Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e9VFNW1Ajlj1cwMvelTnGgxoINg.roa
File:                     e9VFNW1Ajlj1cwMvelTnGgxoINg.roa (raw, json)
Hash identifier:          7hGmlJOFh7I+JQNZORJ6EjUbCyvg3JD0CCZ7HAeO0b8=
Subject key identifier:   7B:D5:45:35:6D:40:8E:58:F5:73:03:2F:7A:54:E7:1A:0C:68:20:D8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443206E62C375E84A05E7B59B34D9C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e9VFNW1Ajlj1cwMvelTnGgxoINg.roa
Signing time:             Wed 01 Jan 2025 09:48:24 +0000
ROA not before:           Wed 01 Jan 2025 09:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215703
IP address blocks:        109.176.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:32:06:e6:2c:37:5e:84:a0:5e:7b:59:b3:4d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bd545356d408e58f573032f7a54e71a0c6820d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:79:40:b5:b7:0c:b1:b9:b9:e0:a8:92:5a:66:
                    72:01:62:23:d5:c8:2d:07:24:1e:68:75:b8:0c:d6:
                    d7:4f:dd:59:af:6c:8f:7d:2a:85:3b:9e:62:49:b4:
                    11:35:a6:56:83:e7:3d:fe:0c:97:cf:e8:f8:98:0f:
                    ee:d0:ee:a5:e7:ef:5d:9d:f3:67:c5:e7:34:68:44:
                    45:a0:1d:3d:a9:19:b3:76:d0:52:2a:3f:60:80:94:
                    07:d4:1f:93:f6:66:af:5f:cf:20:36:1d:d2:91:2d:
                    36:75:8a:91:6f:22:e3:71:c1:bf:74:1b:e9:b0:bd:
                    5e:45:28:32:ee:97:ec:d6:a9:50:4a:4f:aa:4d:b9:
                    b5:a3:63:33:30:97:81:c8:93:93:8f:f8:92:80:e9:
                    5e:54:44:95:cb:ab:e3:2b:c1:04:96:09:a9:bb:38:
                    33:f6:97:b0:79:7f:a6:c0:8a:15:83:84:87:30:15:
                    c0:db:6d:88:14:0a:eb:42:24:78:76:43:73:6a:88:
                    7a:b4:c8:83:54:3c:23:dd:53:76:9c:3b:22:1a:12:
                    e3:0a:e0:cb:ba:e8:42:fb:ea:5b:28:b9:76:99:40:
                    76:ba:f9:9c:e5:25:6f:98:a3:ae:37:6a:83:48:f1:
                    62:09:4b:7c:25:cc:9d:5f:6f:9e:79:dd:9e:42:4b:
                    cc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D5:45:35:6D:40:8E:58:F5:73:03:2F:7A:54:E7:1A:0C:68:20:D8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/e9VFNW1Ajlj1cwMvelTnGgxoINg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:4a:b3:97:79:f4:1c:c0:1c:fe:dc:76:c4:66:98:cd:62:95:
         1c:5a:ca:fa:16:98:a2:7c:be:aa:a3:c9:cd:76:be:44:a7:73:
         2f:6b:9a:75:04:af:98:1c:af:02:f1:fe:c1:02:00:50:90:e9:
         79:c5:a7:ab:47:cc:dc:2a:b7:43:54:56:a0:93:de:65:df:73:
         c8:8b:cc:4f:bd:0f:e3:15:d4:a8:78:12:c9:bc:04:8e:8b:b1:
         01:d8:6d:85:e9:f0:7a:7f:b8:a0:0e:13:e5:5a:db:5c:1c:51:
         32:5d:11:51:f1:bf:64:3a:53:5c:7b:16:8c:ef:24:0d:ec:fc:
         07:f7:b5:e0:12:1b:e4:15:7c:a3:d6:02:78:12:b7:5d:a5:8f:
         ca:93:83:7c:84:97:7d:9d:91:65:fc:ab:2f:85:42:cb:2f:57:
         9e:0b:fe:0a:fa:79:8a:c3:0d:6e:82:7b:51:e6:93:3e:d0:89:
         73:7a:24:73:07:e9:c1:6d:db:9c:1f:5a:b4:cd:c4:ad:8e:52:
         a7:75:70:2c:b8:0f:6a:0d:a6:ff:85:99:85:8d:ed:3c:3a:1c:
         22:5a:f6:bb:8c:ed:f0:3c:05:7e:61:0f:98:6d:b7:08:d1:f9:
         27:b6:11:00:53:e6:f7:5e:5c:49:2f:bb:3e:f5:03:35:a7:d8:
         42:6c:ea:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDIG5iw3XoSgXntZs02cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ1NDUzNTZkNDA4ZTU4ZjU3MzAzMmY3YTU0ZTcxYTBjNjgyMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HlAtbcMsbm54KiSWmZyAWIj1cgt
ByQeaHW4DNbXT91Zr2yPfSqFO55iSbQRNaZWg+c9/gyXz+j4mA/u0O6l5+9dnfNn
xec0aERFoB09qRmzdtBSKj9ggJQH1B+T9mavX88gNh3SkS02dYqRbyLjccG/dBvp
sL1eRSgy7pfs1qlQSk+qTbm1o2MzMJeByJOTj/iSgOleVESVy6vjK8EElgmpuzgz
9peweX+mwIoVg4SHMBXA222IFArrQiR4dkNzaoh6tMiDVDwj3VN2nDsiGhLjCuDL
uuhC++pbKLl2mUB2uvmc5SVvmKOuN2qDSPFiCUt8JcydX2+eed2eQkvM8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvVRTVtQI5Y9XMDL3pU5xoMaCDYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZTlWRk5XMUFqbGoxY3dNdmVsVG5HZ3hvSU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDlMA0G
CSqGSIb3DQEBCwUAA4IBAQAlSrOXefQcwBz+3HbEZpjNYpUcWsr6FpiifL6qo8nN
dr5Ep3Mva5p1BK+YHK8C8f7BAgBQkOl5xaerR8zcKrdDVFagk95l33PIi8xPvQ/j
FdSoeBLJvASOi7EB2G2F6fB6f7igDhPlWttcHFEyXRFR8b9kOlNcexaM7yQN7PwH
97XgEhvkFXyj1gJ4ErddpY/Kk4N8hJd9nZFl/KsvhULLL1eeC/4K+nmKww1ugntR
5pM+0IlzeiRzB+nBbducH1q0zcStjlKndXAsuA9qDab/hZmFje08OhwiWva7jO3w
PAV+YQ+YbbcI0fknthEAU+b3XlxJL7s+9QM1p9hCbOrA
-----END CERTIFICATE-----