Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tOSK9i1RAXy4LZLlh_YtfTsgJJM.roa
File:                     tOSK9i1RAXy4LZLlh_YtfTsgJJM.roa (raw, json)
Hash identifier:          A0V+yq9TUN/4n45EhigkCyiI8SXW26IhksUzuwVRuf4=
Subject key identifier:   B4:E4:8A:F6:2D:51:01:7C:B8:2D:92:E5:87:F6:2D:7D:3B:20:24:93
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421440095C16120232728A60B3EC94177
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tOSK9i1RAXy4LZLlh_YtfTsgJJM.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199654
IP address blocks:        185.49.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:00:95:c1:61:20:23:27:28:a6:0b:3e:c9:41:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4e48af62d51017cb82d92e587f62d7d3b202493
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:df:27:a5:de:97:2a:b8:8d:20:38:bf:42:
                    1e:04:5a:87:67:bb:d0:46:bf:c4:0c:ed:b1:5b:71:
                    e1:e5:3a:f9:1c:8d:e1:e4:95:32:8b:fb:13:64:12:
                    6a:ee:84:47:ad:7f:e0:92:ea:4a:be:9c:a6:8f:ed:
                    b5:e5:2b:bc:eb:b4:6e:23:31:56:32:e5:11:ef:46:
                    b7:1b:a8:c8:21:6e:2f:a9:19:7f:c8:d3:05:25:d1:
                    e3:fa:69:3a:b0:a0:82:a9:ae:a3:83:ee:f7:48:01:
                    92:80:47:81:6b:be:0e:f5:0d:52:27:a8:e3:6b:c5:
                    6c:49:17:31:58:9e:94:06:b7:31:04:33:d1:2a:08:
                    e0:ba:16:5b:88:ab:25:75:f0:c4:80:0d:16:d6:33:
                    68:fc:8a:f3:9b:85:48:54:00:2f:55:cc:a3:bc:57:
                    0c:64:4b:53:5e:9b:9b:64:03:80:65:50:86:cb:e0:
                    5a:00:89:95:8f:2b:e6:e1:3e:de:53:ba:47:2a:94:
                    69:ae:40:c9:dd:64:e4:73:6d:88:bc:5a:d1:a9:48:
                    69:b1:61:dc:b9:4e:42:45:5f:29:08:4b:c5:af:18:
                    b4:e9:42:a2:11:6c:cb:56:56:34:ca:de:31:d5:60:
                    64:57:24:67:1e:9f:74:44:47:d1:52:12:4e:e3:33:
                    7f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E4:8A:F6:2D:51:01:7C:B8:2D:92:E5:87:F6:2D:7D:3B:20:24:93
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tOSK9i1RAXy4LZLlh_YtfTsgJJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:96:57:49:c5:8e:ae:40:20:e6:25:92:6c:0d:8a:b2:d6:cd:
         dc:5f:7f:23:ea:83:3f:f4:84:44:7a:07:5c:d7:ac:db:6a:b3:
         c7:56:3f:8a:99:81:d0:19:32:65:57:ff:31:08:f3:db:6c:14:
         2c:0d:ee:f5:c0:4c:e2:41:6c:a7:2e:af:db:7c:a7:90:a5:a2:
         23:25:ae:0a:1b:21:4b:04:0d:4e:85:af:40:d5:13:67:a5:19:
         31:c8:19:13:97:a9:8f:9a:79:98:4d:e6:d8:b0:39:da:13:bb:
         b3:5c:2c:be:60:22:1c:05:35:e0:97:0a:d8:48:d8:ae:ec:a7:
         1a:82:a6:c1:69:dc:5f:45:62:cc:0b:58:0c:bb:1a:6f:6e:93:
         85:78:89:12:54:26:cf:81:cf:9d:b8:b5:cd:77:62:51:32:53:
         60:ac:0d:cc:2b:4f:bc:59:82:e7:b0:d1:01:9d:97:b8:b9:e3:
         e2:17:b8:8d:e3:e8:46:b0:53:c2:ba:3b:e8:ec:12:f4:f8:ac:
         af:37:c9:1c:e9:ce:7a:70:be:b9:7d:a8:c2:6b:58:57:59:22:
         65:0f:2a:bf:50:93:57:02:92:8f:f6:9f:7c:47:4f:21:c3:c6:
         11:68:41:9d:a7:dd:d8:85:33:bb:c2:97:ac:0c:36:cb:9b:6d:
         6e:4b:6f:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRACVwWEgIycopgs+yUF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGU0OGFmNjJkNTEwMTdjYjgyZDkyZTU4N2Y2MmQ3ZDNiMjAyNDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0ffJ6Xelyq4jSA4v0IeBFqHZ7vQ
Rr/EDO2xW3Hh5Tr5HI3h5JUyi/sTZBJq7oRHrX/gkupKvpymj+215Su867RuIzFW
MuUR70a3G6jIIW4vqRl/yNMFJdHj+mk6sKCCqa6jg+73SAGSgEeBa74O9Q1SJ6jj
a8VsSRcxWJ6UBrcxBDPRKgjguhZbiKsldfDEgA0W1jNo/Irzm4VIVAAvVcyjvFcM
ZEtTXpubZAOAZVCGy+BaAImVjyvm4T7eU7pHKpRprkDJ3WTkc22IvFrRqUhpsWHc
uU5CRV8pCEvFrxi06UKiEWzLVlY0yt4x1WBkVyRnHp90REfRUhJO4zN/uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTkivYtUQF8uC2S5Yf2LX07ICSTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdE9TSzlpMVJBWHk0TFpMbGhfWXRmVHNnSkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTF+MA0G
CSqGSIb3DQEBCwUAA4IBAQAslldJxY6uQCDmJZJsDYqy1s3cX38j6oM/9IREegdc
16zbarPHVj+KmYHQGTJlV/8xCPPbbBQsDe71wEziQWynLq/bfKeQpaIjJa4KGyFL
BA1Oha9A1RNnpRkxyBkTl6mPmnmYTebYsDnaE7uzXCy+YCIcBTXglwrYSNiu7Kca
gqbBadxfRWLMC1gMuxpvbpOFeIkSVCbPgc+duLXNd2JRMlNgrA3MK0+8WYLnsNEB
nZe4uePiF7iN4+hGsFPCujvo7BL0+KyvN8kc6c56cL65fajCa1hXWSJlDyq/UJNX
ApKP9p98R08hw8YRaEGdp93YhTO7wpesDDbLm21uS29Z
-----END CERTIFICATE-----