Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_uuRs1q0kzzxOE8VMZdcXbaVR-c.roa
File:                     _uuRs1q0kzzxOE8VMZdcXbaVR-c.roa (raw, json)
Hash identifier:          nDyUFHiWf+ewggFbVwk2c6PxPQ54RKuKRQAD1V+EJys=
Subject key identifier:   FE:EB:91:B3:5A:B4:93:3C:F1:38:4F:15:31:97:5C:5D:B6:95:47:E7
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0194266BC7EAAE8ECFCE01E89E168CA24C51
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_uuRs1q0kzzxOE8VMZdcXbaVR-c.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47477
IP address blocks:        193.83.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c7:ea:ae:8e:cf:ce:01:e8:9e:16:8c:a2:4c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feeb91b35ab4933cf1384f1531975c5db69547e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:54:43:1c:5b:51:7e:cf:8c:11:5c:77:a1:91:
                    f7:4e:86:f7:71:bf:3a:d6:e8:79:97:cc:11:10:0a:
                    35:35:26:97:6d:c3:ab:ea:0e:b3:5a:9f:66:a5:20:
                    ab:01:88:91:ea:f8:53:7d:cb:f4:17:2a:f7:6b:d2:
                    d8:1c:44:20:f9:6b:82:14:bc:e5:b5:51:03:65:94:
                    72:a1:ca:d3:47:21:5c:a5:a2:28:11:ef:23:12:f2:
                    4a:3d:0d:86:2b:62:a5:22:c9:1e:39:08:df:41:8a:
                    0a:83:de:c2:b1:14:83:9c:f7:f9:42:5a:5d:c5:b1:
                    67:fd:d1:cd:3d:da:f5:5b:75:cb:1a:10:47:9d:a6:
                    94:16:10:17:2e:24:e5:e1:ad:71:69:13:6a:c8:24:
                    20:0c:a1:10:de:90:40:6f:6a:99:9c:bd:c3:ff:a7:
                    34:f3:3a:d9:43:07:21:0f:0a:73:d2:74:3c:3e:95:
                    fb:a2:e6:bf:18:f6:1f:0c:d9:7c:d9:ac:1b:61:9e:
                    5c:0b:7b:4e:62:1f:27:e0:fd:eb:b1:b4:73:53:b0:
                    06:27:cd:9e:75:42:d5:25:94:35:a7:9a:50:76:75:
                    36:d9:b1:65:48:78:72:39:6f:cb:be:2d:c2:f7:23:
                    86:a1:54:ae:e3:0a:79:d6:69:e3:91:81:83:2e:74:
                    d2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:EB:91:B3:5A:B4:93:3C:F1:38:4F:15:31:97:5C:5D:B6:95:47:E7
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/_uuRs1q0kzzxOE8VMZdcXbaVR-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.83.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:f1:a9:e4:60:83:43:2f:9d:32:c5:f8:d2:9c:c5:4d:05:8a:
         0f:5c:3c:f2:1d:97:84:f1:e3:ec:d8:92:57:b3:06:f9:71:8d:
         4b:75:df:60:85:41:0e:33:e8:25:c3:3c:4d:8f:25:88:74:9e:
         65:bb:60:ec:4d:1f:4a:00:b9:04:fc:b3:4d:f4:f9:01:e1:d9:
         e3:bd:fb:cb:fd:8c:99:5a:20:ad:9e:ef:cf:b0:8f:2e:1e:d9:
         29:2b:ca:4f:8a:81:29:aa:fd:a2:68:f9:4f:b5:f4:1c:de:c8:
         12:f2:91:ca:3e:9f:7d:7e:f1:7e:85:9e:6d:e1:77:8a:8e:be:
         37:01:3b:d7:7b:68:af:d0:5b:7a:f1:27:49:57:77:fb:6d:6e:
         47:43:0e:4d:5d:bd:5d:87:03:be:b0:7e:29:6e:4b:aa:5d:66:
         66:d5:97:a8:3e:35:3f:2e:2d:be:fc:f4:21:3a:ea:85:01:9e:
         4d:24:fa:af:0e:56:fb:01:92:12:d6:93:4c:7b:35:9b:fa:74:
         a3:e1:4c:9e:bd:f1:50:da:93:5d:fc:0b:df:3e:d2:d6:6c:90:
         f3:b6:6b:32:45:b8:53:89:15:1e:66:ac:f0:69:13:39:03:20:
         91:35:25:d9:37:93:b5:a4:26:97:60:0c:83:35:4e:c5:dc:5d:
         c4:b0:34:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8fqro7PzgHonhaMokxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWViOTFiMzVhYjQ5MzNjZjEzODRmMTUzMTk3NWM1ZGI2OTU0N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1RDHFtRfs+MEVx3oZH3Tob3cb86
1uh5l8wREAo1NSaXbcOr6g6zWp9mpSCrAYiR6vhTfcv0Fyr3a9LYHEQg+WuCFLzl
tVEDZZRyocrTRyFcpaIoEe8jEvJKPQ2GK2KlIskeOQjfQYoKg97CsRSDnPf5Qlpd
xbFn/dHNPdr1W3XLGhBHnaaUFhAXLiTl4a1xaRNqyCQgDKEQ3pBAb2qZnL3D/6c0
8zrZQwchDwpz0nQ8PpX7oua/GPYfDNl82awbYZ5cC3tOYh8n4P3rsbRzU7AGJ82e
dULVJZQ1p5pQdnU22bFlSHhyOW/Lvi3C9yOGoVSu4wp51mnjkYGDLnTSkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7rkbNatJM88ThPFTGXXF22lUfnMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvX3V1UnMxcTBrenp4T0U4Vk1aZGNYYmFWUi1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVPMMA0G
CSqGSIb3DQEBCwUAA4IBAQDF8ankYINDL50yxfjSnMVNBYoPXDzyHZeE8ePs2JJX
swb5cY1Ldd9ghUEOM+glwzxNjyWIdJ5lu2DsTR9KALkE/LNN9PkB4dnjvfvL/YyZ
WiCtnu/PsI8uHtkpK8pPioEpqv2iaPlPtfQc3sgS8pHKPp99fvF+hZ5t4XeKjr43
ATvXe2iv0Ft68SdJV3f7bW5HQw5NXb1dhwO+sH4pbkuqXWZm1ZeoPjU/Li2+/PQh
OuqFAZ5NJPqvDlb7AZIS1pNMezWb+nSj4UyevfFQ2pNd/AvfPtLWbJDztmsyRbhT
iRUeZqzwaRM5AyCRNSXZN5O1pCaXYAyDNU7F3F3EsDRF
-----END CERTIFICATE-----