Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/h3E6-zfi_xyDMKZ-mjqCgktKu5o.roa
File:                     h3E6-zfi_xyDMKZ-mjqCgktKu5o.roa (raw, json)
Hash identifier:          jFGY2eFUS/f/RiSzQYMsT/EoV/0tdGrsjyAMY/vYpEg=
Subject key identifier:   87:71:3A:FB:37:E2:FF:1C:83:30:A6:7E:9A:3A:82:82:4B:4A:BB:9A
Certificate issuer:       /CN=e2a8631edb481132325a1d186fbde01fa1577910
Certificate serial:       019427B55F0ABA9757F29FBD5920A08D35A4
Authority key identifier: E2:A8:63:1E:DB:48:11:32:32:5A:1D:18:6F:BD:E0:1F:A1:57:79:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4qhjHttIETIyWh0Yb73gH6FXeRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/h3E6-zfi_xyDMKZ-mjqCgktKu5o.roa
Signing time:             Thu 02 Jan 2025 15:49:45 +0000
ROA not before:           Thu 02 Jan 2025 15:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5483
IP address blocks:        193.138.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/4qhjHttIETIyWh0Yb73gH6FXeRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/4qhjHttIETIyWh0Yb73gH6FXeRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4qhjHttIETIyWh0Yb73gH6FXeRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5f:0a:ba:97:57:f2:9f:bd:59:20:a0:8d:35:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2a8631edb481132325a1d186fbde01fa1577910
        Validity
            Not Before: Jan  2 15:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87713afb37e2ff1c8330a67e9a3a82824b4abb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9b:71:50:20:56:da:28:5b:99:c8:2f:84:74:
                    60:24:60:e7:69:be:ab:d6:ce:51:fa:36:40:53:ea:
                    1b:11:d0:a8:36:54:ec:08:fc:bb:98:dc:68:a3:f8:
                    6f:67:1e:c7:9c:f2:33:2c:e9:63:23:e3:b1:aa:1e:
                    21:92:a5:a8:73:94:4c:e4:0f:8e:99:09:4b:0f:39:
                    15:47:2f:c3:49:21:6e:dd:aa:20:7c:3f:ca:b4:93:
                    fa:83:3a:cd:b3:99:8c:99:3c:6c:1a:72:43:72:2c:
                    16:aa:1b:86:4b:47:b2:bf:f9:f0:e1:66:f6:06:35:
                    2e:6c:39:b9:31:1b:d9:91:3f:f6:34:d5:3d:2c:14:
                    d0:6d:95:37:2f:ce:7b:d5:4a:fc:9e:dc:c8:98:ee:
                    80:5b:cf:d0:cf:8e:54:dd:d6:4c:74:aa:2b:bc:9e:
                    cb:48:e5:f7:48:c5:1d:77:7a:25:cf:b8:65:f1:c1:
                    5d:d9:30:a5:1a:69:c5:92:ad:08:1e:c3:e1:48:3c:
                    eb:22:13:e0:c6:ce:72:37:64:d3:2c:d3:49:2d:4f:
                    3b:94:38:b9:a7:69:43:57:67:0f:5f:bb:e0:07:91:
                    22:01:e5:ff:98:ff:68:9e:65:9e:34:cf:d1:35:99:
                    72:e9:02:3c:e9:de:0c:7d:18:6f:d4:dd:85:a7:b6:
                    c4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:71:3A:FB:37:E2:FF:1C:83:30:A6:7E:9A:3A:82:82:4B:4A:BB:9A
            X509v3 Authority Key Identifier:
                keyid:E2:A8:63:1E:DB:48:11:32:32:5A:1D:18:6F:BD:E0:1F:A1:57:79:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4qhjHttIETIyWh0Yb73gH6FXeRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/h3E6-zfi_xyDMKZ-mjqCgktKu5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6ac056-baa4-4c71-b940-46d6baefdab1/1/4qhjHttIETIyWh0Yb73gH6FXeRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:ea:54:5b:c5:99:5e:a7:ea:70:bd:63:0b:f0:4d:c9:16:4d:
         4f:e0:04:c0:d5:e0:6f:38:66:cf:2a:4e:49:4e:f5:c5:33:ea:
         60:86:0e:68:99:8a:85:79:d1:c5:30:a0:ea:fe:87:58:a1:36:
         f7:20:b1:69:1a:07:e5:8a:95:b0:90:10:96:67:65:a5:e7:71:
         b1:31:50:c4:08:b2:22:e9:11:c9:93:df:a6:e7:ea:59:ca:45:
         89:3e:6c:66:ef:95:2b:55:1b:1b:b5:0e:d1:db:a3:81:c8:ce:
         9d:4b:74:a9:f1:4d:81:e0:5e:6a:dc:7d:64:f8:17:45:73:f8:
         fb:61:27:50:48:82:97:2b:22:bb:39:74:5b:39:ac:1b:d4:72:
         2b:55:90:0c:df:fb:b0:75:bd:49:87:3a:4b:6e:ee:ff:b4:06:
         78:b8:3e:5a:17:eb:29:c3:de:23:1c:30:92:c7:c8:67:82:38:
         11:50:dd:5f:aa:da:a1:7a:52:dd:c1:30:ab:4f:44:ce:d3:81:
         4f:e0:aa:cc:02:3a:ae:8b:20:ef:e5:02:60:c0:d7:48:3d:a0:
         32:b8:1f:73:fc:ea:14:ed:08:95:3a:5e:29:0b:cd:17:9d:f6:
         fb:23:0f:a5:b3:6b:ea:f6:3b:e3:bd:2b:e5:83:4e:38:eb:ee:
         36:87:95:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntV8KupdX8p+9WSCgjTWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYTg2MzFlZGI0ODExMzIzMjVhMWQxODZmYmRlMDFmYTE1
Nzc5MTAwHhcNMjUwMTAyMTU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzcxM2FmYjM3ZTJmZjFjODMzMGE2N2U5YTNhODI4MjRiNGFiYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JtxUCBW2ihbmcgvhHRgJGDnab6r
1s5R+jZAU+obEdCoNlTsCPy7mNxoo/hvZx7HnPIzLOljI+Oxqh4hkqWoc5RM5A+O
mQlLDzkVRy/DSSFu3aogfD/KtJP6gzrNs5mMmTxsGnJDciwWqhuGS0eyv/nw4Wb2
BjUubDm5MRvZkT/2NNU9LBTQbZU3L8571Ur8ntzImO6AW8/Qz45U3dZMdKorvJ7L
SOX3SMUdd3olz7hl8cFd2TClGmnFkq0IHsPhSDzrIhPgxs5yN2TTLNNJLU87lDi5
p2lDV2cPX7vgB5EiAeX/mP9onmWeNM/RNZly6QI86d4MfRhv1N2Fp7bErQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdxOvs34v8cgzCmfpo6goJLSruaMB8GA1UdIwQY
MBaAFOKoYx7bSBEyMlodGG+94B+hV3kQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHFoakh0dElFVEl5V2gwWWI3M2dINkZYZVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82YWMwNTYtYmFhNC00YzcxLWI5NDAt
NDZkNmJhZWZkYWIxLzEvaDNFNi16ZmlfeHlETUtaLW1qcUNna3RLdTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82YWMwNTYtYmFhNC00YzcxLWI5NDAtNDZkNmJhZWZkYWIx
LzEvNHFoakh0dElFVEl5V2gwWWI3M2dINkZYZVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYp/MA0G
CSqGSIb3DQEBCwUAA4IBAQC+6lRbxZlep+pwvWML8E3JFk1P4ATA1eBvOGbPKk5J
TvXFM+pghg5omYqFedHFMKDq/odYoTb3ILFpGgflipWwkBCWZ2Wl53GxMVDECLIi
6RHJk9+m5+pZykWJPmxm75UrVRsbtQ7R26OByM6dS3Sp8U2B4F5q3H1k+BdFc/j7
YSdQSIKXKyK7OXRbOawb1HIrVZAM3/uwdb1JhzpLbu7/tAZ4uD5aF+spw94jHDCS
x8hngjgRUN1fqtqhelLdwTCrT0TO04FP4KrMAjquiyDv5QJgwNdIPaAyuB9z/OoU
7QiVOl4pC80Xnfb7Iw+ls2vq9jvjvSvlg0446+42h5UU
-----END CERTIFICATE-----