Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/NNmIvWC2aG45EdXCFQyfOgMs8UM.roa
File:                     NNmIvWC2aG45EdXCFQyfOgMs8UM.roa (raw, json)
Hash identifier:          dgfGD7cFEmQYML/LCfaIOvrAjQWUEzucY+z8ExOp2jM=
Subject key identifier:   34:D9:88:BD:60:B6:68:6E:39:11:D5:C2:15:0C:9F:3A:03:2C:F1:43
Certificate issuer:       /CN=40d88ddb7aed72dea3ff8d69ced6531a52794aa7
Certificate serial:       019420D663BD8ADAB1C1165D0DD6BCEEFAB4
Authority key identifier: 40:D8:8D:DB:7A:ED:72:DE:A3:FF:8D:69:CE:D6:53:1A:52:79:4A:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNiN23rtct6j_41pztZTGlJ5Sqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/NNmIvWC2aG45EdXCFQyfOgMs8UM.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211786
IP address blocks:        193.108.200.0/24 maxlen: 24
                          2a10:92c0::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/QNiN23rtct6j_41pztZTGlJ5Sqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/QNiN23rtct6j_41pztZTGlJ5Sqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QNiN23rtct6j_41pztZTGlJ5Sqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:63:bd:8a:da:b1:c1:16:5d:0d:d6:bc:ee:fa:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d88ddb7aed72dea3ff8d69ced6531a52794aa7
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34d988bd60b6686e3911d5c2150c9f3a032cf143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4b:98:33:3f:eb:42:8b:56:8c:96:d9:be:20:
                    a9:91:29:35:3e:09:db:4a:78:f3:fa:7c:45:19:60:
                    7b:1f:0b:92:e3:88:12:db:5e:8d:04:17:e0:35:45:
                    83:10:6e:92:99:6b:c8:68:1f:4a:ea:e1:84:25:46:
                    85:f0:22:15:bd:e2:cf:8b:58:4b:92:73:78:52:2f:
                    b3:dd:08:e3:9e:94:e6:c0:06:f2:e6:1f:c7:17:b7:
                    71:9a:f4:fb:42:16:61:c2:65:e2:70:77:61:6b:3e:
                    59:b4:1a:05:cf:4c:16:05:2d:7d:38:3d:b7:b7:32:
                    3a:93:1a:28:d3:01:1b:fa:77:75:d2:b1:b8:8a:a9:
                    3e:32:12:86:02:5c:07:29:10:d5:21:0e:1f:9b:d1:
                    84:60:9d:fa:5a:14:35:1f:56:8f:f4:69:72:a1:1b:
                    29:1c:6c:21:db:a4:2b:50:39:dc:ae:1a:23:50:68:
                    94:6e:97:a3:39:50:6a:a5:6a:21:45:f4:25:cd:ab:
                    82:9d:6d:9a:9a:22:56:2b:65:a6:be:7e:ff:a8:88:
                    ee:d8:c1:82:95:a0:5d:ef:c4:7c:55:b4:ca:05:7d:
                    3b:76:cc:c1:63:4c:d0:04:10:25:1e:58:8e:75:3b:
                    26:a2:85:90:37:e8:6e:c4:c3:c3:27:76:1a:14:0f:
                    93:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D9:88:BD:60:B6:68:6E:39:11:D5:C2:15:0C:9F:3A:03:2C:F1:43
            X509v3 Authority Key Identifier:
