Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tTnc9Ad6JQOwjtbe1qMkIXZeOKs.roa
File:                     tTnc9Ad6JQOwjtbe1qMkIXZeOKs.roa (raw, json)
Hash identifier:          kZVYztMlLb2WdXu0JA5CW12HKzbSxV0vVIBzzUUHcG0=
Subject key identifier:   B5:39:DC:F4:07:7A:25:03:B0:8E:D6:DE:D6:A3:24:21:76:5E:38:AB
Certificate issuer:       /CN=0b62cf8cd90b69f936e82b57801cd779d72e3f3e
Certificate serial:       0194214425AED69BA7F61A950A8374006B04
Authority key identifier: 0B:62:CF:8C:D9:0B:69:F9:36:E8:2B:57:80:1C:D7:79:D7:2E:3F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tTnc9Ad6JQOwjtbe1qMkIXZeOKs.roa
Signing time:             Wed 01 Jan 2025 09:48:21 +0000
ROA not before:           Wed 01 Jan 2025 09:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35467
IP address blocks:        194.53.216.0/21 maxlen: 21
                          194.53.222.0/24 maxlen: 24
                          194.53.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:25:ae:d6:9b:a7:f6:1a:95:0a:83:74:00:6b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b62cf8cd90b69f936e82b57801cd779d72e3f3e
        Validity
            Not Before: Jan  1 09:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b539dcf4077a2503b08ed6ded6a32421765e38ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:67:67:82:e9:61:24:2c:9b:c3:a1:1f:c5:47:
                    ef:0a:0b:16:86:a9:3c:35:f9:92:b0:e8:56:a1:08:
                    2e:e8:0a:b7:c9:ef:c7:04:5e:bf:0e:b6:e5:cf:cc:
                    68:71:2c:49:d5:8d:89:29:25:3f:e7:13:ed:e2:85:
                    5b:2b:ae:74:85:ae:7c:9c:68:36:6f:e5:22:0d:17:
                    d1:5b:d7:a2:b4:93:33:de:be:a6:c9:d3:c3:35:08:
                    d2:af:25:f6:98:35:8f:fa:22:74:bc:38:57:20:35:
                    e8:66:18:18:01:42:ad:7a:2d:52:56:e3:f9:bf:b1:
                    fd:1a:cc:a7:73:39:95:e3:92:cc:1c:06:00:e4:75:
                    61:18:12:05:f9:a5:7c:b9:c3:71:ce:a7:72:37:66:
                    ac:08:8b:9e:b7:0c:84:d3:19:9b:26:cf:8a:65:83:
                    69:75:66:60:cb:70:c7:f7:b5:74:ef:70:63:f0:74:
                    27:ff:fe:20:31:43:fd:1c:40:d7:4d:ea:73:f2:43:
                    a8:e5:40:58:75:f6:d0:1a:0b:75:70:d6:bc:a6:69:
                    70:40:64:4e:a1:af:5b:a4:88:05:a0:08:15:14:ca:
                    04:4f:41:5e:cc:4d:85:63:9f:4e:c9:65:97:3a:7e:
                    36:06:21:4b:c2:9a:73:35:4f:9b:97:04:c1:b7:b0:
                    1b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:39:DC:F4:07:7A:25:03:B0:8E:D6:DE:D6:A3:24:21:76:5E:38:AB
            X509v3 Authority Key Identifier:
