Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-fxNLZQMykWE3SLBLsEKwibzn3o.roa
File:                     1-fxNLZQMykWE3SLBLsEKwibzn3o.roa (raw, json)
Hash identifier:          U9t8UfOKITE6D0gBLc/Dtn9zr6EfXzJkxHJL0LBQvTo=
Subject key identifier:   F9:FC:4D:2D:94:0C:CA:45:84:DD:22:C1:2E:C1:0A:C2:26:F3:9F:7A
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       019427486EDAEE91904F52A3D851511D474C
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-fxNLZQMykWE3SLBLsEKwibzn3o.roa
Signing time:             Thu 02 Jan 2025 13:50:45 +0000
ROA not before:           Thu 02 Jan 2025 13:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27176
IP address blocks:        185.73.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6e:da:ee:91:90:4f:52:a3:d8:51:51:1d:47:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9fc4d2d940cca4584dd22c12ec10ac226f39f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:75:2f:29:b2:0c:a7:ca:98:97:e8:85:f0:0d:
                    29:30:d9:3e:d1:fb:b8:54:63:4b:e6:3d:bb:fe:ef:
                    f3:cf:84:0a:8c:06:07:82:ef:52:77:f6:61:30:f5:
                    b4:6c:3f:b8:a1:79:28:aa:ae:90:c0:07:e4:af:29:
                    82:fc:33:a9:e3:1a:3e:d7:0e:cd:6f:35:7b:1e:1a:
                    ae:29:4f:89:13:c4:fe:9b:00:51:72:66:21:ad:8f:
                    07:cf:8d:b2:11:34:2d:76:8d:e9:ff:52:03:30:7e:
                    31:de:de:7b:b8:0a:63:76:6f:66:fc:67:69:18:db:
                    ed:72:5a:da:75:54:89:d7:7e:94:56:46:78:9f:f0:
                    df:f4:25:69:c9:97:f9:dd:69:7f:b0:80:1c:2f:c9:
                    a4:32:9c:5c:d1:69:4d:e6:ad:9c:a6:50:47:36:32:
                    6f:cb:02:7a:f0:f0:50:cd:35:1f:74:3e:46:25:40:
                    04:52:f6:74:7f:d0:55:52:8c:37:66:39:c3:c6:b1:
                    3b:d0:34:ac:75:df:d6:1c:e5:4c:48:a4:3c:f4:cb:
                    13:fa:ce:1b:36:26:92:93:c3:02:44:6d:73:ad:1b:
                    43:47:57:97:2d:e1:c5:fc:9f:f2:59:73:6f:e2:5e:
                    82:99:b6:54:21:09:08:0a:0d:00:b6:56:9c:f0:7b:
                    cd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FC:4D:2D:94:0C:CA:45:84:DD:22:C1:2E:C1:0A:C2:26:F3:9F:7A
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/1-fxNLZQMykWE3SLBLsEKwibzn3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:3a:f5:75:d8:9e:eb:3a:56:e4:34:f8:cc:89:9a:47:ff:c9:
         f2:50:d1:42:7c:2a:a5:aa:70:ca:b7:6d:e1:b6:f0:39:07:03:
         36:7e:27:c8:61:bd:64:bd:e1:94:93:2d:e5:cb:98:7b:75:09:
         9b:63:5a:a3:6c:4d:df:b8:ac:3c:47:8b:34:b7:a7:38:c3:23:
         d0:c4:4e:5a:57:05:90:17:d1:77:ab:aa:bf:c5:ef:17:b2:f3:
         61:ac:47:75:f6:80:cc:c2:29:d8:9f:20:fe:f2:a1:01:67:6d:
         3e:94:81:07:85:45:08:e2:3c:c3:e4:78:98:d6:2a:d2:6d:79:
         1a:eb:f5:52:a6:0f:69:c4:9c:01:fc:e2:ad:bc:a6:6e:a5:f0:
         bd:4e:df:58:aa:be:24:fc:7c:f1:a1:60:db:8f:2e:39:ad:13:
         18:f0:81:66:a1:81:54:4d:f1:9a:29:20:65:04:2d:c5:7f:1c:
         15:c9:c9:a4:03:92:ad:2a:cc:27:0c:e6:b0:ff:32:b4:72:82:
         9b:c7:c1:a8:a3:de:0c:db:cc:a0:f1:38:93:74:53:43:87:ae:
         f4:3c:d8:75:85:2b:b7:3c:a7:9c:c8:ce:0c:57:ee:df:7d:ee:
         ee:77:25:00:63:b6:a5:f8:1c:fd:43:b1:dc:4f:c9:23:6d:87:
         9e:09:52:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnSG7a7pGQT1Kj2FFRHUdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZjNGQyZDk0MGNjYTQ1ODRkZDIyYzEyZWMxMGFjMjI2ZjM5ZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XUvKbIMp8qYl+iF8A0pMNk+0fu4
VGNL5j27/u/zz4QKjAYHgu9Sd/ZhMPW0bD+4oXkoqq6QwAfkrymC/DOp4xo+1w7N
bzV7HhquKU+JE8T+mwBRcmYhrY8Hz42yETQtdo3p/1IDMH4x3t57uApjdm9m/Gdp
GNvtclradVSJ136UVkZ4n/Df9CVpyZf53Wl/sIAcL8mkMpxc0WlN5q2cplBHNjJv
ywJ68PBQzTUfdD5GJUAEUvZ0f9BVUow3ZjnDxrE70DSsdd/WHOVMSKQ89MsT+s4b
NiaSk8MCRG1zrRtDR1eXLeHF/J/yWXNv4l6CmbZUIQkICg0Atlac8HvN/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn8TS2UDMpFhN0iwS7BCsIm8596MB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvMS1meE5MWlFNeWtXRTNTTEJMc0VLd2liem4zby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmQvMWZkMGE2LTQ1MTctNGEwYi1iM2M5LTEyZWMyMmM5YzVh
Mi8xL01rZEt4OHFGNEp3dFNMTS1lX1p2anRkazNnOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlJ8zAN
BgkqhkiG9w0BAQsFAAOCAQEAgzr1ddie6zpW5DT4zImaR//J8lDRQnwqpapwyrdt
4bbwOQcDNn4nyGG9ZL3hlJMt5cuYe3UJm2Nao2xN37isPEeLNLenOMMj0MROWlcF
kBfRd6uqv8XvF7LzYaxHdfaAzMIp2J8g/vKhAWdtPpSBB4VFCOI8w+R4mNYq0m15
Guv1UqYPacScAfzirbymbqXwvU7fWKq+JPx88aFg248uOa0TGPCBZqGBVE3xmikg
ZQQtxX8cFcnJpAOSrSrMJwzmsP8ytHKCm8fBqKPeDNvMoPE4k3RTQ4eu9DzYdYUr
tzynnMjODFfu333u7nclAGO2pfgc/UOx3E/JI22HnglSSQ==
-----END CERTIFICATE-----