Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Kt54sJQgRqTUq_5CeKj_uNxTFL4.roa
File:                     Kt54sJQgRqTUq_5CeKj_uNxTFL4.roa (raw, json)
Hash identifier:          4RVmGcZHz9ixKOs2qOpourGK4cJrBwsGs1fzppEGkHY=
Subject key identifier:   2A:DE:78:B0:94:20:46:A4:D4:AB:FE:42:78:A8:FF:B8:DC:53:14:BE
Certificate issuer:       /CN=8106d994a1219257a3cec9ed91cd189bc3d93b0b
Certificate serial:       019473BBF9C7661098BF26631461517BEFC8
Authority key identifier: 81:06:D9:94:A1:21:92:57:A3:CE:C9:ED:91:CD:18:9B:C3:D9:3B:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Kt54sJQgRqTUq_5CeKj_uNxTFL4.roa
Signing time:             Fri 17 Jan 2025 10:08:06 +0000
ROA not before:           Fri 17 Jan 2025 10:08:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1103
IP address blocks:        134.221.0.0/16 maxlen: 24
                          192.43.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:bb:f9:c7:66:10:98:bf:26:63:14:61:51:7b:ef:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8106d994a1219257a3cec9ed91cd189bc3d93b0b
        Validity
            Not Before: Jan 17 10:08:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ade78b0942046a4d4abfe4278a8ffb8dc5314be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:aa:f1:0b:02:12:ae:58:ee:cb:6e:40:c9:a1:
                    6a:4f:e7:8d:d7:1b:ca:03:d2:c1:e2:22:d5:2e:1f:
                    cb:5a:ad:98:a9:ae:71:dc:7b:d7:0a:5b:6e:d8:64:
                    c7:74:95:04:bb:5d:67:05:8b:db:5f:c4:d1:a5:cd:
                    df:e6:29:d6:e1:a7:31:be:eb:5d:df:58:bb:c1:66:
                    65:82:49:bc:15:02:fc:fa:4c:f3:37:fb:0b:6f:b3:
                    26:b3:ca:88:b4:45:58:a4:ea:8e:09:c7:c7:4d:66:
                    fb:f9:0b:3e:b9:4e:2a:29:d3:3a:be:d4:fc:89:ed:
                    89:d1:2b:41:45:db:aa:18:f1:11:47:b2:f5:eb:af:
                    81:23:32:54:e4:96:c0:61:2a:a8:fa:f6:4f:4b:9d:
                    e6:65:1c:fa:3c:b0:ae:22:5f:6f:73:96:b3:b2:e5:
                    5a:78:0a:0e:28:f9:a2:8f:25:25:9a:39:53:af:4f:
                    51:16:37:6a:08:12:3d:d6:1f:1d:e7:8d:be:48:9c:
                    52:fb:ef:9c:df:e1:da:fb:7b:85:96:79:83:eb:e2:
                    47:49:06:80:35:51:4a:ee:36:28:a1:b3:74:7b:09:
                    0b:2b:a8:3c:82:fc:db:6a:c6:f4:16:c0:c6:70:9a:
                    fc:6f:e2:d4:b3:f8:14:7e:37:7c:b6:6c:4d:77:fe:
                    b3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DE:78:B0:94:20:46:A4:D4:AB:FE:42:78:A8:FF:B8:DC:53:14:BE
            X509v3 Authority Key Identifier:
                keyid:81:06:D9:94:A1:21:92:57:A3:CE:C9:ED:91:CD:18:9B:C3:D9:3B:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQbZlKEhklejzsntkc0Ym8PZOws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/Kt54sJQgRqTUq_5CeKj_uNxTFL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/69dc6a-e91e-4b3a-934a-b354b78cc969/1/gQbZlKEhklejzsntkc0Ym8PZOws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.221.0.0/16
