Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mGfyRjDRuTgx9y2ssaKRC9CnTI4.roa
File:                     mGfyRjDRuTgx9y2ssaKRC9CnTI4.roa (raw, json)
Hash identifier:          2UqU980bJXZLE+Qc5pA1Y2aKIB/zyZpSy3xDygargsU=
Subject key identifier:   98:67:F2:46:30:D1:B9:38:31:F7:2D:AC:B1:A2:91:0B:D0:A7:4C:8E
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019423D6D68C62DA139D27FC19786AD30939
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mGfyRjDRuTgx9y2ssaKRC9CnTI4.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200202
IP address blocks:        81.29.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d6:8c:62:da:13:9d:27:fc:19:78:6a:d3:09:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9867f24630d1b93831f72dacb1a2910bd0a74c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:46:53:f6:ef:9f:61:f2:35:26:e7:61:f7:73:
                    de:96:6d:eb:fd:9b:4a:48:2b:40:55:56:e3:80:0d:
                    37:ec:d1:97:f0:a7:4f:43:f9:4d:73:7d:09:ad:87:
                    24:03:2b:6b:30:6b:cf:df:62:30:49:23:81:ea:9f:
                    b0:18:5b:d1:60:de:80:a5:7b:a6:1e:d3:44:df:99:
                    bc:74:43:e9:54:03:16:ae:54:52:55:72:68:56:21:
                    10:07:fb:6b:9e:c8:d7:35:90:45:d8:0a:ab:44:0f:
                    cf:96:88:58:71:65:43:5e:d6:ac:67:13:a9:0e:f8:
                    f0:c9:eb:b2:e0:98:cf:1e:24:fb:68:2d:97:8d:6d:
                    88:9c:f8:15:c6:f7:31:6f:9b:8d:ed:8d:76:e1:c1:
                    b6:93:75:ab:74:51:e0:65:d6:4a:83:d9:8a:b8:84:
                    0e:f7:37:7c:35:a3:3b:bc:cc:e9:e0:ff:7b:53:15:
                    7c:f1:18:e5:db:ac:cd:0c:0d:41:d4:f1:1f:ac:2d:
                    d6:1c:be:08:cc:a4:75:c8:a1:a1:95:d2:ff:52:bc:
                    a7:78:25:10:99:32:5c:2a:ae:38:5d:f5:14:15:9c:
                    58:b3:2d:96:6d:6d:59:f7:ed:c7:b2:f0:3d:af:a7:
                    48:08:79:95:ea:03:f2:e2:aa:f1:29:ad:fb:02:a1:
                    1b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:67:F2:46:30:D1:B9:38:31:F7:2D:AC:B1:A2:91:0B:D0:A7:4C:8E
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mGfyRjDRuTgx9y2ssaKRC9CnTI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:6c:4d:a9:35:42:a3:0b:3c:b7:af:10:7e:33:ac:67:11:a2:
         da:61:47:16:e1:e2:73:af:cf:8e:eb:66:7e:6a:0c:ce:f0:f8:
         e9:10:69:89:4b:08:b1:94:cb:0f:d1:c5:45:33:28:4e:16:72:
         23:b1:00:b8:d8:ee:4d:30:e9:31:c6:aa:12:a0:38:8b:3a:56:
         cb:92:57:3a:bc:21:76:ef:e3:d1:07:20:69:32:43:17:92:f6:
         92:b5:1c:61:06:90:0c:bc:4c:4c:db:0d:d3:8f:9a:11:69:05:
         5f:a3:4c:8a:66:f7:54:97:ca:25:64:cf:62:39:e3:91:c2:07:
         34:4f:af:e4:52:7b:08:9a:a3:0b:1c:05:16:4b:6d:0f:eb:1c:
         0b:db:a7:72:07:ea:5d:81:95:e0:25:98:f7:b4:d2:47:b6:f1:
         8d:e3:ef:47:87:ff:bf:dc:46:60:84:02:09:4e:cf:15:aa:bf:
         91:74:ab:0a:ac:ed:61:03:29:4a:83:18:bf:20:18:2d:f1:ab:
         70:4e:a2:89:d3:33:8c:e1:e3:17:80:62:2c:58:60:2a:de:27:
         28:35:4e:4b:3e:82:c8:85:22:34:38:51:aa:9d:8e:48:69:bd:
         73:87:50:0c:8c:81:0e:54:06:af:fb:a5:c3:2c:85:6a:80:cf:
         03:06:dd:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1taMYtoTnSf8GXhq0wk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY3ZjI0NjMwZDFiOTM4MzFmNzJkYWNiMWEyOTEwYmQwYTc0YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUZT9u+fYfI1Judh93Pelm3r/ZtK
SCtAVVbjgA037NGX8KdPQ/lNc30JrYckAytrMGvP32IwSSOB6p+wGFvRYN6ApXum
HtNE35m8dEPpVAMWrlRSVXJoViEQB/trnsjXNZBF2AqrRA/PlohYcWVDXtasZxOp
Dvjwyeuy4JjPHiT7aC2XjW2InPgVxvcxb5uN7Y124cG2k3WrdFHgZdZKg9mKuIQO
9zd8NaM7vMzp4P97UxV88Rjl26zNDA1B1PEfrC3WHL4IzKR1yKGhldL/UryneCUQ
mTJcKq44XfUUFZxYsy2WbW1Z9+3HsvA9r6dICHmV6gPy4qrxKa37AqEbwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhn8kYw0bk4MfctrLGikQvQp0yOMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbUdmeVJqRFJ1VGd4OXkyc3NhS1JDOUNuVEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2XMA0G
CSqGSIb3DQEBCwUAA4IBAQAzbE2pNUKjCzy3rxB+M6xnEaLaYUcW4eJzr8+O62Z+
agzO8PjpEGmJSwixlMsP0cVFMyhOFnIjsQC42O5NMOkxxqoSoDiLOlbLklc6vCF2
7+PRByBpMkMXkvaStRxhBpAMvExM2w3Tj5oRaQVfo0yKZvdUl8olZM9iOeORwgc0
T6/kUnsImqMLHAUWS20P6xwL26dyB+pdgZXgJZj3tNJHtvGN4+9Hh/+/3EZghAIJ
Ts8Vqr+RdKsKrO1hAylKgxi/IBgt8atwTqKJ0zOM4eMXgGIsWGAq3icoNU5LPoLI
hSI0OFGqnY5Iab1zh1AMjIEOVAav+6XDLIVqgM8DBt0o
-----END CERTIFICATE-----