Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/4Kndf8f0K38NeByF4eDeojFEkWc.roa
File:                     4Kndf8f0K38NeByF4eDeojFEkWc.roa (raw, json)
Hash identifier:          z9ZWxvxCc7vC5TAiLfa7y9gNN02jk+BIQEMSzkn78Bk=
Subject key identifier:   E0:A9:DD:7F:C7:F4:2B:7F:0D:78:1C:85:E1:E0:DE:A2:31:44:91:67
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       0194244493794F7CF73515BCC52DB357B4CA
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/4Kndf8f0K38NeByF4eDeojFEkWc.roa
Signing time:             Wed 01 Jan 2025 23:47:41 +0000
ROA not before:           Wed 01 Jan 2025 23:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203941
IP address blocks:        212.7.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:93:79:4f:7c:f7:35:15:bc:c5:2d:b3:57:b4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 23:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0a9dd7fc7f42b7f0d781c85e1e0dea231449167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a7:d0:87:cd:80:f8:f9:28:ea:04:d5:89:08:
                    ff:d3:13:b7:dc:5c:83:9d:30:92:ae:35:5d:d7:be:
                    aa:76:09:67:de:f8:5a:46:e8:c3:8d:0b:45:f5:5d:
                    4d:21:1c:e5:86:b0:eb:54:75:39:65:7d:7d:08:24:
                    77:59:70:96:7b:88:a9:2e:83:c8:8a:b8:ba:83:1e:
                    7d:d1:2e:67:84:b5:b5:be:c0:94:eb:5e:8e:a7:ba:
                    95:20:1b:26:50:57:3c:09:c6:4e:e4:78:50:ed:cb:
                    cf:69:ad:11:aa:92:37:d3:99:7c:c8:2c:75:92:f7:
                    ab:9b:95:8e:34:4f:18:ef:9c:21:c3:60:6e:12:fd:
                    6c:b8:3a:ec:ef:17:fc:33:5d:25:df:68:a9:3a:5a:
                    1a:7a:51:bd:c3:08:6f:8c:77:1a:5a:c1:73:5e:ca:
                    d0:1c:20:66:e4:e8:4d:21:e9:9c:08:08:fc:5c:92:
                    75:75:57:9e:98:0d:5c:d0:dd:7a:c3:0e:9b:b6:c6:
                    9d:7f:ae:27:10:cd:d5:c4:8f:56:8e:5e:cf:9b:e7:
                    2a:19:15:00:f1:c4:27:a7:77:f3:f4:77:f9:17:27:
                    72:9c:94:5a:8f:d3:fb:1b:4a:61:91:fe:e8:8d:1a:
                    e5:f7:19:bc:1f:96:13:f1:b3:47:9b:70:31:86:38:
                    50:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A9:DD:7F:C7:F4:2B:7F:0D:78:1C:85:E1:E0:DE:A2:31:44:91:67
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/4Kndf8f0K38NeByF4eDeojFEkWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:b1:a9:0e:b1:2e:52:e9:49:d4:e0:38:67:1e:96:d0:64:a3:
         c6:6f:ef:79:0a:56:f2:05:7c:7b:e0:2f:13:3f:bc:e5:5a:9e:
         12:cc:5a:26:b2:ec:24:61:c8:cf:9b:97:fb:45:40:0b:be:2e:
         87:69:30:d3:78:f8:2c:d0:be:af:38:00:dc:86:4d:6b:23:8d:
         51:14:dc:b4:59:e8:8d:09:3d:15:e1:ac:a6:cf:81:ff:e2:11:
         11:7f:00:f3:00:d5:03:62:bd:23:7b:be:27:d1:48:88:f3:9c:
         5a:c5:32:26:e0:e2:3c:a5:c2:4f:9c:07:38:ae:d1:bc:7f:84:
         3d:d3:e8:3b:24:93:97:fb:42:5f:d6:1c:15:e5:cd:61:fe:81:
         80:ae:a0:bc:91:8d:94:77:dd:06:78:be:9b:1a:95:f2:f8:73:
         b8:63:3f:29:20:eb:8d:36:f4:4f:d0:92:3a:4c:7d:57:b9:61:
         90:7f:c4:a0:2a:ea:98:5c:00:3d:78:96:5d:85:69:cd:ae:ea:
         a2:3a:c3:3d:10:97:cd:aa:ee:ce:80:f7:7a:59:ca:4e:f1:cc:
         5e:e6:84:10:41:d2:a1:92:9c:49:0f:53:d9:a9:64:87:f9:a7:
         45:04:9b:11:d6:93:dc:8d:33:6f:ff:9f:a1:6a:f1:42:19:b1:
         8c:51:5c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJN5T3z3NRW8xS2zV7TKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjUwMTAxMjM0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGE5ZGQ3ZmM3ZjQyYjdmMGQ3ODFjODVlMWUwZGVhMjMxNDQ5MTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6fQh82A+Pko6gTViQj/0xO33FyD
nTCSrjVd176qdgln3vhaRujDjQtF9V1NIRzlhrDrVHU5ZX19CCR3WXCWe4ipLoPI
iri6gx590S5nhLW1vsCU616Op7qVIBsmUFc8CcZO5HhQ7cvPaa0RqpI305l8yCx1
kverm5WONE8Y75whw2BuEv1suDrs7xf8M10l32ipOloaelG9wwhvjHcaWsFzXsrQ
HCBm5OhNIemcCAj8XJJ1dVeemA1c0N16ww6btsadf64nEM3VxI9Wjl7Pm+cqGRUA
8cQnp3fz9Hf5FydynJRaj9P7G0phkf7ojRrl9xm8H5YT8bNHm3AxhjhQCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCp3X/H9Ct/DXgcheHg3qIxRJFnMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvNEtuZGY4ZjBLMzhOZUJ5RjRlRGVvakZFa1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1AfaMA0G
CSqGSIb3DQEBCwUAA4IBAQBQsakOsS5S6UnU4DhnHpbQZKPGb+95ClbyBXx74C8T
P7zlWp4SzFomsuwkYcjPm5f7RUALvi6HaTDTePgs0L6vOADchk1rI41RFNy0WeiN
CT0V4aymz4H/4hERfwDzANUDYr0je74n0UiI85xaxTIm4OI8pcJPnAc4rtG8f4Q9
0+g7JJOX+0Jf1hwV5c1h/oGArqC8kY2Ud90GeL6bGpXy+HO4Yz8pIOuNNvRP0JI6
TH1XuWGQf8SgKuqYXAA9eJZdhWnNruqiOsM9EJfNqu7OgPd6WcpO8cxe5oQQQdKh
kpxJD1PZqWSH+adFBJsR1pPcjTNv/5+havFCGbGMUVyZ
-----END CERTIFICATE-----