Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/_E9iapjx7rmdCjMi6lOxJAzw41c.roa
File:                     _E9iapjx7rmdCjMi6lOxJAzw41c.roa (raw, json)
Hash identifier:          XzeBU1MqaK56hZttRGiRoj2k5rsX6aCywVY+pFC+b8Q=
Subject key identifier:   FC:4F:62:6A:98:F1:EE:B9:9D:0A:33:22:EA:53:B1:24:0C:F0:E3:57
Certificate issuer:       /CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
Certificate serial:       01942067C4615013A24EEA58A8DD65AC6D24
Authority key identifier: 36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/_E9iapjx7rmdCjMi6lOxJAzw41c.roa
Signing time:             Wed 01 Jan 2025 05:47:38 +0000
ROA not before:           Wed 01 Jan 2025 05:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210350
IP address blocks:        185.230.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c4:61:50:13:a2:4e:ea:58:a8:dd:65:ac:6d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
        Validity
            Not Before: Jan  1 05:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc4f626a98f1eeb99d0a3322ea53b1240cf0e357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d6:59:6d:a5:d9:da:b3:44:e3:24:91:1d:4b:
                    cd:4e:05:c9:05:b8:ff:59:dd:1d:b6:b1:f3:3c:d9:
                    a4:a7:2b:8d:91:c2:a5:22:f3:10:92:d1:1b:a5:be:
                    dc:5f:e1:a2:24:84:53:1f:b8:64:d5:64:9f:f9:4d:
                    32:4a:43:8b:30:22:91:65:63:3c:ea:a2:f7:d4:18:
                    b3:4c:60:c1:e8:a4:a0:3c:d5:57:05:ce:0b:20:49:
                    5b:e6:8d:c8:78:d3:33:aa:68:b9:ec:b0:d9:2c:5b:
                    24:dd:3c:06:5b:2f:a4:ce:7b:8a:bd:b8:11:d4:7a:
                    e7:68:c0:a1:53:73:cb:ef:3a:ff:e3:12:e1:66:2e:
                    6b:fe:e7:f4:da:d2:0b:e5:80:ca:11:f0:5a:10:d7:
                    a7:54:c2:07:e1:d7:7d:3f:af:b5:65:34:a5:a7:02:
                    5b:b8:90:a0:19:37:60:9c:20:33:ff:e9:28:2e:85:
                    f4:d2:51:c7:79:4f:07:98:59:30:80:26:04:2e:e8:
                    fe:74:1c:4e:d8:c5:9b:11:17:18:e4:7e:12:72:ac:
                    74:a0:5a:ec:71:8e:01:df:a0:80:6f:ea:66:e0:a6:
                    a2:0e:df:c8:56:90:5d:50:91:5e:3b:73:ee:1d:4b:
                    7b:2e:bd:02:2a:98:40:98:bb:49:86:e9:11:a6:1a:
                    5a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4F:62:6A:98:F1:EE:B9:9D:0A:33:22:EA:53:B1:24:0C:F0:E3:57
            X509v3 Authority Key Identifier:
                keyid:36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/_E9iapjx7rmdCjMi6lOxJAzw41c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:6e:34:6e:73:62:16:95:c8:fb:cd:52:aa:3e:15:3b:16:1c:
         5c:7f:a7:c8:8c:d5:ed:c2:27:dc:ca:42:b9:f9:61:16:9a:5e:
         db:62:54:15:11:75:87:c6:96:62:78:8f:e7:bb:13:b7:bb:70:
         6a:be:19:f4:43:7c:aa:31:7d:0f:02:78:e5:7a:4d:2d:db:f0:
         56:93:81:35:a4:6a:48:97:b0:bc:88:c5:0b:4b:8d:97:d0:aa:
         bf:b9:d7:02:07:97:9c:29:1a:fc:bc:58:93:5c:59:23:eb:c8:
         46:bf:fe:90:6a:43:67:ab:34:78:80:0e:81:71:e2:0b:4c:44:
         9d:ab:9f:fb:76:14:92:6c:99:11:7d:04:3a:ca:35:a9:f5:d7:
         5f:fe:70:da:88:65:5b:cb:03:f0:be:3c:d1:37:11:4e:a1:ae:
         dc:7b:6a:9b:c0:e5:34:70:18:77:d0:52:6e:95:ad:73:de:57:
         14:a9:15:dc:9d:3d:b6:51:ea:14:e1:0f:f6:16:09:2a:5e:f3:
         46:ce:1c:1d:39:49:3b:73:1c:72:83:35:8c:ef:6f:cf:58:45:
         01:a6:ed:d1:b9:17:30:db:9d:f9:75:de:2e:75:11:d7:37:d5:
         33:e3:66:5c:76:52:30:3d:ad:b2:09:eb:44:6a:9c:77:dd:19:
         5d:9a:d7:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8RhUBOiTupYqN1lrG0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Zjc2MjExZjNjNThmNmM5OGFmOTljZjY1YTZmMWU4ZmY3
YzQzYmEwHhcNMjUwMTAxMDU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzRmNjI2YTk4ZjFlZWI5OWQwYTMzMjJlYTUzYjEyNDBjZjBlMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdZZbaXZ2rNE4ySRHUvNTgXJBbj/
Wd0dtrHzPNmkpyuNkcKlIvMQktEbpb7cX+GiJIRTH7hk1WSf+U0ySkOLMCKRZWM8
6qL31BizTGDB6KSgPNVXBc4LIElb5o3IeNMzqmi57LDZLFsk3TwGWy+kznuKvbgR
1HrnaMChU3PL7zr/4xLhZi5r/uf02tIL5YDKEfBaENenVMIH4dd9P6+1ZTSlpwJb
uJCgGTdgnCAz/+koLoX00lHHeU8HmFkwgCYELuj+dBxO2MWbERcY5H4Scqx0oFrs
cY4B36CAb+pm4KaiDt/IVpBdUJFeO3PuHUt7Lr0CKphAmLtJhukRphpaoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxPYmqY8e65nQozIupTsSQM8ONXMB8GA1UdIwQY
MBaAFDb3YhHzxY9smK+Zz2Wm8ej/fEO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUt
MmZjZjM5NjI1M2I4LzEvX0U5aWFwang3cm1kQ2pNaTZsT3hKQXp3NDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUtMmZjZjM5NjI1M2I4
LzEvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuebvMA0G
CSqGSIb3DQEBCwUAA4IBAQA9bjRuc2IWlcj7zVKqPhU7Fhxcf6fIjNXtwifcykK5
+WEWml7bYlQVEXWHxpZieI/nuxO3u3Bqvhn0Q3yqMX0PAnjlek0t2/BWk4E1pGpI
l7C8iMULS42X0Kq/udcCB5ecKRr8vFiTXFkj68hGv/6QakNnqzR4gA6BceILTESd
q5/7dhSSbJkRfQQ6yjWp9ddf/nDaiGVbywPwvjzRNxFOoa7ce2qbwOU0cBh30FJu
la1z3lcUqRXcnT22UeoU4Q/2FgkqXvNGzhwdOUk7cxxygzWM72/PWEUBpu3RuRcw
2535dd4udRHXN9Uz42ZcdlIwPa2yCetEapx33RldmtfG
-----END CERTIFICATE-----