Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/MiKRdbGABW7H7vIb5R-saUTi7Ps.roa
File:                     MiKRdbGABW7H7vIb5R-saUTi7Ps.roa (raw, json)
Hash identifier:          IcsqNxh/vQa5gPXIyGMaar+4UAAjRSfgokvENVkA4RM=
Subject key identifier:   32:22:91:75:B1:80:05:6E:C7:EE:F2:1B:E5:1F:AC:69:44:E2:EC:FB
Certificate issuer:       /CN=9aed9576c9272029168c4d1a4175d1a7ca1c51ee
Certificate serial:       0194266B462EFE911A2C94B67D02E669B070
Authority key identifier: 9A:ED:95:76:C9:27:20:29:16:8C:4D:1A:41:75:D1:A7:CA:1C:51:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu2VdsknICkWjE0aQXXRp8ocUe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/MiKRdbGABW7H7vIb5R-saUTi7Ps.roa
Signing time:             Thu 02 Jan 2025 09:49:11 +0000
ROA not before:           Thu 02 Jan 2025 09:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41949
IP address blocks:        193.163.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/mu2VdsknICkWjE0aQXXRp8ocUe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/mu2VdsknICkWjE0aQXXRp8ocUe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu2VdsknICkWjE0aQXXRp8ocUe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:46:2e:fe:91:1a:2c:94:b6:7d:02:e6:69:b0:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aed9576c9272029168c4d1a4175d1a7ca1c51ee
        Validity
            Not Before: Jan  2 09:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32229175b180056ec7eef21be51fac6944e2ecfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b0:ae:d1:3b:fd:9a:3e:cf:74:41:b2:e2:72:
                    12:f1:81:12:f5:4e:56:4e:11:64:cb:01:ff:da:28:
                    e8:59:2a:47:66:93:b3:55:97:02:e2:01:ec:5e:2c:
                    ee:98:b6:bc:a2:8b:f6:ec:e5:e4:f7:b4:dc:ca:ed:
                    5d:99:96:92:8b:f1:72:61:05:9a:16:08:20:40:34:
                    25:71:0f:6d:54:de:5d:80:c3:81:cc:51:f9:68:81:
                    de:37:e8:41:c5:41:91:99:d0:f2:2f:53:56:25:6a:
                    62:d8:ad:0f:fe:ce:33:32:f6:30:d6:55:9b:f2:e1:
                    3e:c1:4d:e3:f7:8c:8a:a9:20:ec:7e:ed:60:22:92:
                    37:a4:a3:be:29:fc:f7:5c:b3:63:f5:4d:1e:96:4f:
                    e8:44:bd:39:b0:15:e5:d4:da:f3:db:e2:3b:f9:c4:
                    f2:1f:a4:13:d0:0d:cf:4f:61:fa:e7:7f:82:43:90:
                    11:41:7f:e1:12:07:cb:ce:4b:58:01:d1:6d:06:34:
                    12:7d:55:5e:3e:c4:ea:49:5c:c5:eb:50:38:69:57:
                    03:dc:d4:a2:81:30:3d:2a:91:2d:bf:25:24:22:41:
                    80:6b:d3:64:40:eb:c7:91:50:44:56:ad:b7:dd:f0:
                    7b:76:c6:b0:4b:ed:51:d7:3b:ff:1d:2a:ce:47:79:
                    37:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:22:91:75:B1:80:05:6E:C7:EE:F2:1B:E5:1F:AC:69:44:E2:EC:FB
            X509v3 Authority Key Identifier:
