Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kCMI-jn6GUL5E2gzSfx56PvJKY4.roa
File:                     kCMI-jn6GUL5E2gzSfx56PvJKY4.roa (raw, json)
Hash identifier:          lyFCy6BZG+oRY/tJVW06e6voFW2BmFk4SqdgfiptkKc=
Subject key identifier:   90:23:08:FA:39:FA:19:42:F9:13:68:33:49:FC:79:E8:FB:C9:29:8E
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA3A925D004C8F9D5671E21B521F59
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kCMI-jn6GUL5E2gzSfx56PvJKY4.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50336
IP address blocks:        188.211.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3a:92:5d:00:4c:8f:9d:56:71:e2:1b:52:1f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=902308fa39fa1942f913683349fc79e8fbc9298e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:57:1e:82:d8:88:9d:27:6b:bf:cc:48:0d:96:
                    dd:49:e0:8a:54:85:6c:b6:b0:09:12:a4:fe:ca:70:
                    be:ea:29:ef:0b:34:0b:9b:bf:15:46:05:2c:6e:ea:
                    38:1b:a6:de:5e:73:c9:1d:a2:b6:5f:05:08:b2:e4:
                    48:84:53:8b:e7:fe:2c:5f:36:a7:93:48:9b:e2:13:
                    31:aa:ed:53:7a:ca:b4:b0:ce:76:58:c6:16:08:b5:
                    1f:28:8a:2f:f6:83:ed:2c:29:2a:4e:56:b5:b5:9d:
                    07:66:f7:04:89:99:01:84:be:9b:0b:f0:6c:06:66:
                    82:37:0b:e7:a3:54:f8:bd:24:25:d1:29:b2:47:3e:
                    b4:96:e5:6f:8c:25:57:8c:bd:ff:e0:62:05:09:2f:
                    9d:68:ee:64:64:b7:e0:d4:de:5d:c8:09:97:18:49:
                    14:86:b4:d6:59:a8:e2:21:6a:10:f0:06:0c:18:19:
                    1d:b7:3d:15:30:84:0f:2f:e7:f5:9e:cf:96:5a:be:
                    1f:a4:d9:9d:6d:94:00:9a:cc:46:51:23:27:bb:cd:
                    81:8d:5d:bf:9d:c3:fc:ee:04:80:4c:2b:7c:9c:11:
                    09:5e:8c:c3:d8:7c:44:6f:e9:54:b5:ac:8e:d4:7c:
                    45:24:ba:06:32:72:62:28:ad:da:70:4b:8d:46:91:
                    fd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:23:08:FA:39:FA:19:42:F9:13:68:33:49:FC:79:E8:FB:C9:29:8E
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/kCMI-jn6GUL5E2gzSfx56PvJKY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.211.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:5e:66:48:c5:6c:2a:b0:37:45:7f:2e:bc:ff:e1:53:77:f6:
         82:2e:e3:6f:bb:eb:aa:57:df:97:7d:93:58:53:9e:62:1c:37:
         f2:e6:54:4f:75:aa:06:99:e0:b5:df:0f:63:f3:cc:b1:72:85:
         bb:c4:8d:22:97:bb:91:54:4c:57:04:0b:e5:d6:73:91:7d:88:
         cc:bd:16:7f:2f:5c:ff:88:e1:af:2f:8c:01:99:d9:de:9d:19:
         16:0d:32:18:de:4f:27:49:e8:10:05:c3:46:b0:08:d4:56:7c:
         c7:8e:b7:92:29:24:b3:17:88:fc:54:5c:95:1a:5b:e2:85:08:
         3b:35:4f:db:75:87:2a:a6:1f:55:26:e2:32:94:dd:64:a2:9b:
         3d:4f:f1:11:32:6f:c2:b5:df:75:c0:51:30:2f:1a:83:4d:d3:
         f8:b2:29:71:cb:33:dc:e6:70:0d:47:b8:d7:ae:e9:e3:39:ff:
         35:ef:98:5f:66:12:c5:33:16:08:67:48:33:6d:70:87:c5:55:
         fa:df:80:02:10:88:73:3b:95:1e:0d:88:50:32:68:ae:aa:c9:
         37:d9:a6:c4:5f:e0:47:d3:b5:15:be:c1:20:24:ee:ff:28:98:
         3b:c8:a8:5c:5b:4f:01:e5:8b:79:ed:2a:22:a3:ac:9c:dc:05:
         65:d4:c3:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jqSXQBMj51WceIbUh9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDIzMDhmYTM5ZmExOTQyZjkxMzY4MzM0OWZjNzllOGZiYzkyOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VcegtiInSdrv8xIDZbdSeCKVIVs
trAJEqT+ynC+6invCzQLm78VRgUsbuo4G6beXnPJHaK2XwUIsuRIhFOL5/4sXzan
k0ib4hMxqu1Tesq0sM52WMYWCLUfKIov9oPtLCkqTla1tZ0HZvcEiZkBhL6bC/Bs
BmaCNwvno1T4vSQl0SmyRz60luVvjCVXjL3/4GIFCS+daO5kZLfg1N5dyAmXGEkU
hrTWWajiIWoQ8AYMGBkdtz0VMIQPL+f1ns+WWr4fpNmdbZQAmsxGUSMnu82BjV2/
ncP87gSATCt8nBEJXozD2HxEb+lUtayO1HxFJLoGMnJiKK3acEuNRpH9rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAjCPo5+hlC+RNoM0n8eej7ySmOMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEva0NNSS1qbjZHVUw1RTJnelNmeDU2UHZKS1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNPgMA0G
CSqGSIb3DQEBCwUAA4IBAQBXXmZIxWwqsDdFfy68/+FTd/aCLuNvu+uqV9+XfZNY
U55iHDfy5lRPdaoGmeC13w9j88yxcoW7xI0il7uRVExXBAvl1nORfYjMvRZ/L1z/
iOGvL4wBmdnenRkWDTIY3k8nSegQBcNGsAjUVnzHjreSKSSzF4j8VFyVGlvihQg7
NU/bdYcqph9VJuIylN1kops9T/ERMm/Ctd91wFEwLxqDTdP4silxyzPc5nANR7jX
runjOf8175hfZhLFMxYIZ0gzbXCHxVX634ACEIhzO5UeDYhQMmiuqsk32abEX+BH
07UVvsEgJO7/KJg7yKhcW08B5Yt57Soio6yc3AVl1MNg
-----END CERTIFICATE-----