Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0lTasZOjUq9yfL-PcR7Gtgfk95M.roa
File:                     0lTasZOjUq9yfL-PcR7Gtgfk95M.roa (raw, json)
Hash identifier:          zeWQpAnunXPbAcSboQfI7B+P9MLjdV2+DHMDDg2kAsU=
Subject key identifier:   D2:54:DA:B1:93:A3:52:AF:72:7C:BF:8F:71:1E:C6:B6:07:E4:F7:93
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214421E81F1C599E854F1C311DF12E3B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0lTasZOjUq9yfL-PcR7Gtgfk95M.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214478
IP address blocks:        109.176.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:21:e8:1f:1c:59:9e:85:4f:1c:31:1d:f1:2e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d254dab193a352af727cbf8f711ec6b607e4f793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:96:fa:75:3f:cb:88:a5:2f:88:68:e9:0b:f8:
                    41:ff:01:0c:51:66:72:9e:ae:78:5e:dc:9f:9b:9b:
                    de:0b:04:21:95:4a:2c:31:39:57:d1:2c:f3:7a:5b:
                    ea:ba:0f:3d:48:81:18:18:00:cc:d2:78:ea:e0:ab:
                    4c:b8:7c:bc:b2:3a:56:1b:5a:2a:4a:71:dd:b4:e7:
                    83:22:b4:0c:fe:8c:d2:32:c1:a5:8b:62:63:c6:e6:
                    a3:70:e3:31:e1:39:d9:92:1d:ea:1e:ad:36:ed:1d:
                    62:53:bf:97:0b:e6:0c:52:6b:e7:22:b5:32:0b:6a:
                    8a:5a:2c:dc:bf:b0:a6:ad:ad:da:41:d8:4d:3f:19:
                    ac:e0:3b:99:14:a2:97:1e:ad:11:5c:c8:e6:67:59:
                    5b:87:02:e5:9b:1d:cf:69:8d:4f:e3:51:de:3a:eb:
                    ea:7e:bc:dc:8e:af:ea:bc:2d:ef:6c:50:4c:45:4c:
                    40:96:b7:e5:38:79:80:74:c4:d1:1d:af:75:0b:ec:
                    e7:fe:34:61:79:4e:7c:7a:61:72:5c:4b:1e:df:e2:
                    62:7f:87:7c:0d:75:9b:18:95:9e:6c:c1:a2:9f:8f:
                    57:b7:35:9d:2e:28:80:d8:84:49:c7:2b:01:89:a8:
                    60:ae:f7:b0:7d:6d:f1:e2:74:03:5e:cf:26:8c:1a:
                    cf:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:54:DA:B1:93:A3:52:AF:72:7C:BF:8F:71:1E:C6:B6:07:E4:F7:93
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0lTasZOjUq9yfL-PcR7Gtgfk95M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:08:04:5a:cd:24:a1:d1:dc:a5:ca:d9:69:ba:ca:74:59:dc:
         aa:21:5b:9c:60:f3:1c:3c:dc:2a:dc:ea:5b:a4:6e:ff:f6:a8:
         14:5d:18:db:ea:c4:19:d8:72:5f:fd:5b:0b:b1:44:58:01:2b:
         df:e1:3a:85:69:ce:4f:b3:94:13:65:46:c0:a8:7a:65:ea:3d:
         02:ae:e6:ed:44:3e:ad:cd:ad:aa:1f:90:34:a7:72:f4:d1:06:
         29:dc:1c:6b:44:e0:40:91:2a:0d:c1:ec:d1:ba:69:70:d4:e0:
         d6:66:dc:eb:c1:32:c6:3c:e7:ed:79:08:82:d9:3a:46:72:b6:
         d2:b9:3f:99:42:67:02:00:8a:a5:65:30:14:c6:12:17:ce:31:
         4d:9c:ed:61:5c:00:3e:e3:9d:30:e6:47:69:07:1a:08:df:29:
         98:1e:b5:69:dd:81:c1:7d:cf:3a:46:38:9f:d9:b7:50:7e:41:
         50:3f:e9:09:49:be:33:63:90:ec:7e:8d:e2:b6:bd:c5:d7:32:
         c4:ff:9c:86:67:40:6c:44:78:60:84:8a:db:15:82:e1:03:0b:
         b2:89:0f:0d:fe:ee:c1:3c:2f:93:54:62:65:79:b1:ff:29:b1:
         ca:e8:58:ef:fe:62:97:06:d1:d7:48:d3:7d:74:bd:98:bf:43:
         45:c2:51:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCHoHxxZnoVPHDEd8S47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjU0ZGFiMTkzYTM1MmFmNzI3Y2JmOGY3MTFlYzZiNjA3ZTRmNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJb6dT/LiKUviGjpC/hB/wEMUWZy
nq54Xtyfm5veCwQhlUosMTlX0Szzelvqug89SIEYGADM0njq4KtMuHy8sjpWG1oq
SnHdtOeDIrQM/ozSMsGli2JjxuajcOMx4TnZkh3qHq027R1iU7+XC+YMUmvnIrUy
C2qKWizcv7Cmra3aQdhNPxms4DuZFKKXHq0RXMjmZ1lbhwLlmx3PaY1P41HeOuvq
frzcjq/qvC3vbFBMRUxAlrflOHmAdMTRHa91C+zn/jRheU58emFyXEse3+Jif4d8
DXWbGJWebMGin49XtzWdLiiA2IRJxysBiahgrvewfW3x4nQDXs8mjBrPMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJU2rGTo1Kvcny/j3EexrYH5PeTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMGxUYXNaT2pVcTl5ZkwtUGNSN0d0Z2ZrOTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDLMA0G
CSqGSIb3DQEBCwUAA4IBAQBjCARazSSh0dylytlpusp0WdyqIVucYPMcPNwq3Opb
pG7/9qgUXRjb6sQZ2HJf/VsLsURYASvf4TqFac5Ps5QTZUbAqHpl6j0CrubtRD6t
za2qH5A0p3L00QYp3BxrROBAkSoNwezRumlw1ODWZtzrwTLGPOfteQiC2TpGcrbS
uT+ZQmcCAIqlZTAUxhIXzjFNnO1hXAA+450w5kdpBxoI3ymYHrVp3YHBfc86Rjif
2bdQfkFQP+kJSb4zY5Dsfo3itr3F1zLE/5yGZ0BsRHhghIrbFYLhAwuyiQ8N/u7B
PC+TVGJlebH/KbHK6Fjv/mKXBtHXSNN9dL2Yv0NFwlEn
-----END CERTIFICATE-----