Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/KLtsjlGrVnzbkeUJSmzIjL7T3xA.roa
File:                     KLtsjlGrVnzbkeUJSmzIjL7T3xA.roa (raw, json)
Hash identifier:          dQC1YGAliym4O0fOEkj19V2nKJdGt/YcGpB4KJkFysE=
Subject key identifier:   28:BB:6C:8E:51:AB:56:7C:DB:91:E5:09:4A:6C:C8:8C:BE:D3:DF:10
Certificate issuer:       /CN=d38579e4c7da01df0465186236e9af27eb7312ed
Certificate serial:       019423690FA24AEA753A5FDC265D528CB02A
Authority key identifier: D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/KLtsjlGrVnzbkeUJSmzIjL7T3xA.roa
Signing time:             Wed 01 Jan 2025 19:47:55 +0000
ROA not before:           Wed 01 Jan 2025 19:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29469
IP address blocks:        194.9.70.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:0f:a2:4a:ea:75:3a:5f:dc:26:5d:52:8c:b0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38579e4c7da01df0465186236e9af27eb7312ed
        Validity
            Not Before: Jan  1 19:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28bb6c8e51ab567cdb91e5094a6cc88cbed3df10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e6:0d:f6:60:b3:a5:93:15:51:3c:2f:61:5e:
                    2f:24:0e:ef:1e:1b:2b:1d:ea:2b:37:13:f4:5c:fc:
                    8c:04:e9:f5:8d:f0:b3:b9:c6:59:c0:ad:3a:d6:ed:
                    52:70:8f:22:e9:fc:a9:b6:f1:a5:fb:fd:05:26:dd:
                    9e:cd:e5:4c:92:a3:f7:f7:4a:15:02:64:3a:23:6d:
                    4b:bf:f5:c6:98:d2:36:a8:9d:27:62:31:a0:92:ca:
                    7f:cc:47:e9:de:9e:3a:80:ff:c5:33:c5:95:5c:3b:
                    14:18:2f:d6:ff:90:31:c0:34:33:d3:71:32:86:0d:
                    5e:91:16:57:1a:df:04:2e:8c:a0:a1:d6:6e:cc:bf:
                    72:6c:8b:6c:bc:b7:36:04:49:bb:f9:10:59:6d:ff:
                    65:e6:40:d6:10:67:34:ee:58:d0:ee:66:7c:1f:d1:
                    33:e2:52:44:ac:93:16:ab:6b:d8:ff:60:4b:e4:7a:
                    c0:88:23:22:57:21:07:13:f2:86:a9:ad:df:0c:20:
                    01:63:71:ae:18:ba:8b:c6:d4:fc:c9:4a:63:65:21:
                    b0:35:6b:28:b2:c5:e9:ea:46:f7:55:eb:ea:50:fc:
                    e5:e5:f9:13:5f:df:0d:d7:04:2f:89:7d:15:2c:e6:
                    72:d1:34:94:77:66:d9:ec:b7:aa:28:30:d3:0e:46:
                    a2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BB:6C:8E:51:AB:56:7C:DB:91:E5:09:4A:6C:C8:8C:BE:D3:DF:10
            X509v3 Authority Key Identifier:
                keyid:D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/KLtsjlGrVnzbkeUJSmzIjL7T3xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:60:75:08:a8:79:53:a9:c4:7a:bc:83:6c:f6:69:d2:f0:9b:
         7e:20:45:9e:2a:eb:2b:fb:9a:95:64:71:13:39:b4:3e:b6:16:
         fa:b1:4f:6c:6f:2f:64:69:04:8c:81:34:6a:54:d2:bb:a5:d7:
         82:f5:1d:e4:19:dc:5b:54:62:b5:f9:15:45:fe:7b:78:be:80:
         3c:7c:be:62:a4:58:67:db:b6:bc:61:e4:4a:05:72:6a:7d:4c:
         50:f8:12:c5:c3:9b:ad:97:c6:2b:68:3e:4f:02:33:c8:8a:95:
         32:7c:65:5d:f6:e1:d6:73:87:6f:29:a4:08:d7:1f:d6:c7:59:
         d1:89:0c:03:a3:42:00:3a:56:b0:fb:9e:06:4e:8f:b8:03:79:
         fa:ca:86:8f:0a:58:bf:09:01:75:a7:cc:ab:3e:8d:a5:02:67:
         81:00:42:0b:92:55:3c:c1:86:8b:82:4d:80:46:38:11:66:35:
         05:fc:80:84:2b:74:64:ab:7d:40:d5:4a:10:92:4e:e5:d4:43:
         71:ba:21:f3:2d:fd:b3:6c:d4:05:6a:75:4b:c6:a7:19:aa:9f:
         a6:b0:41:09:3e:b8:98:47:da:d4:c7:76:f3:03:bb:fe:ee:e8:
         c2:1d:cd:b0:04:d6:af:1f:91:93:28:01:17:d1:fb:18:84:b8:
         37:a2:ce:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaQ+iSup1Ol/cJl1SjLAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODU3OWU0YzdkYTAxZGYwNDY1MTg2MjM2ZTlhZjI3ZWI3
MzEyZWQwHhcNMjUwMTAxMTk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJiNmM4ZTUxYWI1NjdjZGI5MWU1MDk0YTZjYzg4Y2JlZDNkZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uYN9mCzpZMVUTwvYV4vJA7vHhsr
HeorNxP0XPyMBOn1jfCzucZZwK061u1ScI8i6fyptvGl+/0FJt2ezeVMkqP390oV
AmQ6I21Lv/XGmNI2qJ0nYjGgksp/zEfp3p46gP/FM8WVXDsUGC/W/5AxwDQz03Ey
hg1ekRZXGt8ELoygodZuzL9ybItsvLc2BEm7+RBZbf9l5kDWEGc07ljQ7mZ8H9Ez
4lJErJMWq2vY/2BL5HrAiCMiVyEHE/KGqa3fDCABY3GuGLqLxtT8yUpjZSGwNWso
ssXp6kb3VevqUPzl5fkTX98N1wQviX0VLOZy0TSUd2bZ7LeqKDDTDkaiGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCi7bI5Rq1Z825HlCUpsyIy+098QMB8GA1UdIwQY
MBaAFNOFeeTH2gHfBGUYYjbpryfrcxLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTkt
YmQ0MDU0MTliMDBkLzEvS0x0c2psR3JWbnpia2VVSlNteklqTDdUM3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTktYmQ0MDU0MTliMDBk
LzEvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwglGMA0G
CSqGSIb3DQEBCwUAA4IBAQAFYHUIqHlTqcR6vINs9mnS8Jt+IEWeKusr+5qVZHET
ObQ+thb6sU9sby9kaQSMgTRqVNK7pdeC9R3kGdxbVGK1+RVF/nt4voA8fL5ipFhn
27a8YeRKBXJqfUxQ+BLFw5utl8YraD5PAjPIipUyfGVd9uHWc4dvKaQI1x/Wx1nR
iQwDo0IAOlaw+54GTo+4A3n6yoaPCli/CQF1p8yrPo2lAmeBAEILklU8wYaLgk2A
RjgRZjUF/ICEK3Rkq31A1UoQkk7l1ENxuiHzLf2zbNQFanVLxqcZqp+msEEJPriY
R9rUx3bzA7v+7ujCHc2wBNavH5GTKAEX0fsYhLg3os6L
-----END CERTIFICATE-----