                keyid:9A:ED:95:76:C9:27:20:29:16:8C:4D:1A:41:75:D1:A7:CA:1C:51:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu2VdsknICkWjE0aQXXRp8ocUe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/MiKRdbGABW7H7vIb5R-saUTi7Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e525df-4c6e-4099-814d-f148f4c9d39a/1/mu2VdsknICkWjE0aQXXRp8ocUe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7d:b5:6f:29:04:2a:28:cd:2d:58:11:35:59:ff:2f:01:42:
         70:67:41:a9:b3:53:fc:1c:67:64:d8:96:02:ad:54:03:6a:21:
         c5:32:17:b6:2a:e0:c8:cf:2c:52:9e:03:b5:85:61:56:77:c1:
         6f:23:48:e6:b1:87:f8:bc:9a:1c:05:f0:2b:79:55:01:5f:5d:
         b4:ac:89:9e:36:2c:c9:6e:2c:0e:41:7c:bb:54:7a:e2:ed:39:
         11:c2:a3:e0:bc:e2:89:34:73:cd:93:67:d5:e9:54:24:4c:b7:
         91:3d:0f:15:03:34:6f:37:f7:08:c7:ca:04:0d:47:66:57:74:
         7e:eb:8a:46:2c:d5:28:4a:65:60:7c:1b:db:19:4b:ca:86:e5:
         b7:89:8c:38:4f:a0:25:ce:d7:db:fb:b9:3f:e0:15:58:b5:58:
         57:15:9f:2d:c6:71:37:d1:a1:1d:2e:73:5d:ad:b9:3c:e8:12:
         43:88:a7:83:a9:46:51:ec:ba:67:42:2e:ec:84:fe:7f:0c:95:
         4b:91:d3:eb:fa:12:22:12:ab:ab:a1:f1:74:c8:01:b6:00:27:
         af:12:69:41:66:af:10:d1:ab:a0:07:f3:9f:e2:b5:45:f1:87:
         af:f1:a8:07:21:dc:9b:77:e1:28:5b:94:a7:27:f4:8e:5c:7e:
         c0:25:40:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma0Yu/pEaLJS2fQLmabBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWQ5NTc2YzkyNzIwMjkxNjhjNGQxYTQxNzVkMWE3Y2Ex
YzUxZWUwHhcNMjUwMTAyMDk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjIyOTE3NWIxODAwNTZlYzdlZWYyMWJlNTFmYWM2OTQ0ZTJlY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7Cu0Tv9mj7PdEGy4nIS8YES9U5W
ThFkywH/2ijoWSpHZpOzVZcC4gHsXizumLa8oov27OXk97Tcyu1dmZaSi/FyYQWa
FgggQDQlcQ9tVN5dgMOBzFH5aIHeN+hBxUGRmdDyL1NWJWpi2K0P/s4zMvYw1lWb
8uE+wU3j94yKqSDsfu1gIpI3pKO+Kfz3XLNj9U0elk/oRL05sBXl1Nrz2+I7+cTy
H6QT0A3PT2H653+CQ5ARQX/hEgfLzktYAdFtBjQSfVVePsTqSVzF61A4aVcD3NSi
gTA9KpEtvyUkIkGAa9NkQOvHkVBEVq233fB7dsawS+1R1zv/HSrOR3k3QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIikXWxgAVux+7yG+UfrGlE4uz7MB8GA1UdIwQY
MBaAFJrtlXbJJyApFoxNGkF10afKHFHuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXUyVmRza25JQ2tXakUwYVFYWFJwOG9jVWU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lNTI1ZGYtNGM2ZS00MDk5LTgxNGQt
ZjE0OGY0YzlkMzlhLzEvTWlLUmRiR0FCVzdIN3ZJYjVSLXNhVVRpN1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lNTI1ZGYtNGM2ZS00MDk5LTgxNGQtZjE0OGY0YzlkMzlh
LzEvbXUyVmRza25JQ2tXakUwYVFYWFJwOG9jVWU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaOUMA0G
CSqGSIb3DQEBCwUAA4IBAQAcfbVvKQQqKM0tWBE1Wf8vAUJwZ0Gps1P8HGdk2JYC
rVQDaiHFMhe2KuDIzyxSngO1hWFWd8FvI0jmsYf4vJocBfAreVUBX120rImeNizJ
biwOQXy7VHri7TkRwqPgvOKJNHPNk2fV6VQkTLeRPQ8VAzRvN/cIx8oEDUdmV3R+
64pGLNUoSmVgfBvbGUvKhuW3iYw4T6Alztfb+7k/4BVYtVhXFZ8txnE30aEdLnNd
rbk86BJDiKeDqUZR7LpnQi7shP5/DJVLkdPr+hIiEqurofF0yAG2ACevEmlBZq8Q
0augB/Of4rVF8Yev8agHIdybd+EoW5SnJ/SOXH7AJUDd
-----END CERTIFICATE-----