Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/CFEprGG9zI2SPXEkfveiqcGkxys.roa
File:                     CFEprGG9zI2SPXEkfveiqcGkxys.roa (raw, json)
Hash identifier:          zwoMXpp3WPmfn1e+WeBEAccAThpouC8C+SBbtldgA/c=
Subject key identifier:   08:51:29:AC:61:BD:CC:8D:92:3D:71:24:7E:F7:A2:A9:C1:A4:C7:2B
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01941F8C5D7E5FC05B9EB0D4C3FD133572D5
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/CFEprGG9zI2SPXEkfveiqcGkxys.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        92.51.32.0/22 maxlen: 24
                          92.51.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:5d:7e:5f:c0:5b:9e:b0:d4:c3:fd:13:35:72:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085129ac61bdcc8d923d71247ef7a2a9c1a4c72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ba:0f:ae:bd:fa:30:14:cc:13:d5:37:cd:c5:
                    ad:26:2d:8e:f9:3c:4f:7a:fe:4f:06:92:62:cf:68:
                    b3:38:c4:be:85:2c:09:60:72:34:68:c7:ea:45:25:
                    97:8a:ba:d3:bd:c2:36:a3:a3:86:9c:60:6b:2d:ef:
                    a0:e8:e8:1b:8f:ad:e8:d3:47:09:d5:f6:78:60:43:
                    0a:dd:6a:f6:79:85:e8:76:a7:c4:40:4b:18:60:18:
                    01:00:ec:81:2d:85:fc:20:2d:be:f2:37:a5:ee:9e:
                    76:86:75:3a:1c:37:cd:fd:6f:eb:e9:a4:90:59:87:
                    1e:e0:c3:d0:f4:24:dc:60:09:1a:53:28:e5:9f:9f:
                    e0:90:26:d1:31:82:e1:3c:b5:08:47:12:5b:3d:71:
                    3b:f8:6d:4c:fb:38:6b:da:7c:14:35:5c:7d:72:83:
                    3b:2c:8a:69:be:5d:a6:4b:bc:78:e7:d5:29:b6:3e:
                    a4:de:67:ac:a9:0a:4b:3d:6f:88:13:ce:0f:4e:2a:
                    58:1e:5a:77:0f:bf:d6:ba:3d:64:88:a7:82:ee:d8:
                    47:bb:4e:ea:23:f9:84:47:02:85:b8:99:68:84:77:
                    74:b9:a3:97:0f:29:f0:12:eb:a9:4d:90:51:f5:10:
                    0b:87:80:e1:0a:5c:e4:62:bc:bf:22:e8:6c:ac:7d:
                    b5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:51:29:AC:61:BD:CC:8D:92:3D:71:24:7E:F7:A2:A9:C1:A4:C7:2B
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/CFEprGG9zI2SPXEkfveiqcGkxys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.32.0/22
                  92.51.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:e5:e3:f4:91:0c:85:78:12:e8:ca:ce:f4:6c:bf:76:f7:43:
         ed:96:49:b9:fc:d2:b4:b6:f3:7b:88:74:61:e0:79:1b:00:0a:
         8c:12:c2:5f:a0:5e:b5:5d:1c:6d:f0:3a:9c:98:e8:ce:f4:4b:
         21:5f:97:72:31:0c:9f:bb:68:4a:70:95:8d:14:c3:87:bb:18:
         eb:20:65:97:41:3c:df:1c:6d:99:52:25:d5:23:5e:e1:3f:07:
         41:f6:22:fd:f3:16:8f:86:9b:6d:2d:de:85:3a:a7:5b:81:45:
         97:09:1a:b2:68:50:12:5c:57:ca:ff:fb:1b:c1:4a:bf:b9:b8:
         8c:08:e8:ab:85:e8:a8:72:ff:5d:a0:9f:90:b3:32:a6:1c:6e:
         b6:3b:aa:66:cc:e5:30:52:2c:6b:16:f2:9a:c1:0f:7e:38:73:
         db:20:88:08:7c:11:e5:d7:a4:c4:29:49:c6:be:61:de:3b:69:
         13:bf:25:0e:20:07:49:88:f8:cc:7e:0c:7a:4f:58:0a:e3:b9:
         6e:d0:9d:f9:1a:cc:71:51:8f:ab:85:4f:30:88:05:af:65:61:
         64:15:ae:4e:47:b9:43:e8:f1:6a:84:80:75:29:7f:96:65:ac:
         3b:14:df:fb:0c:ff:60:7e:88:90:1e:c2:63:bd:1a:16:15:d4:
         39:35:e5:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjF1+X8BbnrDUw/0TNXLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODUxMjlhYzYxYmRjYzhkOTIzZDcxMjQ3ZWY3YTJhOWMxYTRjNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5roPrr36MBTME9U3zcWtJi2O+TxP
ev5PBpJiz2izOMS+hSwJYHI0aMfqRSWXirrTvcI2o6OGnGBrLe+g6Ogbj63o00cJ
1fZ4YEMK3Wr2eYXodqfEQEsYYBgBAOyBLYX8IC2+8jel7p52hnU6HDfN/W/r6aSQ
WYce4MPQ9CTcYAkaUyjln5/gkCbRMYLhPLUIRxJbPXE7+G1M+zhr2nwUNVx9coM7
LIppvl2mS7x459Uptj6k3mesqQpLPW+IE84PTipYHlp3D7/Wuj1kiKeC7thHu07q
I/mERwKFuJlohHd0uaOXDynwEuupTZBR9RALh4DhClzkYry/IuhsrH21bwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAhRKaxhvcyNkj1xJH73oqnBpMcrMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvQ0ZFcHJHRzl6STJTUFhFa2Z2ZWlxY0dreHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDMgAwQC
XDMoMA0GCSqGSIb3DQEBCwUAA4IBAQDB5eP0kQyFeBLoys70bL9290Ptlkm5/NK0
tvN7iHRh4HkbAAqMEsJfoF61XRxt8DqcmOjO9EshX5dyMQyfu2hKcJWNFMOHuxjr
IGWXQTzfHG2ZUiXVI17hPwdB9iL98xaPhpttLd6FOqdbgUWXCRqyaFASXFfK//sb
wUq/ubiMCOirheiocv9doJ+QszKmHG62O6pmzOUwUixrFvKawQ9+OHPbIIgIfBHl
16TEKUnGvmHeO2kTvyUOIAdJiPjMfgx6T1gK47lu0J35GsxxUY+rhU8wiAWvZWFk
Fa5OR7lD6PFqhIB1KX+WZaw7FN/7DP9gfoiQHsJjvRoWFdQ5NeXt
-----END CERTIFICATE-----