Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CT0vQDDLHzxy-DZhmH5lfMDO1AE.roa
File:                     CT0vQDDLHzxy-DZhmH5lfMDO1AE.roa (raw, json)
Hash identifier:          2wJnl0vc/QlliM5JtS0mPybzQY83w0RW1qmvqeBag7k=
Subject key identifier:   09:3D:2F:40:30:CB:1F:3C:72:F8:36:61:98:7E:65:7C:C0:CE:D4:01
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019707EB10439089E07F97FB1499003567C7
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CT0vQDDLHzxy-DZhmH5lfMDO1AE.roa
Signing time:             Sun 25 May 2025 14:48:54 +0000
ROA not before:           Sun 25 May 2025 14:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214361
IP address blocks:        178.239.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:eb:10:43:90:89:e0:7f:97:fb:14:99:00:35:67:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May 25 14:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=093d2f4030cb1f3c72f83661987e657cc0ced401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:69:c6:f0:95:42:dc:a7:72:af:7c:85:ce:f7:
                    f1:31:dd:58:ac:40:90:45:97:d2:24:f9:98:ae:c7:
                    90:5a:bf:01:d7:1d:70:bc:17:3b:89:9c:02:d6:94:
                    b9:0e:22:f2:8a:99:14:5f:68:31:4c:86:07:fd:ac:
                    25:98:3d:d4:4a:d6:1b:85:c0:dc:c2:e8:5e:c3:0f:
                    1c:6a:bc:21:c0:f2:2e:84:66:1a:c1:91:aa:b4:e4:
                    36:50:a5:49:82:d9:b0:65:62:de:d1:bb:35:f9:69:
                    a8:d2:e0:2d:d0:b2:77:14:55:c7:2c:cb:c7:86:2a:
                    dd:f1:aa:ed:11:d9:32:b4:ba:34:30:93:3f:36:7c:
                    23:e1:f7:b9:79:4b:17:ee:8a:69:1d:b3:3a:a7:79:
                    42:38:47:90:e1:42:8f:53:85:59:e4:87:80:e9:f1:
                    17:c8:11:68:53:33:1b:b5:1a:38:af:1b:7e:ce:ad:
                    f4:de:5f:99:0b:ba:29:b4:93:5a:ef:7f:8f:ac:cf:
                    fd:58:e8:9b:44:46:01:24:7b:3d:38:98:79:00:fb:
                    24:22:f3:78:c7:5e:e7:64:73:83:6b:92:97:69:79:
                    14:f3:d7:06:47:73:29:da:6d:70:83:1d:d0:07:d7:
                    77:08:80:7b:94:eb:51:a5:69:74:4e:11:49:a1:5b:
                    37:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3D:2F:40:30:CB:1F:3C:72:F8:36:61:98:7E:65:7C:C0:CE:D4:01
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/CT0vQDDLHzxy-DZhmH5lfMDO1AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:51:47:f5:17:b2:b2:83:9a:48:7e:8f:17:c6:96:5d:96:80:
         9a:cf:c2:ef:f3:36:de:7f:ef:3c:b2:4e:51:e6:bc:65:98:5b:
         07:5a:af:8f:de:d0:1c:58:c9:9f:a2:7c:ad:98:8a:a0:bb:53:
         18:60:ef:34:00:f7:ee:e1:fb:80:66:24:0c:8c:8c:b9:00:3b:
         39:d2:87:df:25:d3:70:b5:87:ac:33:65:63:f0:26:fa:a3:da:
         b4:90:29:ce:e5:9d:8a:32:60:ad:be:b2:93:7b:69:b7:e0:8d:
         e3:50:72:42:f6:1b:0e:3e:5e:d8:c5:d6:fc:e3:82:53:4e:be:
         1f:d6:fd:de:bf:a1:df:77:f5:8e:78:33:97:34:a6:47:75:55:
         4f:0f:5d:ff:28:f7:16:16:45:39:5c:64:e8:21:59:c1:47:12:
         14:3e:4e:7f:ea:76:79:8b:82:b2:00:cd:9f:69:40:3d:9b:86:
         4f:c9:69:7b:84:fa:9a:e9:27:e6:e8:2a:09:12:09:1e:97:43:
         e0:2d:70:7b:48:6b:47:c4:a9:3a:90:c3:2c:09:77:80:c9:82:
         3b:dc:73:9b:1f:cb:ab:a0:78:8e:f0:52:7f:6c:78:c3:b5:7c:
         2e:84:e9:ba:a9:f9:c2:5a:f5:a8:ed:f0:80:5d:ea:59:20:87:
         48:2e:6a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcH6xBDkIngf5f7FJkANWfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNTI1MTQ0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNkMmY0MDMwY2IxZjNjNzJmODM2NjE5ODdlNjU3Y2MwY2VkNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWnG8JVC3Kdyr3yFzvfxMd1YrECQ
RZfSJPmYrseQWr8B1x1wvBc7iZwC1pS5DiLyipkUX2gxTIYH/awlmD3UStYbhcDc
wuheww8carwhwPIuhGYawZGqtOQ2UKVJgtmwZWLe0bs1+Wmo0uAt0LJ3FFXHLMvH
hird8artEdkytLo0MJM/Nnwj4fe5eUsX7oppHbM6p3lCOEeQ4UKPU4VZ5IeA6fEX
yBFoUzMbtRo4rxt+zq303l+ZC7optJNa73+PrM/9WOibREYBJHs9OJh5APskIvN4
x17nZHODa5KXaXkU89cGR3Mp2m1wgx3QB9d3CIB7lOtRpWl0ThFJoVs3KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk9L0Awyx88cvg2YZh+ZXzAztQBMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvQ1QwdlFERExIenh5LURaaG1INWxmTURPMUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+SMA0G
CSqGSIb3DQEBCwUAA4IBAQBpUUf1F7Kyg5pIfo8XxpZdloCaz8Lv8zbef+88sk5R
5rxlmFsHWq+P3tAcWMmfonytmIqgu1MYYO80APfu4fuAZiQMjIy5ADs50offJdNw
tYesM2Vj8Cb6o9q0kCnO5Z2KMmCtvrKTe2m34I3jUHJC9hsOPl7Yxdb844JTTr4f
1v3ev6Hfd/WOeDOXNKZHdVVPD13/KPcWFkU5XGToIVnBRxIUPk5/6nZ5i4KyAM2f
aUA9m4ZPyWl7hPqa6Sfm6CoJEgkel0PgLXB7SGtHxKk6kMMsCXeAyYI73HObH8ur
oHiO8FJ/bHjDtXwuhOm6qfnCWvWo7fCAXepZIIdILmo4
-----END CERTIFICATE-----