Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/wI9uA-y4Ji_oTB9dGXK_VIsut1I.roa
File:                     wI9uA-y4Ji_oTB9dGXK_VIsut1I.roa (raw, json)
Hash identifier:          Flvo8O6ohpyEK44nbX0dnhwPi3WDEZDqBbJfYZCPIXE=
Subject key identifier:   C0:8F:6E:03:EC:B8:26:2F:E8:4C:1F:5D:19:72:BF:54:8B:2E:B7:52
Certificate issuer:       /CN=321ec194107843848cd36330232b5f6a43791db4
Certificate serial:       01942067D47D7F234B42201A6F463DDA91B7
Authority key identifier: 32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/wI9uA-y4Ji_oTB9dGXK_VIsut1I.roa
Signing time:             Wed 01 Jan 2025 05:47:42 +0000
ROA not before:           Wed 01 Jan 2025 05:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        155.231.208.0/24 maxlen: 24
                          155.231.209.0/24 maxlen: 24
                          195.105.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d4:7d:7f:23:4b:42:20:1a:6f:46:3d:da:91:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec194107843848cd36330232b5f6a43791db4
        Validity
            Not Before: Jan  1 05:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c08f6e03ecb8262fe84c1f5d1972bf548b2eb752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:71:48:3b:ab:42:95:9c:e5:da:83:92:b3:
                    07:5c:0d:c5:fa:26:4d:dc:25:63:ee:04:59:12:80:
                    39:d7:86:5c:39:ff:e8:a2:cf:0a:f5:6f:90:51:94:
                    83:a0:5e:9d:66:71:96:7c:ff:a7:af:87:fe:02:48:
                    c1:d9:e0:4b:dd:2d:e8:b0:74:92:81:97:ba:ff:72:
                    e5:a5:b0:07:6c:28:d8:e6:36:ae:a7:87:d1:97:78:
                    76:04:6b:9d:6b:13:5f:70:bb:24:08:40:a6:7c:f9:
                    78:64:48:c4:2b:2e:bd:ec:19:7a:9f:a8:3c:41:21:
                    e5:9b:5a:07:25:3f:51:26:ec:ea:cf:fa:db:3c:93:
                    8e:ca:d1:0f:4f:e0:d6:a1:a8:f6:41:2b:78:76:f7:
                    fd:84:09:8e:15:b0:3a:7f:50:97:48:80:f6:25:c3:
                    92:19:fc:17:62:38:0e:29:26:c0:08:02:4d:6b:62:
                    cb:14:ea:cf:75:22:7c:9a:0d:56:97:87:b9:92:d1:
                    07:26:60:45:38:82:c5:9c:2a:65:2b:d8:f3:52:29:
                    75:c6:0b:a6:27:55:b8:35:b8:3b:55:31:9c:40:43:
                    a2:92:0b:77:26:cc:b9:0b:35:53:f2:c3:37:6c:69:
                    dd:6c:5a:ff:04:c0:62:eb:0c:f4:b3:30:7d:fe:ed:
                    05:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8F:6E:03:EC:B8:26:2F:E8:4C:1F:5D:19:72:BF:54:8B:2E:B7:52
            X509v3 Authority Key Identifier:
                keyid:32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/wI9uA-y4Ji_oTB9dGXK_VIsut1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.231.208.0/23
                  195.105.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a1:1c:65:0d:9f:9f:8e:4b:7a:fd:d3:58:86:5c:e9:42:60:
         8c:5f:60:20:ec:9c:c4:69:d3:d6:dc:a8:40:b7:6a:11:38:34:
         ee:0f:fa:aa:06:93:00:28:72:31:2b:e1:22:f5:b3:be:f8:bd:
         61:9e:cd:7f:c0:3e:a2:69:ef:16:a3:79:dd:2d:d3:d4:1b:37:
         54:df:b0:65:3b:77:6f:6e:43:b0:14:3f:87:8a:c5:5c:1b:c8:
         14:d9:0b:73:87:a2:1b:84:fd:a9:3c:7b:86:3b:2f:8d:f1:cf:
         a7:10:d3:ed:55:06:b8:84:ed:f6:80:1e:97:ca:99:50:49:91:
         84:a4:b5:50:b9:1f:45:a0:d4:dc:73:57:d9:a3:32:aa:12:c9:
         3d:b7:7c:52:4a:a7:fb:0a:5b:d0:e6:7a:9a:4a:fc:64:98:3c:
         6f:a5:93:6d:39:d5:ad:4b:c1:43:0c:d2:c3:d1:86:33:0e:ee:
         9f:48:e3:57:92:3c:01:17:7e:03:9c:0a:cf:a6:20:0b:9e:b7:
         20:19:78:10:1d:f8:21:ee:5e:72:82:86:74:7e:3f:a7:d5:6e:
         82:88:72:fe:3c:c4:49:a5:27:2f:84:6b:f3:cb:09:eb:f4:7c:
         f4:9c:d4:78:7e:e1:f7:48:31:c2:ea:ca:94:13:ac:5c:f9:6c:
         43:8e:5b:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgZ9R9fyNLQiAab0Y92pG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjMTk0MTA3ODQzODQ4Y2QzNjMzMDIzMmI1ZjZhNDM3
OTFkYjQwHhcNMjUwMTAxMDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhmNmUwM2VjYjgyNjJmZTg0YzFmNWQxOTcyYmY1NDhiMmViNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWVxSDurQpWc5dqDkrMHXA3F+iZN
3CVj7gRZEoA514ZcOf/oos8K9W+QUZSDoF6dZnGWfP+nr4f+AkjB2eBL3S3osHSS
gZe6/3LlpbAHbCjY5jaup4fRl3h2BGudaxNfcLskCECmfPl4ZEjEKy697Bl6n6g8
QSHlm1oHJT9RJuzqz/rbPJOOytEPT+DWoaj2QSt4dvf9hAmOFbA6f1CXSID2JcOS
GfwXYjgOKSbACAJNa2LLFOrPdSJ8mg1Wl4e5ktEHJmBFOILFnCplK9jzUil1xgum
J1W4Nbg7VTGcQEOikgt3Jsy5CzVT8sM3bGndbFr/BMBi6wz0szB9/u0F6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMCPbgPsuCYv6EwfXRlyv1SLLrdSMB8GA1UdIwQY
MBaAFDIewZQQeEOEjNNjMCMrX2pDeR20MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgt
M2E2MTFjMDkzYTJjLzEvd0k5dUEteTRKaV9vVEI5ZEdYS19WSXN1dDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgtM2E2MTFjMDkzYTJj
LzEvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBm+fQAwQA
w2kaMA0GCSqGSIb3DQEBCwUAA4IBAQCKoRxlDZ+fjkt6/dNYhlzpQmCMX2Ag7JzE
adPW3KhAt2oRODTuD/qqBpMAKHIxK+Ei9bO++L1hns1/wD6iae8Wo3ndLdPUGzdU
37BlO3dvbkOwFD+HisVcG8gU2Qtzh6IbhP2pPHuGOy+N8c+nENPtVQa4hO32gB6X
yplQSZGEpLVQuR9FoNTcc1fZozKqEsk9t3xSSqf7ClvQ5nqaSvxkmDxvpZNtOdWt
S8FDDNLD0YYzDu6fSONXkjwBF34DnArPpiALnrcgGXgQHfgh7l5ygoZ0fj+n1W6C
iHL+PMRJpScvhGvzywnr9Hz0nNR4fuH3SDHC6sqUE6xc+WxDjltj
-----END CERTIFICATE-----