                keyid:0B:62:CF:8C:D9:0B:69:F9:36:E8:2B:57:80:1C:D7:79:D7:2E:3F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tTnc9Ad6JQOwjtbe1qMkIXZeOKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:9e:aa:c4:a7:24:6e:58:0b:85:eb:a6:fd:5a:a0:31:98:86:
         6c:a2:ba:e0:d0:19:82:a5:b4:c2:45:5d:d4:4a:64:c7:d0:c9:
         30:46:15:52:89:a3:55:be:3d:67:c5:3e:75:09:cb:19:04:57:
         4e:c0:af:cb:b8:4b:8a:7d:b8:12:72:a7:8b:9d:40:23:85:d6:
         fd:78:6c:dc:86:b9:23:c4:03:d7:8e:a1:4c:2a:04:54:cc:31:
         ad:7e:44:24:59:92:1d:d5:f7:27:5a:d4:a0:49:84:2c:0f:c9:
         24:7e:b7:12:f8:6c:79:b1:1c:9d:b9:25:b5:31:9b:dc:d1:a2:
         67:8a:e9:8e:5e:1d:d6:c6:3d:99:3c:20:4e:22:a1:9f:e5:46:
         f4:7a:c4:1f:44:41:11:6f:72:c7:e5:f8:79:ab:5d:06:7d:0a:
         be:d5:68:45:d6:65:cb:99:7e:c3:89:09:9b:8f:19:8c:bb:89:
         a1:47:6d:a6:64:76:e0:03:d8:8f:e9:a7:ff:26:75:f2:e8:7c:
         2d:03:33:48:a1:db:b9:d7:35:27:83:36:68:f3:e8:4d:82:db:
         c9:b3:1d:bc:d3:c0:fa:94:d2:2a:da:ba:16:ab:d5:70:7c:c0:
         f4:3a:8b:49:2b:54:16:61:5b:04:07:2d:03:44:3f:20:1d:13:
         84:f2:7c:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCWu1pun9hqVCoN0AGsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNjJjZjhjZDkwYjY5ZjkzNmU4MmI1NzgwMWNkNzc5ZDcy
ZTNmM2UwHhcNMjUwMTAxMDk0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTM5ZGNmNDA3N2EyNTAzYjA4ZWQ2ZGVkNmEzMjQyMTc2NWUzOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymdngulhJCybw6EfxUfvCgsWhqk8
NfmSsOhWoQgu6Aq3ye/HBF6/Drblz8xocSxJ1Y2JKSU/5xPt4oVbK650ha58nGg2
b+UiDRfRW9eitJMz3r6mydPDNQjSryX2mDWP+iJ0vDhXIDXoZhgYAUKtei1SVuP5
v7H9GsynczmV45LMHAYA5HVhGBIF+aV8ucNxzqdyN2asCIuetwyE0xmbJs+KZYNp
dWZgy3DH97V073Bj8HQn//4gMUP9HEDXTepz8kOo5UBYdfbQGgt1cNa8pmlwQGRO
oa9bpIgFoAgVFMoET0FezE2FY59OyWWXOn42BiFLwppzNU+blwTBt7AbhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU53PQHeiUDsI7W3tajJCF2XjirMB8GA1UdIwQY
MBaAFAtiz4zZC2n5NugrV4Ac13nXLj8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzJMUGpOa0xhZmsyNkN0WGdCelhlZGN1UHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84MmNjNWQtZDZhOC00NjY3LWIwNDkt
OTY3YzU3ZDVhMzYxLzEvdFRuYzlBZDZKUU93anRiZTFxTWtJWFplT0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84MmNjNWQtZDZhOC00NjY3LWIwNDktOTY3YzU3ZDVhMzYx
LzEvQzJMUGpOa0xhZmsyNkN0WGdCelhlZGN1UHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwjXYMA0G
CSqGSIb3DQEBCwUAA4IBAQA2nqrEpyRuWAuF66b9WqAxmIZsorrg0BmCpbTCRV3U
SmTH0MkwRhVSiaNVvj1nxT51CcsZBFdOwK/LuEuKfbgScqeLnUAjhdb9eGzchrkj
xAPXjqFMKgRUzDGtfkQkWZId1fcnWtSgSYQsD8kkfrcS+Gx5sRyduSW1MZvc0aJn
iumOXh3Wxj2ZPCBOIqGf5Ub0esQfREERb3LH5fh5q10GfQq+1WhF1mXLmX7DiQmb
jxmMu4mhR22mZHbgA9iP6af/JnXy6HwtAzNIodu51zUngzZo8+hNgtvJsx2808D6
lNIq2roWq9VwfMD0OotJK1QWYVsEBy0DRD8gHROE8nzv
-----END CERTIFICATE-----