Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/b_MAVuI29oBciIh7vGGq0NJVEzc.roa
File:                     b_MAVuI29oBciIh7vGGq0NJVEzc.roa (raw, json)
Hash identifier:          hDxp3S5bhbbLqI6OACypq5MMFaQlI+7lCsYe3tJ2F9c=
Subject key identifier:   6F:F3:00:56:E2:36:F6:80:5C:88:88:7B:BC:61:AA:D0:D2:55:13:37
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       01942748712D36C470AE745D577C3347E6D7
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/b_MAVuI29oBciIh7vGGq0NJVEzc.roa
Signing time:             Thu 02 Jan 2025 13:50:46 +0000
ROA not before:           Thu 02 Jan 2025 13:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201882
IP address blocks:        185.73.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:71:2d:36:c4:70:ae:74:5d:57:7c:33:47:e6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 13:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff30056e236f6805c88887bbc61aad0d2551337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:00:4b:7f:06:7b:7d:d9:d3:13:29:aa:7b:65:
                    0c:3c:83:18:d3:62:e9:00:76:71:a8:27:f9:d5:46:
                    8c:03:44:7d:e1:fd:1d:97:9b:cf:a0:78:f8:f0:79:
                    df:09:fd:30:8f:97:69:8d:a9:d3:cf:1a:12:09:d3:
                    6b:42:54:fb:27:50:a0:b7:36:4d:a4:bf:00:35:4a:
                    81:f4:f2:67:92:b0:91:20:15:86:5c:b3:5e:fc:c7:
                    0d:d1:13:0f:1c:48:b9:7f:b3:89:78:34:43:2b:7f:
                    d7:65:a3:5d:f6:54:32:ca:34:b8:2c:63:5d:83:b5:
                    45:17:78:12:cd:81:c1:c8:53:f4:48:46:9d:47:f3:
                    e7:9a:05:5f:55:77:ee:55:a0:e4:d4:03:fd:0d:ca:
                    ac:0c:39:22:a0:64:49:4c:d5:c0:53:7c:91:73:41:
                    26:f5:b1:94:51:0b:af:14:9a:92:71:05:2b:16:4e:
                    37:73:ea:d2:66:96:f8:a8:43:9d:33:69:21:96:e3:
                    6d:fe:a9:45:fd:c4:66:2f:68:c2:ab:68:ac:93:b5:
                    46:40:28:72:b3:09:71:04:f3:78:7f:b2:ed:c7:c9:
                    67:47:e3:6b:22:9f:ab:26:54:a9:10:1c:55:76:69:
                    56:c5:c7:e3:19:2d:8e:63:c3:42:fa:13:9b:91:0e:
                    85:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F3:00:56:E2:36:F6:80:5C:88:88:7B:BC:61:AA:D0:D2:55:13:37
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/b_MAVuI29oBciIh7vGGq0NJVEzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:60:29:48:29:51:58:4f:de:9a:17:88:68:ba:26:fa:c4:c0:
         03:b2:5c:ff:fd:ef:74:18:2e:2e:15:00:e4:6c:e5:b0:50:f9:
         70:2f:38:83:93:bc:7d:4d:69:a6:a0:d5:42:de:c5:53:f6:f3:
         58:ab:27:7b:88:1a:44:d8:3e:cb:3f:a5:a1:82:56:d3:30:23:
         aa:49:c4:c4:bb:4f:a5:b1:df:d8:93:9c:ac:46:b7:d0:2e:b9:
         49:f6:1a:29:2d:c4:c1:bd:0f:50:77:1f:95:6a:de:6c:af:56:
         e6:51:9d:2a:90:c5:ae:ef:b9:02:1a:98:3e:6a:5e:30:2f:2e:
         75:cc:d5:57:dd:b0:30:0a:23:eb:2b:bd:36:52:19:83:14:8d:
         68:e1:3a:37:2b:f8:6a:21:b2:87:90:02:3d:61:35:38:5f:e5:
         1a:52:17:4b:58:55:2d:79:69:f2:4d:13:f5:36:1c:32:53:7d:
         26:13:26:7c:3f:fe:97:bf:11:8a:4b:22:20:60:aa:08:f5:9b:
         e5:90:dc:6d:b1:ac:d5:a3:1a:3b:7d:c0:a0:32:a8:c4:48:94:
         19:f3:2d:75:00:62:a9:63:e8:a5:bf:50:cd:51:05:67:4d:1c:
         a1:4b:9a:0d:b4:29:a0:e2:f0:5d:00:99:4b:be:5d:f3:c3:e4:
         0d:97:66:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHEtNsRwrnRdV3wzR+bXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwMTAyMTM1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYzMDA1NmUyMzZmNjgwNWM4ODg4N2JiYzYxYWFkMGQyNTUxMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwBLfwZ7fdnTEymqe2UMPIMY02Lp
AHZxqCf51UaMA0R94f0dl5vPoHj48HnfCf0wj5dpjanTzxoSCdNrQlT7J1CgtzZN
pL8ANUqB9PJnkrCRIBWGXLNe/McN0RMPHEi5f7OJeDRDK3/XZaNd9lQyyjS4LGNd
g7VFF3gSzYHByFP0SEadR/PnmgVfVXfuVaDk1AP9DcqsDDkioGRJTNXAU3yRc0Em
9bGUUQuvFJqScQUrFk43c+rSZpb4qEOdM2khluNt/qlF/cRmL2jCq2isk7VGQChy
swlxBPN4f7Ltx8lnR+NrIp+rJlSpEBxVdmlWxcfjGS2OY8NC+hObkQ6F6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/zAFbiNvaAXIiIe7xhqtDSVRM3MB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvYl9NQVZ1STI5b0JjaUloN3ZHR3EwTkpWRXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUnzMA0G
CSqGSIb3DQEBCwUAA4IBAQDIYClIKVFYT96aF4houib6xMADslz//e90GC4uFQDk
bOWwUPlwLziDk7x9TWmmoNVC3sVT9vNYqyd7iBpE2D7LP6WhglbTMCOqScTEu0+l
sd/Yk5ysRrfQLrlJ9hopLcTBvQ9Qdx+Vat5sr1bmUZ0qkMWu77kCGpg+al4wLy51
zNVX3bAwCiPrK702UhmDFI1o4To3K/hqIbKHkAI9YTU4X+UaUhdLWFUteWnyTRP1
NhwyU30mEyZ8P/6XvxGKSyIgYKoI9ZvlkNxtsazVoxo7fcCgMqjESJQZ8y11AGKp
Y+ilv1DNUQVnTRyhS5oNtCmg4vBdAJlLvl3zw+QNl2bG
-----END CERTIFICATE-----