Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/1-CqksZEngiad9GJ1laZb9kmUhDs.roa
File:                     1-CqksZEngiad9GJ1laZb9kmUhDs.roa (raw, json)
Hash identifier:          RFGoumzL1Ot9LozFC8/pBRuEEMi1Nkwj8cBdnCtnZ+Y=
Subject key identifier:   F8:2A:A4:B1:91:27:82:26:9D:F4:62:75:95:A6:5B:F6:49:94:84:3B
Certificate issuer:       /CN=2e738cf32e6e4f940220f3b828f07b77e813d096
Certificate serial:       019426D973F1A1910FC1CAD76E7F66B48DC9
Authority key identifier: 2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/1-CqksZEngiad9GJ1laZb9kmUhDs.roa
Signing time:             Thu 02 Jan 2025 11:49:32 +0000
ROA not before:           Thu 02 Jan 2025 11:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215337
IP address blocks:        212.102.104.0/24 maxlen: 24
                          2a0d:58c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:73:f1:a1:91:0f:c1:ca:d7:6e:7f:66:b4:8d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e738cf32e6e4f940220f3b828f07b77e813d096
        Validity
            Not Before: Jan  2 11:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f82aa4b1912782269df4627595a65bf64994843b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f9:50:97:af:3f:bf:b0:3e:0e:4c:09:e4:a1:
                    4c:55:4a:73:38:41:f6:bb:c9:29:4e:01:a9:d7:20:
                    de:c9:5d:62:d1:72:f2:42:d6:b4:97:d8:bd:5f:33:
                    f0:99:8e:22:56:9e:f0:f0:f8:5b:0b:c0:95:a5:a9:
                    f9:e2:67:a3:c8:d2:90:ec:cc:bc:59:d0:ad:83:d1:
                    ff:ee:b3:66:ef:4d:1b:85:ab:ec:20:13:b4:ce:01:
                    7c:4f:e1:12:80:c8:9b:60:a1:f3:e6:cf:6c:ac:69:
                    e2:c0:d2:4a:28:eb:98:db:62:4a:13:74:7b:df:6a:
                    c2:3f:73:69:fa:06:4b:c8:cd:ba:26:84:5b:91:ca:
                    b9:46:18:fd:79:fc:9c:96:0d:95:1b:22:f7:cf:0b:
                    9b:31:7c:f9:f9:1a:9e:88:49:dd:77:17:5b:65:5b:
                    92:4c:d0:6e:74:c6:2b:7e:f1:ce:f0:69:20:1b:fc:
                    ef:ad:b5:3c:ab:9c:07:83:4c:5f:d8:8a:4f:1c:69:
                    ac:3c:3e:d5:4f:f7:05:de:e6:7a:ac:ef:fb:78:4d:
                    b4:6d:e7:1d:c6:24:83:2a:fa:de:1f:c3:2a:9f:7b:
                    b1:84:12:00:2e:27:35:61:67:24:69:94:13:f6:6c:
                    d2:f9:4a:6e:a7:17:78:97:e2:bc:fe:bb:ef:48:77:
                    25:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:2A:A4:B1:91:27:82:26:9D:F4:62:75:95:A6:5B:F6:49:94:84:3B
            X509v3 Authority Key Identifier:
                keyid:2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/1-CqksZEngiad9GJ1laZb9kmUhDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.104.0/24
                IPv6:
