Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Cp4_OA2naxzgTgMy_iZTZecSfm8.roa
File:                     Cp4_OA2naxzgTgMy_iZTZecSfm8.roa (raw, json)
Hash identifier:          uzIpPppF3XVmcloHurlu6vp8B3nBDUV4sLh1UZRbHiQ=
Subject key identifier:   0A:9E:3F:38:0D:A7:6B:1C:E0:4E:03:32:FE:26:53:65:E7:12:7E:6F
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64AE2DEF1C504C4E66C3C035A6B755
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Cp4_OA2naxzgTgMy_iZTZecSfm8.roa
Signing time:             Thu 09 Jan 2025 09:28:19 +0000
ROA not before:           Thu 09 Jan 2025 09:28:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44476
IP address blocks:        78.142.16.0/24 maxlen: 24
                          91.148.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:ae:2d:ef:1c:50:4c:4e:66:c3:c0:35:a6:b7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a9e3f380da76b1ce04e0332fe265365e7127e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cb:5f:57:6e:52:56:6f:c9:76:65:3c:cc:d7:
                    23:a0:9a:d8:46:d7:b3:87:4b:e0:d6:5b:da:df:cc:
                    0a:4e:c9:b5:ab:b8:ab:39:cd:85:58:9b:6d:2f:1a:
                    ae:b0:95:2d:55:fb:bb:4a:ec:a1:7e:01:56:31:dd:
                    f9:1a:be:79:56:4a:ca:6b:cb:95:6a:4d:eb:15:28:
                    36:08:f3:8e:ac:91:21:84:e8:df:60:1e:60:19:d5:
                    2c:a7:a8:01:99:2f:84:91:37:b8:13:45:7e:80:71:
                    c7:04:24:93:08:63:54:38:c9:08:94:5e:10:8b:d6:
                    8a:b8:1f:cc:21:93:7f:6a:3d:48:74:f0:a1:b0:a6:
                    f1:7e:87:4b:1f:42:86:ab:5b:c1:5a:b0:2e:d3:65:
                    93:e0:41:93:61:54:37:e2:cc:85:88:28:bd:e7:88:
                    25:4a:be:fd:ce:68:fc:51:02:c3:71:1f:b4:23:85:
                    df:52:fa:48:b4:40:f3:81:ac:55:98:47:86:dd:5e:
                    dd:21:7e:14:25:99:8a:44:ef:4a:12:d7:3e:18:15:
                    d6:5b:d0:e1:de:21:26:52:3d:f8:69:d4:9f:3a:bf:
                    4b:5e:c4:9c:4b:bd:e5:c9:c4:e9:40:89:d8:db:5d:
                    7d:ad:15:6e:b3:a7:34:5c:2e:4b:38:ee:e3:f3:10:
                    21:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9E:3F:38:0D:A7:6B:1C:E0:4E:03:32:FE:26:53:65:E7:12:7E:6F
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Cp4_OA2naxzgTgMy_iZTZecSfm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.16.0/24
                  91.148.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:be:c5:ed:87:34:6c:62:7c:44:b5:b5:8b:33:49:f8:7d:a5:
         62:dd:a8:13:dd:da:87:1b:37:21:9d:62:3a:87:74:80:4d:d3:
         43:63:b1:d5:40:ba:62:c9:85:c2:ac:e1:58:0b:8d:91:3c:a9:
         5a:cb:26:73:b9:c5:c4:bd:a8:f9:5a:97:24:b4:5f:b3:17:24:
         19:54:25:35:e7:5e:9b:a9:99:5b:57:49:a9:51:07:d3:f5:06:
         1c:83:ea:13:17:7d:4c:1f:e6:25:82:5b:df:53:16:82:d3:e3:
         e9:37:3d:e6:f3:24:ad:88:c3:92:95:5d:1a:04:20:b1:76:8c:
         0f:94:52:74:9b:45:c0:4d:c1:74:32:7b:4c:be:e6:52:2d:dd:
         87:bc:bc:de:1c:b6:b6:bc:36:a9:b3:3a:d2:c9:cf:19:06:5b:
         27:c4:d4:21:ee:a2:96:49:91:89:92:c6:c2:54:d7:03:76:f8:
         a7:3c:0d:22:a0:87:91:84:f0:91:20:b8:85:00:82:62:51:97:
         77:f3:34:9d:67:4f:44:ac:d2:a2:01:15:74:bd:9d:a3:b8:ba:
         a8:f5:e0:b4:3f:e5:49:c6:08:12:e4:b3:83:55:52:9b:1b:9d:
         86:0b:7a:1d:a8:e9:d5:be:8d:ba:b0:bf:52:39:4c:42:ab:53:
         78:82:79:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRKZK4t7xxQTE5mw8A1prdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTllM2YzODBkYTc2YjFjZTA0ZTAzMzJmZTI2NTM2NWU3MTI3ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMtfV25SVm/JdmU8zNcjoJrYRtez
h0vg1lva38wKTsm1q7irOc2FWJttLxqusJUtVfu7SuyhfgFWMd35Gr55VkrKa8uV
ak3rFSg2CPOOrJEhhOjfYB5gGdUsp6gBmS+EkTe4E0V+gHHHBCSTCGNUOMkIlF4Q
i9aKuB/MIZN/aj1IdPChsKbxfodLH0KGq1vBWrAu02WT4EGTYVQ34syFiCi954gl
Sr79zmj8UQLDcR+0I4XfUvpItEDzgaxVmEeG3V7dIX4UJZmKRO9KEtc+GBXWW9Dh
3iEmUj34adSfOr9LXsScS73lycTpQInY2119rRVus6c0XC5LOO7j8xAhqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqePzgNp2sc4E4DMv4mU2XnEn5vMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvQ3A0X09BMm5heHpnVGdNeV9pWlRaZWNTZm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo4QAwQA
W5S4MA0GCSqGSIb3DQEBCwUAA4IBAQBRvsXthzRsYnxEtbWLM0n4faVi3agT3dqH
GzchnWI6h3SATdNDY7HVQLpiyYXCrOFYC42RPKlayyZzucXEvaj5WpcktF+zFyQZ
VCU1516bqZlbV0mpUQfT9QYcg+oTF31MH+YlglvfUxaC0+PpNz3m8yStiMOSlV0a
BCCxdowPlFJ0m0XATcF0MntMvuZSLd2HvLzeHLa2vDapszrSyc8ZBlsnxNQh7qKW
SZGJksbCVNcDdvinPA0ioIeRhPCRILiFAIJiUZd38zSdZ09ErNKiARV0vZ2juLqo
9eC0P+VJxggS5LODVVKbG52GC3odqOnVvo26sL9SOUxCq1N4gnm6
-----END CERTIFICATE-----