Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nojsVkEiwRcQkEgQD8vd27En-6U.roa
File:                     nojsVkEiwRcQkEgQD8vd27En-6U.roa (raw, json)
Hash identifier:          dndCVS3cAt49PcfjtvLLmMW5XxluKjv5AGugrk5+SNM=
Subject key identifier:   9E:88:EC:56:41:22:C1:17:10:90:48:10:0F:CB:DD:DB:B1:27:FB:A5
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427487107421F32BA0B5CCF1A8B4B19AA
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nojsVkEiwRcQkEgQD8vd27En-6U.roa
Signing time:             Thu 02 Jan 2025 13:50:46 +0000
ROA not before:           Thu 02 Jan 2025 13:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203038
IP address blocks:        193.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:71:07:42:1f:32:ba:0b:5c:cf:1a:8b:4b:19:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e88ec564122c117109048100fcbdddbb127fba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c6:9a:37:69:62:6c:00:97:70:51:74:b6:83:
                    91:20:26:be:f0:fc:bd:7b:76:95:ce:27:d9:ed:64:
                    b0:06:9a:de:83:7e:56:d2:d2:04:7e:1e:f5:25:99:
                    e4:44:20:c5:17:99:86:a2:18:e0:18:af:97:2f:38:
                    e6:5f:da:3a:4f:e5:03:13:5a:a3:dc:81:17:e7:a0:
                    9a:9c:66:08:c3:30:9b:b6:37:35:fe:c7:09:ad:6b:
                    b8:ff:b0:c3:25:ce:7d:11:b5:a1:a0:03:4f:a3:c0:
                    25:4c:3c:7e:c1:2c:92:9f:13:1d:9f:55:5a:dc:f0:
                    bd:83:52:9d:d3:74:22:d1:03:7d:30:d6:33:b0:9b:
                    a8:b4:1e:65:20:16:78:1b:f7:38:f9:11:7e:08:e3:
                    53:15:b7:89:c8:4c:fd:cb:2b:3d:47:3b:75:b6:2f:
                    a8:a3:86:d2:f3:89:87:49:14:09:4f:6d:7e:21:ea:
                    33:c1:54:6d:97:df:39:6e:4d:71:d1:82:a3:88:50:
                    4e:a6:a7:b6:64:ab:28:98:3d:c8:b0:3e:a0:c8:79:
                    a6:b7:34:bc:6a:63:c1:18:56:66:fb:21:c1:fe:92:
                    5f:eb:2e:84:87:be:e7:d4:d8:d5:74:5c:4d:2e:5b:
                    a0:b1:15:97:c5:85:78:81:fb:01:c0:3c:c4:4b:bc:
                    cd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:88:EC:56:41:22:C1:17:10:90:48:10:0F:CB:DD:DB:B1:27:FB:A5
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nojsVkEiwRcQkEgQD8vd27En-6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:03:36:13:36:ac:41:2e:8d:5a:8c:8e:d4:af:92:49:9b:ca:
         3c:e9:77:dd:c8:11:a8:5c:4f:e6:46:7b:4c:94:35:d3:e9:9c:
         2e:72:d3:c9:f7:a5:f6:2b:77:3d:68:24:f0:6b:07:5f:98:63:
         e6:be:4e:47:cb:e5:ed:78:f8:c8:15:2a:03:23:9d:10:3a:c0:
         e9:ca:00:05:16:1a:7b:41:32:a9:f2:1d:92:a5:1f:fe:c7:da:
         15:59:e8:53:9d:f9:21:07:3e:a7:ee:ff:a1:23:2e:c4:87:42:
         25:3c:43:97:9d:f6:99:40:9b:ce:74:95:d8:07:c7:d9:66:6e:
         c9:63:f3:39:fa:9f:26:10:c8:95:ee:3d:ea:03:e5:17:1e:9f:
         6d:4a:a2:c4:ad:12:ce:1f:16:61:bf:e4:11:7c:21:4a:2c:86:
         0c:1b:a8:24:5c:17:e5:cf:08:f0:8d:68:cf:d0:d1:c2:c6:3e:
         3d:5b:34:29:7c:df:f5:93:7f:f6:bc:07:03:db:da:9c:34:53:
         cc:fe:3a:ea:cb:b8:91:11:43:5d:21:e7:1c:f7:26:3c:9d:20:
         53:fd:86:1e:06:ac:c1:6c:8f:61:65:2d:00:b1:43:de:7d:77:
         8d:d6:43:6d:67:df:f1:8c:16:ee:64:bc:f2:ea:0d:3e:55:88:
         6a:86:b6:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHEHQh8yugtczxqLSxmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg4ZWM1NjQxMjJjMTE3MTA5MDQ4MTAwZmNiZGRkYmIxMjdmYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsaaN2libACXcFF0toORICa+8Py9
e3aVzifZ7WSwBpreg35W0tIEfh71JZnkRCDFF5mGohjgGK+XLzjmX9o6T+UDE1qj
3IEX56CanGYIwzCbtjc1/scJrWu4/7DDJc59EbWhoANPo8AlTDx+wSySnxMdn1Va
3PC9g1Kd03Qi0QN9MNYzsJuotB5lIBZ4G/c4+RF+CONTFbeJyEz9yys9Rzt1ti+o
o4bS84mHSRQJT21+IeozwVRtl985bk1x0YKjiFBOpqe2ZKsomD3IsD6gyHmmtzS8
amPBGFZm+yHB/pJf6y6Eh77n1NjVdFxNLlugsRWXxYV4gfsBwDzES7zNuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6I7FZBIsEXEJBIEA/L3duxJ/ulMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvbm9qc1ZrRWl3UmNRa0VnUUQ4dmQyN0VuLTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQAzAzYTNqxBLo1ajI7Ur5JJm8o86XfdyBGoXE/mRntM
lDXT6ZwuctPJ96X2K3c9aCTwawdfmGPmvk5Hy+XtePjIFSoDI50QOsDpygAFFhp7
QTKp8h2SpR/+x9oVWehTnfkhBz6n7v+hIy7Eh0IlPEOXnfaZQJvOdJXYB8fZZm7J
Y/M5+p8mEMiV7j3qA+UXHp9tSqLErRLOHxZhv+QRfCFKLIYMG6gkXBflzwjwjWjP
0NHCxj49WzQpfN/1k3/2vAcD29qcNFPM/jrqy7iREUNdIecc9yY8nSBT/YYeBqzB
bI9hZS0AsUPefXeN1kNtZ9/xjBbuZLzy6g0+VYhqhrZ6
-----END CERTIFICATE-----