Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/2Mh_TFJedBaslxcz94noGA2Qytc.roa
File:                     2Mh_TFJedBaslxcz94noGA2Qytc.roa (raw, json)
Hash identifier:          i1Zh/xLaGj0PGJC85bKgW/jpsDzYBRvPQzKlGbY0Jqc=
Subject key identifier:   D8:C8:7F:4C:52:5E:74:16:AC:97:17:33:F7:89:E8:18:0D:90:CA:D7
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       0194258F192E60FAB2D32A7E6FB70F2273B0
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/2Mh_TFJedBaslxcz94noGA2Qytc.roa
Signing time:             Thu 02 Jan 2025 05:48:42 +0000
ROA not before:           Thu 02 Jan 2025 05:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15843
IP address blocks:        194.27.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:19:2e:60:fa:b2:d3:2a:7e:6f:b7:0f:22:73:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 05:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8c87f4c525e7416ac971733f789e8180d90cad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:54:91:e4:ef:47:72:ee:6e:dc:da:ef:42:6e:
                    59:ce:f2:ab:75:3c:87:6e:8c:29:0c:db:9a:d4:b7:
                    74:00:77:6d:5e:c4:12:5c:80:09:5c:97:d9:87:20:
                    76:14:10:4c:e3:95:a2:23:d2:2b:7f:42:23:2b:9d:
                    a8:95:27:9a:2e:09:33:ad:b3:9b:b1:85:6e:d5:e2:
                    d1:61:4d:30:54:66:cf:1e:e6:64:9a:18:55:cd:8b:
                    d1:73:70:e2:60:0a:96:0d:9e:a8:9e:93:ef:94:bb:
                    7d:49:ab:85:91:77:51:74:51:92:c8:d0:a1:e0:c4:
                    d0:a4:3d:19:03:8c:e9:85:5e:5b:a3:7d:7d:3c:3f:
                    e5:aa:aa:fc:f9:52:2a:d3:22:5d:55:98:2b:e7:75:
                    3b:e0:3e:00:b8:cf:97:af:84:fd:df:a9:c0:80:37:
                    33:fe:cb:e8:22:11:f3:f3:60:78:aa:6a:0f:95:95:
                    27:a1:b7:a2:60:6d:60:00:dd:c7:f0:3f:3f:83:8b:
                    55:a8:75:15:71:11:29:d0:a5:43:4b:3c:08:0a:6f:
                    46:fc:23:c3:43:57:c0:84:0e:4a:92:59:9f:da:76:
                    a3:36:35:e5:5c:14:7d:09:71:99:ba:ea:c1:db:55:
                    41:ff:57:b6:7f:8b:a2:3b:b0:c9:4a:52:20:f1:fb:
                    35:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C8:7F:4C:52:5E:74:16:AC:97:17:33:F7:89:E8:18:0D:90:CA:D7
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/2Mh_TFJedBaslxcz94noGA2Qytc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.27.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:de:60:22:4b:77:60:e9:08:b3:ed:2b:06:68:8a:b7:3e:f9:
         c3:1c:75:e5:ba:d1:9c:63:92:1a:11:6b:ba:d2:7b:06:09:70:
         6e:66:6b:bb:87:e8:cb:17:5c:3c:70:f4:2b:df:67:22:e0:94:
         31:e1:53:fe:13:ee:63:59:5c:2c:af:a7:ef:05:e0:c9:fd:0b:
         fa:75:79:a2:09:53:89:74:6d:81:1b:3b:71:84:13:76:89:80:
         a1:27:05:50:5b:ac:97:a0:da:dc:63:84:ac:cb:06:e9:c5:1e:
         16:15:59:74:5e:60:eb:0f:58:1d:d6:eb:8a:97:31:db:86:47:
         24:56:13:94:6e:b9:b8:ac:f2:0f:7b:db:27:6a:12:a9:b0:dc:
         5e:55:b2:a0:97:47:74:57:42:f8:28:fc:c6:05:23:d4:ee:70:
         90:d8:0f:52:66:29:5c:81:0c:c6:9e:ce:1c:1f:cb:45:54:fb:
         22:2d:51:7b:a6:35:e4:86:15:8c:4e:7f:59:45:54:e4:7c:35:
         c2:a3:e8:65:95:10:e1:cb:fb:44:45:86:cc:34:75:ff:75:45:
         c4:e9:59:98:ce:af:0d:77:55:50:3e:14:b7:47:ca:de:15:d6:
         3b:76:31:4e:5c:c3:54:b1:65:97:84:58:68:93:f9:26:66:d8:
         9a:4e:29:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljxkuYPqy0yp+b7cPInOwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjUwMTAyMDU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGM4N2Y0YzUyNWU3NDE2YWM5NzE3MzNmNzg5ZTgxODBkOTBjYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSR5O9Hcu5u3NrvQm5ZzvKrdTyH
bowpDNua1Ld0AHdtXsQSXIAJXJfZhyB2FBBM45WiI9Irf0IjK52olSeaLgkzrbOb
sYVu1eLRYU0wVGbPHuZkmhhVzYvRc3DiYAqWDZ6onpPvlLt9SauFkXdRdFGSyNCh
4MTQpD0ZA4zphV5bo319PD/lqqr8+VIq0yJdVZgr53U74D4AuM+Xr4T936nAgDcz
/svoIhHz82B4qmoPlZUnobeiYG1gAN3H8D8/g4tVqHUVcREp0KVDSzwICm9G/CPD
Q1fAhA5Kklmf2najNjXlXBR9CXGZuurB21VB/1e2f4uiO7DJSlIg8fs1jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjIf0xSXnQWrJcXM/eJ6BgNkMrXMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvMk1oX1RGSmVkQmFzbHhjejk0bm9HQTJReXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwhvAMA0G
CSqGSIb3DQEBCwUAA4IBAQBp3mAiS3dg6Qiz7SsGaIq3PvnDHHXlutGcY5IaEWu6
0nsGCXBuZmu7h+jLF1w8cPQr32ci4JQx4VP+E+5jWVwsr6fvBeDJ/Qv6dXmiCVOJ
dG2BGztxhBN2iYChJwVQW6yXoNrcY4SsywbpxR4WFVl0XmDrD1gd1uuKlzHbhkck
VhOUbrm4rPIPe9snahKpsNxeVbKgl0d0V0L4KPzGBSPU7nCQ2A9SZilcgQzGns4c
H8tFVPsiLVF7pjXkhhWMTn9ZRVTkfDXCo+hllRDhy/tERYbMNHX/dUXE6VmYzq8N
d1VQPhS3R8reFdY7djFOXMNUsWWXhFhok/kmZtiaTiko
-----END CERTIFICATE-----