Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Dd0lNs2hky54dQAv3vPisZjCFp4.roa
File:                     Dd0lNs2hky54dQAv3vPisZjCFp4.roa (raw, json)
Hash identifier:          NVL0LmaHqGXfi7RWJ5Z26iREn6xhTna8KN7jsCj7oR4=
Subject key identifier:   0D:DD:25:36:CD:A1:93:2E:78:75:00:2F:DE:F3:E2:B1:98:C2:16:9E
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       019423D74AD5707136A410F05F248AB905B4
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Dd0lNs2hky54dQAv3vPisZjCFp4.roa
Signing time:             Wed 01 Jan 2025 21:48:19 +0000
ROA not before:           Wed 01 Jan 2025 21:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201340
IP address blocks:        194.170.8.0/24 maxlen: 24
                          194.170.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 10:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:4a:d5:70:71:36:a4:10:f0:5f:24:8a:b9:05:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 21:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ddd2536cda1932e7875002fdef3e2b198c2169e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5b:d9:12:ef:b1:40:f3:78:c8:e8:16:d6:76:
                    70:17:ab:36:72:90:76:64:9c:0f:59:98:48:7b:5b:
                    a1:dd:26:25:4b:d5:e1:1b:50:eb:d4:f8:cd:b7:ed:
                    a0:a7:56:ab:5e:cb:26:15:5f:71:3b:ad:b3:0a:27:
                    fc:8e:f2:8f:6c:ef:c6:b8:17:81:3b:93:17:50:6e:
                    a4:98:e7:1f:2a:70:22:57:fe:d3:3a:24:ce:0d:ad:
                    7f:9a:af:9a:00:41:69:c1:48:59:7c:c3:c2:50:e7:
                    d1:99:b8:35:06:0a:90:de:4f:47:fd:b6:37:1d:18:
                    89:7c:95:f9:51:e3:60:57:87:55:3e:24:f3:74:95:
                    8d:75:d0:e5:e8:79:68:05:e4:ff:33:de:6c:a9:17:
                    53:cc:f7:6e:b9:a1:89:3d:4e:31:10:c0:74:24:c2:
                    65:42:25:cb:d4:12:f4:19:1f:a7:39:06:b0:25:e9:
                    6a:e9:8f:32:92:21:1b:04:b3:14:4a:0b:39:a3:af:
                    f3:3e:c6:1e:cc:29:ed:3c:5e:da:c3:58:86:36:f2:
                    20:36:23:f8:8c:13:de:d4:a6:1a:ba:85:91:94:b7:
                    bc:b7:fe:c0:f7:c2:8d:66:ab:7e:28:88:b4:ec:37:
                    49:21:fa:a8:70:65:17:bf:71:7a:3a:5c:2d:72:d4:
                    e6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DD:25:36:CD:A1:93:2E:78:75:00:2F:DE:F3:E2:B1:98:C2:16:9E
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Dd0lNs2hky54dQAv3vPisZjCFp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.170.8.0/24
                  194.170.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ed:cc:97:bb:ec:8e:d0:51:ad:e3:d4:e1:c9:20:47:37:64:
         bd:e4:05:d8:e0:0b:63:9e:61:31:e2:f3:d7:10:f9:6e:24:56:
         77:67:59:61:2f:f0:97:ac:c7:0b:94:79:92:12:f8:f3:eb:bd:
         71:68:fd:59:87:a3:c9:9f:fb:47:73:6c:4a:f3:98:11:07:1c:
         be:bb:49:a1:55:5a:7b:9d:21:f7:67:20:a6:1e:ba:5a:32:1d:
         d3:91:05:bc:45:48:1f:33:e4:20:0c:83:53:85:e7:6a:e5:90:
         25:51:da:9c:6f:55:c6:05:8d:43:9d:e0:c6:53:7d:57:e0:df:
         93:b4:b1:b6:ac:eb:1d:a6:5f:88:3f:cb:dd:1e:df:4e:c8:53:
         0a:55:a5:aa:1a:e1:9c:e6:83:93:e9:f6:8a:40:ce:73:b2:a7:
         e5:ee:3f:50:4f:91:b7:04:95:8c:98:a0:e7:17:23:dc:cb:95:
         34:60:f5:92:3f:b1:a5:23:23:e3:a4:d9:5e:c1:6f:e9:d1:1f:
         7e:bb:64:52:e3:1d:da:5d:7f:de:c7:5f:42:45:a8:7e:01:5a:
         e7:e6:f2:2f:0f:28:c4:9b:f0:76:1e:4e:fd:a9:b6:70:05:8f:
         a5:5d:7c:71:86:96:e5:f3:96:c8:62:9f:ea:6e:92:4d:d1:c0:
         95:da:2e:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj10rVcHE2pBDwXySKuQW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjUwMTAxMjE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRkMjUzNmNkYTE5MzJlNzg3NTAwMmZkZWYzZTJiMTk4YzIxNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1vZEu+xQPN4yOgW1nZwF6s2cpB2
ZJwPWZhIe1uh3SYlS9XhG1Dr1PjNt+2gp1arXssmFV9xO62zCif8jvKPbO/GuBeB
O5MXUG6kmOcfKnAiV/7TOiTODa1/mq+aAEFpwUhZfMPCUOfRmbg1BgqQ3k9H/bY3
HRiJfJX5UeNgV4dVPiTzdJWNddDl6HloBeT/M95sqRdTzPduuaGJPU4xEMB0JMJl
QiXL1BL0GR+nOQawJelq6Y8ykiEbBLMUSgs5o6/zPsYezCntPF7aw1iGNvIgNiP4
jBPe1KYauoWRlLe8t/7A98KNZqt+KIi07DdJIfqocGUXv3F6OlwtctTmqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA3dJTbNoZMueHUAL97z4rGYwhaeMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvRGQwbE5zMmhreTU0ZFFBdjN2UGlzWmpDRnA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwqoIAwQA
wqr1MA0GCSqGSIb3DQEBCwUAA4IBAQA57cyXu+yO0FGt49ThySBHN2S95AXY4Atj
nmEx4vPXEPluJFZ3Z1lhL/CXrMcLlHmSEvjz671xaP1Zh6PJn/tHc2xK85gRBxy+
u0mhVVp7nSH3ZyCmHrpaMh3TkQW8RUgfM+QgDINThedq5ZAlUdqcb1XGBY1DneDG
U31X4N+TtLG2rOsdpl+IP8vdHt9OyFMKVaWqGuGc5oOT6faKQM5zsqfl7j9QT5G3
BJWMmKDnFyPcy5U0YPWSP7GlIyPjpNlewW/p0R9+u2RS4x3aXX/ex19CRah+AVrn
5vIvDyjEm/B2Hk79qbZwBY+lXXxxhpbl85bIYp/qbpJN0cCV2i45
-----END CERTIFICATE-----