Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/sHKnbDWYF8v5U1MKqrGRJFJuELo.roa
File:                     sHKnbDWYF8v5U1MKqrGRJFJuELo.roa (raw, json)
Hash identifier:          qVQJCzy3Z998XHa+C8cs8vimL83JWc3p3pyIfEzepNY=
Subject key identifier:   B0:72:A7:6C:35:98:17:CB:F9:53:53:0A:AA:B1:91:24:52:6E:10:BA
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0194266BCEF36974A022244B2F947E16C21C
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/sHKnbDWYF8v5U1MKqrGRJFJuELo.roa
Signing time:             Thu 02 Jan 2025 09:49:47 +0000
ROA not before:           Thu 02 Jan 2025 09:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205903
IP address blocks:        213.33.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ce:f3:69:74:a0:22:24:4b:2f:94:7e:16:c2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  2 09:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b072a76c359817cbf953530aaab19124526e10ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3f:15:b9:f1:3a:4a:56:9a:02:dd:b2:0b:c9:
                    6a:5a:03:bf:35:ad:38:4a:61:1d:f6:09:e0:b5:f7:
                    d3:4e:7e:6c:63:49:94:10:02:45:73:4c:e0:58:1d:
                    18:a1:92:da:c9:97:79:9d:ed:ac:2e:69:eb:8e:5a:
                    89:d4:77:07:71:21:9a:bd:e7:42:fe:63:ed:36:90:
                    db:de:48:41:de:44:5d:a3:4e:b6:b4:0a:35:fe:ae:
                    b3:67:3e:3d:cd:14:7e:1b:91:e1:89:5a:ec:a3:bd:
                    ab:43:50:13:47:61:c8:f7:33:97:a4:16:75:1f:47:
                    91:98:aa:74:b8:a7:64:05:19:46:7b:29:3c:f5:23:
                    db:db:e1:7b:8d:64:3a:1b:84:16:ab:31:6f:ca:07:
                    04:c2:55:4d:2f:56:ed:a6:f2:a7:5d:d8:10:8d:20:
                    da:ed:6d:9f:34:ce:0f:28:d1:a2:af:a4:6d:76:05:
                    0f:09:cb:8f:e7:f6:e4:f4:15:05:ee:f5:92:27:c1:
                    00:fb:2a:dc:24:7d:9b:c1:2d:b6:3e:72:4f:f2:2d:
                    2e:79:9a:da:cc:f9:87:84:06:c7:95:a6:54:39:53:
                    62:d7:aa:2c:d3:ea:9c:25:32:67:cb:5b:7e:51:80:
                    97:ee:52:b5:fa:47:af:79:e4:44:e2:5f:48:49:a1:
                    6e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:72:A7:6C:35:98:17:CB:F9:53:53:0A:AA:B1:91:24:52:6E:10:BA
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/sHKnbDWYF8v5U1MKqrGRJFJuELo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:57:b1:d3:cd:d5:22:0f:3a:ef:6a:ae:de:44:25:02:9d:7c:
         d5:90:40:ed:13:f7:b6:8c:b0:d4:11:25:3e:3d:e7:6e:20:e7:
         f7:a2:42:68:9b:7f:5d:a4:e5:ff:6f:ec:b3:9a:92:f0:a1:64:
         c6:d8:df:ca:74:d9:74:b6:39:fb:d7:74:c4:2a:64:c4:6d:50:
         b9:37:8c:d2:c9:b7:70:d8:d9:25:56:fd:28:11:39:8f:17:d8:
         2d:15:48:2c:6d:1f:ae:f0:a2:77:a1:c8:07:f2:df:e4:c3:76:
         77:5f:fd:0f:7f:d6:9c:48:7d:d9:43:29:f8:8d:e3:a8:4b:f0:
         1e:78:d4:68:a3:0e:53:4a:66:71:89:66:87:bb:92:2a:96:d8:
         90:66:b3:a3:c8:6a:c9:3e:0e:5a:bb:c9:8f:2c:dc:52:bc:58:
         38:71:bd:86:bc:e9:09:7b:53:3a:08:e6:1c:eb:87:71:c3:e6:
         44:34:3c:71:dc:01:be:ef:bd:d7:db:83:af:4b:e1:82:e2:fc:
         4c:d9:b9:99:a3:c5:f3:6a:e8:8c:0b:14:8a:38:98:69:47:4e:
         22:34:4c:7d:87:c1:c8:f0:2f:e6:ab:2d:e4:88:f0:ab:6d:a5:
         9f:b6:41:4d:ef:b1:d2:49:ab:91:cf:32:80:ea:d8:dc:23:78:
         35:a2:d3:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma87zaXSgIiRLL5R+FsIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwMTAyMDk0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDcyYTc2YzM1OTgxN2NiZjk1MzUzMGFhYWIxOTEyNDUyNmUxMGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD8VufE6SlaaAt2yC8lqWgO/Na04
SmEd9gngtffTTn5sY0mUEAJFc0zgWB0YoZLayZd5ne2sLmnrjlqJ1HcHcSGavedC
/mPtNpDb3khB3kRdo062tAo1/q6zZz49zRR+G5HhiVrso72rQ1ATR2HI9zOXpBZ1
H0eRmKp0uKdkBRlGeyk89SPb2+F7jWQ6G4QWqzFvygcEwlVNL1btpvKnXdgQjSDa
7W2fNM4PKNGir6RtdgUPCcuP5/bk9BUF7vWSJ8EA+yrcJH2bwS22PnJP8i0ueZra
zPmHhAbHlaZUOVNi16os0+qcJTJny1t+UYCX7lK1+keveeRE4l9ISaFu5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLByp2w1mBfL+VNTCqqxkSRSbhC6MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvc0hLbmJEV1lGOHY1VTFNS3FyR1JKRkp1RUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SExMA0G
CSqGSIb3DQEBCwUAA4IBAQA0V7HTzdUiDzrvaq7eRCUCnXzVkEDtE/e2jLDUESU+
PeduIOf3okJom39dpOX/b+yzmpLwoWTG2N/KdNl0tjn713TEKmTEbVC5N4zSybdw
2NklVv0oETmPF9gtFUgsbR+u8KJ3ocgH8t/kw3Z3X/0Pf9acSH3ZQyn4jeOoS/Ae
eNRoow5TSmZxiWaHu5IqltiQZrOjyGrJPg5au8mPLNxSvFg4cb2GvOkJe1M6COYc
64dxw+ZENDxx3AG+773X24OvS+GC4vxM2bmZo8XzauiMCxSKOJhpR04iNEx9h8HI
8C/mqy3kiPCrbaWftkFN77HSSauRzzKA6tjcI3g1otOk
-----END CERTIFICATE-----