Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m-g_tm-dDlPdk0elvgbebHGNY8I.roa
File:                     m-g_tm-dDlPdk0elvgbebHGNY8I.roa (raw, json)
Hash identifier:          34AI0Bk8uDAgPTJzmwveFc3JyDgenHOyuvbkfx2CWHI=
Subject key identifier:   9B:E8:3F:B6:6F:9D:0E:53:DD:93:47:A5:BE:06:DE:6C:71:8D:63:C2
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       01951CF5C0FF23BBC11C1E0C755FB3A9012A
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m-g_tm-dDlPdk0elvgbebHGNY8I.roa
Signing time:             Wed 19 Feb 2025 06:47:02 +0000
ROA not before:           Wed 19 Feb 2025 06:47:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        81.29.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1c:f5:c0:ff:23:bb:c1:1c:1e:0c:75:5f:b3:a9:01:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Feb 19 06:47:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9be83fb66f9d0e53dd9347a5be06de6c718d63c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a3:50:18:b4:fa:fa:ed:dd:42:56:5d:0a:01:
                    07:a5:78:ad:d3:4d:85:71:a2:d4:df:76:17:62:fb:
                    05:8c:26:3e:03:5b:5b:fe:f2:88:d8:23:35:9a:3f:
                    46:a8:5b:c3:91:75:54:c3:1f:49:d2:15:5d:6e:a1:
                    f9:42:40:b3:2c:8a:0f:e9:06:03:4c:b4:ec:81:a5:
                    b1:bd:fe:e2:ef:6b:86:31:85:a6:a6:3d:a6:e4:35:
                    68:5f:0b:70:22:09:bb:85:0f:7f:bd:7b:57:cf:3c:
                    0e:2b:d8:89:88:4a:ae:c8:68:b5:4e:67:1e:c5:25:
                    96:64:96:78:18:02:ec:a8:62:b9:e9:97:c5:c7:f1:
                    ac:ff:14:50:39:d8:4a:dc:d3:96:b2:03:92:c4:e3:
                    e4:68:21:34:49:12:62:53:55:93:2f:48:a4:b4:e6:
                    b9:5e:5c:d8:ad:19:28:42:41:96:39:99:19:70:4a:
                    98:ae:90:1c:34:7e:e9:13:2d:f5:bf:c2:3b:6c:21:
                    d6:bc:66:f2:d5:1d:ee:fe:97:63:4b:69:fd:92:be:
                    78:12:49:45:03:76:dd:8b:60:4f:af:b4:48:12:b6:
                    af:11:58:09:78:f6:ed:83:86:85:64:e6:41:63:d1:
                    2b:3b:a6:94:80:01:03:99:54:06:81:00:07:f7:02:
                    e6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E8:3F:B6:6F:9D:0E:53:DD:93:47:A5:BE:06:DE:6C:71:8D:63:C2
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/m-g_tm-dDlPdk0elvgbebHGNY8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:b5:42:60:52:d2:a0:95:3c:8a:6a:45:ae:24:03:1f:32:d9:
         db:68:e1:35:ad:8a:23:4d:a9:e1:82:fd:e2:62:69:99:77:64:
         0f:06:8a:0c:e6:04:a0:55:9a:44:9b:04:b5:e7:d8:1c:c3:8d:
         f6:fd:0c:70:26:dc:96:8b:fd:65:18:a3:75:96:a8:c3:90:3e:
         5b:c3:a5:0f:f2:08:41:25:13:1f:45:c6:2a:43:db:b0:98:c9:
         43:2a:a7:f0:c5:eb:36:8f:ce:7a:c7:b4:76:c0:a2:3b:3e:e1:
         e5:d4:ef:e4:eb:53:db:de:91:c6:b9:f4:77:e7:dd:d4:42:2b:
         e8:75:ee:00:7f:47:8c:08:67:b3:a6:f2:da:b3:b2:5e:b7:cd:
         91:61:54:ce:5c:f0:c7:46:ef:72:df:cf:da:98:e9:5b:ea:16:
         59:9c:46:7e:e9:d8:9c:69:fc:4b:77:7e:4f:46:eb:48:f4:ec:
         9b:63:be:65:8e:5d:91:3e:36:0e:41:24:1a:6f:7d:0c:29:fc:
         36:a3:a4:47:5e:61:fd:37:c4:99:a4:30:4a:f1:63:14:92:e7:
         df:bc:43:48:bb:df:bb:d4:85:f5:35:83:26:e9:f6:cd:06:17:
         2b:02:16:63:62:c5:74:95:06:66:19:f5:ea:b0:db:b1:4b:19:
         6c:f1:75:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUc9cD/I7vBHB4MdV+zqQEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwMjE5MDY0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmU4M2ZiNjZmOWQwZTUzZGQ5MzQ3YTViZTA2ZGU2YzcxOGQ2M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKNQGLT6+u3dQlZdCgEHpXit002F
caLU33YXYvsFjCY+A1tb/vKI2CM1mj9GqFvDkXVUwx9J0hVdbqH5QkCzLIoP6QYD
TLTsgaWxvf7i72uGMYWmpj2m5DVoXwtwIgm7hQ9/vXtXzzwOK9iJiEquyGi1Tmce
xSWWZJZ4GALsqGK56ZfFx/Gs/xRQOdhK3NOWsgOSxOPkaCE0SRJiU1WTL0iktOa5
XlzYrRkoQkGWOZkZcEqYrpAcNH7pEy31v8I7bCHWvGby1R3u/pdjS2n9kr54EklF
A3bdi2BPr7RIEravEVgJePbtg4aFZOZBY9ErO6aUgAEDmVQGgQAH9wLmewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvoP7ZvnQ5T3ZNHpb4G3mxxjWPCMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbS1nX3RtLWREbFBkazBlbHZnYmViSEdOWThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2QMA0G
CSqGSIb3DQEBCwUAA4IBAQB2tUJgUtKglTyKakWuJAMfMtnbaOE1rYojTanhgv3i
YmmZd2QPBooM5gSgVZpEmwS159gcw432/QxwJtyWi/1lGKN1lqjDkD5bw6UP8ghB
JRMfRcYqQ9uwmMlDKqfwxes2j856x7R2wKI7PuHl1O/k61Pb3pHGufR3593UQivo
de4Af0eMCGezpvLas7Jet82RYVTOXPDHRu9y38/amOlb6hZZnEZ+6dicafxLd35P
RutI9OybY75ljl2RPjYOQSQab30MKfw2o6RHXmH9N8SZpDBK8WMUkuffvENIu9+7
1IX1NYMm6fbNBhcrAhZjYsV0lQZmGfXqsNuxSxls8XUN
-----END CERTIFICATE-----