Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/D07K9M73JE_RghORuqvEImVGd0Q.roa
File:                     D07K9M73JE_RghORuqvEImVGd0Q.roa (raw, json)
Hash identifier:          kPt/ZOiMf9T1o4/zGBCvETiXAjwGaiEUsN/6gQ2oC8U=
Subject key identifier:   0F:4E:CA:F4:CE:F7:24:4F:D1:82:13:91:BA:AB:C4:22:65:46:77:44
Certificate issuer:       /CN=ae0327bf1e7b7bfbdd2f214c8ef629aa29e4d66f
Certificate serial:       019424B2B06A6D832C4A9B8595C50FACD1FD
Authority key identifier: AE:03:27:BF:1E:7B:7B:FB:DD:2F:21:4C:8E:F6:29:AA:29:E4:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rgMnvx57e_vdLyFMjvYpqink1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/D07K9M73JE_RghORuqvEImVGd0Q.roa
Signing time:             Thu 02 Jan 2025 01:47:57 +0000
ROA not before:           Thu 02 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50402
IP address blocks:        195.47.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/rgMnvx57e_vdLyFMjvYpqink1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/rgMnvx57e_vdLyFMjvYpqink1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rgMnvx57e_vdLyFMjvYpqink1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:b0:6a:6d:83:2c:4a:9b:85:95:c5:0f:ac:d1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae0327bf1e7b7bfbdd2f214c8ef629aa29e4d66f
        Validity
            Not Before: Jan  2 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f4ecaf4cef7244fd1821391baabc42265467744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c0:be:b5:bc:f3:9b:0d:0c:50:e5:b9:86:2a:
                    1b:30:46:65:a5:ab:21:ef:f9:9a:d7:25:92:a1:45:
                    eb:71:e1:42:d2:cb:5b:d8:2e:5f:27:fe:24:10:42:
                    07:0e:f7:19:da:50:c3:72:36:21:67:9b:28:4e:e1:
                    da:28:4c:4a:b8:1a:53:56:dd:29:1a:98:1c:31:3d:
                    b3:0f:90:7b:0e:b1:04:36:a6:b6:7d:95:c3:c3:cf:
                    c7:38:fe:2c:12:08:35:82:52:3a:a7:d2:ef:44:2f:
                    30:ca:b6:fa:89:40:c4:54:93:f0:3e:86:04:2b:cc:
                    d9:e2:c7:51:9f:4a:e4:03:dd:e5:7f:78:59:25:68:
                    3b:ea:d5:55:3b:73:81:ff:56:e6:60:65:f0:a3:be:
                    75:8a:1f:5b:a8:22:5b:84:e6:5f:9f:0a:64:98:41:
                    97:d4:2d:3f:a3:55:06:25:42:69:66:e5:0e:0e:dd:
                    6d:72:44:fd:5c:4a:3f:5d:0c:c8:f1:6a:f7:ca:22:
                    b8:70:9f:57:b5:d8:d1:d5:77:6e:84:a8:5a:16:79:
                    12:d5:89:e9:63:f5:40:43:4c:56:18:58:9e:14:b6:
                    a1:54:09:0a:c1:3e:fd:7b:08:3d:02:f9:39:ed:1c:
                    88:a9:7b:94:f7:07:4e:76:f9:65:28:a6:13:2a:22:
                    92:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:4E:CA:F4:CE:F7:24:4F:D1:82:13:91:BA:AB:C4:22:65:46:77:44
            X509v3 Authority Key Identifier:
