Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/_eRNvbcACjLb9zEN3lnrbv0mjjE.roa
File:                     _eRNvbcACjLb9zEN3lnrbv0mjjE.roa (raw, json)
Hash identifier:          Ry+XCwkTsLP6ueqUWQ1SIxu219L75tL3GOyhLkzc9RI=
Subject key identifier:   FD:E4:4D:BD:B7:00:0A:32:DB:F7:31:0D:DE:59:EB:6E:FD:26:8E:31
Certificate issuer:       /CN=2d5894923bb002a434128810607dfb526722004f
Certificate serial:       01941FFA4B60CC9572A9C56EFBF72105E413
Authority key identifier: 2D:58:94:92:3B:B0:02:A4:34:12:88:10:60:7D:FB:52:67:22:00:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LViUkjuwAqQ0EogQYH37UmciAE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/_eRNvbcACjLb9zEN3lnrbv0mjjE.roa
Signing time:             Wed 01 Jan 2025 03:48:04 +0000
ROA not before:           Wed 01 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41863
IP address blocks:        193.34.16.0/22 maxlen: 24
                          2001:678:b64::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/LViUkjuwAqQ0EogQYH37UmciAE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/LViUkjuwAqQ0EogQYH37UmciAE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LViUkjuwAqQ0EogQYH37UmciAE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4b:60:cc:95:72:a9:c5:6e:fb:f7:21:05:e4:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d5894923bb002a434128810607dfb526722004f
        Validity
            Not Before: Jan  1 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fde44dbdb7000a32dbf7310dde59eb6efd268e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1e:32:29:eb:ab:2e:1d:c8:a5:b3:7e:5d:66:
                    40:12:d4:9e:19:0d:d6:86:96:bf:a0:fc:ba:6d:63:
                    96:db:2d:03:84:8d:ff:6e:ba:b9:14:8a:ab:43:f9:
                    e9:dc:10:5b:87:19:09:f4:cd:5d:2a:fc:12:bd:66:
                    a0:94:80:63:d5:2c:3c:36:8e:15:fc:76:4a:12:ce:
                    da:f8:62:0f:48:7a:a3:03:48:37:70:50:23:c7:10:
                    16:e8:87:06:fb:79:ce:86:c8:1e:dc:0c:14:84:63:
                    8b:38:aa:02:5c:53:27:df:7c:cc:b8:30:40:d8:b4:
                    45:f3:3e:fc:df:bc:c0:8b:eb:7f:9e:e3:87:24:92:
                    1d:25:43:97:63:04:34:1c:f5:77:29:6b:66:78:e7:
                    f9:b5:0d:a1:9f:da:79:80:7e:d0:5b:e7:f0:39:11:
                    ba:cc:5f:29:2f:d4:47:01:82:44:d9:55:29:0d:0d:
                    41:9d:c9:62:f1:c4:85:0c:70:71:1f:58:fd:78:a9:
                    51:48:b5:08:8f:e4:e4:5c:d4:08:a5:87:21:a4:74:
                    07:ea:a6:80:14:38:66:96:50:2f:62:9c:69:28:b0:
                    c4:eb:30:09:6a:85:b7:85:be:db:d6:6d:15:50:1a:
                    0a:e4:7c:c8:a2:51:ed:20:4a:67:59:8b:be:16:5e:
                    c6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E4:4D:BD:B7:00:0A:32:DB:F7:31:0D:DE:59:EB:6E:FD:26:8E:31
            X509v3 Authority Key Identifier:
                keyid:2D:58:94:92:3B:B0:02:A4:34:12:88:10:60:7D:FB:52:67:22:00:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LViUkjuwAqQ0EogQYH37UmciAE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/_eRNvbcACjLb9zEN3lnrbv0mjjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/8a5353-14f1-40f6-a482-aee5927b4dd2/1/LViUkjuwAqQ0EogQYH37UmciAE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.16.0/22
                IPv6:
                  2001:678:b64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:57:2d:42:30:29:0e:ce:7f:b0:f6:a8:c1:6d:5e:a4:94:f2:
         e7:34:4d:91:3f:c6:95:be:7c:0d:1e:19:87:43:2f:bb:1b:e4:
         16:f6:2c:77:09:70:33:65:b2:bd:5d:2a:c7:9f:44:28:ce:36:
         5c:27:a7:37:ad:40:99:75:0e:ae:71:fd:de:71:23:5b:b7:fe:
         ab:50:2c:4e:fb:5c:87:72:60:9b:21:f6:23:86:3a:0b:d7:ab:
         82:be:80:f9:a8:73:00:a2:1f:47:de:90:0b:27:0f:00:f6:ff:
         2a:81:e2:04:5d:25:bd:bb:54:95:33:ee:9f:09:ac:0a:9b:d7:
         8d:13:d8:86:c8:a2:0a:60:e3:3c:bf:70:60:47:75:eb:00:05:
         7b:bb:10:41:2c:c2:c8:8b:70:b2:8b:bf:b1:19:ba:5b:80:dd:
         41:da:ae:a1:36:c0:44:3b:a1:6d:c1:37:c8:b3:2f:2a:fe:81:
         de:34:7e:55:1d:6a:a8:02:0a:95:0c:59:63:40:63:67:82:05:
         65:04:5e:bc:bc:56:85:72:ba:fd:61:e3:17:8d:5d:2e:29:21:
         9f:5d:ce:c0:78:c2:a0:7a:fb:01:42:3e:e8:3d:17:ad:40:0a:
         57:14:1a:39:fa:f4:ae:99:e0:90:2f:a3:54:5c:3b:13:24:6e:
         01:33:90:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+ktgzJVyqcVu+/chBeQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNTg5NDkyM2JiMDAyYTQzNDEyODgxMDYwN2RmYjUyNjcy
MjAwNGYwHhcNMjUwMTAxMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGU0NGRiZGI3MDAwYTMyZGJmNzMxMGRkZTU5ZWI2ZWZkMjY4ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR4yKeurLh3IpbN+XWZAEtSeGQ3W
hpa/oPy6bWOW2y0DhI3/brq5FIqrQ/np3BBbhxkJ9M1dKvwSvWaglIBj1Sw8No4V
/HZKEs7a+GIPSHqjA0g3cFAjxxAW6IcG+3nOhsge3AwUhGOLOKoCXFMn33zMuDBA
2LRF8z7837zAi+t/nuOHJJIdJUOXYwQ0HPV3KWtmeOf5tQ2hn9p5gH7QW+fwORG6
zF8pL9RHAYJE2VUpDQ1Bncli8cSFDHBxH1j9eKlRSLUIj+TkXNQIpYchpHQH6qaA
FDhmllAvYpxpKLDE6zAJaoW3hb7b1m0VUBoK5HzIolHtIEpnWYu+Fl7GowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP3kTb23AAoy2/cxDd5Z6279Jo4xMB8GA1UdIwQY
MBaAFC1YlJI7sAKkNBKIEGB9+1JnIgBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZpVWtqdXdBcVEwRW9nUVlIMzdVbWNpQUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS84YTUzNTMtMTRmMS00MGY2LWE0ODIt
YWVlNTkyN2I0ZGQyLzEvX2VSTnZiY0FDakxiOXpFTjNsbnJidjBtampFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS84YTUzNTMtMTRmMS00MGY2LWE0ODItYWVlNTkyN2I0ZGQy
LzEvTFZpVWtqdXdBcVEwRW9nUVlIMzdVbWNpQUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwSIQMA8E
AgACMAkDBwAgAQZ4C2QwDQYJKoZIhvcNAQELBQADggEBAFBXLUIwKQ7Of7D2qMFt
XqSU8uc0TZE/xpW+fA0eGYdDL7sb5Bb2LHcJcDNlsr1dKsefRCjONlwnpzetQJl1
Dq5x/d5xI1u3/qtQLE77XIdyYJsh9iOGOgvXq4K+gPmocwCiH0fekAsnDwD2/yqB
4gRdJb27VJUz7p8JrAqb140T2IbIogpg4zy/cGBHdesABXu7EEEswsiLcLKLv7EZ
uluA3UHarqE2wEQ7oW3BN8izLyr+gd40flUdaqgCCpUMWWNAY2eCBWUEXry8VoVy
uv1h4xeNXS4pIZ9dzsB4wqB6+wFCPug9F61AClcUGjn69K6Z4JAvo1RcOxMkbgEz
kKw=
-----END CERTIFICATE-----