Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/4tvTbZiqz_FO4tSOMDlYSp_P8SI.roa
File:                     4tvTbZiqz_FO4tSOMDlYSp_P8SI.roa (raw, json)
Hash identifier:          2+B/far9DSn4PdV1l2CUQBQJCKHTzi2TznsHA+xSsfg=
Subject key identifier:   E2:DB:D3:6D:98:AA:CF:F1:4E:E2:D4:8E:30:39:58:4A:9F:CF:F1:22
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0192C2D561E45D5A36D3CCB7F7D830C72F12
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/4tvTbZiqz_FO4tSOMDlYSp_P8SI.roa
Signing time:             Fri 25 Oct 2024 08:40:16 +0000
ROA not before:           Fri 25 Oct 2024 08:40:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7979
IP address blocks:        130.185.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:d5:61:e4:5d:5a:36:d3:cc:b7:f7:d8:30:c7:2f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Oct 25 08:40:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2dbd36d98aacff14ee2d48e3039584a9fcff122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:72:75:f5:5d:18:f6:4e:59:d0:59:cd:43:8e:
                    97:03:e0:89:1c:f3:b4:14:0b:b3:c5:d5:64:b7:64:
                    60:d7:d1:24:6e:8c:81:6a:cd:42:9b:f6:9c:a8:b2:
                    11:eb:68:a8:3e:5c:1f:ba:22:b6:95:23:27:b1:28:
                    df:59:a2:d8:a3:87:e4:22:5a:f0:0d:c1:81:63:ae:
                    34:3d:a9:89:4b:4a:c8:d2:f6:28:09:07:f1:b0:a3:
                    03:7b:29:8b:9d:9f:b8:cc:df:c2:fc:15:f3:5f:5c:
                    4f:98:04:8b:dc:9f:35:b8:65:b5:7f:1d:cf:31:2d:
                    83:66:37:10:99:05:e7:34:77:96:99:8a:99:50:49:
                    07:65:ed:8f:08:02:fc:54:9f:a1:c8:ae:55:65:eb:
                    38:26:51:00:17:87:41:35:83:ff:be:cf:97:c8:30:
                    d8:e0:50:35:15:ee:bb:9b:87:52:39:d4:55:41:49:
                    10:67:27:26:1a:ed:ad:17:3c:d1:c2:cf:11:47:c0:
                    fd:95:75:87:61:49:b3:86:f4:05:1e:b5:86:83:b2:
                    11:92:49:00:13:82:cc:e7:5b:97:57:c4:d0:f8:b7:
                    d8:47:50:bb:6b:ed:a9:ad:91:cb:2b:f6:16:23:c5:
                    e6:62:0c:00:33:88:1c:65:0e:97:97:14:02:bf:59:
                    62:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DB:D3:6D:98:AA:CF:F1:4E:E2:D4:8E:30:39:58:4A:9F:CF:F1:22
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/4tvTbZiqz_FO4tSOMDlYSp_P8SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:57:30:72:a1:a1:ba:72:60:7c:44:1d:01:dd:28:3b:79:1e:
         a6:90:43:43:88:79:a7:ba:64:56:6b:91:28:ca:a8:f9:52:02:
         71:90:46:dc:f2:dd:59:7b:5d:05:5a:79:67:ae:2c:ea:ed:01:
         58:6c:92:7a:fe:2e:ec:92:a4:60:6e:ec:b9:08:b9:9d:d3:8f:
         4e:e5:66:e2:42:8d:27:77:01:f6:07:ba:f7:63:fd:aa:86:c6:
         ff:ee:d9:0e:0f:60:cb:0d:c6:4b:bb:c8:eb:87:94:c9:e1:38:
         9a:13:72:14:a9:b8:1e:a6:06:0d:46:7d:2d:25:d3:e1:30:6a:
         7f:fc:15:c4:dc:c7:7d:c7:75:91:af:43:ca:39:10:d0:8b:fd:
         ec:f1:6a:17:6d:8f:81:97:35:a7:d7:f9:36:80:08:90:79:27:
         95:87:6f:6f:68:8d:c8:73:f1:0b:49:27:53:6c:37:df:24:49:
         94:33:7c:a4:c0:22:58:26:19:e9:a6:5c:3b:3a:71:26:f7:fe:
         43:8b:8a:52:47:8f:84:54:58:a0:0d:8d:8c:85:a3:08:32:73:
         c0:c6:be:48:5e:64:f7:fb:b4:9d:bd:71:ce:44:be:51:e7:93:
         c9:75:3c:de:86:67:e9:2e:1c:2a:0b:44:59:e4:e7:af:20:ce:
         ab:ff:74:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLC1WHkXVo208y399gwxy8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQxMDI1MDg0MDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRiZDM2ZDk4YWFjZmYxNGVlMmQ0OGUzMDM5NTg0YTlmY2ZmMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13J19V0Y9k5Z0FnNQ46XA+CJHPO0
FAuzxdVkt2Rg19EkboyBas1Cm/acqLIR62ioPlwfuiK2lSMnsSjfWaLYo4fkIlrw
DcGBY640PamJS0rI0vYoCQfxsKMDeymLnZ+4zN/C/BXzX1xPmASL3J81uGW1fx3P
MS2DZjcQmQXnNHeWmYqZUEkHZe2PCAL8VJ+hyK5VZes4JlEAF4dBNYP/vs+XyDDY
4FA1Fe67m4dSOdRVQUkQZycmGu2tFzzRws8RR8D9lXWHYUmzhvQFHrWGg7IRkkkA
E4LM51uXV8TQ+LfYR1C7a+2prZHLK/YWI8XmYgwAM4gcZQ6XlxQCv1liswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLb022Yqs/xTuLUjjA5WEqfz/EiMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvNHR2VGJaaXF6X0ZPNHRTT01EbFlTcF9QOFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrn+MA0G
CSqGSIb3DQEBCwUAA4IBAQAFVzByoaG6cmB8RB0B3Sg7eR6mkENDiHmnumRWa5Eo
yqj5UgJxkEbc8t1Ze10FWnlnrizq7QFYbJJ6/i7skqRgbuy5CLmd049O5WbiQo0n
dwH2B7r3Y/2qhsb/7tkOD2DLDcZLu8jrh5TJ4TiaE3IUqbgepgYNRn0tJdPhMGp/
/BXE3Md9x3WRr0PKORDQi/3s8WoXbY+BlzWn1/k2gAiQeSeVh29vaI3Ic/ELSSdT
bDffJEmUM3ykwCJYJhnpplw7OnEm9/5Di4pSR4+EVFigDY2MhaMIMnPAxr5IXmT3
+7SdvXHORL5R55PJdTzehmfpLhwqC0RZ5OevIM6r/3RM
-----END CERTIFICATE-----