Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/fetFKuopmwnkmS4GdVahSkuSTYA.roa
File:                     fetFKuopmwnkmS4GdVahSkuSTYA.roa (raw, json)
Hash identifier:          COKnfUPWTvK88/nI2sTAGQJZnRfr5E0q/yyW5/NYsSI=
Subject key identifier:   7D:EB:45:2A:EA:29:9B:09:E4:99:2E:06:75:56:A1:4A:4B:92:4D:80
Certificate issuer:       /CN=b23eb849e0b6940e4ff547de0b41b003f9e1105c
Certificate serial:       0194221FFFD7145D0B1DE1FA608FE7F07064
Authority key identifier: B2:3E:B8:49:E0:B6:94:0E:4F:F5:47:DE:0B:41:B0:03:F9:E1:10:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/fetFKuopmwnkmS4GdVahSkuSTYA.roa
Signing time:             Wed 01 Jan 2025 13:48:29 +0000
ROA not before:           Wed 01 Jan 2025 13:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49072
IP address blocks:        195.230.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ff:d7:14:5d:0b:1d:e1:fa:60:8f:e7:f0:70:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b23eb849e0b6940e4ff547de0b41b003f9e1105c
        Validity
            Not Before: Jan  1 13:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7deb452aea299b09e4992e067556a14a4b924d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dd:66:5e:85:f9:a9:8f:49:8d:3f:f1:04:1f:
                    e4:ed:e6:15:54:2e:7f:0a:b4:cb:bb:87:91:42:c2:
                    30:70:05:14:31:46:0a:53:a6:3e:6a:39:a2:03:6b:
                    a1:28:17:ff:bd:fb:8f:17:e2:0d:86:83:02:b6:e7:
                    a0:2e:07:c2:d0:ac:26:d4:c2:5e:14:de:a5:c6:d2:
                    e3:bd:48:83:3d:45:6b:0f:fd:3f:12:a1:61:23:5a:
                    d0:ec:b7:37:72:de:6c:43:4b:4d:6c:cc:b0:d3:36:
                    26:ea:a8:00:df:90:09:d5:af:00:70:4f:f9:dc:30:
                    84:45:60:79:f9:84:09:21:55:3a:8d:8f:21:30:28:
                    78:a2:7c:f1:18:d1:9f:e8:ea:1f:bc:30:3b:30:14:
                    86:bd:9e:1b:1f:6d:8d:78:d2:ea:7d:fd:c2:c1:90:
                    7c:47:2d:f0:c0:de:c4:3b:93:a9:83:77:ed:90:0b:
                    af:ed:41:14:a8:91:8f:74:b5:fc:04:bc:5c:c3:45:
                    a0:01:00:2a:2e:91:cc:4f:85:21:a0:87:de:e6:f5:
                    3c:22:75:67:19:1d:d4:1d:8d:7b:3d:b1:a5:b9:1a:
                    f9:ee:fa:d2:38:fa:0d:6d:d0:cb:b7:23:97:c5:a1:
                    5e:8b:3f:17:57:d0:9f:35:a6:fb:cf:6e:3f:15:76:
                    79:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:EB:45:2A:EA:29:9B:09:E4:99:2E:06:75:56:A1:4A:4B:92:4D:80
            X509v3 Authority Key Identifier:
                keyid:B2:3E:B8:49:E0:B6:94:0E:4F:F5:47:DE:0B:41:B0:03:F9:E1:10:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/fetFKuopmwnkmS4GdVahSkuSTYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:32:ae:5d:83:25:2a:de:46:00:62:57:0c:e6:e5:1f:57:e2:
