Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/Xto4bhqEOn3XYPJKm92NLNMUHKQ.roa
File:                     Xto4bhqEOn3XYPJKm92NLNMUHKQ.roa (raw, json)
Hash identifier:          eUoekhFFgFrVT/tCJA5/rdc6QeyayeBT1A0knWoUgWk=
Subject key identifier:   5E:DA:38:6E:1A:84:3A:7D:D7:60:F2:4A:9B:DD:8D:2C:D3:14:1C:A4
Certificate issuer:       /CN=dde36e98021264f5a8070106780be29d48a16c67
Certificate serial:       0193E36EA72D668E2C39F55FDF3D40EE549D
Authority key identifier: DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/Xto4bhqEOn3XYPJKm92NLNMUHKQ.roa
Signing time:             Fri 20 Dec 2024 09:38:19 +0000
ROA not before:           Fri 20 Dec 2024 09:38:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200484
IP address blocks:        1.179.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:e3:6e:a7:2d:66:8e:2c:39:f5:5f:df:3d:40:ee:54:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dde36e98021264f5a8070106780be29d48a16c67
        Validity
            Not Before: Dec 20 09:38:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5eda386e1a843a7dd760f24a9bdd8d2cd3141ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4b:35:d0:ba:bc:9d:de:69:cb:73:0a:72:55:
                    cd:3d:5d:01:ca:f6:5e:72:1d:a1:00:e7:64:6a:1c:
                    25:18:75:54:90:fc:66:d6:3b:a6:c7:41:34:f7:c6:
                    37:09:d6:78:e8:fb:00:23:e0:15:ea:a8:4d:62:32:
                    2f:34:76:63:5e:4b:fc:46:be:b8:aa:fb:05:7e:eb:
                    14:0f:bb:68:35:28:ba:03:10:b0:ba:d5:e9:f2:2b:
                    4a:ca:8e:26:8d:7b:c4:00:7e:7e:4a:40:d5:e8:2c:
                    32:dd:59:c2:66:a3:18:1b:c2:34:f0:66:d8:94:49:
                    b1:d5:a2:ef:bf:ed:d5:76:da:49:bd:96:82:10:df:
                    bb:98:43:5b:e2:89:04:f6:c3:44:e4:92:e4:55:5f:
                    c8:78:33:06:7b:04:2c:58:52:06:06:34:50:64:27:
                    f8:6a:97:73:a4:eb:79:6d:c0:f3:19:32:29:32:28:
                    c8:51:7a:2a:49:ad:4a:3b:1f:e2:c1:55:e7:ae:78:
                    c1:dd:65:f5:9d:ff:5d:9a:47:6d:cc:ea:d4:a6:7c:
                    50:97:e2:a2:3b:97:f4:b9:25:1a:b5:35:07:e6:a4:
                    83:8b:ee:c6:a1:2e:ad:86:71:68:cc:c1:f6:0c:4a:
                    33:cf:7e:e3:d7:b7:5e:f8:91:b1:36:6f:dc:e8:a8:
                    4a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DA:38:6E:1A:84:3A:7D:D7:60:F2:4A:9B:DD:8D:2C:D3:14:1C:A4
            X509v3 Authority Key Identifier:
                keyid:DD:E3:6E:98:02:12:64:F5:A8:07:01:06:78:0B:E2:9D:48:A1:6C:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3eNumAISZPWoBwEGeAvinUihbGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/Xto4bhqEOn3XYPJKm92NLNMUHKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/76aee1-e220-4e22-9cb5-8fe3a0f61437/1/3eNumAISZPWoBwEGeAvinUihbGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.179.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:d2:82:1d:94:44:cd:8a:86:0b:b2:e5:e5:fa:7c:d0:5e:08:
         43:06:d8:e9:82:39:2b:29:d6:ab:db:b5:11:a4:35:88:51:87:
         d9:b7:5e:9e:f4:3d:e4:b8:18:39:b8:8a:00:81:98:b5:38:a9:
         d9:f9:be:41:0d:c5:f6:2c:ee:ea:8b:58:ce:60:7f:7f:82:6d:
         46:ca:ce:76:ab:a5:6b:70:90:0f:27:49:9b:fe:60:36:51:48:
         20:ae:48:6b:9c:90:52:ea:9a:b4:05:c0:83:83:8a:0b:bd:50:
         18:b2:98:e3:32:76:26:14:c5:49:61:2e:b6:56:39:b2:0a:34:
         83:0c:f5:a3:2a:3c:07:28:9a:be:aa:03:bb:96:db:40:48:61:
         b0:1b:3b:f3:cb:04:06:f8:fc:e0:1b:31:ab:6c:4b:20:77:1a:
         be:14:db:c1:29:69:1f:be:2b:37:0e:c4:cc:2d:d8:01:f1:0b:
         07:76:9f:1c:52:9c:91:61:b2:3b:78:c7:33:94:e8:8c:f8:3e:
         4e:18:02:a7:9d:b2:c1:c3:62:4b:78:c7:4b:34:28:a1:fe:15:
         e1:36:f0:82:c6:13:be:50:f7:ad:65:e9:0c:13:5b:8f:bb:b9:
         fc:b8:c6:03:e1:89:f8:32:b2:c9:9d:52:fe:86:5d:96:e7:da:
         bb:1f:48:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZPjbqctZo4sOfVf3z1A7lSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZTM2ZTk4MDIxMjY0ZjVhODA3MDEwNjc4MGJlMjlkNDhh
MTZjNjcwHhcNMjQxMjIwMDkzODE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWRhMzg2ZTFhODQzYTdkZDc2MGYyNGE5YmRkOGQyY2QzMTQxY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0s10Lq8nd5py3MKclXNPV0ByvZe
ch2hAOdkahwlGHVUkPxm1jumx0E098Y3CdZ46PsAI+AV6qhNYjIvNHZjXkv8Rr64
qvsFfusUD7toNSi6AxCwutXp8itKyo4mjXvEAH5+SkDV6Cwy3VnCZqMYG8I08GbY
lEmx1aLvv+3VdtpJvZaCEN+7mENb4okE9sNE5JLkVV/IeDMGewQsWFIGBjRQZCf4
apdzpOt5bcDzGTIpMijIUXoqSa1KOx/iwVXnrnjB3WX1nf9dmkdtzOrUpnxQl+Ki
O5f0uSUatTUH5qSDi+7GoS6thnFozMH2DEozz37j17de+JGxNm/c6KhK1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7aOG4ahDp912DySpvdjSzTFBykMB8GA1UdIwQY
MBaAFN3jbpgCEmT1qAcBBngL4p1IoWxnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUt
OGZlM2EwZjYxNDM3LzEvWHRvNGJocUVPbjNYWVBKS205Mk5MTk1VSEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83NmFlZTEtZTIyMC00ZTIyLTljYjUtOGZlM2EwZjYxNDM3
LzEvM2VOdW1BSVNaUFdvQndFR2VBdmluVWloYkdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAbN4MA0G
CSqGSIb3DQEBCwUAA4IBAQAV0oIdlETNioYLsuXl+nzQXghDBtjpgjkrKdar27UR
pDWIUYfZt16e9D3kuBg5uIoAgZi1OKnZ+b5BDcX2LO7qi1jOYH9/gm1Gys52q6Vr
cJAPJ0mb/mA2UUggrkhrnJBS6pq0BcCDg4oLvVAYspjjMnYmFMVJYS62VjmyCjSD
DPWjKjwHKJq+qgO7lttASGGwGzvzywQG+PzgGzGrbEsgdxq+FNvBKWkfvis3DsTM
LdgB8QsHdp8cUpyRYbI7eMczlOiM+D5OGAKnnbLBw2JLeMdLNCih/hXhNvCCxhO+
UPetZekME1uPu7n8uMYD4Yn4MrLJnVL+hl2W59q7H0gV
-----END CERTIFICATE-----