Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/v40G9p22ghWMe8UKdX_wMiyNMek.roa
File:                     v40G9p22ghWMe8UKdX_wMiyNMek.roa (raw, json)
Hash identifier:          jreCJmIVZHIjE2eJf4y2q1RHo2Hv3JjWpFOiAElZPd0=
Subject key identifier:   BF:8D:06:F6:9D:B6:82:15:8C:7B:C5:0A:75:7F:F0:32:2C:8D:31:E9
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       01941F8C9855CEF95332EE192EB0A630D7BE
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/v40G9p22ghWMe8UKdX_wMiyNMek.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51369
IP address blocks:        80.77.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:98:55:ce:f9:53:32:ee:19:2e:b0:a6:30:d7:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8d06f69db682158c7bc50a757ff0322c8d31e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:00:d4:54:5e:83:46:4f:84:b2:38:26:f6:98:
                    6c:5e:ab:80:2c:7c:19:d0:63:6e:26:08:9c:2c:c6:
                    77:e9:20:51:3a:ba:26:8d:79:82:d8:99:c8:3a:f2:
                    77:64:55:38:32:46:a1:87:6d:0b:75:d2:28:11:fb:
                    8e:31:f0:7d:70:6e:42:46:8a:03:67:b7:ab:71:9f:
                    18:4c:b3:33:fc:9a:45:42:25:7e:4d:a9:f7:2a:86:
                    bc:9b:42:0b:10:26:ab:3b:83:28:24:6f:59:26:00:
                    0c:cc:13:44:25:f3:a8:5d:de:e7:08:ed:0a:3b:c8:
                    8b:fa:4d:3d:af:fc:e4:e6:c1:16:a5:33:89:5a:7b:
                    7c:0d:87:42:ac:9f:f4:53:84:30:80:ce:36:ee:36:
                    4a:b7:bf:df:3a:dd:c7:12:56:74:64:f4:e1:f0:33:
                    b1:ee:d4:9a:65:93:d1:ac:d6:a9:5d:7c:51:53:7e:
                    bb:85:9e:95:a1:c5:48:80:ea:1c:82:39:6d:6f:7c:
                    1e:6f:13:b5:b6:14:5a:1d:16:6a:62:ca:d6:a5:96:
                    27:db:77:0e:65:9c:ed:d1:99:df:ea:fa:5e:93:90:
                    cb:4c:4e:e6:af:01:7e:bb:4d:18:9f:27:39:40:36:
                    6e:2c:67:a7:25:6a:b3:e1:d3:c4:c2:75:62:38:b8:
                    dd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8D:06:F6:9D:B6:82:15:8C:7B:C5:0A:75:7F:F0:32:2C:8D:31:E9
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/v40G9p22ghWMe8UKdX_wMiyNMek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.77.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:4b:72:ae:10:26:15:51:e6:cc:db:c2:06:1f:a7:b1:d7:93:
         5d:ad:7d:fb:72:f2:d6:34:ce:82:c7:b1:2a:ce:79:84:df:0f:
         fb:53:f6:0e:2c:b2:99:3c:11:99:fe:55:89:85:a9:30:e3:30:
         ae:36:ed:1c:91:af:63:56:32:db:58:aa:e9:89:1e:90:3e:c6:
         d1:a5:fe:f5:1c:7c:62:aa:3c:49:10:98:aa:7c:e9:53:90:1f:
         7d:6d:e0:fe:53:1b:6b:c1:4b:ed:27:06:9e:f2:21:cf:11:8b:
         0c:d5:f8:a8:8d:60:c7:41:03:fd:d6:0c:3d:88:4b:ee:34:ac:
         1c:07:35:19:91:02:82:fa:f5:53:1e:cb:00:84:f9:b1:13:01:
         46:b8:bb:a7:de:3e:82:aa:a7:8e:b3:60:bf:6b:e1:2e:fc:08:
         79:38:61:da:1c:72:f1:b8:98:77:a1:de:90:91:8f:a7:29:16:
         ab:04:f3:82:05:e7:30:b3:59:27:d9:4c:1a:15:6f:4f:2a:b3:
         18:1e:c3:48:f3:51:e7:e9:4d:34:3a:c1:79:02:a7:1a:40:fa:
         91:f3:51:2d:90:b0:98:c6:28:04:ef:f5:6e:e7:d6:0b:fa:1e:
         c8:b4:72:04:51:55:04:b7:05:39:1f:c8:74:77:64:c8:87:cc:
         e9:7c:8e:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJhVzvlTMu4ZLrCmMNe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhkMDZmNjlkYjY4MjE1OGM3YmM1MGE3NTdmZjAzMjJjOGQzMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQDUVF6DRk+Esjgm9phsXquALHwZ
0GNuJgicLMZ36SBROromjXmC2JnIOvJ3ZFU4Mkahh20LddIoEfuOMfB9cG5CRooD
Z7ercZ8YTLMz/JpFQiV+Tan3Koa8m0ILECarO4MoJG9ZJgAMzBNEJfOoXd7nCO0K
O8iL+k09r/zk5sEWpTOJWnt8DYdCrJ/0U4QwgM427jZKt7/fOt3HElZ0ZPTh8DOx
7tSaZZPRrNapXXxRU367hZ6VocVIgOocgjltb3webxO1thRaHRZqYsrWpZYn23cO
ZZzt0Znf6vpek5DLTE7mrwF+u00Ynyc5QDZuLGenJWqz4dPEwnViOLjd6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+NBvadtoIVjHvFCnV/8DIsjTHpMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvdjQwRzlwMjJnaFdNZThVS2RYX3dNaXlOTWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE2hMA0G
CSqGSIb3DQEBCwUAA4IBAQBrS3KuECYVUebM28IGH6ex15NdrX37cvLWNM6Cx7Eq
znmE3w/7U/YOLLKZPBGZ/lWJhakw4zCuNu0cka9jVjLbWKrpiR6QPsbRpf71HHxi
qjxJEJiqfOlTkB99beD+UxtrwUvtJwae8iHPEYsM1fiojWDHQQP91gw9iEvuNKwc
BzUZkQKC+vVTHssAhPmxEwFGuLun3j6CqqeOs2C/a+Eu/Ah5OGHaHHLxuJh3od6Q
kY+nKRarBPOCBecws1kn2UwaFW9PKrMYHsNI81Hn6U00OsF5AqcaQPqR81EtkLCY
xigE7/Vu59YL+h7ItHIEUVUEtwU5H8h0d2TIh8zpfI67
-----END CERTIFICATE-----