Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/XViXWtM4Qca08fEngqnKAjV8_6k.roa
File:                     XViXWtM4Qca08fEngqnKAjV8_6k.roa (raw, json)
Hash identifier:          FX1LXPYDV9yZbUiSRuPd/ffSUdla1CU7pMstvEpaovA=
Subject key identifier:   5D:58:97:5A:D3:38:41:C6:B4:F1:F1:27:82:A9:CA:02:35:7C:FF:A9
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019421B21F3067FA3640493F7FDA360A800C
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/XViXWtM4Qca08fEngqnKAjV8_6k.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198504
IP address blocks:        84.17.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1f:30:67:fa:36:40:49:3f:7f:da:36:0a:80:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d58975ad33841c6b4f1f12782a9ca02357cffa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:59:e8:f5:98:a9:61:a7:a0:b4:11:4f:14:92:
                    34:14:b9:86:9f:a1:09:c7:05:ab:3f:40:e1:45:7f:
                    1b:0f:4e:ed:c4:7e:18:83:5a:d6:fa:5b:0f:1c:c9:
                    e9:07:8b:65:df:9e:a3:b6:70:fb:f2:85:d9:4b:2a:
                    53:c0:6c:66:2c:d6:93:58:5a:40:54:08:8d:38:1a:
                    76:55:bb:63:73:ce:28:a4:d6:86:46:14:d2:ec:70:
                    43:71:a9:d1:74:1a:1b:06:06:32:88:6b:50:e5:a2:
                    3b:ca:16:50:0c:46:71:30:7f:f9:99:01:14:04:64:
                    53:0c:ea:ea:5a:9e:42:5e:23:e5:e0:e3:5d:5f:78:
                    a5:5f:88:cf:76:d1:ed:5e:ec:7f:4a:74:bf:70:67:
                    45:ef:b3:d7:b2:0b:38:e8:1e:c7:49:fe:a0:76:17:
                    52:50:e7:0a:f3:bb:07:8e:ee:94:66:7b:ed:c8:d6:
                    68:a4:0a:87:73:6a:fb:9e:98:22:8d:50:8f:83:bc:
                    e0:97:42:e9:ed:33:9e:8e:c1:0e:de:dc:bc:b2:2f:
                    ca:f7:c9:4c:40:e2:64:ce:f5:cb:c4:fc:76:51:45:
                    0e:0c:31:af:f9:bb:4c:e4:bd:b8:03:03:24:52:c2:
                    e3:af:8c:2e:37:2e:5f:26:05:8b:6f:53:6a:86:ae:
                    ca:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:58:97:5A:D3:38:41:C6:B4:F1:F1:27:82:A9:CA:02:35:7C:FF:A9
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/XViXWtM4Qca08fEngqnKAjV8_6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:09:98:08:d6:61:5b:cd:2f:f0:8b:61:fa:c0:73:93:9a:67:
         c1:fa:e6:4d:1a:0c:a8:88:ab:c7:19:76:59:fa:1d:20:b1:38:
         a5:b7:49:e7:e1:d0:1e:b4:c5:82:d7:83:e8:f4:5a:e9:e9:a8:
         7f:36:29:c0:e0:fc:13:4c:98:47:c6:49:04:21:8d:4d:82:99:
         ad:71:9d:2b:fb:36:72:dc:e8:cd:44:8d:24:22:29:b6:a1:c4:
         ed:7e:73:e3:d3:d8:c5:95:8f:09:4b:cc:aa:db:80:58:96:14:
         7a:5c:5b:04:58:b1:b6:31:fe:41:e7:09:4f:b9:6e:ce:3f:25:
         0c:40:c9:17:d3:39:c9:3d:8e:7a:12:8a:eb:90:cc:3d:a9:d5:
         ec:07:b0:b1:3d:fc:1a:51:25:5e:a5:19:2d:70:46:90:e4:f7:
         77:ed:a1:9e:b5:b7:ef:7a:a0:88:c1:d4:f1:d0:ec:d3:e6:09:
         a5:64:ea:fe:30:71:c4:a7:5d:67:3e:8e:74:a5:ef:18:c4:d6:
         3f:c8:f1:5b:6c:b7:af:31:a5:97:81:82:be:52:33:d1:16:27:
         d7:12:3f:01:c3:2c:7a:4a:30:79:7d:e5:c0:4d:5e:93:3c:2c:
         b7:8f:6c:83:35:08:5a:0c:4a:b9:3d:bd:85:b4:50:e0:9d:5a:
         41:e4:c3:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsh8wZ/o2QEk/f9o2CoAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDU4OTc1YWQzMzg0MWM2YjRmMWYxMjc4MmE5Y2EwMjM1N2NmZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1no9ZipYaegtBFPFJI0FLmGn6EJ
xwWrP0DhRX8bD07txH4Yg1rW+lsPHMnpB4tl356jtnD78oXZSypTwGxmLNaTWFpA
VAiNOBp2Vbtjc84opNaGRhTS7HBDcanRdBobBgYyiGtQ5aI7yhZQDEZxMH/5mQEU
BGRTDOrqWp5CXiPl4ONdX3ilX4jPdtHtXux/SnS/cGdF77PXsgs46B7HSf6gdhdS
UOcK87sHju6UZnvtyNZopAqHc2r7npgijVCPg7zgl0Lp7TOejsEO3ty8si/K98lM
QOJkzvXLxPx2UUUODDGv+btM5L24AwMkUsLjr4wuNy5fJgWLb1Nqhq7KXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1Yl1rTOEHGtPHxJ4KpygI1fP+pMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvWFZpWFd0TTRRY2EwOGZFbmdxbktBalY4XzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFJMA0G
CSqGSIb3DQEBCwUAA4IBAQB4CZgI1mFbzS/wi2H6wHOTmmfB+uZNGgyoiKvHGXZZ
+h0gsTilt0nn4dAetMWC14Po9Frp6ah/NinA4PwTTJhHxkkEIY1NgpmtcZ0r+zZy
3OjNRI0kIim2ocTtfnPj09jFlY8JS8yq24BYlhR6XFsEWLG2Mf5B5wlPuW7OPyUM
QMkX0znJPY56EorrkMw9qdXsB7CxPfwaUSVepRktcEaQ5Pd37aGetbfveqCIwdTx
0OzT5gmlZOr+MHHEp11nPo50pe8YxNY/yPFbbLevMaWXgYK+UjPRFifXEj8Bwyx6
SjB5feXATV6TPCy3j2yDNQhaDEq5Pb2FtFDgnVpB5MPY
-----END CERTIFICATE-----