Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Osc6H8HI8VpJ-KDmQcCtFerYGcE.roa
File:                     Osc6H8HI8VpJ-KDmQcCtFerYGcE.roa (raw, json)
Hash identifier:          MzwLuHdi519E8CQb9Dtfou3o5UgYIzrIC11jHA2WYjw=
Subject key identifier:   3A:C7:3A:1F:C1:C8:F1:5A:49:F8:A0:E6:41:C0:AD:15:EA:D8:19:C1
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D731B67682F9F201C13041BC8B9287
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Osc6H8HI8VpJ-KDmQcCtFerYGcE.roa
Signing time:             Wed 01 Jan 2025 21:48:13 +0000
ROA not before:           Wed 01 Jan 2025 21:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216119
IP address blocks:        194.67.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:31:b6:76:82:f9:f2:01:c1:30:41:bc:8b:92:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ac73a1fc1c8f15a49f8a0e641c0ad15ead819c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1c:f3:f2:3b:95:05:f0:5f:08:bd:4a:8c:1b:
                    32:4a:37:a7:72:d7:24:bf:8f:0e:5c:b7:18:ed:81:
                    26:65:32:54:5f:3a:34:25:0a:bd:7f:22:3a:ec:7b:
                    ef:2f:11:4c:0f:e5:01:8e:8c:e8:b2:56:a5:2c:11:
                    68:3a:1c:73:96:ef:b3:ec:38:46:0e:e5:b8:67:13:
                    e5:4b:bf:e1:a0:e2:b1:17:54:5b:08:45:58:27:3e:
                    74:b1:ba:a6:2d:11:8d:07:f5:cd:50:ab:44:3c:24:
                    86:5e:7d:99:fe:29:0a:6e:c3:4b:fe:28:25:d6:db:
                    c6:eb:45:a8:72:39:d0:cc:f1:6d:0b:0f:b7:1e:31:
                    01:81:f5:67:2d:de:55:6d:99:10:05:14:68:38:f3:
                    2f:35:2c:0e:7b:49:6a:67:c7:ac:85:a8:39:3f:3c:
                    f1:b0:8f:be:e4:98:3b:8e:bc:e0:6f:66:e7:1c:db:
                    40:dc:d8:fd:d1:b7:1c:f3:b5:38:e4:d7:99:5a:a7:
                    fc:94:17:f3:17:c7:a5:9b:7a:20:22:9b:a8:04:cd:
                    38:46:6b:16:04:cb:af:04:be:15:8a:18:1b:cb:d8:
                    0d:f0:b6:9e:1e:47:3a:83:dd:82:d0:c1:26:81:08:
                    94:c0:d9:7c:f6:a8:fe:4b:69:cc:05:ee:c4:e5:7b:
                    24:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C7:3A:1F:C1:C8:F1:5A:49:F8:A0:E6:41:C0:AD:15:EA:D8:19:C1
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Osc6H8HI8VpJ-KDmQcCtFerYGcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:d2:6f:f4:da:52:7b:83:d3:f8:fa:2c:e2:dd:c9:de:63:5a:
         8d:26:54:f0:90:61:f0:f9:c0:77:31:9b:6b:a8:05:f9:7d:e7:
         4d:63:e7:ed:56:ad:f6:cb:e5:ba:14:86:31:7e:9d:c0:0a:fe:
         6d:7a:b1:18:5c:a2:44:aa:c3:82:80:c2:53:eb:d4:4b:03:fe:
         68:74:4d:61:f7:4d:c5:b2:e8:82:0f:95:66:67:f7:cd:fe:9a:
         d2:96:ea:a4:36:25:55:4b:e9:2a:c1:01:5f:7b:00:f6:bb:c9:
         7a:1d:be:1d:8f:4b:30:04:d5:c3:85:78:ab:1f:e1:ed:a1:af:
         3d:06:52:c6:04:67:c9:02:ab:10:99:ba:67:ff:df:5c:dd:b1:
         6c:fc:f9:90:a7:b2:a7:29:18:e2:b9:f9:69:1e:27:5d:66:03:
         71:5b:7b:ea:19:c9:7d:d5:de:90:4a:66:54:72:01:57:00:df:
         63:53:72:33:5a:63:44:d7:2b:bf:22:aa:ea:ab:2c:5b:81:c5:
         b6:06:9f:a5:d5:fb:59:6c:94:4c:a6:4f:74:26:b5:1f:6f:53:
         23:76:ea:e2:a0:c0:ed:d4:1e:6d:dd:6b:c2:82:b0:82:7a:ef:
         87:fc:d8:17:44:34:ee:fe:ca:fc:b0:3c:fb:13:70:34:44:fc:
         a4:09:c0:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zG2doL58gHBMEG8i5KHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWM3M2ExZmMxYzhmMTVhNDlmOGEwZTY0MWMwYWQxNWVhZDgxOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Bzz8juVBfBfCL1KjBsySjenctck
v48OXLcY7YEmZTJUXzo0JQq9fyI67HvvLxFMD+UBjozoslalLBFoOhxzlu+z7DhG
DuW4ZxPlS7/hoOKxF1RbCEVYJz50sbqmLRGNB/XNUKtEPCSGXn2Z/ikKbsNL/igl
1tvG60WocjnQzPFtCw+3HjEBgfVnLd5VbZkQBRRoOPMvNSwOe0lqZ8eshag5Pzzx
sI++5Jg7jrzgb2bnHNtA3Nj90bcc87U45NeZWqf8lBfzF8elm3ogIpuoBM04RmsW
BMuvBL4Vihgby9gN8LaeHkc6g92C0MEmgQiUwNl89qj+S2nMBe7E5Xsk8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrHOh/ByPFaSfig5kHArRXq2BnBMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvT3NjNkg4SEk4VnBKLUtEbVFjQ3RGZXJZR2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkPDMA0G
CSqGSIb3DQEBCwUAA4IBAQCm0m/02lJ7g9P4+izi3cneY1qNJlTwkGHw+cB3MZtr
qAX5fedNY+ftVq32y+W6FIYxfp3ACv5terEYXKJEqsOCgMJT69RLA/5odE1h903F
suiCD5VmZ/fN/prSluqkNiVVS+kqwQFfewD2u8l6Hb4dj0swBNXDhXirH+Htoa89
BlLGBGfJAqsQmbpn/99c3bFs/PmQp7KnKRjiuflpHiddZgNxW3vqGcl91d6QSmZU
cgFXAN9jU3IzWmNE1yu/IqrqqyxbgcW2Bp+l1ftZbJRMpk90JrUfb1MjdurioMDt
1B5t3WvCgrCCeu+H/NgXRDTu/sr8sDz7E3A0RPykCcDG
-----END CERTIFICATE-----