                keyid:AE:03:27:BF:1E:7B:7B:FB:DD:2F:21:4C:8E:F6:29:AA:29:E4:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rgMnvx57e_vdLyFMjvYpqink1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/D07K9M73JE_RghORuqvEImVGd0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/f090be-422b-4f2a-864f-9fca29decda8/1/rgMnvx57e_vdLyFMjvYpqink1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:90:cb:c7:40:62:2b:8a:78:25:b1:94:0c:43:cf:59:10:5c:
         d3:68:8a:bd:78:dc:b3:df:f3:1f:c9:15:6b:d6:94:6e:34:1d:
         8b:c8:92:62:ac:80:d8:f5:42:61:59:d8:dc:55:09:e4:e0:68:
         42:81:0e:a6:22:4b:50:a5:7a:76:58:7a:06:c1:48:af:2f:88:
         c9:c8:12:8d:0e:98:3b:97:47:51:56:b2:a2:0d:6c:24:e9:b8:
         d4:3d:0b:36:0d:dd:e8:f6:80:8a:2a:10:94:47:a7:1f:fd:1c:
         07:49:9f:80:22:a3:94:a2:58:22:08:7c:07:e9:a5:5d:05:37:
         0b:03:58:d7:ba:c9:74:6b:1e:cc:71:91:2d:f3:46:0a:8c:64:
         72:0e:b6:b7:19:de:d6:42:82:a9:aa:51:af:f2:b6:3f:97:2e:
         bf:85:2e:30:3e:15:fd:b1:26:75:80:e3:3b:08:d1:71:f6:0c:
         75:32:62:1b:cf:7e:f1:61:a9:10:f4:e7:a4:33:2a:0c:75:1a:
         33:e4:17:d6:fc:19:82:c0:25:1d:86:4f:42:46:95:1b:a4:63:
         32:d0:5e:a1:36:87:22:55:43:8b:53:60:29:c0:f5:c4:84:a6:
         71:27:da:3b:82:b4:c9:bc:ec:85:b3:50:5c:50:72:bd:01:8f:
         7b:cf:66:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksrBqbYMsSpuFlcUPrNH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMDMyN2JmMWU3YjdiZmJkZDJmMjE0YzhlZjYyOWFhMjll
NGQ2NmYwHhcNMjUwMTAyMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjRlY2FmNGNlZjcyNDRmZDE4MjEzOTFiYWFiYzQyMjY1NDY3NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cC+tbzzmw0MUOW5hiobMEZlpash
7/ma1yWSoUXrceFC0stb2C5fJ/4kEEIHDvcZ2lDDcjYhZ5soTuHaKExKuBpTVt0p
GpgcMT2zD5B7DrEENqa2fZXDw8/HOP4sEgg1glI6p9LvRC8wyrb6iUDEVJPwPoYE
K8zZ4sdRn0rkA93lf3hZJWg76tVVO3OB/1bmYGXwo751ih9bqCJbhOZfnwpkmEGX
1C0/o1UGJUJpZuUODt1tckT9XEo/XQzI8Wr3yiK4cJ9XtdjR1XduhKhaFnkS1Ynp
Y/VAQ0xWGFieFLahVAkKwT79ewg9Avk57RyIqXuU9wdOdvllKKYTKiKSEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9OyvTO9yRP0YITkbqrxCJlRndEMB8GA1UdIwQY
MBaAFK4DJ78ee3v73S8hTI72Kaop5NZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmdNbnZ4NTdlX3ZkTHlGTWp2WXBxaW5rMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9mMDkwYmUtNDIyYi00ZjJhLTg2NGYt
OWZjYTI5ZGVjZGE4LzEvRDA3SzlNNzNKRV9SZ2hPUnVxdkVJbVZHZDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9mMDkwYmUtNDIyYi00ZjJhLTg2NGYtOWZjYTI5ZGVjZGE4
LzEvcmdNbnZ4NTdlX3ZkTHlGTWp2WXBxaW5rMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/WMA0G
CSqGSIb3DQEBCwUAA4IBAQCFkMvHQGIringlsZQMQ89ZEFzTaIq9eNyz3/MfyRVr
1pRuNB2LyJJirIDY9UJhWdjcVQnk4GhCgQ6mIktQpXp2WHoGwUivL4jJyBKNDpg7
l0dRVrKiDWwk6bjUPQs2Dd3o9oCKKhCUR6cf/RwHSZ+AIqOUolgiCHwH6aVdBTcL
A1jXusl0ax7McZEt80YKjGRyDra3Gd7WQoKpqlGv8rY/ly6/hS4wPhX9sSZ1gOM7
CNFx9gx1MmIbz37xYakQ9OekMyoMdRoz5BfW/BmCwCUdhk9CRpUbpGMy0F6hNoci
VUOLU2ApwPXEhKZxJ9o7grTJvOyFs1BcUHK9AY97z2ZF
-----END CERTIFICATE-----