Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/k43rjk9OXsHM4eUp9ryidMIYrpg.roa
File:                     k43rjk9OXsHM4eUp9ryidMIYrpg.roa (raw, json)
Hash identifier:          nZ1oPuvx4yZUz9X/0NNanuY6VfbmWETyxMR7qm4VS+8=
Subject key identifier:   93:8D:EB:8E:4F:4E:5E:C1:CC:E1:E5:29:F6:BC:A2:74:C2:18:AE:98
Certificate issuer:       /CN=f3443f5b5c78d68e739d4fa6feafdd243b052a4b
Certificate serial:       0194266C367633EEDE339791C931FB8B55A7
Authority key identifier: F3:44:3F:5B:5C:78:D6:8E:73:9D:4F:A6:FE:AF:DD:24:3B:05:2A:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/k43rjk9OXsHM4eUp9ryidMIYrpg.roa
Signing time:             Thu 02 Jan 2025 09:50:13 +0000
ROA not before:           Thu 02 Jan 2025 09:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31452
IP address blocks:        185.7.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:36:76:33:ee:de:33:97:91:c9:31:fb:8b:55:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3443f5b5c78d68e739d4fa6feafdd243b052a4b
        Validity
            Not Before: Jan  2 09:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938deb8e4f4e5ec1cce1e529f6bca274c218ae98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:22:db:e7:3f:d5:cd:c2:03:fc:4e:9d:b2:15:
                    74:df:0a:e4:56:88:9c:71:e3:37:9c:4f:3a:4b:33:
                    61:82:a7:3f:5f:84:d5:84:01:30:85:00:03:e1:e1:
                    7e:45:2f:d1:f1:be:4c:72:73:11:fc:20:ab:1c:a4:
                    06:93:56:e2:61:13:df:b6:ec:8d:05:34:f1:37:45:
                    ee:35:ca:25:5b:23:90:4c:2f:ae:f0:e9:ad:74:b2:
                    f4:89:9e:2c:ef:33:10:31:b1:07:2c:c6:1f:9d:e8:
                    fb:c0:81:a2:b6:5b:50:e4:34:52:4c:d0:7f:0b:b3:
                    f4:38:0e:b3:a9:00:8a:e6:95:1e:27:ce:cf:9a:ff:
                    ec:5d:23:d0:fa:18:0a:7c:da:1d:26:12:98:a8:5d:
                    60:1d:b1:a2:8a:52:28:36:e9:47:9c:37:53:19:7a:
                    5c:05:6a:48:b8:28:02:a9:cf:af:c6:35:9f:57:60:
                    9f:b5:b1:c4:0d:da:c1:00:fe:fe:0d:6d:1c:3a:0b:
                    64:16:91:56:f9:08:88:1b:5c:8b:7e:74:29:18:66:
                    7b:51:d6:e9:b0:6e:a0:05:d8:ef:b0:2a:55:92:61:
                    e8:1e:4d:da:18:12:7a:85:9c:4a:2f:cd:6c:29:50:
                    4f:69:21:49:51:e5:b0:26:cc:43:cb:a0:0a:68:18:
                    27:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8D:EB:8E:4F:4E:5E:C1:CC:E1:E5:29:F6:BC:A2:74:C2:18:AE:98
            X509v3 Authority Key Identifier:
                keyid:F3:44:3F:5B:5C:78:D6:8E:73:9D:4F:A6:FE:AF:DD:24:3B:05:2A:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80Q_W1x41o5znU-m_q_dJDsFKks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/k43rjk9OXsHM4eUp9ryidMIYrpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/fd30a8-c0bf-414f-aba7-b1651a64f35e/1/80Q_W1x41o5znU-m_q_dJDsFKks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d9:8a:1d:a9:2c:47:f7:9d:e9:01:7c:4f:59:33:d4:29:f7:
         ae:2e:1e:18:bc:d3:47:28:a1:b7:97:d2:5e:dc:50:eb:6f:e2:
         2c:82:d2:d1:0d:8c:84:cc:a3:6c:7f:c5:cf:d9:9c:c2:52:1e:
         93:d9:ab:b4:79:73:8f:d6:e5:7e:4c:d4:a5:f9:54:e8:ad:ec:
         64:6c:8a:cd:d8:30:b2:3a:c8:22:97:b9:13:db:bb:15:25:40:
         17:30:cd:d7:26:10:11:e8:1d:e6:52:94:b0:c7:90:c1:50:dd:
         ca:4e:4d:52:ec:24:16:2b:27:4f:c5:3b:3e:cb:c3:88:2f:fb:
         3f:2b:fd:49:ef:4a:4a:b5:ab:2b:06:67:5c:5a:ac:21:be:9a:
         64:62:47:86:ee:d7:c7:48:de:ef:a3:74:ee:d1:e0:a0:7c:b2:
         85:75:74:b4:d3:4f:52:76:44:e5:f9:19:9b:fd:bd:6e:f1:cf:
         f8:10:25:8c:57:9c:7c:04:bc:75:9f:38:8f:a5:5b:40:3c:26:
         61:4b:37:09:79:40:e9:ea:dd:ba:8c:cd:78:6c:36:3e:43:eb:
         85:85:cd:57:4e:0e:04:cb:20:96:d2:6f:03:4d:29:0e:e9:18:
         6a:ea:cc:3b:46:b1:00:40:6c:66:46:45:e0:58:a6:68:99:ff:
         03:dc:35:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbDZ2M+7eM5eRyTH7i1WnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDQzZjViNWM3OGQ2OGU3MzlkNGZhNmZlYWZkZDI0M2Iw
NTJhNGIwHhcNMjUwMTAyMDk1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhkZWI4ZTRmNGU1ZWMxY2NlMWU1MjlmNmJjYTI3NGMyMThhZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CLb5z/VzcID/E6dshV03wrkVoic
ceM3nE86SzNhgqc/X4TVhAEwhQAD4eF+RS/R8b5McnMR/CCrHKQGk1biYRPftuyN
BTTxN0XuNcolWyOQTC+u8OmtdLL0iZ4s7zMQMbEHLMYfnej7wIGitltQ5DRSTNB/
C7P0OA6zqQCK5pUeJ87Pmv/sXSPQ+hgKfNodJhKYqF1gHbGiilIoNulHnDdTGXpc
BWpIuCgCqc+vxjWfV2CftbHEDdrBAP7+DW0cOgtkFpFW+QiIG1yLfnQpGGZ7Udbp
sG6gBdjvsCpVkmHoHk3aGBJ6hZxKL81sKVBPaSFJUeWwJsxDy6AKaBgn1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJON645PTl7BzOHlKfa8onTCGK6YMB8GA1UdIwQY
MBaAFPNEP1tceNaOc51Ppv6v3SQ7BSpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBRX1cxeDQxbzV6blUtbV9xX2RKRHNGS2tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mZDMwYTgtYzBiZi00MTRmLWFiYTct
YjE2NTFhNjRmMzVlLzEvazQzcmprOU9Yc0hNNGVVcDlyeWlkTUlZcnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mZDMwYTgtYzBiZi00MTRmLWFiYTctYjE2NTFhNjRmMzVl
LzEvODBRX1cxeDQxbzV6blUtbV9xX2RKRHNGS2tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQcIMA0G
CSqGSIb3DQEBCwUAA4IBAQAp2YodqSxH953pAXxPWTPUKfeuLh4YvNNHKKG3l9Je
3FDrb+IsgtLRDYyEzKNsf8XP2ZzCUh6T2au0eXOP1uV+TNSl+VTorexkbIrN2DCy
Osgil7kT27sVJUAXMM3XJhAR6B3mUpSwx5DBUN3KTk1S7CQWKydPxTs+y8OIL/s/
K/1J70pKtasrBmdcWqwhvppkYkeG7tfHSN7vo3Tu0eCgfLKFdXS0009SdkTl+Rmb
/b1u8c/4ECWMV5x8BLx1nziPpVtAPCZhSzcJeUDp6t26jM14bDY+Q+uFhc1XTg4E
yyCW0m8DTSkO6Rhq6sw7RrEAQGxmRkXgWKZomf8D3DXu
-----END CERTIFICATE-----