                  2a0d:58c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:3b:76:e7:3a:97:9e:fc:15:2c:bb:59:b2:50:bb:25:79:dc:
         9a:eb:30:6c:8b:dc:6c:e8:77:78:39:e6:fb:b6:04:5d:12:75:
         d9:36:33:bd:7a:6c:67:d0:a1:5f:03:4b:3f:7a:ba:b3:ec:fb:
         21:d3:ef:53:15:2b:45:bb:da:a3:70:26:a6:4d:b8:82:00:b4:
         4d:48:7f:81:90:9a:dc:d3:74:07:d8:d2:ff:77:03:37:bc:5b:
         6b:c0:5c:18:07:af:2c:23:11:12:87:91:cc:dc:59:d4:6a:43:
         92:3c:c5:00:a9:71:7e:bd:4b:17:7c:a4:41:2d:23:1c:4f:9f:
         97:2f:8b:8c:30:6f:dc:8e:9f:28:cb:9f:35:9f:58:48:5c:5f:
         18:f0:4e:07:c7:4d:f8:a9:ae:17:22:3c:e6:e6:28:9a:6e:c9:
         c5:8e:15:a3:7d:ac:07:e9:c6:c3:b3:59:62:02:87:6a:b8:6e:
         f1:08:e0:29:b8:8a:14:92:29:5a:c1:6b:0b:1c:76:7f:b1:51:
         39:fb:00:78:9a:d0:b2:b5:f8:b4:05:95:56:22:ee:ca:f2:8e:
         d4:9b:94:8f:59:2f:eb:a8:a3:79:35:41:33:9a:26:b7:fe:c3:
         74:78:2d:a1:2a:54:87:2a:d5:6b:9d:bf:b2:09:c1:37:c7:3e:
         ab:f6:03:03
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQm2XPxoZEPwcrXbn9mtI3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzM4Y2YzMmU2ZTRmOTQwMjIwZjNiODI4ZjA3Yjc3ZTgx
M2QwOTYwHhcNMjUwMTAyMTE0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODJhYTRiMTkxMjc4MjI2OWRmNDYyNzU5NWE2NWJmNjQ5OTQ4NDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPlQl68/v7A+DkwJ5KFMVUpzOEH2
u8kpTgGp1yDeyV1i0XLyQta0l9i9XzPwmY4iVp7w8PhbC8CVpan54mejyNKQ7My8
WdCtg9H/7rNm700bhavsIBO0zgF8T+ESgMibYKHz5s9srGniwNJKKOuY22JKE3R7
32rCP3Np+gZLyM26JoRbkcq5Rhj9efyclg2VGyL3zwubMXz5+RqeiEnddxdbZVuS
TNBudMYrfvHO8GkgG/zvrbU8q5wHg0xf2IpPHGmsPD7VT/cF3uZ6rO/7eE20becd
xiSDKvreH8Mqn3uxhBIALic1YWckaZQT9mzS+Upupxd4l+K8/rvvSHclEQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPgqpLGRJ4ImnfRidZWmW/ZJlIQ7MB8GA1UdIwQY
MBaAFC5zjPMubk+UAiDzuCjwe3foE9CWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5PTTh5NXVUNVFDSVBPNEtQQjdkLWdUMEpZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTdlOWEtZDNlOS00M2IxLWEyYzct
NWY2NTEwM2U2ZjcwLzEvMS1DcWtzWkVuZ2lhZDlHSjFsYVpiOWttVWhEcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjUvZTE3ZTlhLWQzZTktNDNiMS1hMmM3LTVmNjUxMDNlNmY3
MC8xL0xuT004eTV1VDVRQ0lQTzRLUEI3ZC1nVDBKWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEANRmaDAN
BAIAAjAHAwUDKg1YwDANBgkqhkiG9w0BAQsFAAOCAQEARTt25zqXnvwVLLtZslC7
JXncmuswbIvcbOh3eDnm+7YEXRJ12TYzvXpsZ9ChXwNLP3q6s+z7IdPvUxUrRbva
o3Ampk24ggC0TUh/gZCa3NN0B9jS/3cDN7xba8BcGAevLCMREoeRzNxZ1GpDkjzF
AKlxfr1LF3ykQS0jHE+fly+LjDBv3I6fKMufNZ9YSFxfGPBOB8dN+KmuFyI85uYo
mm7JxY4Vo32sB+nGw7NZYgKHarhu8QjgKbiKFJIpWsFrCxx2f7FROfsAeJrQsrX4
tAWVViLuyvKO1JuUj1kv66ijeTVBM5omt/7DdHgtoSpUhyrVa52/sgnBN8c+q/YD
Aw==
-----END CERTIFICATE-----