Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/heJEz4aIV8pCovQNxPGHm98CLzg.roa
File:                     heJEz4aIV8pCovQNxPGHm98CLzg.roa (raw, json)
Hash identifier:          oSOD/5s+DowUJTv2duSzog5oYqkTO1A7yRox3C69klU=
Subject key identifier:   85:E2:44:CF:86:88:57:CA:42:A2:F4:0D:C4:F1:87:9B:DF:02:2F:38
Certificate issuer:       /CN=8693dfee1768739eb5976c245b5ad005b3258ec6
Certificate serial:       019423D6CD67AE8335F6323B04F10E7654A6
Authority key identifier: 86:93:DF:EE:17:68:73:9E:B5:97:6C:24:5B:5A:D0:05:B3:25:8E:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hpPf7hdoc561l2wkW1rQBbMljsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/heJEz4aIV8pCovQNxPGHm98CLzg.roa
Signing time:             Wed 01 Jan 2025 21:47:47 +0000
ROA not before:           Wed 01 Jan 2025 21:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209475
IP address blocks:        217.64.156.0/22 maxlen: 22
                          217.64.156.0/24 maxlen: 24
                          217.64.157.0/24 maxlen: 24
                          217.64.158.0/24 maxlen: 24
                          217.64.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/hpPf7hdoc561l2wkW1rQBbMljsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/hpPf7hdoc561l2wkW1rQBbMljsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hpPf7hdoc561l2wkW1rQBbMljsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:cd:67:ae:83:35:f6:32:3b:04:f1:0e:76:54:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8693dfee1768739eb5976c245b5ad005b3258ec6
        Validity
            Not Before: Jan  1 21:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85e244cf868857ca42a2f40dc4f1879bdf022f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b3:13:d0:8e:54:dc:a5:d1:4c:04:78:ac:ca:
                    9c:49:7f:45:fc:bb:12:62:86:eb:94:26:05:71:1f:
                    4a:d5:33:93:01:83:58:45:59:ff:92:17:93:0f:4a:
                    cb:19:77:00:af:4b:4e:0a:24:e9:f4:7b:68:c6:f1:
                    36:28:58:d4:85:43:8c:fa:5b:bc:28:26:2c:a9:bc:
                    d8:bd:89:ac:52:0b:bd:6b:55:55:7a:2b:6f:45:93:
                    59:05:84:ce:61:e1:c8:6f:31:0a:f5:1e:d2:5e:65:
                    1d:1f:7b:f4:5f:ed:80:74:8a:2b:1f:62:8d:54:6c:
                    e0:20:ae:14:6e:48:4a:c5:c3:15:89:cf:a5:7c:2f:
                    40:11:e3:b5:1c:a5:6e:9f:06:2b:34:66:b4:38:ce:
                    2b:da:85:3b:76:7e:38:82:74:5d:b3:94:32:73:0a:
                    19:4a:41:7e:bb:69:85:90:ad:28:6e:77:8b:4e:5c:
                    d1:1f:85:a0:86:3b:89:ad:0a:46:5d:73:ed:9b:57:
                    85:1b:d9:d4:8e:e6:c1:14:5e:55:a3:63:31:f2:42:
                    2d:96:5e:4e:f8:a3:13:fe:92:fd:dd:23:23:6d:1c:
                    a6:ee:a2:ab:26:56:21:6e:90:83:74:3d:3e:12:1d:
                    43:59:53:ca:46:16:08:5b:d5:e9:31:b2:50:0c:d6:
                    9e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E2:44:CF:86:88:57:CA:42:A2:F4:0D:C4:F1:87:9B:DF:02:2F:38
