Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/cNg_w6FNDPxXpKdIkq9A_UpQRD4.roa
File:                     cNg_w6FNDPxXpKdIkq9A_UpQRD4.roa (raw, json)
Hash identifier:          syLuSdgaorQGcBipXNeo5+gDHDzPudwTqzWzLW2dWo4=
Subject key identifier:   70:D8:3F:C3:A1:4D:0C:FC:57:A4:A7:48:92:AF:40:FD:4A:50:44:3E
Certificate issuer:       /CN=cc4dc308fe6d86121026f9744add40e1173543de
Certificate serial:       019422FB8CB85D7699BDC7F91E7B5D4C3198
Authority key identifier: CC:4D:C3:08:FE:6D:86:12:10:26:F9:74:4A:DD:40:E1:17:35:43:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zE3DCP5thhIQJvl0St1A4Rc1Q94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/cNg_w6FNDPxXpKdIkq9A_UpQRD4.roa
Signing time:             Wed 01 Jan 2025 17:48:18 +0000
ROA not before:           Wed 01 Jan 2025 17:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51555
IP address blocks:        194.213.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/zE3DCP5thhIQJvl0St1A4Rc1Q94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/zE3DCP5thhIQJvl0St1A4Rc1Q94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zE3DCP5thhIQJvl0St1A4Rc1Q94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:8c:b8:5d:76:99:bd:c7:f9:1e:7b:5d:4c:31:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc4dc308fe6d86121026f9744add40e1173543de
        Validity
            Not Before: Jan  1 17:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70d83fc3a14d0cfc57a4a74892af40fd4a50443e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e3:f6:2c:65:ae:72:54:af:2a:6d:b0:02:66:
                    32:21:1c:e1:40:d0:5d:19:aa:40:11:63:53:c0:89:
                    6e:1d:44:e2:4e:a3:8f:bd:0d:70:b2:6f:70:53:50:
                    1b:59:58:20:10:5d:6e:85:72:21:03:7b:e4:95:38:
                    6d:77:78:6a:c3:7e:18:c1:6f:52:e0:53:49:5b:ab:
                    eb:ee:a7:da:b9:7b:e7:d0:6b:b1:6f:b0:11:92:b7:
                    64:ff:93:5f:11:88:22:9b:38:5f:81:da:91:d8:d1:
                    65:a3:b8:34:48:c8:30:a1:47:22:f8:5b:20:63:66:
                    21:31:94:67:1c:8e:f5:e9:db:7f:46:e6:cf:56:ad:
                    4a:64:f2:99:02:48:eb:af:43:0f:61:c6:a8:af:92:
                    9d:1e:99:10:b1:a8:00:98:9e:5b:8e:6b:6a:56:3b:
                    4a:2a:0f:b5:cd:84:9f:74:ee:28:e0:a1:44:0e:c4:
                    2c:4f:aa:34:7d:3a:56:48:91:ad:09:32:ee:8c:c0:
                    2b:c1:8a:9a:54:4f:14:64:13:1d:b3:cf:91:09:08:
                    d9:1a:1c:04:8d:f8:90:4b:c5:3d:e2:ff:69:c7:5d:
                    19:11:28:56:f0:e3:f6:2a:86:4f:3b:8f:dc:f1:20:
                    1c:e8:14:45:8c:c6:aa:d6:c6:98:f6:89:04:78:7b:
                    be:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D8:3F:C3:A1:4D:0C:FC:57:A4:A7:48:92:AF:40:FD:4A:50:44:3E
            X509v3 Authority Key Identifier:
