Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/trc9WRrx0GcsdoyWUNx1ByDuLOs.roa
File:                     trc9WRrx0GcsdoyWUNx1ByDuLOs.roa (raw, json)
Hash identifier:          O5foXyUGS0pgYakUN+dT6VqKLJZgwkNIaZ4jTeLOo7U=
Subject key identifier:   B6:B7:3D:59:1A:F1:D0:67:2C:76:8C:96:50:DC:75:07:20:EE:2C:EB
Certificate issuer:       /CN=634c53abd0dda68ca67fc8066bc165a2b32dc82b
Certificate serial:       01942520840B61F639C17EB16DF6DD9CF70D
Authority key identifier: 63:4C:53:AB:D0:DD:A6:8C:A6:7F:C8:06:6B:C1:65:A2:B3:2D:C8:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0xTq9Ddpoymf8gGa8FlorMtyCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/trc9WRrx0GcsdoyWUNx1ByDuLOs.roa
Signing time:             Thu 02 Jan 2025 03:47:55 +0000
ROA not before:           Thu 02 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204439
IP address blocks:        185.248.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/Y0xTq9Ddpoymf8gGa8FlorMtyCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/Y0xTq9Ddpoymf8gGa8FlorMtyCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0xTq9Ddpoymf8gGa8FlorMtyCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 15:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:84:0b:61:f6:39:c1:7e:b1:6d:f6:dd:9c:f7:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=634c53abd0dda68ca67fc8066bc165a2b32dc82b
        Validity
            Not Before: Jan  2 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b73d591af1d0672c768c9650dc750720ee2ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0b:65:8e:0b:61:ce:9d:37:d0:c0:9a:2c:47:
                    34:bc:c6:b8:0b:77:88:15:a8:b0:f5:1a:67:d7:2a:
                    03:5c:46:d9:cd:81:55:28:e6:a8:86:5a:21:41:96:
                    25:10:78:3c:42:5f:3f:2d:cd:4a:c4:98:11:a4:48:
                    3c:51:8f:88:bc:c1:12:49:25:bb:b7:e1:7a:9d:d2:
                    73:29:60:57:3c:cf:7b:b4:5b:1c:bb:ab:2d:67:16:
                    86:c5:b3:4d:a8:06:ab:cd:6d:f3:d9:1d:44:61:c7:
                    7d:4b:6d:1e:f6:e6:85:78:29:36:87:c6:7c:76:8a:
                    7e:74:99:3c:3f:e6:8f:3b:87:44:78:80:ed:6e:21:
                    63:d2:18:3e:16:d2:84:2f:ad:06:c2:eb:ba:ec:21:
                    25:e3:dd:c4:f8:7d:ab:5d:b0:6d:03:4e:c2:c5:0a:
                    82:a3:14:1d:38:a5:90:3d:3e:ab:2b:e2:e9:45:9e:
                    6c:ae:cc:1e:13:64:65:62:30:94:f1:0e:40:7a:12:
                    90:37:d4:a9:95:18:b4:ff:68:af:b9:6c:8f:b0:d7:
                    e0:ef:6f:66:cd:81:55:55:2e:1f:61:f2:8c:11:71:
                    9d:8f:e5:8a:1c:68:68:d8:8a:27:23:37:ce:83:b8:
                    e4:21:ab:78:96:cb:8f:b3:93:0b:ad:3a:67:0f:a6:
                    84:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B7:3D:59:1A:F1:D0:67:2C:76:8C:96:50:DC:75:07:20:EE:2C:EB
            X509v3 Authority Key Identifier:
