Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/AjBp57cbFRBUIwIaXhNlUU4xc9Y.roa
File:                     AjBp57cbFRBUIwIaXhNlUU4xc9Y.roa (raw, json)
Hash identifier:          ZV9AX+FvWa4YVP0u/DD5byIthcNtHTveftQNUrL/KbI=
Subject key identifier:   02:30:69:E7:B7:1B:15:10:54:23:02:1A:5E:13:65:51:4E:31:73:D6
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       019428252FBFCA97A794B89B43E017422F56
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/AjBp57cbFRBUIwIaXhNlUU4xc9Y.roa
Signing time:             Thu 02 Jan 2025 17:51:52 +0000
ROA not before:           Thu 02 Jan 2025 17:51:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18345
IP address blocks:        178.157.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:2f:bf:ca:97:a7:94:b8:9b:43:e0:17:42:2f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Jan  2 17:51:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=023069e7b71b15105423021a5e1365514e3173d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:88:18:4b:66:d5:50:87:c2:c6:2e:42:60:a8:
                    dc:ef:66:de:60:59:41:39:d2:d2:2d:c9:ab:f6:ff:
                    4c:0e:3a:1f:92:e4:f2:0a:d1:cf:8c:ef:ab:9a:e4:
                    62:1f:3d:8c:dc:1f:3b:10:c7:69:0a:65:f9:e4:78:
                    4c:49:69:59:0e:54:a1:0a:ff:bf:4d:68:78:f8:73:
                    80:6a:06:c1:07:2d:88:b6:c6:76:29:bd:1c:ab:55:
                    10:74:39:c4:c2:41:77:a8:46:07:d7:5f:0c:7f:25:
                    f2:ab:f0:4c:cf:c0:ab:ab:03:92:51:04:a6:b6:6a:
                    8b:d3:df:07:bc:12:c0:71:16:aa:ef:b6:0c:f9:27:
                    bd:ea:02:db:9f:1f:8c:04:15:f5:cf:ce:86:7b:49:
                    c7:4e:23:93:00:6a:95:fa:f9:b8:de:4d:d6:96:15:
                    17:40:5b:fa:92:23:99:28:01:db:2d:e0:04:e1:f8:
                    42:21:6a:66:ba:67:74:c2:b1:50:99:62:79:38:54:
                    65:5d:75:69:e2:05:bb:03:d7:3f:67:ef:d4:6c:98:
                    da:4f:e1:a4:86:e4:17:31:15:71:4b:a5:0a:49:83:
                    8d:3c:5d:fd:2b:25:57:5f:8e:2e:a5:d8:e1:cd:04:
                    89:af:1c:cf:29:25:a4:ca:65:86:93:6b:79:e5:df:
                    64:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:30:69:E7:B7:1B:15:10:54:23:02:1A:5E:13:65:51:4E:31:73:D6
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/AjBp57cbFRBUIwIaXhNlUU4xc9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:46:be:32:06:1c:00:8d:4a:d9:b9:38:47:4f:f3:94:4f:55:
         6f:e1:39:e4:7a:0b:df:01:1a:c8:27:dc:d2:40:94:c8:22:a0:
         1d:4b:32:36:42:6b:f1:6e:37:f4:de:86:e1:2f:dd:d6:52:5d:
         9e:f3:da:e1:4d:63:ba:a0:e8:35:26:a0:4d:60:63:01:b1:f3:
         c4:a2:94:f6:fb:16:a4:ca:ca:8a:92:56:53:fd:81:06:eb:bd:
         22:41:9e:34:71:40:8b:66:15:ce:68:67:47:68:60:ce:ac:79:
         1a:48:bf:60:8c:33:83:81:a4:0a:d4:27:98:a1:2c:8b:07:98:
         68:cf:d9:1c:a6:5e:1d:e4:b3:ce:60:b0:fb:7d:dc:99:8d:64:
         06:f4:33:04:55:1e:03:95:c4:57:6f:ed:be:4d:4a:12:1c:f5:
         97:a5:ca:90:17:6f:fd:0c:f4:a3:df:7c:93:43:cb:05:d5:04:
         f7:86:74:e5:ae:f7:85:b3:f8:7f:f1:51:a3:8f:d0:98:f1:5a:
         e2:24:5b:b9:2f:c4:b3:7e:27:f5:a0:9f:d3:83:69:bb:2b:d2:
         c9:2c:2f:af:36:37:4d:5c:d2:a3:b4:aa:67:2e:76:e2:73:7e:
         9d:d1:c2:c0:32:1b:57:03:d6:5d:71:d2:77:41:06:97:12:52:
         85:4a:af:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJS+/ypenlLibQ+AXQi9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjUwMTAyMTc1MTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjMwNjllN2I3MWIxNTEwNTQyMzAyMWE1ZTEzNjU1MTRlMzE3M2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIgYS2bVUIfCxi5CYKjc72beYFlB
OdLSLcmr9v9MDjofkuTyCtHPjO+rmuRiHz2M3B87EMdpCmX55HhMSWlZDlShCv+/
TWh4+HOAagbBBy2ItsZ2Kb0cq1UQdDnEwkF3qEYH118MfyXyq/BMz8CrqwOSUQSm
tmqL098HvBLAcRaq77YM+Se96gLbnx+MBBX1z86Ge0nHTiOTAGqV+vm43k3WlhUX
QFv6kiOZKAHbLeAE4fhCIWpmumd0wrFQmWJ5OFRlXXVp4gW7A9c/Z+/UbJjaT+Gk
huQXMRVxS6UKSYONPF39KyVXX44updjhzQSJrxzPKSWkymWGk2t55d9kewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIwaee3GxUQVCMCGl4TZVFOMXPWMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvQWpCcDU3Y2JGUkJVSXdJYVhoTmxVVTR4YzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsp1dMA0G
CSqGSIb3DQEBCwUAA4IBAQBcRr4yBhwAjUrZuThHT/OUT1Vv4TnkegvfARrIJ9zS
QJTIIqAdSzI2Qmvxbjf03obhL93WUl2e89rhTWO6oOg1JqBNYGMBsfPEopT2+xak
ysqKklZT/YEG670iQZ40cUCLZhXOaGdHaGDOrHkaSL9gjDODgaQK1CeYoSyLB5ho
z9kcpl4d5LPOYLD7fdyZjWQG9DMEVR4DlcRXb+2+TUoSHPWXpcqQF2/9DPSj33yT
Q8sF1QT3hnTlrveFs/h/8VGjj9CY8VriJFu5L8Szfif1oJ/Tg2m7K9LJLC+vNjdN
XNKjtKpnLnbic36d0cLAMhtXA9ZdcdJ3QQaXElKFSq99
-----END CERTIFICATE-----