyXnAQ/yV9bFmmBCOH
2Xhp+5lvUOF28fvDlYEFMy6Nv1STBRIGmWtyTLuloFMUWNj/LQVJ3w9oie8eKw3a
HYNAtVX6jUzFLPCxBKfoXM7ypZuigfosK9bEcS5npt45Aka3mWkt1HXv8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ36g8Mm5RR/YE8dJlBbjn4yxIHMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcERmcUR3eWJsRkg5Z1R4MG1VRnVPZmpMRWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2W10MA0G
CSqGSIb3DQEBCwUAA4IBAQBAmXtlQrbnoNUClHOmEu/HIqwFfoAnlNwLeOz+SkjE
eBHuBniiRjoGV+TwO+n03RTiyIFmvMsX/9C1YLRiZR1BsAi9UFKfA7eI49viMBf2
/6UjOXHFVXkBJoBj81UJWdIFGeGS6UwxZMk+S43nnSfmjpTpa3k1yoXl9XHxam5a
JZIqUQQ0wZvIaeMXERns5DmZ+76AVChw1pS9XNWx45MuTSWT9Vyu9I7r+gRNeqTW
Bbz4sOLobtTao8gEq8hCPT6MY5+39RtZOh86XBfJY6K214hBAQg5YoTMN5VvnUMg
8oGKlH+BRlBtl0U+tCTcG+FMbSiMb/I3vZOeSVP5iNdL
-----END CERTIFICATE-----