         08:89:88:43:87:71:c2:69:49:73:fb:c9:16:c8:f6:9a:9e:00:
         cb:77:ca:0f:12:8b:7e:f0:c4:15:f6:a7:d1:69:de:2c:48:1e:
         27:75:75:f9:2d:89:d8:f3:97:ca:83:61:53:9a:31:06:7b:7e:
         3d:fb:d0:87:00:30:03:a1:36:5d:ea:1c:27:2e:b4:1d:0c:73:
         c5:fc:3f:9c:d3:85:94:fa:d4:a4:f4:01:22:58:17:6f:cf:1c:
         50:a6:d4:c4:ed:f4:c2:a8:4e:7b:d9:a7:5c:9e:e2:f5:d7:c6:
         2a:c5:19:f7:82:e7:3a:bd:c9:19:c3:e6:a3:b4:5d:66:c7:9e:
         0c:04:69:32:4e:05:3c:34:fe:cc:f1:f2:48:c2:7b:9f:87:21:
         38:09:75:0c:51:db:ef:41:c3:ec:f7:bb:c6:6a:ae:57:03:e6:
         92:51:6d:98:05:48:b6:29:65:7d:48:02:eb:d2:5f:87:6b:46:
         74:ba:53:0d:d3:97:e3:76:ed:c5:a2:b0:e9:3a:cf:28:07:fb:
         bc:71:68:5b:fe:4b:03:07:d7:b3:48:2c:25:f3:5c:30:30:a4:
         62:77:ed:c6:85:6a:9d:f8:2a:7c:f3:2c:ea:73:0d:bd:56:3d:
         d8:a6:08:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH//XFF0LHeH6YI/n8HBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyM2ViODQ5ZTBiNjk0MGU0ZmY1NDdkZTBiNDFiMDAzZjll
MTEwNWMwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGViNDUyYWVhMjk5YjA5ZTQ5OTJlMDY3NTU2YTE0YTRiOTI0ZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv91mXoX5qY9JjT/xBB/k7eYVVC5/
CrTLu4eRQsIwcAUUMUYKU6Y+ajmiA2uhKBf/vfuPF+INhoMCtuegLgfC0Kwm1MJe
FN6lxtLjvUiDPUVrD/0/EqFhI1rQ7Lc3ct5sQ0tNbMyw0zYm6qgA35AJ1a8AcE/5
3DCERWB5+YQJIVU6jY8hMCh4onzxGNGf6OofvDA7MBSGvZ4bH22NeNLqff3CwZB8
Ry3wwN7EO5Opg3ftkAuv7UEUqJGPdLX8BLxcw0WgAQAqLpHMT4UhoIfe5vU8InVn
GR3UHY17PbGluRr57vrSOPoNbdDLtyOXxaFeiz8XV9CfNab7z24/FXZ5WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3rRSrqKZsJ5JkuBnVWoUpLkk2AMB8GA1UdIwQY
MBaAFLI+uEngtpQOT/VH3gtBsAP54RBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2o2NFNlQzJsQTVQOVVmZUMwR3dBX25oRUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8xMWJmMmUtYjU4YS00YTMxLTg5YzAt
MTU1ZjQyZGNhYTczLzEvZmV0Rkt1b3Btd25rbVM0R2RWYWhTa3VTVFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8xMWJmMmUtYjU4YS00YTMxLTg5YzAtMTU1ZjQyZGNhYTcz
LzEvc2o2NFNlQzJsQTVQOVVmZUMwR3dBX25oRUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+YaMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Mq5dgyUq3kYAYlcM5uUfV+IIiYhDh3HCaUlz+8kW
yPaangDLd8oPEot+8MQV9qfRad4sSB4ndXX5LYnY85fKg2FTmjEGe349+9CHADAD
oTZd6hwnLrQdDHPF/D+c04WU+tSk9AEiWBdvzxxQptTE7fTCqE572adcnuL118Yq
xRn3guc6vckZw+ajtF1mx54MBGkyTgU8NP7M8fJIwnufhyE4CXUMUdvvQcPs97vG
aq5XA+aSUW2YBUi2KWV9SALr0l+Ha0Z0ulMN05fjdu3ForDpOs8oB/u8cWhb/ksD
B9ezSCwl81wwMKRid+3GhWqd+Cp88yzqcw29Vj3Ypghx
-----END CERTIFICATE-----