                keyid:CC:4D:C3:08:FE:6D:86:12:10:26:F9:74:4A:DD:40:E1:17:35:43:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zE3DCP5thhIQJvl0St1A4Rc1Q94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/cNg_w6FNDPxXpKdIkq9A_UpQRD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0cfa6-c446-4886-96ed-d226a3b1f42d/1/zE3DCP5thhIQJvl0St1A4Rc1Q94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:d3:df:a3:7b:6d:47:bf:ff:68:58:23:d7:e1:03:ed:be:63:
         7e:e5:d2:45:62:62:c5:ac:b2:27:04:fc:33:89:9c:90:b4:dc:
         52:75:23:52:9e:71:c9:d3:65:02:13:5c:5e:98:96:37:a8:fb:
         9f:e5:04:70:29:d8:b2:cc:06:b5:cd:9a:bd:5d:1a:11:37:58:
         64:cc:2f:d1:1c:89:7e:85:c6:3e:99:2e:15:db:c2:83:41:5b:
         f0:1f:c3:4e:32:54:ea:61:45:fb:61:78:de:4e:03:11:83:86:
         11:55:99:d2:02:5f:f8:e9:4e:ab:3a:1e:81:dd:69:f4:f3:b1:
         d9:75:f1:72:27:a1:f3:6e:08:37:03:c3:e4:53:5b:65:7d:9b:
         15:00:b1:d0:45:02:ba:1f:a1:bf:d6:2b:d1:7a:b7:e4:56:43:
         36:17:0a:0c:78:b4:cd:a8:0e:f0:28:98:10:06:36:79:2c:0f:
         99:12:7d:ee:18:6b:14:30:30:f4:43:20:a5:15:27:97:c9:d7:
         d1:b7:4e:01:f2:a5:bd:29:fe:4c:0b:1b:88:d6:14:b8:82:b6:
         95:47:52:f9:14:46:32:ec:e2:32:c0:50:94:de:7c:36:1c:51:
         4a:81:b1:62:6a:77:6c:ae:dc:71:07:31:26:8f:cb:55:c5:7e:
         ca:16:eb:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+4y4XXaZvcf5HntdTDGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNGRjMzA4ZmU2ZDg2MTIxMDI2Zjk3NDRhZGQ0MGUxMTcz
NTQzZGUwHhcNMjUwMTAxMTc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ4M2ZjM2ExNGQwY2ZjNTdhNGE3NDg5MmFmNDBmZDRhNTA0NDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OP2LGWuclSvKm2wAmYyIRzhQNBd
GapAEWNTwIluHUTiTqOPvQ1wsm9wU1AbWVggEF1uhXIhA3vklThtd3hqw34YwW9S
4FNJW6vr7qfauXvn0Guxb7ARkrdk/5NfEYgimzhfgdqR2NFlo7g0SMgwoUci+Fsg
Y2YhMZRnHI716dt/RubPVq1KZPKZAkjrr0MPYcaor5KdHpkQsagAmJ5bjmtqVjtK
Kg+1zYSfdO4o4KFEDsQsT6o0fTpWSJGtCTLujMArwYqaVE8UZBMds8+RCQjZGhwE
jfiQS8U94v9px10ZEShW8OP2KoZPO4/c8SAc6BRFjMaq1saY9okEeHu+7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDYP8OhTQz8V6SnSJKvQP1KUEQ+MB8GA1UdIwQY
MBaAFMxNwwj+bYYSECb5dErdQOEXNUPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekUzRENQNXRoaElRSnZsMFN0MUE0UmMxUTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGNmYTYtYzQ0Ni00ODg2LTk2ZWQt
ZDIyNmEzYjFmNDJkLzEvY05nX3c2Rk5EUHhYcEtkSWtxOUFfVXBRUkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGNmYTYtYzQ0Ni00ODg2LTk2ZWQtZDIyNmEzYjFmNDJk
LzEvekUzRENQNXRoaElRSnZsMFN0MUE0UmMxUTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUTMA0G
CSqGSIb3DQEBCwUAA4IBAQAL09+je21Hv/9oWCPX4QPtvmN+5dJFYmLFrLInBPwz
iZyQtNxSdSNSnnHJ02UCE1xemJY3qPuf5QRwKdiyzAa1zZq9XRoRN1hkzC/RHIl+
hcY+mS4V28KDQVvwH8NOMlTqYUX7YXjeTgMRg4YRVZnSAl/46U6rOh6B3Wn087HZ
dfFyJ6Hzbgg3A8PkU1tlfZsVALHQRQK6H6G/1ivRerfkVkM2FwoMeLTNqA7wKJgQ
BjZ5LA+ZEn3uGGsUMDD0QyClFSeXydfRt04B8qW9Kf5MCxuI1hS4graVR1L5FEYy
7OIywFCU3nw2HFFKgbFiandsrtxxBzEmj8tVxX7KFuub
-----END CERTIFICATE-----