Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/DsBDj8KsrMYweEmru4YQ7bU7sz8.roa
File:                     DsBDj8KsrMYweEmru4YQ7bU7sz8.roa (raw, json)
Hash identifier:          oA8nmfJDBbOdrQcggeSaroPYHpNkZEPFvvy4YClThHI=
Subject key identifier:   0E:C0:43:8F:C2:AC:AC:C6:30:78:49:AB:BB:86:10:ED:B5:3B:B3:3F
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019425FC3F99564DF3F4052FEAD33C1AEFB4
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/DsBDj8KsrMYweEmru4YQ7bU7sz8.roa
Signing time:             Thu 02 Jan 2025 07:47:55 +0000
ROA not before:           Thu 02 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        217.147.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3f:99:56:4d:f3:f4:05:2f:ea:d3:3c:1a:ef:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  2 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ec0438fc2acacc6307849abbb8610edb53bb33f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7f:59:ad:27:15:3e:6a:c1:1e:0e:c5:20:44:
                    24:66:4d:06:c2:37:80:9b:39:36:9e:21:31:12:7d:
                    46:94:df:01:f9:f5:fb:b3:06:6e:00:03:29:e1:df:
                    89:48:aa:c8:81:63:d5:51:32:4e:6d:e8:6a:c1:61:
                    56:cc:f5:5a:70:ed:f3:9d:15:3a:84:a0:b1:a5:82:
                    4d:a7:8b:4b:24:b8:1f:ca:c9:0a:1f:37:72:b0:f3:
                    84:2c:6f:c3:18:8c:22:b8:c7:64:51:3a:ae:9c:7c:
                    0c:ed:40:ae:fa:7a:ce:dc:d5:0f:d6:c1:d7:79:6b:
                    2a:eb:53:0f:7c:1c:53:70:c3:89:55:7e:f1:6e:a8:
                    de:74:ad:a6:6b:d6:34:d8:41:15:65:c0:3d:f1:df:
                    79:8e:c1:b9:ac:44:ce:97:11:59:3e:bf:1e:ef:a3:
                    42:9a:d0:a9:59:6d:1e:a0:a9:2e:0a:98:4c:b3:ca:
                    de:7f:1e:77:b3:2a:b7:72:df:72:f9:f6:52:62:b8:
                    cd:ba:b0:7f:2d:e9:cb:26:84:ca:cf:78:92:ae:eb:
                    e2:12:09:6e:17:80:31:7a:03:e5:97:74:a8:db:fb:
                    8f:9d:e3:2d:87:ab:14:b3:52:13:ef:c9:7f:81:ab:
                    64:18:a5:16:9e:d8:9a:87:01:4a:d6:12:42:65:7d:
                    c7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C0:43:8F:C2:AC:AC:C6:30:78:49:AB:BB:86:10:ED:B5:3B:B3:3F
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/DsBDj8KsrMYweEmru4YQ7bU7sz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ac:78:6f:07:be:39:55:46:8c:ef:de:f1:2f:a3:65:8f:88:
         d6:85:b2:bb:94:ff:7b:76:2b:9b:39:59:d7:71:83:33:9c:ad:
         1c:fe:fa:7c:73:bb:ed:7d:27:fd:d3:52:57:fb:0e:d9:d1:bf:
         51:8c:7f:17:02:79:b2:cb:d1:43:7c:35:dd:4c:72:7f:16:75:
         48:52:14:06:57:02:4d:9d:32:0a:20:68:38:da:6a:99:65:d4:
         f5:75:c4:3f:bc:de:6f:3e:09:95:cf:f3:ce:3c:34:42:21:37:
         22:b5:eb:d2:9c:f0:d8:22:4d:c4:8a:ee:64:2b:9e:3f:b1:17:
         2a:3d:ca:4e:ff:4d:27:b5:79:19:cf:d5:fb:5f:a9:af:29:d6:
         00:5f:e7:47:69:2c:6d:3b:4c:80:98:01:cb:61:11:a4:38:72:
         a6:be:b5:6d:89:b9:1b:16:c1:f1:df:89:d3:19:aa:df:2c:2b:
         46:e2:f1:f1:1e:0a:dd:55:a5:e7:fc:a7:69:1c:e6:ed:f1:98:
         f9:72:2d:be:2f:09:45:55:1d:97:95:02:78:a4:39:46:02:7d:
         9d:0c:3a:ee:2c:ab:c4:0f:88:e8:87:47:f7:8b:b7:1e:ab:8d:
         b8:05:8b:e9:b3:45:ec:3d:dd:f5:46:1b:b0:20:5e:22:38:0d:
         e7:0d:fc:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/D+ZVk3z9AUv6tM8Gu+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjUwMTAyMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWMwNDM4ZmMyYWNhY2M2MzA3ODQ5YWJiYjg2MTBlZGI1M2JiMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX9ZrScVPmrBHg7FIEQkZk0GwjeA
mzk2niExEn1GlN8B+fX7swZuAAMp4d+JSKrIgWPVUTJObehqwWFWzPVacO3znRU6
hKCxpYJNp4tLJLgfyskKHzdysPOELG/DGIwiuMdkUTqunHwM7UCu+nrO3NUP1sHX
eWsq61MPfBxTcMOJVX7xbqjedK2ma9Y02EEVZcA98d95jsG5rETOlxFZPr8e76NC
mtCpWW0eoKkuCphMs8refx53syq3ct9y+fZSYrjNurB/LenLJoTKz3iSruviEglu
F4AxegPll3So2/uPneMth6sUs1IT78l/gatkGKUWntiahwFK1hJCZX3HLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7AQ4/CrKzGMHhJq7uGEO21O7M/MB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvRHNCRGo4S3NyTVl3ZUVtcnU0WVE3YlU3c3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOoMA0G
CSqGSIb3DQEBCwUAA4IBAQAZrHhvB745VUaM797xL6Nlj4jWhbK7lP97diubOVnX
cYMznK0c/vp8c7vtfSf901JX+w7Z0b9RjH8XAnmyy9FDfDXdTHJ/FnVIUhQGVwJN
nTIKIGg42mqZZdT1dcQ/vN5vPgmVz/POPDRCITcitevSnPDYIk3Eiu5kK54/sRcq
PcpO/00ntXkZz9X7X6mvKdYAX+dHaSxtO0yAmAHLYRGkOHKmvrVtibkbFsHx34nT
GarfLCtG4vHxHgrdVaXn/KdpHObt8Zj5ci2+LwlFVR2XlQJ4pDlGAn2dDDruLKvE
D4joh0f3i7ceq424BYvps0XsPd31RhuwIF4iOA3nDfwD
-----END CERTIFICATE-----