                keyid:63:4C:53:AB:D0:DD:A6:8C:A6:7F:C8:06:6B:C1:65:A2:B3:2D:C8:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0xTq9Ddpoymf8gGa8FlorMtyCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/trc9WRrx0GcsdoyWUNx1ByDuLOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9e96a3-ce89-442e-bc48-addefa6911b9/1/Y0xTq9Ddpoymf8gGa8FlorMtyCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:4a:a9:6d:f5:ed:ed:79:a5:50:a8:61:9d:b6:25:02:06:0d:
         f2:61:4e:73:8a:e8:7e:93:b2:14:69:39:30:32:a3:34:4c:8d:
         ea:16:d7:f0:42:78:41:11:98:ef:b3:ca:9f:a6:2c:99:a9:43:
         10:af:4e:a8:aa:87:31:9d:f8:ae:0e:c6:fa:ef:2e:03:65:64:
         0a:a6:f4:a3:22:15:b5:12:ef:ab:19:5f:96:0d:01:3a:c5:97:
         64:f2:12:26:7a:a9:a6:e3:73:55:a1:17:60:82:01:5f:98:0b:
         cc:d6:a7:a9:f1:65:f7:dc:f2:18:3e:e8:12:f5:80:35:60:2a:
         ba:12:14:db:00:b7:21:02:69:c1:65:eb:bb:35:c9:ad:8b:87:
         59:5c:73:37:10:80:f9:ff:cc:83:cd:4e:1b:2a:ca:2a:1c:45:
         b7:48:1b:4e:5c:9e:bd:f9:9b:99:6a:ab:cc:fb:f0:76:3e:76:
         34:d2:a7:79:aa:de:a6:3b:47:42:98:ec:98:96:27:56:a2:ec:
         36:e6:f5:39:cb:c6:e2:27:2c:b1:5e:a4:be:2c:dd:fe:0f:80:
         15:99:2a:3f:33:43:b8:10:10:ba:80:1f:5f:3c:e9:44:7e:55:
         f5:3f:da:40:57:60:52:45:8a:5c:2b:22:76:86:36:00:a9:49:
         ea:ab:6c:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIIQLYfY5wX6xbfbdnPcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNGM1M2FiZDBkZGE2OGNhNjdmYzgwNjZiYzE2NWEyYjMy
ZGM4MmIwHhcNMjUwMTAyMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmI3M2Q1OTFhZjFkMDY3MmM3NjhjOTY1MGRjNzUwNzIwZWUyY2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAtljgthzp030MCaLEc0vMa4C3eI
Faiw9Rpn1yoDXEbZzYFVKOaohlohQZYlEHg8Ql8/Lc1KxJgRpEg8UY+IvMESSSW7
t+F6ndJzKWBXPM97tFscu6stZxaGxbNNqAarzW3z2R1EYcd9S20e9uaFeCk2h8Z8
dop+dJk8P+aPO4dEeIDtbiFj0hg+FtKEL60Gwuu67CEl493E+H2rXbBtA07CxQqC
oxQdOKWQPT6rK+LpRZ5srsweE2RlYjCU8Q5AehKQN9SplRi0/2ivuWyPsNfg729m
zYFVVS4fYfKMEXGdj+WKHGho2IonIzfOg7jkIat4lsuPs5MLrTpnD6aEOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLa3PVka8dBnLHaMllDcdQcg7izrMB8GA1UdIwQY
MBaAFGNMU6vQ3aaMpn/IBmvBZaKzLcgrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTB4VHE5RGRwb3ltZjhnR2E4Rmxvck10eUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZTk2YTMtY2U4OS00NDJlLWJjNDgt
YWRkZWZhNjkxMWI5LzEvdHJjOVdScngwR2NzZG95V1VOeDFCeUR1TE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZTk2YTMtY2U4OS00NDJlLWJjNDgtYWRkZWZhNjkxMWI5
LzEvWTB4VHE5RGRwb3ltZjhnR2E4Rmxvck10eUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufjYMA0G
CSqGSIb3DQEBCwUAA4IBAQBDSqlt9e3teaVQqGGdtiUCBg3yYU5ziuh+k7IUaTkw
MqM0TI3qFtfwQnhBEZjvs8qfpiyZqUMQr06oqocxnfiuDsb67y4DZWQKpvSjIhW1
Eu+rGV+WDQE6xZdk8hImeqmm43NVoRdgggFfmAvM1qep8WX33PIYPugS9YA1YCq6
EhTbALchAmnBZeu7Ncmti4dZXHM3EID5/8yDzU4bKsoqHEW3SBtOXJ69+ZuZaqvM
+/B2PnY00qd5qt6mO0dCmOyYlidWouw25vU5y8biJyyxXqS+LN3+D4AVmSo/M0O4
EBC6gB9fPOlEflX1P9pAV2BSRYpcKyJ2hjYAqUnqq2zF
-----END CERTIFICATE-----