Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/G476nUAKTiPJHOVq8nA5e_q--jo.roa
File:                     G476nUAKTiPJHOVq8nA5e_q--jo.roa (raw, json)
Hash identifier:          RBYLVll5e4aRdiDwFsCa0na9QgzsuLbF9Bor28EzHvs=
Subject key identifier:   1B:8E:FA:9D:40:0A:4E:23:C9:1C:E5:6A:F2:70:39:7B:FA:BE:FA:3A
Certificate issuer:       /CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
Certificate serial:       0194266BAD18C7E0F6123E7D2D5BEBC7D0A2
Authority key identifier: 2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/G476nUAKTiPJHOVq8nA5e_q--jo.roa
Signing time:             Thu 02 Jan 2025 09:49:38 +0000
ROA not before:           Thu 02 Jan 2025 09:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25006
IP address blocks:        193.127.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ad:18:c7:e0:f6:12:3e:7d:2d:5b:eb:c7:d0:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3b0ae5b7f781122c709a2650adf9729187e1e1
        Validity
            Not Before: Jan  2 09:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b8efa9d400a4e23c91ce56af270397bfabefa3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:04:42:94:4c:ef:47:2e:69:cb:be:e6:86:
                    89:e9:f6:cb:5d:c3:cb:1b:67:b2:4d:0e:c8:12:62:
                    f1:99:86:c7:4a:27:9a:7c:44:46:b4:a9:3f:74:ad:
                    b8:c5:cb:77:97:03:70:79:61:17:94:3b:21:ac:a5:
                    b6:a2:8c:80:55:25:56:83:d1:da:48:bd:e7:18:33:
                    2c:57:82:2f:64:ef:c9:33:6d:71:7b:a7:16:9a:41:
                    2c:7c:10:e5:c3:7b:1e:fa:05:a6:34:f6:5a:e8:91:
                    9f:ab:07:c0:fc:91:ed:dc:75:39:4a:ba:8e:2d:a5:
                    5c:05:e2:a3:9a:8e:77:e7:35:e4:91:2c:6b:58:b2:
                    bc:d4:5f:65:ac:d7:3b:c4:03:da:be:3a:14:2e:9e:
                    59:b2:88:f1:67:29:75:6b:68:60:c4:25:0c:a1:10:
                    9c:17:88:44:75:8d:59:51:81:f9:c3:c5:0a:25:dc:
                    cd:7d:7f:7a:e1:a8:ea:ca:88:f7:6e:af:7a:8a:eb:
                    da:cc:cc:32:b7:5c:a8:05:5b:19:e4:04:84:b0:8e:
                    02:37:52:34:b7:d2:ea:be:66:14:ac:cd:b7:f6:19:
                    6b:c0:57:1c:b3:03:72:96:a3:f0:35:18:79:78:b6:
                    f7:84:29:64:82:8a:f7:f6:8c:c8:e6:6e:84:fa:52:
                    70:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8E:FA:9D:40:0A:4E:23:C9:1C:E5:6A:F2:70:39:7B:FA:BE:FA:3A
            X509v3 Authority Key Identifier:
                keyid:2C:3B:0A:E5:B7:F7:81:12:2C:70:9A:26:50:AD:F9:72:91:87:E1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDsK5bf3gRIscJomUK35cpGH4eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/G476nUAKTiPJHOVq8nA5e_q--jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/53e26b-e7ee-473e-a54a-ffcca3e1f17f/1/LDsK5bf3gRIscJomUK35cpGH4eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.127.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:67:a4:56:fc:63:dd:59:da:a3:33:24:5b:40:c1:f9:c8:ed:
         f2:e3:95:07:dc:92:62:32:4f:76:86:39:54:6b:7f:0e:9c:53:
         c4:cc:8b:5c:5e:5f:9f:bf:63:01:47:32:f2:d9:71:a8:8a:eb:
         f1:ea:9c:d4:e5:52:d6:90:9d:ba:59:d5:27:9b:e5:f5:d1:1e:
         41:ea:2a:65:0d:47:5f:1c:85:31:a1:c9:8b:b0:ac:14:1d:16:
         b7:87:1f:68:20:8f:18:14:eb:43:67:e1:9f:2c:3c:78:61:65:
         62:a9:c6:f2:10:57:33:13:cf:67:79:da:4f:68:d6:7d:06:0d:
         29:56:aa:bd:17:7b:f8:87:58:d3:9a:94:7d:78:c5:18:91:2d:
         10:7f:92:70:b8:3b:f7:88:fe:e9:45:57:29:4b:7d:ab:46:ef:
         31:b1:ee:a9:d4:e7:24:73:c7:65:b2:36:70:05:ff:06:a5:94:
         11:e5:12:fb:ea:d5:e7:56:97:0b:fc:7b:98:df:d3:2c:49:4e:
         02:38:52:2c:50:11:47:95:7e:1c:f5:97:13:d9:ee:74:dc:fe:
         85:e3:a4:4c:e0:01:1e:24:13:78:aa:b1:2f:74:d5:1d:42:9d:
         a8:fa:f7:46:a2:52:59:50:b6:63:f1:a4:c6:93:5b:0c:a0:62:
         e3:9a:7a:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma60Yx+D2Ej59LVvrx9CiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjM2IwYWU1YjdmNzgxMTIyYzcwOWEyNjUwYWRmOTcyOTE4
N2UxZTEwHhcNMjUwMTAyMDk0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhlZmE5ZDQwMGE0ZTIzYzkxY2U1NmFmMjcwMzk3YmZhYmVmYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/8EQpRM70cuacu+5oaJ6fbLXcPL
G2eyTQ7IEmLxmYbHSieafERGtKk/dK24xct3lwNweWEXlDshrKW2ooyAVSVWg9Ha
SL3nGDMsV4IvZO/JM21xe6cWmkEsfBDlw3se+gWmNPZa6JGfqwfA/JHt3HU5SrqO
LaVcBeKjmo535zXkkSxrWLK81F9lrNc7xAPavjoULp5ZsojxZyl1a2hgxCUMoRCc
F4hEdY1ZUYH5w8UKJdzNfX964ajqyoj3bq96iuvazMwyt1yoBVsZ5ASEsI4CN1I0
t9LqvmYUrM239hlrwFccswNylqPwNRh5eLb3hClkgor39ozI5m6E+lJwtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuO+p1ACk4jyRzlavJwOXv6vvo6MB8GA1UdIwQY
MBaAFCw7CuW394ESLHCaJlCt+XKRh+HhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEt
ZmZjY2EzZTFmMTdmLzEvRzQ3Nm5VQUtUaVBKSE9WcThuQTVlX3EtLWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81M2UyNmItZTdlZS00NzNlLWE1NGEtZmZjY2EzZTFmMTdm
LzEvTERzSzViZjNnUklzY0pvbVVLMzVjcEdINGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwX/2MA0G
CSqGSIb3DQEBCwUAA4IBAQCmZ6RW/GPdWdqjMyRbQMH5yO3y45UH3JJiMk92hjlU
a38OnFPEzItcXl+fv2MBRzLy2XGoiuvx6pzU5VLWkJ26WdUnm+X10R5B6iplDUdf
HIUxocmLsKwUHRa3hx9oII8YFOtDZ+GfLDx4YWViqcbyEFczE89nedpPaNZ9Bg0p
Vqq9F3v4h1jTmpR9eMUYkS0Qf5JwuDv3iP7pRVcpS32rRu8xse6p1Ockc8dlsjZw
Bf8GpZQR5RL76tXnVpcL/HuY39MsSU4COFIsUBFHlX4c9ZcT2e503P6F46RM4AEe
JBN4qrEvdNUdQp2o+vdGolJZULZj8aTGk1sMoGLjmnrf
-----END CERTIFICATE-----