Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/F4GHMtEvNm46dM5TWDxthbQ6BA4.roa
File:                     F4GHMtEvNm46dM5TWDxthbQ6BA4.roa (raw, json)
Hash identifier:          KVVBBRsYRigOW/uzk41RjMrk4PM1I4rBXcib4AOOQeA=
Subject key identifier:   17:81:87:32:D1:2F:36:6E:3A:74:CE:53:58:3C:6D:85:B4:3A:04:0E
Certificate issuer:       /CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
Certificate serial:       019500D6F675B987C715B63B19D4A3CA8F4C
Authority key identifier: 2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/F4GHMtEvNm46dM5TWDxthbQ6BA4.roa
Signing time:             Thu 13 Feb 2025 19:44:02 +0000
ROA not before:           Thu 13 Feb 2025 19:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211335
IP address blocks:        79.110.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:d6:f6:75:b9:87:c7:15:b6:3b:19:d4:a3:ca:8f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b678f14f8b2288d49557ca6fb1bdf4793927dce
        Validity
            Not Before: Feb 13 19:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17818732d12f366e3a74ce53583c6d85b43a040e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ed:8e:78:89:65:4d:46:43:17:60:76:f2:54:
                    64:7c:f0:fa:3c:a8:5c:0d:7c:96:f2:25:05:e5:a9:
                    29:d9:8a:e8:c6:81:f6:0e:e8:23:64:38:b7:3b:40:
                    27:58:f3:81:c7:32:ee:9f:34:cf:6c:5b:6d:d4:e4:
                    f2:63:4e:c1:db:7a:43:bf:4c:17:b8:19:79:bf:b0:
                    ad:12:a3:2a:75:b5:f7:d4:e3:f9:0b:ee:41:f1:71:
                    23:26:65:ec:01:ac:44:40:de:5f:2b:d7:89:c3:d4:
                    5e:e6:11:fc:5d:4d:61:59:ce:8d:e2:33:75:83:c5:
                    42:c0:54:7e:7d:e7:68:42:22:93:85:41:fe:f2:2e:
                    c1:04:06:bd:3a:30:83:a5:86:23:4b:4a:63:1e:fb:
                    4d:93:d9:90:b5:67:0e:39:ee:d1:2c:ea:3d:4c:b1:
                    f1:a5:96:c1:4f:49:5d:29:ce:1c:03:5b:60:94:dc:
                    08:d6:64:b8:e0:2d:ad:98:82:3e:50:6f:a1:e7:73:
                    3d:27:e5:39:65:a6:a7:cf:79:65:cb:4a:4f:2e:c8:
                    32:e2:3a:31:e2:3c:86:d2:63:91:2a:83:a6:6d:11:
                    1b:2b:8f:03:18:72:8f:7f:d7:56:94:66:99:9d:0d:
                    ee:11:56:d3:cc:dc:df:a0:fa:85:05:e5:7a:3e:a0:
                    52:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:81:87:32:D1:2F:36:6E:3A:74:CE:53:58:3C:6D:85:B4:3A:04:0E
            X509v3 Authority Key Identifier:
                keyid:2B:67:8F:14:F8:B2:28:8D:49:55:7C:A6:FB:1B:DF:47:93:92:7D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2ePFPiyKI1JVXym-xvfR5OSfc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/F4GHMtEvNm46dM5TWDxthbQ6BA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/bba9ed-da21-4919-a831-f1cc873c2e27/1/K2ePFPiyKI1JVXym-xvfR5OSfc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:32:77:df:22:57:8f:ba:c1:57:e0:a0:19:c3:e6:d2:2b:bb:
         69:02:76:24:3e:6d:9d:ef:f4:7b:67:5f:ad:6c:e4:72:f2:19:
         fa:95:4f:ce:75:24:45:3a:7d:14:6f:a1:79:28:2c:c9:bf:8d:
         b4:f7:56:cc:dc:3b:25:0a:ee:f3:5f:5f:34:bc:a2:56:82:c3:
         6f:84:d8:58:26:30:59:4c:88:17:ea:b0:5f:ea:d6:68:2f:ca:
         cb:80:14:32:fb:c8:b0:f0:5e:a6:28:40:61:03:78:a2:5c:e0:
         a7:88:0e:ad:d5:52:55:e4:da:7a:fb:24:95:34:c4:75:b2:ae:
         fc:98:30:ce:48:a3:b0:9f:a5:91:82:5c:47:9f:6e:65:61:05:
         80:f1:fd:34:e5:7d:2c:82:1a:25:08:41:c6:c6:6f:21:34:5c:
         65:1c:eb:31:e7:4f:56:5c:3b:55:9c:f1:91:25:aa:df:b4:b9:
         d9:45:e7:f0:c1:87:9e:48:9f:0f:a7:7d:60:06:5d:8a:d0:90:
         55:51:f4:57:12:c6:20:72:4a:18:c8:0a:5d:c4:18:09:72:59:
         7b:6c:4e:08:5f:75:ba:44:db:b4:a9:ce:ca:7a:a7:bf:d9:dd:
         ae:61:54:8c:6c:0b:20:26:f6:62:f0:32:bd:2b:7c:b5:af:12:
         24:65:a7:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUA1vZ1uYfHFbY7GdSjyo9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjc4ZjE0ZjhiMjI4OGQ0OTU1N2NhNmZiMWJkZjQ3OTM5
MjdkY2UwHhcNMjUwMjEzMTk0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzgxODczMmQxMmYzNjZlM2E3NGNlNTM1ODNjNmQ4NWI0M2EwNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle2OeIllTUZDF2B28lRkfPD6PKhc
DXyW8iUF5akp2YroxoH2DugjZDi3O0AnWPOBxzLunzTPbFtt1OTyY07B23pDv0wX
uBl5v7CtEqMqdbX31OP5C+5B8XEjJmXsAaxEQN5fK9eJw9Re5hH8XU1hWc6N4jN1
g8VCwFR+fedoQiKThUH+8i7BBAa9OjCDpYYjS0pjHvtNk9mQtWcOOe7RLOo9TLHx
pZbBT0ldKc4cA1tglNwI1mS44C2tmII+UG+h53M9J+U5Zaanz3lly0pPLsgy4jox
4jyG0mORKoOmbREbK48DGHKPf9dWlGaZnQ3uEVbTzNzfoPqFBeV6PqBSQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeBhzLRLzZuOnTOU1g8bYW0OgQOMB8GA1UdIwQY
MBaAFCtnjxT4siiNSVV8pvsb30eTkn3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEt
ZjFjYzg3M2MyZTI3LzEvRjRHSE10RXZObTQ2ZE01VFdEeHRoYlE2QkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iYmE5ZWQtZGEyMS00OTE5LWE4MzEtZjFjYzg3M2MyZTI3
LzEvSzJlUEZQaXlLSTFKVlh5bS14dmZSNU9TZmM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27pMA0G
CSqGSIb3DQEBCwUAA4IBAQAJMnffIlePusFX4KAZw+bSK7tpAnYkPm2d7/R7Z1+t
bORy8hn6lU/OdSRFOn0Ub6F5KCzJv42091bM3DslCu7zX180vKJWgsNvhNhYJjBZ
TIgX6rBf6tZoL8rLgBQy+8iw8F6mKEBhA3iiXOCniA6t1VJV5Np6+ySVNMR1sq78
mDDOSKOwn6WRglxHn25lYQWA8f005X0sgholCEHGxm8hNFxlHOsx509WXDtVnPGR
JarftLnZRefwwYeeSJ8Pp31gBl2K0JBVUfRXEsYgckoYyApdxBgJcll7bE4IX3W6
RNu0qc7Keqe/2d2uYVSMbAsgJvZi8DK9K3y1rxIkZacI
-----END CERTIFICATE-----