Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/ZIKQeQoBMcgJAAR9TP75a76cDn0.roa
File:                     ZIKQeQoBMcgJAAR9TP75a76cDn0.roa (raw, json)
Hash identifier:          mC8mJajWFAnAfTbKX+aRBKG3/mLcH0XDCCRpUt2qu64=
Subject key identifier:   64:82:90:79:0A:01:31:C8:09:00:04:7D:4C:FE:F9:6B:BE:9C:0E:7D
Certificate issuer:       /CN=a62fb9fd31c2c60abda14e0b3c92a89866829d8e
Certificate serial:       0194244572B133C8623FAD0EA33A6F5665BC
Authority key identifier: A6:2F:B9:FD:31:C2:C6:0A:BD:A1:4E:0B:3C:92:A8:98:66:82:9D:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/ZIKQeQoBMcgJAAR9TP75a76cDn0.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42778
IP address blocks:        194.110.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:72:b1:33:c8:62:3f:ad:0e:a3:3a:6f:56:65:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62fb9fd31c2c60abda14e0b3c92a89866829d8e
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=648290790a0131c80900047d4cfef96bbe9c0e7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d4:ea:63:08:8d:bd:c0:36:18:d9:91:11:55:
                    98:21:5f:e9:b5:16:f9:67:e2:e1:4d:46:29:2e:6d:
                    2f:a6:ee:84:21:21:95:34:9c:fb:27:38:67:fb:8d:
                    35:65:39:6d:b0:8c:dd:9f:cb:3d:96:86:9d:99:61:
                    c1:de:c6:bb:80:50:b4:52:a1:76:5d:a6:34:75:ce:
                    4e:09:f6:ff:c4:0c:17:32:33:c4:0c:9d:99:01:50:
                    07:10:9a:d8:64:3b:57:cf:bb:d3:8b:31:28:ba:7b:
                    f0:1e:c0:49:c8:f2:4c:b6:90:20:3a:8c:38:2f:fe:
                    a0:4a:27:31:13:0a:16:6c:bf:18:dd:aa:f6:ac:6f:
                    81:b8:e8:b3:e2:90:2c:ee:b3:cd:cb:bb:22:c7:be:
                    bf:f3:91:59:e9:aa:3c:10:1f:e1:30:f0:a4:7f:a9:
                    5b:ac:61:5c:40:2f:f7:ba:5f:81:07:20:bb:f4:d7:
                    33:c3:c9:4b:a2:2e:bc:26:20:dd:dc:80:13:55:66:
                    e9:32:c6:b4:2c:59:60:22:36:31:a7:a6:bc:19:0c:
                    29:64:9e:90:43:63:db:3d:f6:65:88:7f:84:ab:48:
                    18:0c:68:9d:44:00:94:0f:4e:08:f9:8c:9c:0f:f0:
                    bc:83:e5:51:ca:10:1d:56:35:0c:c3:09:d7:3b:b4:
                    f3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:82:90:79:0A:01:31:C8:09:00:04:7D:4C:FE:F9:6B:BE:9C:0E:7D
            X509v3 Authority Key Identifier:
                keyid:A6:2F:B9:FD:31:C2:C6:0A:BD:A1:4E:0B:3C:92:A8:98:66:82:9D:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi-5_THCxgq9oU4LPJKomGaCnY4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/ZIKQeQoBMcgJAAR9TP75a76cDn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/e051ff-ce25-4d6c-83fd-1abb8e27b4d1/1/pi-5_THCxgq9oU4LPJKomGaCnY4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:30:86:41:04:ef:97:00:b9:8e:d9:b9:55:66:53:e2:6c:82:
