Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/7Q9gLwoSUvmWbh9pchcvFCnXBMI.roa
File:                     7Q9gLwoSUvmWbh9pchcvFCnXBMI.roa (raw, json)
Hash identifier:          OqWyCVxCH/ByBizomU3lyw35etS/Okp+27Pxn29bVl8=
Subject key identifier:   ED:0F:60:2F:0A:12:52:F9:96:6E:1F:69:72:17:2F:14:29:D7:04:C2
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       0194236907CD58F2CC6F8A9029E9C09CAB8A
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/7Q9gLwoSUvmWbh9pchcvFCnXBMI.roa
Signing time:             Wed 01 Jan 2025 19:47:53 +0000
ROA not before:           Wed 01 Jan 2025 19:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138380
IP address blocks:        153.112.200.0/24 maxlen: 24
                          192.157.12.0/24 maxlen: 24
                          192.157.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:07:cd:58:f2:cc:6f:8a:90:29:e9:c0:9c:ab:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 19:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed0f602f0a1252f9966e1f6972172f1429d704c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:c0:25:42:1c:2a:98:1d:32:2e:22:d8:8c:
                    c0:38:b6:e4:fb:3f:66:90:57:55:c5:d5:4a:53:7f:
                    d0:26:1c:66:2d:a0:04:d5:40:79:d2:5c:49:84:94:
                    72:28:8e:44:65:c0:65:23:ca:29:77:e6:7b:4b:a1:
                    20:4b:da:0a:f9:61:68:b5:80:4d:db:38:57:f0:21:
                    ca:fd:d4:d0:f4:7e:a2:75:cc:cf:de:aa:70:f9:95:
                    eb:f4:d6:37:34:8e:05:9a:92:49:cc:12:1b:74:15:
                    ef:ad:3d:fd:10:4a:e2:ba:ac:2b:e0:56:55:56:36:
                    f2:45:5d:ed:0e:3c:a6:16:5c:96:eb:5b:30:3d:58:
                    ec:50:68:36:e7:26:0b:92:cf:79:7c:94:d5:bf:e1:
                    46:29:1a:fb:80:88:c1:ac:8a:fc:51:3d:33:9b:25:
                    29:a2:9d:a1:f2:05:7a:8c:c1:6a:a9:02:86:d9:48:
                    0b:22:8d:2d:22:f0:eb:a2:00:ce:f3:fd:d5:33:e9:
                    19:47:a0:37:5f:7d:59:08:eb:aa:63:04:c9:0f:31:
                    96:0a:0c:14:04:fc:c4:64:36:96:a9:e4:fd:96:64:
                    48:36:62:bd:f5:9e:a9:a3:cf:b9:a3:f6:4b:54:39:
                    ab:8b:1b:ec:f0:d1:2e:97:f6:13:34:d7:d4:25:82:
                    2f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:0F:60:2F:0A:12:52:F9:96:6E:1F:69:72:17:2F:14:29:D7:04:C2
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/7Q9gLwoSUvmWbh9pchcvFCnXBMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.200.0/24
                  192.157.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:d3:80:3e:9d:20:93:14:99:63:eb:cf:c5:0c:15:89:3b:96:
         fc:ef:56:f6:dd:b4:86:e8:6f:d1:8f:a1:61:4d:61:c6:be:6e:
         f8:1f:49:f4:1e:fb:70:7a:b1:c2:de:1f:59:a0:5e:1d:fb:17:
         27:4d:b3:98:54:5d:fa:f8:8b:12:b2:c8:66:49:b0:2a:ea:01:
         db:27:39:46:5c:3f:42:46:b0:2a:d9:79:b3:fc:ac:73:e1:e3:
         bd:13:68:f4:4e:38:87:4f:f0:d1:0e:ed:61:98:70:d2:c9:07:
         a2:af:36:55:6a:72:62:93:b3:1d:30:c1:e7:e9:0f:92:27:fa:
         b2:80:53:60:7a:56:f5:0b:08:74:1d:cf:f7:4c:27:db:8c:e3:
         6d:37:df:fa:e5:0c:14:18:3e:70:3e:f1:75:ac:90:1d:b5:d5:
         02:55:00:a8:88:57:05:ea:8c:4b:a3:c2:86:3a:eb:83:9e:3d:
         cd:40:6d:77:50:6b:35:7e:51:ac:8e:e5:a8:63:04:da:d8:17:
         9f:ec:a0:d5:a6:28:22:85:b5:ec:49:e2:74:90:5b:36:9d:15:
         0b:92:4c:c8:51:ef:de:5b:5b:e9:e7:f7:47:72:9b:2e:9a:d4:
         55:25:28:57:29:5c:69:b9:44:52:3b:80:8a:da:99:4d:c7:98:
         03:f1:b2:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaQfNWPLMb4qQKenAnKuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjUwMTAxMTk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDBmNjAyZjBhMTI1MmY5OTY2ZTFmNjk3MjE3MmYxNDI5ZDcwNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtULAJUIcKpgdMi4i2IzAOLbk+z9m
kFdVxdVKU3/QJhxmLaAE1UB50lxJhJRyKI5EZcBlI8opd+Z7S6EgS9oK+WFotYBN
2zhX8CHK/dTQ9H6idczP3qpw+ZXr9NY3NI4FmpJJzBIbdBXvrT39EEriuqwr4FZV
VjbyRV3tDjymFlyW61swPVjsUGg25yYLks95fJTVv+FGKRr7gIjBrIr8UT0zmyUp
op2h8gV6jMFqqQKG2UgLIo0tIvDrogDO8/3VM+kZR6A3X31ZCOuqYwTJDzGWCgwU
BPzEZDaWqeT9lmRINmK99Z6po8+5o/ZLVDmrixvs8NEul/YTNNfUJYIv/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO0PYC8KElL5lm4faXIXLxQp1wTCMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvN1E5Z0x3b1NVdm1XYmg5cGNoY3ZGQ25YQk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmXDIAwQB
wJ0MMA0GCSqGSIb3DQEBCwUAA4IBAQBW04A+nSCTFJlj68/FDBWJO5b871b23bSG
6G/Rj6FhTWHGvm74H0n0HvtwerHC3h9ZoF4d+xcnTbOYVF36+IsSsshmSbAq6gHb
JzlGXD9CRrAq2Xmz/Kxz4eO9E2j0TjiHT/DRDu1hmHDSyQeirzZVanJik7MdMMHn
6Q+SJ/qygFNgelb1Cwh0Hc/3TCfbjONtN9/65QwUGD5wPvF1rJAdtdUCVQCoiFcF
6oxLo8KGOuuDnj3NQG13UGs1flGsjuWoYwTa2Bef7KDVpigihbXsSeJ0kFs2nRUL
kkzIUe/eW1vp5/dHcpsumtRVJShXKVxpuURSO4CK2plNx5gD8bLm
-----END CERTIFICATE-----