Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/rbJzreDbHp60Zc3UJ6AODADth8g.roa
File:                     rbJzreDbHp60Zc3UJ6AODADth8g.roa (raw, json)
Hash identifier:          BpjTDuP8RPY+luxryeSysWVMte9pS4i/E17bDx01jBk=
Subject key identifier:   AD:B2:73:AD:E0:DB:1E:9E:B4:65:CD:D4:27:A0:0E:0C:00:ED:87:C8
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       0194228D3DB5A8A0DC1240EA45FF43C4893C
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/rbJzreDbHp60Zc3UJ6AODADth8g.roa
Signing time:             Wed 01 Jan 2025 15:47:49 +0000
ROA not before:           Wed 01 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212790
IP address blocks:        195.114.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3d:b5:a8:a0:dc:12:40:ea:45:ff:43:c4:89:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adb273ade0db1e9eb465cdd427a00e0c00ed87c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5b:c2:b4:77:39:a3:3a:0c:0d:6a:0f:3c:4b:
                    00:f5:9e:3f:b8:65:3c:4c:d9:5c:a8:b0:4d:6e:b4:
                    0a:35:38:ee:20:46:5d:b7:3a:e8:b2:d5:43:24:65:
                    24:a5:9d:84:49:56:4b:e7:53:bd:9d:c0:38:29:1d:
                    a5:a3:cc:73:69:14:cf:bb:81:27:12:89:ed:93:2e:
                    7e:55:70:f3:29:ab:74:e9:3c:ed:c9:b7:7c:9c:4b:
                    6c:3a:76:a9:f9:fa:2f:90:24:b8:55:2e:bd:68:40:
                    fb:5e:42:01:ac:2f:91:6c:c9:24:8a:9c:aa:0a:90:
                    6e:ad:e5:cc:bc:42:6a:69:bc:4f:b0:19:c2:fe:ae:
                    15:26:1e:64:a9:9b:b5:a0:44:83:c2:7a:0d:14:4e:
                    7e:51:d9:f8:8c:7f:84:b3:0b:2b:e7:b8:a4:9a:af:
                    44:ee:a1:5b:4b:b2:fa:fc:17:e4:f0:43:c1:6b:16:
                    e7:19:19:de:49:b2:33:ec:70:f7:02:92:c2:01:ae:
                    dd:31:5f:b6:af:a3:c9:5a:59:a4:8f:80:e9:2c:be:
                    db:f6:55:20:93:7c:60:82:81:d2:dc:47:b9:2a:6e:
                    f8:a5:20:83:3f:4b:e8:84:d8:a1:15:a9:bb:9d:7f:
                    47:10:3f:09:36:59:ce:6b:c1:dc:2e:c2:ed:3c:95:
                    08:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B2:73:AD:E0:DB:1E:9E:B4:65:CD:D4:27:A0:0E:0C:00:ED:87:C8
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/rbJzreDbHp60Zc3UJ6AODADth8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:1d:ea:ce:10:95:c7:dc:0a:95:a4:b0:5a:66:e0:55:9c:c0:
         1b:11:88:bc:b8:a9:87:b2:4e:70:4d:45:39:c3:df:6c:60:99:
         e0:98:3b:75:50:8e:7f:cf:f7:0d:97:29:ca:0d:e5:3f:a7:81:
         de:cb:f4:ea:7c:be:f3:8e:9b:f4:ee:65:b3:10:6f:6c:27:27:
         ad:5f:25:be:bf:96:1b:c7:ca:ea:2c:fd:a0:a7:3e:4f:95:9e:
         e1:72:52:01:fd:d2:10:04:de:a3:91:f9:05:c8:aa:de:a8:56:
         74:0c:72:3d:d9:de:2d:70:96:fa:2a:7e:7d:24:78:14:69:44:
         87:60:f5:dc:99:10:c0:a2:ac:53:71:67:bc:f9:5f:c0:91:98:
         e6:57:98:11:2e:5e:2d:1e:21:a6:87:90:84:d2:59:1a:72:2d:
         1c:85:c7:e3:36:d5:26:2e:4e:be:71:c5:e1:c3:16:d7:35:e1:
         f7:bf:3c:55:fb:4b:a1:b1:b0:1f:3d:2b:4e:10:65:60:87:66:
         b6:f9:1d:8c:66:61:1d:e2:46:cb:4b:ad:ad:41:78:b1:bc:30:
         1d:e1:a9:e5:72:09:0c:1b:30:51:ca:6f:5d:1e:75:ae:47:d1:
         0e:dd:99:4c:17:0c:20:9e:f8:3b:f3:1a:04:88:2a:82:98:77:
         7c:b1:be:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijT21qKDcEkDqRf9DxIk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjUwMTAxMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGIyNzNhZGUwZGIxZTllYjQ2NWNkZDQyN2EwMGUwYzAwZWQ4N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVvCtHc5ozoMDWoPPEsA9Z4/uGU8
TNlcqLBNbrQKNTjuIEZdtzrostVDJGUkpZ2ESVZL51O9ncA4KR2lo8xzaRTPu4En
Eontky5+VXDzKat06Tztybd8nEtsOnap+fovkCS4VS69aED7XkIBrC+RbMkkipyq
CpBureXMvEJqabxPsBnC/q4VJh5kqZu1oESDwnoNFE5+Udn4jH+Eswsr57ikmq9E
7qFbS7L6/Bfk8EPBaxbnGRneSbIz7HD3ApLCAa7dMV+2r6PJWlmkj4DpLL7b9lUg
k3xggoHS3Ee5Km74pSCDP0vohNihFam7nX9HED8JNlnOa8HcLsLtPJUI+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2yc63g2x6etGXN1CegDgwA7YfIMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvcmJKenJlRGJIcDYwWmMzVUo2QU9EQUR0aDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KIMA0G
CSqGSIb3DQEBCwUAA4IBAQBKHerOEJXH3AqVpLBaZuBVnMAbEYi8uKmHsk5wTUU5
w99sYJngmDt1UI5/z/cNlynKDeU/p4Hey/TqfL7zjpv07mWzEG9sJyetXyW+v5Yb
x8rqLP2gpz5PlZ7hclIB/dIQBN6jkfkFyKreqFZ0DHI92d4tcJb6Kn59JHgUaUSH
YPXcmRDAoqxTcWe8+V/AkZjmV5gRLl4tHiGmh5CE0lkaci0chcfjNtUmLk6+ccXh
wxbXNeH3vzxV+0uhsbAfPStOEGVgh2a2+R2MZmEd4kbLS62tQXixvDAd4anlcgkM
GzBRym9dHnWuR9EO3ZlMFwwgnvg78xoEiCqCmHd8sb5p
-----END CERTIFICATE-----