Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/pTTtPKmhE713zQ-lNSyfapckqck.roa
File:                     pTTtPKmhE713zQ-lNSyfapckqck.roa (raw, json)
Hash identifier:          Z4OXgVLMtdMbDgwAv+QfBL8XpAweOau33nbHajpmsxQ=
Subject key identifier:   A5:34:ED:3C:A9:A1:13:BD:77:CD:0F:A5:35:2C:9F:6A:97:24:A9:C9
Certificate issuer:       /CN=76815c7d0e863c21780f8bf4b9ecc3a9c6459298
Certificate serial:       019427B46BE4A9190F15EFD187D42FEE3CDA
Authority key identifier: 76:81:5C:7D:0E:86:3C:21:78:0F:8B:F4:B9:EC:C3:A9:C6:45:92:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/doFcfQ6GPCF4D4v0uezDqcZFkpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/pTTtPKmhE713zQ-lNSyfapckqck.roa
Signing time:             Thu 02 Jan 2025 15:48:42 +0000
ROA not before:           Thu 02 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12859
IP address blocks:        193.104.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/doFcfQ6GPCF4D4v0uezDqcZFkpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/doFcfQ6GPCF4D4v0uezDqcZFkpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/doFcfQ6GPCF4D4v0uezDqcZFkpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:6b:e4:a9:19:0f:15:ef:d1:87:d4:2f:ee:3c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76815c7d0e863c21780f8bf4b9ecc3a9c6459298
        Validity
            Not Before: Jan  2 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a534ed3ca9a113bd77cd0fa5352c9f6a9724a9c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:74:1e:8f:0e:e3:c7:16:b6:8d:3d:c7:48:3f:
                    9b:6a:35:2d:02:b3:35:65:2d:9c:c8:64:22:38:77:
                    1d:ef:cd:4b:09:5b:d0:cf:96:d9:e6:b7:07:7b:bb:
                    d3:cd:12:6c:e5:d4:2c:1e:29:5a:d1:6a:82:3c:3d:
                    65:b2:1e:ce:69:93:17:0d:99:7b:7d:f5:98:56:8a:
                    18:4b:0b:99:e2:09:7c:24:1a:09:97:68:7b:2d:99:
                    1a:e4:2d:ed:30:25:9c:51:03:fb:f8:5d:67:82:4d:
                    4a:25:0c:ab:58:f5:bc:e7:83:48:78:26:ec:3a:52:
                    03:8b:ec:eb:41:bb:7a:a9:31:3c:d4:f6:b8:02:da:
                    76:49:82:38:f6:de:2b:7d:b7:13:a3:b8:39:2b:41:
                    49:13:30:5d:f8:88:e4:08:9e:d3:54:ed:2b:aa:32:
                    74:c4:95:0d:ac:4e:e8:3c:43:71:b9:26:d3:22:d5:
                    b4:c1:f8:eb:b0:98:08:c6:c7:34:86:1b:f8:95:72:
                    81:7f:6b:f1:26:ad:ea:30:a8:f7:e1:ef:47:21:c7:
                    c0:ab:2e:ce:a6:18:02:25:45:32:ca:d1:b0:a3:2c:
                    43:2c:ba:47:71:24:a2:a9:fe:4b:79:7b:ed:cd:68:
                    76:10:b7:4b:f2:d0:68:ab:e8:08:dd:53:c7:4b:5e:
                    70:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:34:ED:3C:A9:A1:13:BD:77:CD:0F:A5:35:2C:9F:6A:97:24:A9:C9
            X509v3 Authority Key Identifier:
