Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Iw0uJUqDFMCpnlf4XGwlISlaiyI.roa
File:                     Iw0uJUqDFMCpnlf4XGwlISlaiyI.roa (raw, json)
Hash identifier:          5tco4hqxGAdbLBNKSIfWHuWN8HJlnqh7fREARs6ddwE=
Subject key identifier:   23:0D:2E:25:4A:83:14:C0:A9:9E:57:F8:5C:6C:25:21:29:5A:8B:22
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       01942823613E864206DAE2AC1E7F735D6E3D
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Iw0uJUqDFMCpnlf4XGwlISlaiyI.roa
Signing time:             Thu 02 Jan 2025 17:49:54 +0000
ROA not before:           Thu 02 Jan 2025 17:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204203
IP address blocks:        217.60.239.0/24 maxlen: 24
                          217.60.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:61:3e:86:42:06:da:e2:ac:1e:7f:73:5d:6e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Jan  2 17:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=230d2e254a8314c0a99e57f85c6c2521295a8b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f4:75:e1:75:04:85:5c:b4:1b:f1:b2:4d:7b:
                    7a:9d:b6:ee:e6:bb:0e:0e:0a:81:8d:f6:2d:88:59:
                    81:46:97:75:bd:a5:78:fd:0f:64:c4:7c:7f:4f:ac:
                    60:55:3a:fc:9c:83:d9:47:28:b0:78:a8:59:1a:72:
                    d3:7f:a4:06:6d:1e:4c:25:3e:d0:af:88:ac:4b:71:
                    29:27:52:64:c7:01:1e:53:32:14:36:b0:4e:ef:41:
                    97:81:ae:cd:5d:77:10:02:92:6e:c1:10:83:ee:a0:
                    31:5a:ef:ce:9c:ad:8d:27:d0:69:4f:96:72:8d:1c:
                    68:66:9a:f2:bb:e4:5e:f7:eb:b5:e0:e1:3d:e2:5a:
                    a5:4f:fe:87:49:77:d3:cd:23:61:c5:b1:a8:cb:53:
                    10:92:78:da:17:51:12:13:65:1a:dc:1b:b6:6e:a4:
                    61:c6:ba:6a:ec:79:d6:71:9a:7f:c5:e0:bf:4c:b3:
                    46:86:02:c2:a2:c4:6a:c5:25:39:c5:aa:3d:5e:c8:
                    de:f7:62:f0:4f:04:5b:9c:91:6c:8d:d3:0a:49:77:
                    f2:5b:00:8b:a3:69:ab:d1:94:32:08:cd:50:c5:d4:
                    6f:e1:3f:4f:40:e3:ef:6b:d1:9f:90:f6:ce:bb:e2:
                    52:ef:a1:51:29:52:27:66:b3:c0:eb:2a:f0:95:e4:
                    61:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0D:2E:25:4A:83:14:C0:A9:9E:57:F8:5C:6C:25:21:29:5A:8B:22
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/Iw0uJUqDFMCpnlf4XGwlISlaiyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.239.0/24
                  217.60.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:22:d8:07:9c:21:27:c2:d3:65:a3:0f:f5:de:69:c8:59:c1:
         3b:34:64:81:e8:65:78:f0:ae:3c:95:39:93:6e:02:ee:43:1c:
         d7:cc:6d:06:38:cf:be:17:23:2e:e5:75:90:c8:dd:ee:0f:b2:
         31:05:62:a8:13:5b:ea:27:04:67:f4:34:3f:07:1a:9c:19:a1:
         23:8d:b5:be:83:a6:2a:85:04:15:1b:57:4c:54:40:ef:fe:e8:
         bb:ab:47:a8:1d:27:39:45:6b:88:91:a6:28:a9:40:da:d0:c2:
         77:50:3d:db:35:41:52:2d:c8:91:af:5f:4e:42:04:c3:80:82:
         bc:a8:62:1e:9e:45:f7:25:cf:e7:23:9c:81:fb:79:1e:23:14:
         0c:68:2c:af:45:0d:a2:2d:2b:c0:d9:c7:b4:75:42:1b:73:a3:
         a6:7c:38:2a:02:0f:01:97:fb:75:b8:9b:b5:96:eb:b0:f5:eb:
         56:71:28:46:b3:66:0e:f6:6e:b9:f5:3b:2b:1a:04:e6:50:09:
         b3:d5:a2:97:26:2b:b5:2a:98:a5:e0:55:1e:3f:16:6b:35:7f:
         e3:73:77:7b:ad:61:4b:f8:9b:95:fe:63:ae:9a:f5:15:14:a9:
         a0:fe:65:c7:b1:c1:74:4c:c7:25:09:6b:93:b3:45:53:d7:f2:
         81:c4:24:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI2E+hkIG2uKsHn9zXW49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMTAyMTc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBkMmUyNTRhODMxNGMwYTk5ZTU3Zjg1YzZjMjUyMTI5NWE4YjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PR14XUEhVy0G/GyTXt6nbbu5rsO
DgqBjfYtiFmBRpd1vaV4/Q9kxHx/T6xgVTr8nIPZRyiweKhZGnLTf6QGbR5MJT7Q
r4isS3EpJ1JkxwEeUzIUNrBO70GXga7NXXcQApJuwRCD7qAxWu/OnK2NJ9BpT5Zy
jRxoZpryu+Re9+u14OE94lqlT/6HSXfTzSNhxbGoy1MQknjaF1ESE2Ua3Bu2bqRh
xrpq7HnWcZp/xeC/TLNGhgLCosRqxSU5xao9Xsje92LwTwRbnJFsjdMKSXfyWwCL
o2mr0ZQyCM1QxdRv4T9PQOPva9GfkPbOu+JS76FRKVInZrPA6yrwleRhuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMNLiVKgxTAqZ5X+FxsJSEpWosiMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvSXcwdUpVcURGTUNwbmxmNFhHd2xJU2xhaXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2TzvAwQA
2TzxMA0GCSqGSIb3DQEBCwUAA4IBAQBZItgHnCEnwtNlow/13mnIWcE7NGSB6GV4
8K48lTmTbgLuQxzXzG0GOM++FyMu5XWQyN3uD7IxBWKoE1vqJwRn9DQ/BxqcGaEj
jbW+g6YqhQQVG1dMVEDv/ui7q0eoHSc5RWuIkaYoqUDa0MJ3UD3bNUFSLciRr19O
QgTDgIK8qGIenkX3Jc/nI5yB+3keIxQMaCyvRQ2iLSvA2ce0dUIbc6OmfDgqAg8B
l/t1uJu1luuw9etWcShGs2YO9m659TsrGgTmUAmz1aKXJiu1Kpil4FUePxZrNX/j
c3d7rWFL+JuV/mOumvUVFKmg/mXHscF0TMclCWuTs0VT1/KBxCT4
-----END CERTIFICATE-----