Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/4m5zxgIpcpLPeYwAolQiZO3OfJg.roa
File:                     4m5zxgIpcpLPeYwAolQiZO3OfJg.roa (raw, json)
Hash identifier:          OQBGj0xAcvnf7DgtTAHxl/RhajJjDdIaXO2XNvZqjbE=
Subject key identifier:   E2:6E:73:C6:02:29:72:92:CF:79:8C:00:A2:54:22:64:ED:CE:7C:98
Certificate issuer:       /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial:       0194228E2D739C854659FA9B138D99FD953B
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/4m5zxgIpcpLPeYwAolQiZO3OfJg.roa
Signing time:             Wed 01 Jan 2025 15:48:50 +0000
ROA not before:           Wed 01 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25484
IP address blocks:        84.200.19.0/24 maxlen: 24
                          2a01:7e0:4fc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2d:73:9c:85:46:59:fa:9b:13:8d:99:fd:95:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
        Validity
            Not Before: Jan  1 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e26e73c602297292cf798c00a2542264edce7c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3b:da:c6:03:1f:ec:0e:28:18:ed:21:8c:58:
                    8e:50:ba:95:1a:c0:90:01:64:79:fb:5f:e2:4c:32:
                    90:9f:b2:57:c8:8c:aa:57:50:e9:95:2b:26:9a:06:
                    55:49:58:13:52:0c:60:19:5f:be:a0:27:e0:93:ef:
                    90:e8:18:c5:d1:59:b3:40:ca:2c:86:d9:f7:f7:08:
                    03:b7:98:da:c9:58:6c:d3:5f:1f:1d:de:bc:da:28:
                    a6:de:b5:7f:ff:2e:69:c1:1c:fa:97:2c:53:b8:93:
                    c9:cf:3e:6d:dc:c4:b1:a3:c5:84:ce:64:1e:74:d7:
                    67:af:c9:b0:f1:c3:b3:31:1e:01:e7:26:50:61:f2:
                    6a:22:44:a1:cd:9b:c1:7c:4e:0e:00:37:20:64:6b:
                    21:ae:bd:cd:84:99:2d:a3:45:50:19:e7:a7:e7:be:
                    f9:7b:32:7f:46:c1:85:26:f0:0b:64:5b:60:19:ac:
                    46:10:69:77:00:33:73:84:ce:cd:91:99:89:cc:28:
                    c4:24:ed:90:d3:96:9c:f6:2a:08:23:2c:d1:36:4a:
                    a6:7b:f6:7e:86:17:56:df:57:b5:f6:8d:df:38:39:
                    66:95:58:5b:07:d8:2c:d0:5b:28:e1:c4:86:3f:e9:
                    3c:e9:a2:7e:64:1c:02:73:95:7a:94:64:dc:16:bc:
                    63:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:6E:73:C6:02:29:72:92:CF:79:8C:00:A2:54:22:64:ED:CE:7C:98
            X509v3 Authority Key Identifier:
                keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/4m5zxgIpcpLPeYwAolQiZO3OfJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.200.19.0/24
                IPv6:
                  2a01:7e0:4fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:95:12:f4:be:f0:44:aa:25:44:b7:8a:17:85:af:b5:ea:50:
         0f:61:4e:42:ff:05:d6:26:f6:1e:43:46:45:29:92:6a:18:69:
         50:c7:f1:6a:03:07:a4:6f:ec:4a:14:17:4e:e3:58:1b:43:e1:
         0d:7b:c1:b4:9f:a7:20:46:4a:e2:9b:60:a8:da:00:17:6e:49:
         93:c3:50:72:30:81:8e:28:02:f0:7f:7a:e6:27:a5:9d:66:b0:
         91:4e:5d:d4:cb:4f:87:c1:e3:52:1c:a7:ce:10:f7:2f:f1:cf:
         69:6f:35:00:d5:a7:59:72:e5:a8:95:e3:2c:06:48:ef:04:2f:
         82:40:49:9b:d7:a5:0b:46:25:3c:58:80:cf:bf:51:7f:83:4d:
         27:5e:19:db:a4:16:ee:74:aa:ef:56:5d:68:6c:cc:88:50:43:
         50:79:a1:70:bf:e2:fe:bf:90:e2:3b:9c:f7:af:95:3e:6b:3b:
         13:17:86:9d:8e:6e:30:de:03:1c:82:bd:49:18:1f:d9:0a:c3:
         1a:c9:19:1f:50:35:a4:45:6d:d4:19:63:12:d0:30:12:a4:31:
         90:fb:69:5e:93:73:a9:1a:9c:5e:d5:e2:4f:94:69:90:74:d4:
         97:00:ff:81:75:32:66:45:7d:a1:eb:c4:8f:fd:0a:c0:42:0d:
         18:bb:77:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiji1znIVGWfqbE42Z/ZU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjUwMTAxMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjZlNzNjNjAyMjk3MjkyY2Y3OThjMDBhMjU0MjI2NGVkY2U3Yzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTvaxgMf7A4oGO0hjFiOULqVGsCQ
AWR5+1/iTDKQn7JXyIyqV1DplSsmmgZVSVgTUgxgGV++oCfgk++Q6BjF0VmzQMos
htn39wgDt5jayVhs018fHd682iim3rV//y5pwRz6lyxTuJPJzz5t3MSxo8WEzmQe
dNdnr8mw8cOzMR4B5yZQYfJqIkShzZvBfE4OADcgZGshrr3NhJkto0VQGeen5775
ezJ/RsGFJvALZFtgGaxGEGl3ADNzhM7NkZmJzCjEJO2Q05ac9ioIIyzRNkqme/Z+
hhdW31e19o3fODlmlVhbB9gs0Fso4cSGP+k86aJ+ZBwCc5V6lGTcFrxjwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOJuc8YCKXKSz3mMAKJUImTtznyYMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvNG01enhnSXBjcExQZVl3QW9sUWlaTzNPZkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVMgTMA8E
AgACMAkDBwAqAQfgBPwwDQYJKoZIhvcNAQELBQADggEBAD2VEvS+8ESqJUS3iheF
r7XqUA9hTkL/BdYm9h5DRkUpkmoYaVDH8WoDB6Rv7EoUF07jWBtD4Q17wbSfpyBG
SuKbYKjaABduSZPDUHIwgY4oAvB/euYnpZ1msJFOXdTLT4fB41Icp84Q9y/xz2lv
NQDVp1ly5aiV4ywGSO8EL4JASZvXpQtGJTxYgM+/UX+DTSdeGdukFu50qu9WXWhs
zIhQQ1B5oXC/4v6/kOI7nPevlT5rOxMXhp2ObjDeAxyCvUkYH9kKwxrJGR9QNaRF
bdQZYxLQMBKkMZD7aV6Tc6kanF7V4k+UaZB01JcA/4F1MmZFfaHrxI/9CsBCDRi7
d1I=
-----END CERTIFICATE-----