Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/S4EF7GZkKHQk37l_ued986i2Tgs.roa
File:                     S4EF7GZkKHQk37l_ued986i2Tgs.roa (raw, json)
Hash identifier:          FvV2K4DtWUOmCwzjZQk2qU2Y68lMcMAMzsYbwXu+zHY=
Subject key identifier:   4B:81:05:EC:66:64:28:74:24:DF:B9:7F:B9:E7:7D:F3:A8:B6:4E:0B
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0194282431CBCB86C9771BE865F49E3E6D5D
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/S4EF7GZkKHQk37l_ued986i2Tgs.roa
Signing time:             Thu 02 Jan 2025 17:50:48 +0000
ROA not before:           Thu 02 Jan 2025 17:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216286
IP address blocks:        78.142.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:31:cb:cb:86:c9:77:1b:e8:65:f4:9e:3e:6d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b8105ec6664287424dfb97fb9e77df3a8b64e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:5b:eb:65:5f:00:fc:eb:f6:02:42:2f:44:94:
                    a0:25:96:8f:b2:27:da:f1:1a:dc:f2:bb:64:96:08:
                    08:6f:22:39:6e:57:68:2e:02:e0:7e:84:66:c3:53:
                    d7:05:07:9a:44:37:4c:44:d2:4d:39:51:98:8d:ba:
                    f8:5c:76:46:57:86:5c:94:07:27:c4:fd:f1:73:06:
                    dd:bb:78:ad:2f:88:a9:96:15:25:c2:3c:34:48:c2:
                    ae:32:39:5d:8a:8a:a2:73:93:d6:77:eb:4a:62:a2:
                    36:9c:91:68:c2:d4:00:ee:13:54:61:02:55:f5:ec:
                    af:2b:27:42:d5:c4:22:a4:67:db:df:ce:b3:c5:75:
                    3e:7f:06:75:ec:76:a7:9d:9f:cb:b0:d0:a2:70:0e:
                    0f:6c:72:5b:e2:00:f7:19:e6:fa:aa:20:2c:c1:06:
                    50:22:a2:51:47:5f:fb:40:8d:86:24:ac:1a:4e:b0:
                    17:5d:0e:35:3a:df:0d:ac:4c:d4:ea:90:26:a3:57:
                    cf:eb:29:5c:ed:e1:2c:25:15:29:f8:87:c2:ab:63:
                    b2:15:12:97:dc:4e:d5:50:78:41:4f:9f:af:c9:16:
                    ba:90:9d:d5:5b:ff:9e:1f:80:16:a7:51:da:6c:0b:
                    2b:66:b2:d5:1a:9c:b3:76:a5:46:00:d7:f5:23:11:
                    ce:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:81:05:EC:66:64:28:74:24:DF:B9:7F:B9:E7:7D:F3:A8:B6:4E:0B
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/S4EF7GZkKHQk37l_ued986i2Tgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:90:6d:96:5f:5c:db:a7:ba:e2:f8:b3:a4:67:25:c9:2c:40:
         4f:a4:2c:fe:22:5e:d4:7a:42:c8:d2:08:b4:2e:94:80:ac:9c:
         42:90:cf:24:3f:14:bc:06:4a:8c:5d:ef:09:dc:31:1e:78:f9:
         44:bb:c9:36:7d:93:82:aa:b4:4f:79:e3:91:fd:2a:6d:10:a9:
         3f:0c:7f:7a:45:c7:6a:70:dc:b8:09:61:01:ec:66:fb:86:65:
         71:94:75:ec:1c:c5:da:c5:41:9c:6d:be:5f:ae:a9:00:c4:2a:
         92:fb:9d:01:90:1f:c3:5f:c9:c8:f4:e4:6d:61:90:fa:2b:87:
         fb:21:fb:fa:f5:21:ae:f6:9e:79:7e:0e:18:61:d8:bf:aa:07:
         ea:34:43:7b:dc:9c:0e:3e:80:bd:a5:ca:1e:38:de:55:7d:4b:
         76:84:c5:59:2f:1f:51:ca:64:cc:7e:37:3c:5d:68:16:52:31:
         29:d3:06:be:54:e5:5a:1f:90:cc:d0:ad:8c:00:22:8d:bf:e0:
         69:1f:07:fe:02:24:39:d0:38:87:52:13:0d:89:77:f1:9d:c9:
         3b:ac:21:c0:8b:22:37:5e:3a:d7:7c:9a:0b:9b:29:6f:cf:5f:
         ad:3e:56:90:00:98:a6:c2:73:1f:f1:be:43:85:9b:d6:c4:52:
         dc:fe:b6:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJDHLy4bJdxvoZfSePm1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjgxMDVlYzY2NjQyODc0MjRkZmI5N2ZiOWU3N2RmM2E4YjY0ZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FvrZV8A/Ov2AkIvRJSgJZaPsifa
8Rrc8rtklggIbyI5bldoLgLgfoRmw1PXBQeaRDdMRNJNOVGYjbr4XHZGV4ZclAcn
xP3xcwbdu3itL4iplhUlwjw0SMKuMjldioqic5PWd+tKYqI2nJFowtQA7hNUYQJV
9eyvKydC1cQipGfb386zxXU+fwZ17HannZ/LsNCicA4PbHJb4gD3Geb6qiAswQZQ
IqJRR1/7QI2GJKwaTrAXXQ41Ot8NrEzU6pAmo1fP6ylc7eEsJRUp+IfCq2OyFRKX
3E7VUHhBT5+vyRa6kJ3VW/+eH4AWp1HabAsrZrLVGpyzdqVGANf1IxHOTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuBBexmZCh0JN+5f7nnffOotk4LMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUzRFRjdHWmtLSFFrMzdsX3VlZDk4NmkyVGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo46MA0G
CSqGSIb3DQEBCwUAA4IBAQBxkG2WX1zbp7ri+LOkZyXJLEBPpCz+Il7UekLI0gi0
LpSArJxCkM8kPxS8BkqMXe8J3DEeePlEu8k2fZOCqrRPeeOR/SptEKk/DH96Rcdq
cNy4CWEB7Gb7hmVxlHXsHMXaxUGcbb5frqkAxCqS+50BkB/DX8nI9ORtYZD6K4f7
Ifv69SGu9p55fg4YYdi/qgfqNEN73JwOPoC9pcoeON5VfUt2hMVZLx9RymTMfjc8
XWgWUjEp0wa+VOVaH5DM0K2MACKNv+BpHwf+AiQ50DiHUhMNiXfxnck7rCHAiyI3
XjrXfJoLmylvz1+tPlaQAJimwnMf8b5DhZvWxFLc/rbg
-----END CERTIFICATE-----