                keyid:40:D8:8D:DB:7A:ED:72:DE:A3:FF:8D:69:CE:D6:53:1A:52:79:4A:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNiN23rtct6j_41pztZTGlJ5Sqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/NNmIvWC2aG45EdXCFQyfOgMs8UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fe45de-b463-443d-b7de-37a24e081f68/1/QNiN23rtct6j_41pztZTGlJ5Sqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.200.0/24
                IPv6:
                  2a10:92c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:57:ec:76:33:9b:41:10:e7:c0:92:5d:c8:73:e0:5a:8e:a6:
         40:0f:56:19:68:22:af:1e:4c:c1:cd:d8:d9:d1:90:dc:aa:b7:
         b0:f5:28:95:29:fd:b0:21:01:d3:a9:bc:24:a2:30:86:ef:6a:
         83:c7:8e:73:a4:2f:95:f2:2b:03:d1:c5:10:d0:c8:49:e7:15:
         76:58:70:b8:6c:1f:ca:38:ad:08:7c:3d:26:11:3f:d8:60:86:
         1c:e6:7b:45:55:55:10:5d:89:16:e4:eb:18:51:6e:9a:67:37:
         51:12:56:bc:ea:a1:92:a0:14:7f:1a:55:95:67:28:05:27:be:
         e8:3a:d3:45:a2:7c:4d:4e:1b:b9:22:6d:0f:91:ec:23:38:a8:
         77:10:4d:03:1d:f3:71:b4:5b:40:42:81:be:07:58:f5:ee:00:
         3b:66:eb:ef:05:4b:b9:5b:02:04:e9:e2:26:04:f7:e2:33:d4:
         f7:b8:a9:02:30:07:2d:a3:be:78:5f:e6:3d:97:5d:46:de:9a:
         fd:24:68:68:db:c3:52:6e:2e:68:e3:28:d7:ee:82:2b:5a:51:
         3d:8a:23:53:de:e1:ea:43:4f:c5:4c:71:1c:0e:54:04:58:71:
         45:c5:9d:c6:f1:d8:0a:8a:1d:89:2a:55:1a:5b:37:07:4a:80:
         b0:18:7f:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1mO9itqxwRZdDda87vq0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDg4ZGRiN2FlZDcyZGVhM2ZmOGQ2OWNlZDY1MzFhNTI3
OTRhYTcwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQ5ODhiZDYwYjY2ODZlMzkxMWQ1YzIxNTBjOWYzYTAzMmNmMTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0uYMz/rQotWjJbZviCpkSk1Pgnb
Snjz+nxFGWB7HwuS44gS216NBBfgNUWDEG6SmWvIaB9K6uGEJUaF8CIVveLPi1hL
knN4Ui+z3QjjnpTmwAby5h/HF7dxmvT7QhZhwmXicHdhaz5ZtBoFz0wWBS19OD23
tzI6kxoo0wEb+nd10rG4iqk+MhKGAlwHKRDVIQ4fm9GEYJ36WhQ1H1aP9GlyoRsp
HGwh26QrUDncrhojUGiUbpejOVBqpWohRfQlzauCnW2amiJWK2Wmvn7/qIju2MGC
laBd78R8VbTKBX07dszBY0zQBBAlHliOdTsmooWQN+huxMPDJ3YaFA+T5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDTZiL1gtmhuORHVwhUMnzoDLPFDMB8GA1UdIwQY
MBaAFEDYjdt67XLeo/+Nac7WUxpSeUqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5pTjIzcnRjdDZqXzQxcHp0WlRHbEo1U3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9mZTQ1ZGUtYjQ2My00NDNkLWI3ZGUt
MzdhMjRlMDgxZjY4LzEvTk5tSXZXQzJhRzQ1RWRYQ0ZReWZPZ01zOFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9mZTQ1ZGUtYjQ2My00NDNkLWI3ZGUtMzdhMjRlMDgxZjY4
LzEvUU5pTjIzcnRjdDZqXzQxcHp0WlRHbEo1U3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWzIMA0E
AgACMAcDBQMqEJLAMA0GCSqGSIb3DQEBCwUAA4IBAQBjV+x2M5tBEOfAkl3Ic+Ba
jqZAD1YZaCKvHkzBzdjZ0ZDcqrew9SiVKf2wIQHTqbwkojCG72qDx45zpC+V8isD
0cUQ0MhJ5xV2WHC4bB/KOK0IfD0mET/YYIYc5ntFVVUQXYkW5OsYUW6aZzdREla8
6qGSoBR/GlWVZygFJ77oOtNFonxNThu5Im0PkewjOKh3EE0DHfNxtFtAQoG+B1j1
7gA7ZuvvBUu5WwIE6eImBPfiM9T3uKkCMActo754X+Y9l11G3pr9JGho28NSbi5o
4yjX7oIrWlE9iiNT3uHqQ0/FTHEcDlQEWHFFxZ3G8dgKih2JKlUaWzcHSoCwGH9N
-----END CERTIFICATE-----