Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/F4z4cRp1o2-2fDGziBvSnYHbVpM.roa
File:                     F4z4cRp1o2-2fDGziBvSnYHbVpM.roa (raw, json)
Hash identifier:          2wAWhkLWWqS0rO2Q1Az6KgQGqplVuffj57lG+uTxooM=
Subject key identifier:   17:8C:F8:71:1A:75:A3:6F:B6:7C:31:B3:88:1B:D2:9D:81:DB:56:93
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424455F231E70321364974716B1F6334A
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/F4z4cRp1o2-2fDGziBvSnYHbVpM.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20905
IP address blocks:        217.124.152.0/24 maxlen: 24
                          2a02:9010:45::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5f:23:1e:70:32:13:64:97:47:16:b1:f6:33:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=178cf8711a75a36fb67c31b3881bd29d81db5693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f4:4f:75:47:9f:7f:d7:4d:cd:6b:55:68:41:
                    a6:5c:65:71:1f:64:2f:75:be:8c:24:25:75:2e:41:
                    48:f5:c8:68:73:6b:66:07:29:a0:bd:a7:20:1c:87:
                    d7:62:17:ac:dd:d4:97:4d:78:42:8e:ee:9e:a9:d7:
                    f0:f8:f8:e3:de:26:36:be:5a:78:74:b4:94:12:3d:
                    19:98:e1:44:b8:92:64:f6:33:18:e7:8a:7d:6c:b6:
                    7e:03:51:cd:7d:08:17:d1:b0:d0:58:8d:eb:2f:ec:
                    d3:dd:28:4a:81:ca:05:6a:3f:47:05:a6:3d:bc:8e:
                    fd:93:d2:ab:e0:42:2d:1e:9c:d3:23:a5:eb:fa:75:
                    82:e0:59:10:06:a5:53:da:fa:4a:98:0e:86:02:5c:
                    23:bc:2d:d4:c0:97:4d:2c:22:e9:91:98:75:5f:0e:
                    9e:46:9c:24:c5:b3:2a:f4:91:f9:83:31:26:cf:b2:
                    f6:05:bf:ab:c9:2e:e4:0c:bc:cf:b1:b7:5b:08:2b:
                    af:23:1a:66:20:c2:de:ff:b9:af:6d:e7:89:3a:09:
                    df:2c:9b:cb:3b:02:b7:8c:3b:36:a4:9d:e2:5b:83:
                    3a:a3:2c:80:db:b5:ed:0e:4a:ae:ae:13:b4:be:98:
                    6a:ed:08:91:3c:02:74:d7:35:52:28:23:45:40:b3:
                    ef:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8C:F8:71:1A:75:A3:6F:B6:7C:31:B3:88:1B:D2:9D:81:DB:56:93
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/F4z4cRp1o2-2fDGziBvSnYHbVpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.124.152.0/24
                IPv6:
                  2a02:9010:45::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:23:34:b3:68:dc:95:d7:e3:6a:49:a9:90:18:52:18:62:a4:
         a2:56:68:f2:e9:b8:59:59:28:44:28:6c:1d:f3:82:50:86:b1:
         c9:fc:67:d8:f1:b9:33:67:dd:a9:5d:78:f7:f4:d1:dd:0f:5d:
         d7:2f:02:a4:10:90:ad:7f:19:95:ce:d2:f5:67:6a:d5:77:05:
         fb:d8:1a:50:cb:8f:06:c7:2f:1d:50:77:be:de:a1:63:c9:8b:
         a4:88:fc:17:14:33:10:b4:3c:96:84:a5:ef:c9:7e:bd:73:a9:
         33:79:3f:cc:3e:16:30:86:31:10:86:d0:eb:e2:d3:90:45:3b:
         f9:9e:7a:17:ef:fd:65:c4:9b:11:1b:f2:33:f2:7b:b8:3e:1c:
         2c:9a:e5:f2:b9:59:16:c7:95:ed:30:2d:d1:e5:66:af:1b:48:
         6e:ac:28:ad:b2:97:34:c8:9e:59:9d:d7:81:56:1a:e5:7d:7d:
         5a:98:3a:eb:f0:d2:99:d0:4b:6e:ec:04:7a:b6:b5:c7:eb:4c:
         48:33:5c:af:90:20:cf:4a:ca:a8:a2:85:35:cf:c9:2f:3f:f0:
         8b:28:89:8a:04:a3:44:d5:0b:96:29:de:f5:b2:79:12:ab:8d:
         08:a1:89:b2:ac:68:fa:b8:19:26:0b:01:a4:97:b4:10:87:0f:
         69:58:84:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRV8jHnAyE2SXRxax9jNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzhjZjg3MTFhNzVhMzZmYjY3YzMxYjM4ODFiZDI5ZDgxZGI1NjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvRPdUeff9dNzWtVaEGmXGVxH2Qv
db6MJCV1LkFI9choc2tmBymgvacgHIfXYhes3dSXTXhCju6eqdfw+Pjj3iY2vlp4
dLSUEj0ZmOFEuJJk9jMY54p9bLZ+A1HNfQgX0bDQWI3rL+zT3ShKgcoFaj9HBaY9
vI79k9Kr4EItHpzTI6Xr+nWC4FkQBqVT2vpKmA6GAlwjvC3UwJdNLCLpkZh1Xw6e
RpwkxbMq9JH5gzEmz7L2Bb+ryS7kDLzPsbdbCCuvIxpmIMLe/7mvbeeJOgnfLJvL
OwK3jDs2pJ3iW4M6oyyA27XtDkqurhO0vphq7QiRPAJ01zVSKCNFQLPvZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBeM+HEadaNvtnwxs4gb0p2B21aTMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvRjR6NGNScDFvMi0yZkRHemlCdlNuWUhiVnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2XyYMA8E
AgACMAkDBwAqApAQAEUwDQYJKoZIhvcNAQELBQADggEBAA4jNLNo3JXX42pJqZAY
UhhipKJWaPLpuFlZKEQobB3zglCGscn8Z9jxuTNn3aldePf00d0PXdcvAqQQkK1/
GZXO0vVnatV3BfvYGlDLjwbHLx1Qd77eoWPJi6SI/BcUMxC0PJaEpe/Jfr1zqTN5
P8w+FjCGMRCG0Ovi05BFO/meehfv/WXEmxEb8jPye7g+HCya5fK5WRbHle0wLdHl
Zq8bSG6sKK2ylzTInlmd14FWGuV9fVqYOuvw0pnQS27sBHq2tcfrTEgzXK+QIM9K
yqiihTXPyS8/8IsoiYoEo0TVC5Yp3vWyeRKrjQihibKsaPq4GSYLAaSXtBCHD2lY
hFQ=
-----END CERTIFICATE-----