Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UsLM9c-vHwkLSfSIifzmvC0o92c.roa
File:                     UsLM9c-vHwkLSfSIifzmvC0o92c.roa (raw, json)
Hash identifier:          uIdDjIO4nudWxVPi4ZmUaon7LCL1I627lJaX57b6ZCM=
Subject key identifier:   52:C2:CC:F5:CF:AF:1F:09:0B:49:F4:88:89:FC:E6:BC:2D:28:F7:67
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220162218C12B07D3DCF2F17F746AF4
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UsLM9c-vHwkLSfSIifzmvC0o92c.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33801
IP address blocks:        178.239.196.0/24 maxlen: 24
                          178.239.206.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:16:22:18:c1:2b:07:d3:dc:f2:f1:7f:74:6a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52c2ccf5cfaf1f090b49f48889fce6bc2d28f767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d1:d4:bd:86:ef:3f:f3:7c:23:27:da:14:f4:
                    95:93:4d:a4:d9:79:c6:b5:46:9a:c7:41:47:7e:c9:
                    19:d3:16:61:e5:40:24:38:75:d8:07:b6:a6:de:a3:
                    d5:a8:d5:d9:3c:cc:cd:ce:d0:1e:db:e1:26:c1:af:
                    09:1d:8b:5a:f4:92:8d:8a:53:23:a5:8e:ba:34:19:
                    c7:58:f3:c4:a4:de:15:25:77:b3:f3:e9:eb:41:c5:
                    1c:e2:2d:89:80:4c:58:3b:ce:8d:55:84:16:db:8c:
                    56:8e:fc:24:86:12:ee:cb:3f:79:7d:ce:bc:14:6d:
                    2c:a6:1b:4d:3a:0e:50:b4:05:a8:b0:9a:85:e3:ea:
                    03:d9:2f:23:42:5c:39:a7:64:c7:1b:dc:bd:0f:8f:
                    ef:b3:a1:63:25:6d:84:f1:f6:0e:28:0a:7e:65:dd:
                    6c:0e:b1:cc:18:38:cc:19:f3:29:8d:2f:4e:28:70:
                    a5:8a:06:e5:83:68:7a:3b:39:43:ce:9a:f5:2c:ff:
                    67:85:f5:33:e1:92:08:b7:01:9e:b5:29:4e:e8:8e:
                    8a:ad:61:c6:32:8a:28:3c:4e:6f:b3:c0:01:35:d6:
                    b6:e9:b2:8e:1e:52:c2:4c:fc:a7:b6:31:ec:27:bf:
                    b3:bc:e4:99:21:58:5d:0e:37:3d:66:a8:0a:fe:6a:
                    df:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C2:CC:F5:CF:AF:1F:09:0B:49:F4:88:89:FC:E6:BC:2D:28:F7:67
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UsLM9c-vHwkLSfSIifzmvC0o92c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.196.0/24
                  178.239.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:02:0a:32:96:5b:16:7b:97:3d:f5:f8:f5:1a:8e:27:2a:cc:
         31:cb:ca:31:3e:b7:30:5a:2d:d0:f0:e1:3c:ae:ca:76:13:e1:
         f8:15:a3:25:dd:97:dc:33:f8:66:95:74:e3:19:b8:cd:dd:27:
         d3:56:67:81:37:88:45:bb:51:51:b0:09:b1:48:45:d4:1f:88:
         3e:ba:69:88:03:fc:5f:ac:b6:38:b9:a6:37:f1:82:aa:84:72:
         88:3e:df:f3:54:73:8d:98:c6:d6:01:44:ed:3f:52:4b:b7:50:
         bf:e8:11:c6:28:00:2f:ac:32:e4:c1:90:b2:8a:f9:2c:32:69:
         01:97:7b:b5:5c:8e:60:8d:17:8f:07:99:04:04:65:f8:b4:0c:
         11:b7:18:24:47:f1:fc:af:46:77:4a:24:68:f5:7c:23:84:50:
         3e:41:12:e7:9f:36:f4:52:a2:d5:2e:ce:96:76:75:5b:91:4f:
         d3:24:5b:09:94:26:6c:c1:0e:6c:4c:90:d4:e9:fc:0e:9b:b0:
         98:3d:5e:0f:96:40:b4:84:f7:ed:f1:da:cb:86:ec:23:d3:01:
         a4:89:a2:f8:16:b5:70:a2:61:ea:8a:fd:66:49:55:07:d7:d3:
         55:2d:ec:ea:44:91:a7:37:a9:e1:26:76:46:3d:70:73:61:72:
         14:ff:73:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIBYiGMErB9Pc8vF/dGr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmMyY2NmNWNmYWYxZjA5MGI0OWY0ODg4OWZjZTZiYzJkMjhmNzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9HUvYbvP/N8IyfaFPSVk02k2XnG
tUaax0FHfskZ0xZh5UAkOHXYB7am3qPVqNXZPMzNztAe2+Emwa8JHYta9JKNilMj
pY66NBnHWPPEpN4VJXez8+nrQcUc4i2JgExYO86NVYQW24xWjvwkhhLuyz95fc68
FG0sphtNOg5QtAWosJqF4+oD2S8jQlw5p2THG9y9D4/vs6FjJW2E8fYOKAp+Zd1s
DrHMGDjMGfMpjS9OKHCligblg2h6OzlDzpr1LP9nhfUz4ZIItwGetSlO6I6KrWHG
MoooPE5vs8ABNda26bKOHlLCTPyntjHsJ7+zvOSZIVhdDjc9ZqgK/mrf/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLCzPXPrx8JC0n0iIn85rwtKPdnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVXNMTTljLXZId2tMU2ZTSWlmem12QzBvOTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu/EAwQB
su/OMA0GCSqGSIb3DQEBCwUAA4IBAQAfAgoyllsWe5c99fj1Go4nKswxy8oxPrcw
Wi3Q8OE8rsp2E+H4FaMl3ZfcM/hmlXTjGbjN3SfTVmeBN4hFu1FRsAmxSEXUH4g+
ummIA/xfrLY4uaY38YKqhHKIPt/zVHONmMbWAUTtP1JLt1C/6BHGKAAvrDLkwZCy
ivksMmkBl3u1XI5gjRePB5kEBGX4tAwRtxgkR/H8r0Z3SiRo9XwjhFA+QRLnnzb0
UqLVLs6WdnVbkU/TJFsJlCZswQ5sTJDU6fwOm7CYPV4PlkC0hPft8drLhuwj0wGk
iaL4FrVwomHqiv1mSVUH19NVLezqRJGnN6nhJnZGPXBzYXIU/3Ng
-----END CERTIFICATE-----