                keyid:76:81:5C:7D:0E:86:3C:21:78:0F:8B:F4:B9:EC:C3:A9:C6:45:92:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/doFcfQ6GPCF4D4v0uezDqcZFkpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/pTTtPKmhE713zQ-lNSyfapckqck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/2aaa49-2823-4ee2-b5d1-e547395d6b47/1/doFcfQ6GPCF4D4v0uezDqcZFkpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:58:fa:be:22:ed:be:ad:75:74:9d:ef:ef:b8:4c:17:66:6e:
         a9:5b:54:42:3f:71:1e:60:3b:a0:8a:80:e6:9b:69:18:38:67:
         1f:56:ea:e2:c1:cf:cf:17:33:91:66:fd:0d:5f:e0:8e:2c:73:
         a0:43:7f:e0:7d:89:04:4c:bd:bf:5f:fc:0a:2e:13:17:0f:3c:
         9e:3b:10:63:59:64:1d:1f:48:28:c4:ef:16:e4:4b:41:3d:0e:
         05:15:17:7a:d4:37:3f:e8:a4:77:4d:7a:90:25:5a:08:24:26:
         60:cd:95:46:17:5c:96:af:a3:db:84:27:84:24:4b:d2:80:1f:
         4a:de:c4:75:0c:93:b3:32:5a:47:8b:bc:5c:33:23:17:3d:9e:
         c8:32:5e:90:dd:1f:64:4e:4a:9d:db:62:df:00:13:76:de:37:
         e3:00:41:b1:a2:53:77:2f:44:2e:2d:7b:50:a2:77:72:c8:5b:
         f1:91:fd:59:9f:a7:c0:e6:70:4f:21:ee:b6:c1:ad:a8:86:c8:
         80:92:4a:3b:73:42:00:12:ce:d5:03:8a:97:95:76:99:77:00:
         f5:05:3f:57:d4:7b:39:83:2d:3a:93:43:bf:e3:b3:1d:bd:da:
         dd:e1:8c:b3:f2:46:7c:9d:4f:01:60:a5:7f:1f:a5:66:03:62:
         dd:b6:32:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntGvkqRkPFe/Rh9Qv7jzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ODE1YzdkMGU4NjNjMjE3ODBmOGJmNGI5ZWNjM2E5YzY0
NTkyOTgwHhcNMjUwMTAyMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM0ZWQzY2E5YTExM2JkNzdjZDBmYTUzNTJjOWY2YTk3MjRhOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nQejw7jxxa2jT3HSD+bajUtArM1
ZS2cyGQiOHcd781LCVvQz5bZ5rcHe7vTzRJs5dQsHila0WqCPD1lsh7OaZMXDZl7
ffWYVooYSwuZ4gl8JBoJl2h7LZka5C3tMCWcUQP7+F1ngk1KJQyrWPW854NIeCbs
OlIDi+zrQbt6qTE81Pa4Atp2SYI49t4rfbcTo7g5K0FJEzBd+IjkCJ7TVO0rqjJ0
xJUNrE7oPENxuSbTItW0wfjrsJgIxsc0hhv4lXKBf2vxJq3qMKj34e9HIcfAqy7O
phgCJUUyytGwoyxDLLpHcSSiqf5LeXvtzWh2ELdL8tBoq+gI3VPHS15wOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKU07TypoRO9d80PpTUsn2qXJKnJMB8GA1UdIwQY
MBaAFHaBXH0OhjwheA+L9Lnsw6nGRZKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG9GY2ZRNkdQQ0Y0RDR2MHVlekRxY1pGa3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yYWFhNDktMjgyMy00ZWUyLWI1ZDEt
ZTU0NzM5NWQ2YjQ3LzEvcFRUdFBLbWhFNzEzelEtbE5TeWZhcGNrcWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yYWFhNDktMjgyMy00ZWUyLWI1ZDEtZTU0NzM5NWQ2YjQ3
LzEvZG9GY2ZRNkdQQ0Y0RDR2MHVlekRxY1pGa3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhoMA0G
CSqGSIb3DQEBCwUAA4IBAQAGWPq+Iu2+rXV0ne/vuEwXZm6pW1RCP3EeYDugioDm
m2kYOGcfVuriwc/PFzORZv0NX+COLHOgQ3/gfYkETL2/X/wKLhMXDzyeOxBjWWQd
H0goxO8W5EtBPQ4FFRd61Dc/6KR3TXqQJVoIJCZgzZVGF1yWr6PbhCeEJEvSgB9K
3sR1DJOzMlpHi7xcMyMXPZ7IMl6Q3R9kTkqd22LfABN23jfjAEGxolN3L0QuLXtQ
ondyyFvxkf1Zn6fA5nBPIe62wa2ohsiAkko7c0IAEs7VA4qXlXaZdwD1BT9X1Hs5
gy06k0O/47Mdvdrd4Yyz8kZ8nU8BYKV/H6VmA2LdtjL/
-----END CERTIFICATE-----