                  192.43.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:09:e0:49:ef:96:ba:e4:6d:6b:b4:77:d0:54:6b:34:49:af:
         3c:aa:4a:e4:39:1a:8b:c0:e5:07:a1:40:38:25:f8:80:39:57:
         7e:95:76:f9:70:c8:64:22:a4:76:69:0c:50:84:65:bf:1c:46:
         d8:3b:50:f9:1d:07:c6:72:33:38:dc:9e:90:54:a4:38:ea:25:
         33:3f:20:a1:4b:cd:1c:ae:53:99:50:70:d4:aa:e5:50:d5:02:
         36:c7:0a:f7:21:ba:eb:ed:c3:ab:12:4f:62:4b:92:1d:e8:36:
         5a:79:60:4b:1b:ae:4a:68:46:7e:21:3a:1a:68:d7:9f:22:46:
         74:df:13:f3:f4:64:d2:f2:bf:0f:90:f7:5d:1e:2e:ac:aa:78:
         04:f3:8f:f4:1f:15:08:56:49:5a:53:19:ef:72:bb:73:fc:12:
         ad:76:21:ac:4f:1b:3d:75:66:44:90:c2:f9:46:53:2c:41:dd:
         57:93:a0:05:0b:c9:41:cb:ed:1c:bf:79:31:63:d6:a5:42:38:
         43:a9:9f:22:93:03:68:24:77:f3:b0:03:0c:82:6d:d2:ca:94:
         b3:d6:34:91:f7:e6:1d:e8:55:b3:98:ac:69:10:c5:fb:9f:62:
         ab:21:cb:95:77:25:0b:48:32:08:68:bb:4e:cf:6a:72:0d:9b:
         de:00:db:97
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZRzu/nHZhCYvyZjFGFRe+/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDZkOTk0YTEyMTkyNTdhM2NlYzllZDkxY2QxODliYzNk
OTNiMGIwHhcNMjUwMTE3MTAwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRlNzhiMDk0MjA0NmE0ZDRhYmZlNDI3OGE4ZmZiOGRjNTMxNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKrxCwISrljuy25AyaFqT+eN1xvK
A9LB4iLVLh/LWq2Yqa5x3HvXCltu2GTHdJUEu11nBYvbX8TRpc3f5inW4acxvutd
31i7wWZlgkm8FQL8+kzzN/sLb7Mms8qItEVYpOqOCcfHTWb7+Qs+uU4qKdM6vtT8
ie2J0StBRduqGPERR7L166+BIzJU5JbAYSqo+vZPS53mZRz6PLCuIl9vc5azsuVa
eAoOKPmijyUlmjlTr09RFjdqCBI91h8d542+SJxS+++c3+Ha+3uFlnmD6+JHSQaA
NVFK7jYoobN0ewkLK6g8gvzbasb0FsDGcJr8b+LUs/gUfjd8tmxNd/6zewIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFCreeLCUIEak1Kv+Qnio/7jcUxS+MB8GA1UdIwQY
MBaAFIEG2ZShIZJXo87J7ZHNGJvD2TsLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FiWmxLRWhrbGVqenNudGtjMFltOFBaT3dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy82OWRjNmEtZTkxZS00YjNhLTkzNGEt
YjM1NGI3OGNjOTY5LzEvS3Q1NHNKUWdScVRVcV81Q2VLal91TnhURkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy82OWRjNmEtZTkxZS00YjNhLTkzNGEtYjM1NGI3OGNjOTY5
LzEvZ1FiWmxLRWhrbGVqenNudGtjMFltOFBaT3dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAht0DBADA
K9QwDQYJKoZIhvcNAQELBQADggEBAAcJ4EnvlrrkbWu0d9BUazRJrzyqSuQ5GovA
5QehQDgl+IA5V36VdvlwyGQipHZpDFCEZb8cRtg7UPkdB8ZyMzjcnpBUpDjqJTM/
IKFLzRyuU5lQcNSq5VDVAjbHCvchuuvtw6sST2JLkh3oNlp5YEsbrkpoRn4hOhpo
158iRnTfE/P0ZNLyvw+Q910eLqyqeATzj/QfFQhWSVpTGe9yu3P8Eq12IaxPGz11
ZkSQwvlGUyxB3VeToAULyUHL7Ry/eTFj1qVCOEOpnyKTA2gkd/OwAwyCbdLKlLPW
NJH35h3oVbOYrGkQxfufYqshy5V3JQtIMghou07PanINm94A25c=
-----END CERTIFICATE-----