Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/J0ZgfR5U6lkaUqXFqkaevK5zE7Y.roa
File:                     J0ZgfR5U6lkaUqXFqkaevK5zE7Y.roa (raw, json)
Hash identifier:          /1drMWi8WHeYZMzayKCKRAt2zHYV3mIjXjepj/lhD8k=
Subject key identifier:   27:46:60:7D:1E:54:EA:59:1A:52:A5:C5:AA:46:9E:BC:AE:73:13:B6
Certificate issuer:       /CN=b473167913af73e4f6374170c4f945f8b0dd7d64
Certificate serial:       0194228DC0592E6829121A9102D3AAEF0C78
Authority key identifier: B4:73:16:79:13:AF:73:E4:F6:37:41:70:C4:F9:45:F8:B0:DD:7D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tHMWeROvc-T2N0FwxPlF-LDdfWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/J0ZgfR5U6lkaUqXFqkaevK5zE7Y.roa
Signing time:             Wed 01 Jan 2025 15:48:22 +0000
ROA not before:           Wed 01 Jan 2025 15:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50553
IP address blocks:        178.219.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/tHMWeROvc-T2N0FwxPlF-LDdfWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/tHMWeROvc-T2N0FwxPlF-LDdfWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tHMWeROvc-T2N0FwxPlF-LDdfWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c0:59:2e:68:29:12:1a:91:02:d3:aa:ef:0c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b473167913af73e4f6374170c4f945f8b0dd7d64
        Validity
            Not Before: Jan  1 15:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2746607d1e54ea591a52a5c5aa469ebcae7313b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:16:a9:fd:96:31:69:f0:f7:a9:b4:df:49:a9:
                    c5:d1:c6:0b:1a:de:89:65:2d:c9:01:2d:66:af:98:
                    ff:ad:fe:76:76:8b:54:ff:01:46:ae:09:f5:89:f1:
                    7f:ba:ee:f4:52:b1:81:64:02:88:aa:cf:38:3a:e4:
                    3c:ed:76:6e:23:0d:69:b4:9b:1d:f0:d0:12:38:ae:
                    8a:a6:76:2c:9e:f8:ed:00:24:95:55:fb:a7:91:94:
                    66:0a:35:72:be:dc:50:14:d6:11:0d:0d:ab:ca:49:
                    22:14:91:53:38:31:9a:c0:d6:96:79:98:d6:58:2a:
                    2f:03:1b:d7:63:48:b9:8f:ba:2a:b5:1a:d2:4e:f6:
                    cd:e2:72:93:91:ae:be:e4:26:b4:2f:c7:52:06:03:
                    a6:49:d4:5b:2b:b8:99:70:05:10:dd:a9:1d:48:ce:
                    12:19:ee:4e:ad:bb:de:60:c5:d1:4b:2b:81:af:f2:
                    d8:7f:c7:10:d0:15:64:cf:9f:50:25:6b:a7:7e:35:
                    15:7f:61:70:99:ef:2a:98:0f:ba:9e:15:72:5f:12:
                    9c:01:5b:e5:f9:9e:22:41:a9:80:4f:c5:57:2e:69:
                    c5:36:43:4e:60:13:96:e4:d9:2d:7d:bb:86:4f:aa:
                    6a:b0:d1:48:e0:91:ab:e5:27:2c:46:d9:5a:06:93:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:46:60:7D:1E:54:EA:59:1A:52:A5:C5:AA:46:9E:BC:AE:73:13:B6
            X509v3 Authority Key Identifier:
                keyid:B4:73:16:79:13:AF:73:E4:F6:37:41:70:C4:F9:45:F8:B0:DD:7D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tHMWeROvc-T2N0FwxPlF-LDdfWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/J0ZgfR5U6lkaUqXFqkaevK5zE7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/e56d41-5bb8-4a91-a4f0-f86dcaad8c49/1/tHMWeROvc-T2N0FwxPlF-LDdfWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:d9:f1:ef:19:e4:38:b9:76:d3:fa:0a:db:e3:a1:d7:fb:68:
         9a:ab:cb:71:de:25:94:e8:02:49:a9:e4:1d:12:50:22:74:4c:
         43:3d:0a:6d:0d:f5:4b:7d:de:ce:e8:c2:ec:57:f2:0e:1e:6a:
         19:ae:84:4f:a4:37:0e:ca:9a:48:5d:9d:55:d7:39:12:7a:e4:
         76:9c:6f:64:ef:63:ca:c6:2d:d5:c2:bf:9a:42:09:23:a0:02:
         69:61:bd:64:cf:46:e8:29:94:cd:35:14:4a:37:e7:0e:84:94:
         fa:82:6b:d7:3d:4f:e1:59:f3:b4:25:45:13:2e:db:57:9d:05:
         d7:a8:c2:c8:37:e2:34:f3:b1:12:3b:a8:9c:9e:6f:b3:90:b9:
         5f:15:24:63:5d:75:72:63:ed:14:5b:de:c7:ac:70:45:d7:2b:
         18:f3:b6:13:0d:f7:80:d9:94:6e:d9:24:8c:90:07:4c:a4:a9:
         e3:26:be:de:d2:d9:62:ec:1b:74:ba:da:11:d2:6a:11:00:83:
         52:04:05:72:46:d2:2a:7e:3c:14:94:fc:2c:84:2f:42:8a:b2:
         8e:40:fe:31:62:56:59:b7:22:9b:3e:03:57:45:af:ed:fe:ee:
         f8:8d:11:85:cf:35:36:45:6a:41:8e:37:4e:8d:1e:a6:3b:6c:
         83:0a:47:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcBZLmgpEhqRAtOq7wx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NzMxNjc5MTNhZjczZTRmNjM3NDE3MGM0Zjk0NWY4YjBk
ZDdkNjQwHhcNMjUwMTAxMTU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQ2NjA3ZDFlNTRlYTU5MWE1MmE1YzVhYTQ2OWViY2FlNzMxM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hap/ZYxafD3qbTfSanF0cYLGt6J
ZS3JAS1mr5j/rf52dotU/wFGrgn1ifF/uu70UrGBZAKIqs84OuQ87XZuIw1ptJsd
8NASOK6KpnYsnvjtACSVVfunkZRmCjVyvtxQFNYRDQ2rykkiFJFTODGawNaWeZjW
WCovAxvXY0i5j7oqtRrSTvbN4nKTka6+5Ca0L8dSBgOmSdRbK7iZcAUQ3akdSM4S
Ge5OrbveYMXRSyuBr/LYf8cQ0BVkz59QJWunfjUVf2Fwme8qmA+6nhVyXxKcAVvl
+Z4iQamAT8VXLmnFNkNOYBOW5NktfbuGT6pqsNFI4JGr5ScsRtlaBpMerQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdGYH0eVOpZGlKlxapGnryucxO2MB8GA1UdIwQY
MBaAFLRzFnkTr3Pk9jdBcMT5Rfiw3X1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEhNV2VST3ZjLVQyTjBGd3hQbEYtTERkZldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lNTZkNDEtNWJiOC00YTkxLWE0ZjAt
Zjg2ZGNhYWQ4YzQ5LzEvSjBaZ2ZSNVU2bGthVXFYRnFrYWV2SzV6RTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lNTZkNDEtNWJiOC00YTkxLWE0ZjAtZjg2ZGNhYWQ4YzQ5
LzEvdEhNV2VST3ZjLVQyTjBGd3hQbEYtTERkZldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstuwMA0G
CSqGSIb3DQEBCwUAA4IBAQAE2fHvGeQ4uXbT+grb46HX+2iaq8tx3iWU6AJJqeQd
ElAidExDPQptDfVLfd7O6MLsV/IOHmoZroRPpDcOyppIXZ1V1zkSeuR2nG9k72PK
xi3Vwr+aQgkjoAJpYb1kz0boKZTNNRRKN+cOhJT6gmvXPU/hWfO0JUUTLttXnQXX
qMLIN+I087ESO6icnm+zkLlfFSRjXXVyY+0UW97HrHBF1ysY87YTDfeA2ZRu2SSM
kAdMpKnjJr7e0tli7Bt0utoR0moRAINSBAVyRtIqfjwUlPwshC9CirKOQP4xYlZZ
tyKbPgNXRa/t/u74jRGFzzU2RWpBjjdOjR6mO2yDCkeB
-----END CERTIFICATE-----