         56:d2:df:17:db:5b:ca:58:4d:cd:2e:fe:57:02:a4:f8:a1:51:
         a6:d0:b9:32:22:c3:bb:f1:99:1d:01:8f:cd:45:6e:f3:60:23:
         38:7f:6d:33:a8:0a:e5:bf:ba:8f:dc:04:bb:a9:0a:82:a9:c5:
         22:8e:c9:5f:74:c8:45:79:2d:0f:13:b4:21:59:60:f7:14:76:
         35:75:bb:a8:4f:d2:b8:1e:cc:12:ca:ea:85:55:54:91:80:ab:
         9d:df:cd:fa:4e:40:3f:fb:73:1a:f4:60:26:0c:5f:84:fa:40:
         20:87:e2:6c:fb:ed:fe:91:c7:d9:02:5e:89:2c:4a:55:33:fd:
         52:7b:68:99:37:26:d4:ce:26:7a:3b:88:40:a8:19:ad:e4:87:
         6e:43:88:76:c9:86:69:d1:a6:6c:f2:6c:60:b7:f2:d6:a0:bf:
         08:76:5b:11:37:ac:3c:8a:3e:69:67:0d:9b:86:2f:57:a8:88:
         26:2c:40:84:c9:bd:be:24:44:4c:01:7c:5d:e7:39:e1:23:33:
         3a:cf:da:2e:8f:7f:0f:bb:b3:68:64:6e:45:8e:11:8a:f2:c1:
         86:bc:4a:7d:79:c3:73:b5:5e:94:19:1b:fc:b6:7b:09:14:2e:
         ab:f4:41:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXKxM8hiP60OozpvVmW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmZiOWZkMzFjMmM2MGFiZGExNGUwYjNjOTJhODk4NjY4
MjlkOGUwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDgyOTA3OTBhMDEzMWM4MDkwMDA0N2Q0Y2ZlZjk2YmJlOWMwZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNTqYwiNvcA2GNmREVWYIV/ptRb5
Z+LhTUYpLm0vpu6EISGVNJz7Jzhn+401ZTltsIzdn8s9loadmWHB3sa7gFC0UqF2
XaY0dc5OCfb/xAwXMjPEDJ2ZAVAHEJrYZDtXz7vTizEounvwHsBJyPJMtpAgOow4
L/6gSicxEwoWbL8Y3ar2rG+BuOiz4pAs7rPNy7six76/85FZ6ao8EB/hMPCkf6lb
rGFcQC/3ul+BByC79Nczw8lLoi68JiDd3IATVWbpMsa0LFlgIjYxp6a8GQwpZJ6Q
Q2PbPfZliH+Eq0gYDGidRACUD04I+YycD/C8g+VRyhAdVjUMwwnXO7TzcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSCkHkKATHICQAEfUz++Wu+nA59MB8GA1UdIwQY
MBaAFKYvuf0xwsYKvaFOCzySqJhmgp2OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGktNV9USEN4Z3E5b1U0TFBKS29tR2FDblk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9lMDUxZmYtY2UyNS00ZDZjLTgzZmQt
MWFiYjhlMjdiNGQxLzEvWklLUWVRb0JNY2dKQUFSOVRQNzVhNzZjRG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9lMDUxZmYtY2UyNS00ZDZjLTgzZmQtMWFiYjhlMjdiNGQx
LzEvcGktNV9USEN4Z3E5b1U0TFBKS29tR2FDblk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7wMA0G
CSqGSIb3DQEBCwUAA4IBAQAxMIZBBO+XALmO2blVZlPibIJW0t8X21vKWE3NLv5X
AqT4oVGm0LkyIsO78ZkdAY/NRW7zYCM4f20zqArlv7qP3AS7qQqCqcUijslfdMhF
eS0PE7QhWWD3FHY1dbuoT9K4HswSyuqFVVSRgKud3836TkA/+3Ma9GAmDF+E+kAg
h+Js++3+kcfZAl6JLEpVM/1Se2iZNybUziZ6O4hAqBmt5IduQ4h2yYZp0aZs8mxg
t/LWoL8IdlsRN6w8ij5pZw2bhi9XqIgmLECEyb2+JERMAXxd5znhIzM6z9ouj38P
u7NoZG5FjhGK8sGGvEp9ecNztV6UGRv8tnsJFC6r9EFW
-----END CERTIFICATE-----