Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/Ui37pni8yZO_R93Vyy6g6ty1CZs.roa
File:                     Ui37pni8yZO_R93Vyy6g6ty1CZs.roa (raw, json)
Hash identifier:          KVFAYIQrtJyTceCsFbCiblO1P3leUs2Y5nLFzfChjkg=
Subject key identifier:   52:2D:FB:A6:78:BC:C9:93:BF:47:DD:D5:CB:2E:A0:EA:DC:B5:09:9B
Certificate issuer:       /CN=82733146e3e9d6e11546317f75219ea202c5f92d
Certificate serial:       01942067BCC5D18EA1B4D7C236A9278C34A4
Authority key identifier: 82:73:31:46:E3:E9:D6:E1:15:46:31:7F:75:21:9E:A2:02:C5:F9:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/Ui37pni8yZO_R93Vyy6g6ty1CZs.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9145
IP address blocks:        193.39.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:bc:c5:d1:8e:a1:b4:d7:c2:36:a9:27:8c:34:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82733146e3e9d6e11546317f75219ea202c5f92d
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=522dfba678bcc993bf47ddd5cb2ea0eadcb5099b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:83:48:3d:14:71:29:15:63:87:17:24:aa:34:
                    96:e4:77:97:42:81:2a:b9:d1:db:27:86:a0:a3:d3:
                    70:5f:fe:b1:62:21:00:8a:1d:ee:7e:a9:c0:8b:06:
                    c2:c8:48:b0:04:19:ca:b1:8b:83:12:0b:35:d9:69:
                    8e:20:21:28:3b:5d:86:61:04:03:a0:8f:2d:0f:b8:
                    72:61:e6:f8:ac:77:15:1d:c4:78:bd:d5:a5:f9:f6:
                    15:64:fd:7d:48:d8:94:a1:32:c0:b9:cf:22:df:70:
                    96:30:90:df:87:a1:d5:80:bf:49:c8:38:62:4c:b4:
                    be:ad:72:b3:c8:6a:00:06:18:ef:01:21:db:78:c8:
                    45:f9:f4:02:21:12:34:63:3a:69:81:16:88:a7:0c:
                    5c:12:fc:26:1d:ed:69:73:6b:43:f9:63:72:9a:04:
                    19:49:0f:3d:96:b2:30:cb:cf:08:32:54:3e:26:74:
                    a3:a2:4d:98:fb:39:91:4a:cc:3f:ea:94:84:71:c1:
                    23:1a:07:aa:0b:2c:dc:9d:3e:01:33:01:7d:e6:83:
                    48:ea:0b:63:30:31:7e:35:a1:c8:dd:b1:f4:5c:fb:
                    b3:33:8c:46:ac:b2:3f:4c:cc:20:4e:0b:01:9f:9d:
                    ca:77:37:9d:de:5f:48:23:da:7d:11:3f:5c:36:55:
                    32:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2D:FB:A6:78:BC:C9:93:BF:47:DD:D5:CB:2E:A0:EA:DC:B5:09:9B
            X509v3 Authority Key Identifier:
                keyid:82:73:31:46:E3:E9:D6:E1:15:46:31:7F:75:21:9E:A2:02:C5:F9:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnMxRuPp1uEVRjF_dSGeogLF-S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/Ui37pni8yZO_R93Vyy6g6ty1CZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/4d5e16-5e65-4ed8-bbe3-bacb028538dc/1/gnMxRuPp1uEVRjF_dSGeogLF-S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:28:5a:33:30:6a:7b:0a:b8:70:37:46:16:4e:51:d1:04:60:
