Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vOwFc_1p0TMmnQMvZPexflKyeEk.roa
File:                     vOwFc_1p0TMmnQMvZPexflKyeEk.roa (raw, json)
Hash identifier:          Rd9hVzDb5v8m8JgIQf1durgmNZmIEAHGwXGvDS4zjcQ=
Subject key identifier:   BC:EC:05:73:FD:69:D1:33:26:9D:03:2F:64:F7:B1:7E:52:B2:78:49
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220163794916B08A59369383DFF75CA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vOwFc_1p0TMmnQMvZPexflKyeEk.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8100
IP address blocks:        193.58.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:16:37:94:91:6b:08:a5:93:69:38:3d:ff:75:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcec0573fd69d133269d032f64f7b17e52b27849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:f8:a6:72:01:48:23:85:6b:9d:f1:2c:0c:41:
                    be:5c:93:bc:50:89:a8:24:3e:99:1b:60:f2:b6:63:
                    94:e2:9c:f6:a9:aa:3a:f6:bf:25:2c:65:ba:bd:86:
                    8f:d3:b0:c6:54:73:c5:d0:98:fd:06:75:84:4d:05:
                    c3:aa:d1:67:09:c6:8c:a5:fb:e9:95:a4:83:eb:ad:
                    ab:cf:fa:6d:ba:b6:0a:8d:bc:29:81:0b:a3:bc:7e:
                    f7:3b:b6:49:dc:8e:3b:00:c6:a1:2c:a9:4f:8d:63:
                    9f:c9:b1:08:9b:71:2c:58:e0:4c:a7:83:24:b4:2f:
                    4d:a5:1e:fb:f1:81:f3:77:38:1c:2f:d9:93:b7:82:
                    fd:15:3b:64:6c:96:88:c6:3b:fd:74:3e:35:18:6a:
                    53:d3:a6:88:1a:7f:c4:3d:1c:c7:3b:eb:da:8c:e1:
                    f9:77:f9:7e:11:a7:b4:5e:5d:71:23:65:fc:ff:da:
                    62:bb:7c:6f:26:40:04:57:f4:1a:c8:25:7a:3b:9d:
                    e4:2a:89:2a:43:f2:88:85:01:f2:b2:12:8d:05:b4:
                    6a:b0:09:0e:2a:ab:bd:33:d3:27:bc:1d:ea:00:09:
                    8f:eb:71:d4:44:04:7c:4c:08:e7:e0:07:2a:43:c5:
                    22:f5:d7:f8:7a:ba:90:fd:62:de:26:b5:0d:5e:67:
                    d2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:EC:05:73:FD:69:D1:33:26:9D:03:2F:64:F7:B1:7E:52:B2:78:49
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vOwFc_1p0TMmnQMvZPexflKyeEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:6d:ff:3f:23:cb:f5:c5:72:eb:5b:79:4e:c3:60:39:dc:5a:
         1d:ca:f8:5c:c2:a0:09:c1:7f:4b:b6:8a:bc:98:4d:3a:10:08:
         7d:03:be:05:cc:c3:bb:77:87:db:bd:01:f1:2a:64:0b:78:be:
         de:7a:8b:d2:f0:71:46:71:55:1a:83:af:ad:b0:70:bb:ad:29:
         96:bf:ad:02:ab:1a:3a:8a:0d:b1:a6:ec:59:98:03:83:53:1c:
         f9:52:be:c6:85:99:dd:7c:dd:18:3f:ba:3f:c1:a4:30:88:e6:
         02:7d:be:31:cd:6f:fc:e8:6e:6a:ff:99:96:00:eb:dd:30:f8:
         13:61:3a:d7:5c:0e:6e:98:40:68:1c:00:9f:a8:07:e8:39:06:
         36:25:16:b1:f2:0d:11:03:8d:37:34:cf:07:36:9c:39:40:be:
         3d:d5:08:c8:ac:e6:27:e6:e3:08:fd:31:60:17:2e:46:e4:1a:
         7f:9e:4a:86:d1:c9:0f:ff:b7:01:a9:47:e0:6b:f8:67:30:8c:
         3e:36:be:3b:80:84:65:9f:e6:84:56:44:2b:01:f0:13:81:c1:
         0f:35:14:20:1c:f8:e2:45:09:aa:1a:cd:b0:c2:e7:10:d2:f4:
         de:2a:b6:d2:54:54:a2:9f:0a:15:98:56:b6:a9:be:df:c5:6d:
         99:cb:2a:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBY3lJFrCKWTaTg9/3XKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2VjMDU3M2ZkNjlkMTMzMjY5ZDAzMmY2NGY3YjE3ZTUyYjI3ODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvimcgFII4VrnfEsDEG+XJO8UImo
JD6ZG2DytmOU4pz2qao69r8lLGW6vYaP07DGVHPF0Jj9BnWETQXDqtFnCcaMpfvp
laSD662rz/pturYKjbwpgQujvH73O7ZJ3I47AMahLKlPjWOfybEIm3EsWOBMp4Mk
tC9NpR778YHzdzgcL9mTt4L9FTtkbJaIxjv9dD41GGpT06aIGn/EPRzHO+vajOH5
d/l+Eae0Xl1xI2X8/9piu3xvJkAEV/QayCV6O53kKokqQ/KIhQHyshKNBbRqsAkO
Kqu9M9MnvB3qAAmP63HURAR8TAjn4AcqQ8Ui9df4erqQ/WLeJrUNXmfSywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzsBXP9adEzJp0DL2T3sX5SsnhJMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdk93RmNfMXAwVE1tblFNdlpQZXhmbEt5ZUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTqTMA0G
CSqGSIb3DQEBCwUAA4IBAQC7bf8/I8v1xXLrW3lOw2A53FodyvhcwqAJwX9Ltoq8
mE06EAh9A74FzMO7d4fbvQHxKmQLeL7eeovS8HFGcVUag6+tsHC7rSmWv60Cqxo6
ig2xpuxZmAODUxz5Ur7GhZndfN0YP7o/waQwiOYCfb4xzW/86G5q/5mWAOvdMPgT
YTrXXA5umEBoHACfqAfoOQY2JRax8g0RA403NM8HNpw5QL491QjIrOYn5uMI/TFg
Fy5G5Bp/nkqG0ckP/7cBqUfga/hnMIw+Nr47gIRln+aEVkQrAfATgcEPNRQgHPji
RQmqGs2wwucQ0vTeKrbSVFSinwoVmFa2qb7fxW2Zyyo+
-----END CERTIFICATE-----