Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/Ox_5wctFyZuvInmQs0hviVdHYTY.roa
File:                     Ox_5wctFyZuvInmQs0hviVdHYTY.roa (raw, json)
Hash identifier:          g8iHju69S1V2EgutTovP9pVMh3pNWKkzCgYSyMGlRgE=
Subject key identifier:   3B:1F:F9:C1:CB:45:C9:9B:AF:22:79:90:B3:48:6F:89:57:47:61:36
Certificate issuer:       /CN=a75f25ab3c66003b2d5af83d2b3651f88d151f2a
Certificate serial:       019424B2DE99B5A59836441A8C429DAE4BD0
Authority key identifier: A7:5F:25:AB:3C:66:00:3B:2D:5A:F8:3D:2B:36:51:F8:8D:15:1F:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/Ox_5wctFyZuvInmQs0hviVdHYTY.roa
Signing time:             Thu 02 Jan 2025 01:48:09 +0000
ROA not before:           Thu 02 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197487
IP address blocks:        176.113.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:de:99:b5:a5:98:36:44:1a:8c:42:9d:ae:4b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a75f25ab3c66003b2d5af83d2b3651f88d151f2a
        Validity
            Not Before: Jan  2 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b1ff9c1cb45c99baf227990b3486f8957476136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ab:cd:98:41:e7:e8:6c:96:ef:3d:27:3f:ca:
                    44:e3:c1:6b:cf:28:f3:8e:bf:a6:72:69:af:41:52:
                    69:a1:35:41:63:9c:ec:50:72:e2:da:27:09:d0:ce:
                    7b:96:eb:6b:e2:a5:b7:3d:70:db:c4:dd:ce:39:61:
                    ad:dd:13:0c:1b:d5:7e:eb:15:0f:03:21:e7:c9:10:
                    d9:66:be:f3:92:6d:93:eb:06:85:11:dc:9d:59:23:
                    ff:10:ab:ae:7d:a3:be:c0:f9:8d:5b:19:bf:ff:60:
                    5d:0f:35:ef:db:96:e2:1e:b6:5f:42:bc:f6:17:27:
                    5a:25:b5:1c:2c:2b:0f:26:c7:02:79:73:6c:d1:ed:
                    75:d6:ce:c2:1b:e7:1e:1e:ab:f7:2c:a4:4a:dc:66:
                    46:b8:ff:2e:31:bd:90:0c:87:58:7f:92:0f:7b:6d:
                    3c:f4:82:a7:13:03:48:e5:f0:3f:90:8a:7c:41:37:
                    ca:60:e4:ff:b2:e8:86:27:ab:52:e1:99:e5:4d:13:
                    d2:a7:68:99:1d:66:a7:f3:f2:40:4c:8d:6a:2f:2c:
                    0c:21:7e:06:bb:06:f9:b6:86:2c:93:2c:5a:0d:e9:
                    e3:d3:20:a4:ea:68:0e:4e:75:3f:3f:91:de:90:c2:
                    6b:17:bc:6e:07:5c:49:d9:b8:30:7a:7f:3e:d1:a2:
                    62:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:1F:F9:C1:CB:45:C9:9B:AF:22:79:90:B3:48:6F:89:57:47:61:36
            X509v3 Authority Key Identifier:
                keyid:A7:5F:25:AB:3C:66:00:3B:2D:5A:F8:3D:2B:36:51:F8:8D:15:1F:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/Ox_5wctFyZuvInmQs0hviVdHYTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:89:7c:c2:0d:8d:4c:12:81:b3:9d:9c:cc:cb:3f:cc:a0:fc:
         87:e8:44:39:dc:82:d3:38:1a:59:1e:4c:d5:cd:d4:44:a6:d4:
         ed:6e:46:88:7a:0f:b0:42:59:e1:08:58:da:b0:d7:9f:cc:54:
         08:15:64:66:5a:3a:43:5f:af:53:3f:1f:77:c0:aa:ea:8f:be:
         d0:ab:f6:29:2a:f9:20:a3:e9:8d:41:2b:de:c9:68:e1:d1:85:
         d9:80:28:2a:23:51:e2:8d:19:5d:4f:3e:47:38:e5:65:05:65:
         d1:6e:77:ad:8a:df:1d:35:b0:2e:be:bc:1f:0b:53:d0:0b:ea:
         5b:68:c9:70:3a:ef:97:dc:06:7c:c2:9f:fa:36:40:9a:99:99:
         9a:d4:82:72:e8:16:ce:b2:d1:9d:6b:86:4b:7b:fb:b8:62:ac:
         bf:b5:6d:08:54:5c:25:41:a2:7c:45:d4:08:1b:bd:3d:a4:84:
         4e:d3:f0:ae:4a:c2:56:ae:c8:a7:62:02:70:e4:a5:ae:ab:d0:
         fa:ec:d8:54:a8:f1:35:00:df:38:68:27:81:36:1a:62:a3:33:
         64:e5:52:fa:0b:15:9b:73:e9:93:d7:3e:e5:36:96:24:8f:4e:
         1f:f0:ec:d8:a6:30:81:d9:a1:aa:6a:d0:f9:c9:55:33:52:4a:
         2a:72:77:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkst6ZtaWYNkQajEKdrkvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NWYyNWFiM2M2NjAwM2IyZDVhZjgzZDJiMzY1MWY4OGQx
NTFmMmEwHhcNMjUwMTAyMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjFmZjljMWNiNDVjOTliYWYyMjc5OTBiMzQ4NmY4OTU3NDc2MTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqvNmEHn6GyW7z0nP8pE48Frzyjz
jr+mcmmvQVJpoTVBY5zsUHLi2icJ0M57lutr4qW3PXDbxN3OOWGt3RMMG9V+6xUP
AyHnyRDZZr7zkm2T6waFEdydWSP/EKuufaO+wPmNWxm//2BdDzXv25biHrZfQrz2
FydaJbUcLCsPJscCeXNs0e111s7CG+ceHqv3LKRK3GZGuP8uMb2QDIdYf5IPe208
9IKnEwNI5fA/kIp8QTfKYOT/suiGJ6tS4ZnlTRPSp2iZHWan8/JATI1qLywMIX4G
uwb5toYskyxaDenj0yCk6mgOTnU/P5HekMJrF7xuB1xJ2bgwen8+0aJiuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsf+cHLRcmbryJ5kLNIb4lXR2E2MB8GA1UdIwQY
MBaAFKdfJas8ZgA7LVr4PSs2UfiNFR8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDE4bHF6eG1BRHN0V3ZnOUt6WlItSTBWSHlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kMGVmMzEtOTkxZC00OTZkLTk2MzUt
YjZmNGE0ZDYwNTNiLzEvT3hfNXdjdEZ5WnV2SW5tUXMwaHZpVmRIWVRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kMGVmMzEtOTkxZC00OTZkLTk2MzUtYjZmNGE0ZDYwNTNi
LzEvcDE4bHF6eG1BRHN0V3ZnOUt6WlItSTBWSHlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHFxMA0G
CSqGSIb3DQEBCwUAA4IBAQBpiXzCDY1MEoGznZzMyz/MoPyH6EQ53ILTOBpZHkzV
zdREptTtbkaIeg+wQlnhCFjasNefzFQIFWRmWjpDX69TPx93wKrqj77Qq/YpKvkg
o+mNQSveyWjh0YXZgCgqI1HijRldTz5HOOVlBWXRbnetit8dNbAuvrwfC1PQC+pb
aMlwOu+X3AZ8wp/6NkCamZma1IJy6BbOstGda4ZLe/u4Yqy/tW0IVFwlQaJ8RdQI
G709pIRO0/CuSsJWrsinYgJw5KWuq9D67NhUqPE1AN84aCeBNhpiozNk5VL6CxWb
c+mT1z7lNpYkj04f8OzYpjCB2aGqatD5yVUzUkoqcndr
-----END CERTIFICATE-----