         60:da:b2:7d:52:bb:84:19:d5:73:9d:00:0f:18:a5:ab:80:a8:
         c0:06:f8:cd:fd:0c:39:01:68:ea:9b:01:8b:ba:20:62:83:9f:
         d0:31:49:8c:8e:60:0b:61:83:c8:e1:63:a6:7a:d9:88:06:ef:
         23:78:c6:52:f7:f9:cf:83:71:9e:3a:3a:8f:e5:9f:c6:1c:b0:
         04:21:ce:30:e1:25:58:15:6d:d7:bb:bf:3e:03:0e:cb:63:97:
         da:63:56:eb:c4:d2:8a:8c:b3:1d:6a:4e:8f:dc:fc:26:9a:b2:
         2b:26:1e:a4:62:87:b0:7d:6b:fa:00:28:be:f8:a4:e3:32:0a:
         17:73:0d:83:12:a0:9f:72:8b:73:66:76:74:93:be:aa:1c:94:
         b7:58:af:5b:9b:6e:2a:f4:fe:79:2c:15:18:9b:cc:f9:00:ac:
         8c:ce:f2:35:da:59:70:83:8d:d4:4f:ef:2c:d6:0e:97:6a:8a:
         e1:6e:01:e8:1d:04:60:e0:da:8c:85:25:32:b9:79:46:17:36:
         75:b5:cb:b0:77:28:7a:5d:3b:b2:2c:ec:b0:07:40:36:a0:ee:
         6d:0b:f0:68:06:ff:76:33:cc:e7:af:e5:ed:5c:71:7d:07:80:
         67:e7:83:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7zF0Y6htNfCNqknjDSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzMzMTQ2ZTNlOWQ2ZTExNTQ2MzE3Zjc1MjE5ZWEyMDJj
NWY5MmQwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJkZmJhNjc4YmNjOTkzYmY0N2RkZDVjYjJlYTBlYWRjYjUwOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYNIPRRxKRVjhxckqjSW5HeXQoEq
udHbJ4ago9NwX/6xYiEAih3ufqnAiwbCyEiwBBnKsYuDEgs12WmOICEoO12GYQQD
oI8tD7hyYeb4rHcVHcR4vdWl+fYVZP19SNiUoTLAuc8i33CWMJDfh6HVgL9JyDhi
TLS+rXKzyGoABhjvASHbeMhF+fQCIRI0YzppgRaIpwxcEvwmHe1pc2tD+WNymgQZ
SQ89lrIwy88IMlQ+JnSjok2Y+zmRSsw/6pSEccEjGgeqCyzcnT4BMwF95oNI6gtj
MDF+NaHI3bH0XPuzM4xGrLI/TMwgTgsBn53Kdzed3l9II9p9ET9cNlUyvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIt+6Z4vMmTv0fd1csuoOrctQmbMB8GA1UdIwQY
MBaAFIJzMUbj6dbhFUYxf3UhnqICxfktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25NeFJ1UHAxdUVWUmpGX2RTR2VvZ0xGLVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS80ZDVlMTYtNWU2NS00ZWQ4LWJiZTMt
YmFjYjAyODUzOGRjLzEvVWkzN3BuaTh5Wk9fUjkzVnl5Nmc2dHkxQ1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS80ZDVlMTYtNWU2NS00ZWQ4LWJiZTMtYmFjYjAyODUzOGRj
LzEvZ25NeFJ1UHAxdUVWUmpGX2RTR2VvZ0xGLVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSdzMA0G
CSqGSIb3DQEBCwUAA4IBAQCSKFozMGp7CrhwN0YWTlHRBGBg2rJ9UruEGdVznQAP
GKWrgKjABvjN/Qw5AWjqmwGLuiBig5/QMUmMjmALYYPI4WOmetmIBu8jeMZS9/nP
g3GeOjqP5Z/GHLAEIc4w4SVYFW3Xu78+Aw7LY5faY1brxNKKjLMdak6P3PwmmrIr
Jh6kYoewfWv6ACi++KTjMgoXcw2DEqCfcotzZnZ0k76qHJS3WK9bm24q9P55LBUY
m8z5AKyMzvI12llwg43UT+8s1g6XaorhbgHoHQRg4NqMhSUyuXlGFzZ1tcuwdyh6
XTuyLOywB0A2oO5tC/BoBv92M8znr+XtXHF9B4Bn54Mc
-----END CERTIFICATE-----