Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/svZ0I0CIbPuXgkYBH_VdeOt4OII.roa
File:                     svZ0I0CIbPuXgkYBH_VdeOt4OII.roa (raw, json)
Hash identifier:          qDnNSem+sBmAuaKOVojckKZEahJzHvEbGjkFY5x9Sqc=
Subject key identifier:   B2:F6:74:23:40:88:6C:FB:97:82:46:01:1F:F5:5D:78:EB:78:38:82
Certificate issuer:       /CN=68c5f09b3a903950f3fcd1b255086ede4876eb11
Certificate serial:       01942521827B6A410702D9518BC6D43F0F95
Authority key identifier: 68:C5:F0:9B:3A:90:39:50:F3:FC:D1:B2:55:08:6E:DE:48:76:EB:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMXwmzqQOVDz_NGyVQhu3kh26xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/svZ0I0CIbPuXgkYBH_VdeOt4OII.roa
Signing time:             Thu 02 Jan 2025 03:49:00 +0000
ROA not before:           Thu 02 Jan 2025 03:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21108
IP address blocks:        193.221.84.0/24 maxlen: 24
                          193.221.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/aMXwmzqQOVDz_NGyVQhu3kh26xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/aMXwmzqQOVDz_NGyVQhu3kh26xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMXwmzqQOVDz_NGyVQhu3kh26xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:82:7b:6a:41:07:02:d9:51:8b:c6:d4:3f:0f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c5f09b3a903950f3fcd1b255086ede4876eb11
        Validity
            Not Before: Jan  2 03:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2f6742340886cfb978246011ff55d78eb783882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a2:d0:f0:52:a1:e3:7e:cb:06:b9:15:99:29:
                    73:29:3f:4d:9c:b2:b2:4c:47:62:12:df:54:54:47:
                    5f:9d:4d:7e:59:47:75:3b:fc:4f:5c:a1:9c:bc:6e:
                    aa:20:92:04:c9:50:ce:bf:48:f4:d8:88:4c:74:60:
                    12:12:3c:76:39:05:e5:0e:0c:c7:a0:7c:59:8b:43:
                    ac:b5:6b:b3:b2:5c:ff:f6:38:ae:79:9f:87:f5:8a:
                    88:0e:84:b7:2a:64:4e:a2:c8:06:ab:61:ef:6d:61:
                    50:1b:76:aa:28:b9:1d:e2:57:7b:63:ce:d9:c6:f1:
                    05:e6:e7:f6:c9:2a:01:c2:76:0a:d8:50:0a:9b:95:
                    e8:e1:5a:ec:0f:e5:46:a0:e6:a6:95:5f:12:c1:f9:
                    7c:cc:de:66:7b:8c:aa:fe:cf:fb:bb:5c:80:8a:22:
                    4c:fe:f8:0c:a0:6f:f7:11:37:6c:d3:0e:1b:72:a9:
                    aa:9e:19:fc:7e:ab:20:0f:5c:74:95:32:7f:e7:17:
                    89:7a:e9:26:d5:37:1c:52:4e:7b:50:c8:bf:53:d4:
                    2f:6d:02:c7:68:b6:20:d5:6b:99:0c:1e:42:6d:70:
                    85:63:ce:73:23:1b:e5:8d:9d:ce:53:bf:20:50:d5:
                    c9:31:4e:0a:7f:1e:e4:f1:b4:bc:b8:f5:04:a2:bf:
                    b9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F6:74:23:40:88:6C:FB:97:82:46:01:1F:F5:5D:78:EB:78:38:82
            X509v3 Authority Key Identifier:
                keyid:68:C5:F0:9B:3A:90:39:50:F3:FC:D1:B2:55:08:6E:DE:48:76:EB:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMXwmzqQOVDz_NGyVQhu3kh26xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/svZ0I0CIbPuXgkYBH_VdeOt4OII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/efa18d-0907-4593-abb8-94802636bad9/1/aMXwmzqQOVDz_NGyVQhu3kh26xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:a2:3a:fa:ce:a4:01:16:9a:c0:1e:b3:08:4a:12:4e:65:ac:
         06:e5:8f:bb:82:24:bc:26:b7:36:20:18:6e:8b:ea:e3:58:ed:
         55:e4:f9:ff:0d:d2:98:63:24:51:d8:78:dd:4e:fa:93:58:43:
         f8:01:b4:46:ec:20:5c:aa:11:42:64:d5:5a:12:0c:31:e8:63:
         99:1a:dd:58:63:d5:fe:4c:58:f4:9d:8c:3b:6c:4b:b1:e9:f4:
         71:6e:86:3b:73:11:91:90:2d:e0:c7:47:83:54:83:bd:19:31:
         56:c6:2a:0f:f7:0a:51:c4:4d:f1:a1:59:a3:7c:9e:a2:92:5f:
         ed:49:87:46:49:f2:92:80:4a:4d:40:ba:ed:14:e7:90:b6:f7:
         cf:31:47:d4:a5:02:9d:4f:29:25:74:cd:4c:02:5e:28:ad:8b:
         0c:a4:8e:c9:61:a3:53:89:3d:aa:77:c8:71:fe:de:9e:8a:29:
         df:f2:62:95:83:fa:6a:53:89:3e:a2:9c:3c:42:50:f9:87:e7:
         b7:40:03:67:f5:7d:6e:a6:82:8d:ad:c7:ee:c0:3a:c1:b1:a4:
         6a:e3:39:75:d2:1e:d7:86:29:b3:49:08:e5:ac:83:2b:11:13:
         b5:16:8f:22:c0:06:af:b1:13:f2:8d:3f:dc:ff:76:19:18:6b:
         c5:7e:f4:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYJ7akEHAtlRi8bUPw+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzVmMDliM2E5MDM5NTBmM2ZjZDFiMjU1MDg2ZWRlNDg3
NmViMTEwHhcNMjUwMTAyMDM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmY2NzQyMzQwODg2Y2ZiOTc4MjQ2MDExZmY1NWQ3OGViNzgzODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaLQ8FKh437LBrkVmSlzKT9NnLKy
TEdiEt9UVEdfnU1+WUd1O/xPXKGcvG6qIJIEyVDOv0j02IhMdGASEjx2OQXlDgzH
oHxZi0OstWuzslz/9jiueZ+H9YqIDoS3KmROosgGq2HvbWFQG3aqKLkd4ld7Y87Z
xvEF5uf2ySoBwnYK2FAKm5Xo4VrsD+VGoOamlV8Swfl8zN5me4yq/s/7u1yAiiJM
/vgMoG/3ETds0w4bcqmqnhn8fqsgD1x0lTJ/5xeJeukm1TccUk57UMi/U9QvbQLH
aLYg1WuZDB5CbXCFY85zIxvljZ3OU78gUNXJMU4Kfx7k8bS8uPUEor+5ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLL2dCNAiGz7l4JGAR/1XXjreDiCMB8GA1UdIwQY
MBaAFGjF8Js6kDlQ8/zRslUIbt5IdusRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1Yd216cVFPVkR6X05HeVZRaHUza2gyNnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lZmExOGQtMDkwNy00NTkzLWFiYjgt
OTQ4MDI2MzZiYWQ5LzEvc3ZaMEkwQ0liUHVYZ2tZQkhfVmRlT3Q0T0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lZmExOGQtMDkwNy00NTkzLWFiYjgtOTQ4MDI2MzZiYWQ5
LzEvYU1Yd216cVFPVkR6X05HeVZRaHUza2gyNnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwd1UMA0G
CSqGSIb3DQEBCwUAA4IBAQCEojr6zqQBFprAHrMIShJOZawG5Y+7giS8Jrc2IBhu
i+rjWO1V5Pn/DdKYYyRR2HjdTvqTWEP4AbRG7CBcqhFCZNVaEgwx6GOZGt1YY9X+
TFj0nYw7bEux6fRxboY7cxGRkC3gx0eDVIO9GTFWxioP9wpRxE3xoVmjfJ6ikl/t
SYdGSfKSgEpNQLrtFOeQtvfPMUfUpQKdTykldM1MAl4orYsMpI7JYaNTiT2qd8hx
/t6eiinf8mKVg/pqU4k+opw8QlD5h+e3QANn9X1upoKNrcfuwDrBsaRq4zl10h7X
himzSQjlrIMrERO1Fo8iwAavsRPyjT/c/3YZGGvFfvSl
-----END CERTIFICATE-----