Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/noMRWot-cAH_N3D3t7CbC-7qvV8.roa
File:                     noMRWot-cAH_N3D3t7CbC-7qvV8.roa (raw, json)
Hash identifier:          E959wbjIBzSQOSHz52TgRqa/XYBZahGeMtrcPm3tA5U=
Subject key identifier:   9E:83:11:5A:8B:7E:70:01:FF:37:70:F7:B7:B0:9B:0B:EE:EA:BD:5F
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       01941F8C0B2FCD8E99725B47209EB03F7385
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/noMRWot-cAH_N3D3t7CbC-7qvV8.roa
Signing time:             Wed 01 Jan 2025 01:47:39 +0000
ROA not before:           Wed 01 Jan 2025 01:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        192.145.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0b:2f:cd:8e:99:72:5b:47:20:9e:b0:3f:73:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 01:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e83115a8b7e7001ff3770f7b7b09b0beeeabd5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:52:6e:a9:d2:bb:65:ac:d8:43:02:b6:fa:ad:
                    20:c5:21:ea:26:5c:09:66:3f:ba:c3:61:4a:2d:28:
                    3b:b6:16:80:df:da:d4:94:bc:1e:cd:c4:8d:03:7e:
                    a6:9c:1b:1e:a6:3e:5a:61:ef:5f:9f:81:85:79:82:
                    4c:cf:07:ab:bc:62:f4:aa:57:12:9e:8f:81:17:eb:
                    8b:3d:8d:88:bd:2f:75:6b:94:57:66:cc:57:a8:e6:
                    3d:c5:91:8f:c8:b7:14:c5:7f:45:ca:f1:4d:c6:ce:
                    d1:33:70:d2:93:04:73:95:39:4f:a6:ca:4e:96:84:
                    96:64:56:8c:61:7d:a5:b5:69:b8:2d:fc:65:5b:f5:
                    f8:a0:5f:75:06:c5:82:f8:7b:38:3b:09:0f:ff:c1:
                    9f:6b:ee:99:a0:71:ad:7f:fe:ef:83:87:9b:94:98:
                    fc:d4:b7:9b:a5:45:4d:67:0f:4b:d3:74:98:a7:f8:
                    e4:36:32:e8:d0:57:ba:cf:f5:2f:4a:0e:db:89:e6:
                    0f:c8:ca:22:c3:c4:e9:ea:f0:8a:f3:4a:57:9f:d2:
                    14:7e:9b:7d:3f:0c:56:04:f0:05:78:32:07:7b:34:
                    ee:5f:4e:3c:4e:d3:10:54:2f:17:a9:cd:ce:74:b7:
                    44:70:6d:11:19:04:71:a8:c0:75:67:15:b0:37:ec:
                    b0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:83:11:5A:8B:7E:70:01:FF:37:70:F7:B7:B0:9B:0B:EE:EA:BD:5F
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/noMRWot-cAH_N3D3t7CbC-7qvV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:bb:73:3e:3b:1c:00:21:eb:01:2b:30:c3:88:ef:f0:48:ad:
         09:a9:4d:52:5d:c3:29:7c:23:49:38:ce:87:ab:a8:af:66:c8:
         e7:81:cf:0c:0b:b1:11:0c:92:6c:e2:39:ed:8d:98:e1:e5:4a:
         f6:34:b6:9b:6e:a4:82:99:a2:a6:ee:f6:bd:4b:54:dd:8a:57:
         3b:4d:a2:29:5c:bf:7d:28:21:73:b9:3b:8d:59:ba:be:1e:46:
         e3:57:98:27:c1:33:ec:0f:f1:f9:31:27:a0:ca:14:b6:6a:80:
         c3:82:8b:89:c0:32:ee:e2:b8:1f:bb:01:38:8e:ee:37:3b:d0:
         1a:70:a5:94:f0:16:02:ad:1f:90:d2:31:16:10:79:3b:32:65:
         db:7b:85:83:00:9e:3d:7d:54:2c:6f:1d:2b:0f:fb:16:9b:dd:
         4f:95:e6:cb:1e:53:5c:d8:8c:3d:34:90:8f:7d:15:b1:5b:38:
         b4:ab:49:59:d6:a4:47:63:e8:67:85:54:b4:8c:31:77:73:7a:
         66:b3:94:fc:eb:3f:ec:e2:ac:e0:da:4b:9d:08:11:75:9f:fb:
         87:e9:93:25:89:87:8d:c9:6e:68:78:d5:8a:07:f9:9d:e0:62:
         58:1e:48:0e:77:06:9a:0c:4e:90:87:58:78:dc:c2:c0:8c:00:
         d2:5c:fb:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAsvzY6ZcltHIJ6wP3OFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwMTAxMDE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTgzMTE1YThiN2U3MDAxZmYzNzcwZjdiN2IwOWIwYmVlZWFiZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlJuqdK7ZazYQwK2+q0gxSHqJlwJ
Zj+6w2FKLSg7thaA39rUlLwezcSNA36mnBsepj5aYe9fn4GFeYJMzwervGL0qlcS
no+BF+uLPY2IvS91a5RXZsxXqOY9xZGPyLcUxX9FyvFNxs7RM3DSkwRzlTlPpspO
loSWZFaMYX2ltWm4LfxlW/X4oF91BsWC+Hs4OwkP/8Gfa+6ZoHGtf/7vg4eblJj8
1LebpUVNZw9L03SYp/jkNjLo0Fe6z/UvSg7bieYPyMoiw8Tp6vCK80pXn9IUfpt9
PwxWBPAFeDIHezTuX048TtMQVC8Xqc3OdLdEcG0RGQRxqMB1ZxWwN+ywbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6DEVqLfnAB/zdw97ewmwvu6r1fMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvbm9NUldvdC1jQUhfTjNEM3Q3Q2JDLTdxdlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJE0MA0G
CSqGSIb3DQEBCwUAA4IBAQAOu3M+OxwAIesBKzDDiO/wSK0JqU1SXcMpfCNJOM6H
q6ivZsjngc8MC7ERDJJs4jntjZjh5Ur2NLabbqSCmaKm7va9S1Tdilc7TaIpXL99
KCFzuTuNWbq+HkbjV5gnwTPsD/H5MSegyhS2aoDDgouJwDLu4rgfuwE4ju43O9Aa
cKWU8BYCrR+Q0jEWEHk7MmXbe4WDAJ49fVQsbx0rD/sWm91PlebLHlNc2Iw9NJCP
fRWxWzi0q0lZ1qRHY+hnhVS0jDF3c3pms5T86z/s4qzg2kudCBF1n/uH6ZMliYeN
yW5oeNWKB/md4GJYHkgOdwaaDE6Qh1h43MLAjADSXPvM
-----END CERTIFICATE-----