            X509v3 Authority Key Identifier:
                keyid:86:93:DF:EE:17:68:73:9E:B5:97:6C:24:5B:5A:D0:05:B3:25:8E:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hpPf7hdoc561l2wkW1rQBbMljsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/heJEz4aIV8pCovQNxPGHm98CLzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/eb063f-4c3c-4971-ae50-66482071b819/1/hpPf7hdoc561l2wkW1rQBbMljsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.64.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:0a:14:9f:6c:b9:6c:38:ba:80:ff:63:9d:12:ef:29:50:62:
         43:60:02:7b:30:34:64:91:94:35:e5:aa:88:36:4a:69:86:51:
         7b:e5:40:8d:44:4b:d0:17:db:3d:81:7e:67:cd:31:fa:26:d5:
         26:a8:b5:60:f9:4e:72:8a:10:aa:9a:f7:2e:64:df:8d:26:4a:
         74:52:3e:8b:61:b1:9b:20:d1:9c:d7:bc:a7:9c:cc:89:f1:17:
         74:bb:fb:12:0a:a1:96:37:7a:8e:47:15:03:1d:34:d0:fb:c9:
         89:c8:58:d4:f7:93:48:fc:46:a6:50:31:d1:19:ab:55:2d:ec:
         a4:2c:86:ce:2c:ca:85:c4:0a:19:dd:1c:50:d0:c4:5b:c1:c8:
         9b:4e:14:61:26:c1:25:7d:a9:3c:85:13:dd:56:34:24:ad:6e:
         8f:15:32:bc:31:9d:fe:5f:91:44:3b:9c:08:ef:3d:fe:08:89:
         05:12:3b:9e:af:f3:32:50:e1:20:86:3a:3d:32:3e:1f:5b:4a:
         83:72:8a:0d:3a:46:cf:5e:00:c5:96:41:63:07:9b:c0:82:82:
         e6:3d:b9:da:1e:79:d2:a4:36:61:ab:b5:30:c6:0d:fc:c6:21:
         46:28:eb:fd:33:dd:27:4c:8b:cd:34:db:09:5f:63:c7:a8:a5:
         68:92:76:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1s1nroM19jI7BPEOdlSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2OTNkZmVlMTc2ODczOWViNTk3NmMyNDViNWFkMDA1YjMy
NThlYzYwHhcNMjUwMTAxMjE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWUyNDRjZjg2ODg1N2NhNDJhMmY0MGRjNGYxODc5YmRmMDIyZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprMT0I5U3KXRTAR4rMqcSX9F/LsS
YobrlCYFcR9K1TOTAYNYRVn/kheTD0rLGXcAr0tOCiTp9HtoxvE2KFjUhUOM+lu8
KCYsqbzYvYmsUgu9a1VVeitvRZNZBYTOYeHIbzEK9R7SXmUdH3v0X+2AdIorH2KN
VGzgIK4UbkhKxcMVic+lfC9AEeO1HKVunwYrNGa0OM4r2oU7dn44gnRds5QycwoZ
SkF+u2mFkK0obneLTlzRH4WghjuJrQpGXXPtm1eFG9nUjubBFF5Vo2Mx8kItll5O
+KMT/pL93SMjbRym7qKrJlYhbpCDdD0+Eh1DWVPKRhYIW9XpMbJQDNaehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXiRM+GiFfKQqL0DcTxh5vfAi84MB8GA1UdIwQY
MBaAFIaT3+4XaHOetZdsJFta0AWzJY7GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHBQZjdoZG9jNTYxbDJ3a1cxclFCYk1sanNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9lYjA2M2YtNGMzYy00OTcxLWFlNTAt
NjY0ODIwNzFiODE5LzEvaGVKRXo0YUlWOHBDb3ZRTnhQR0htOThDTHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9lYjA2M2YtNGMzYy00OTcxLWFlNTAtNjY0ODIwNzFiODE5
LzEvaHBQZjdoZG9jNTYxbDJ3a1cxclFCYk1sanNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UCcMA0G
CSqGSIb3DQEBCwUAA4IBAQBgChSfbLlsOLqA/2OdEu8pUGJDYAJ7MDRkkZQ15aqI
NkpphlF75UCNREvQF9s9gX5nzTH6JtUmqLVg+U5yihCqmvcuZN+NJkp0Uj6LYbGb
INGc17ynnMyJ8Rd0u/sSCqGWN3qORxUDHTTQ+8mJyFjU95NI/EamUDHRGatVLeyk
LIbOLMqFxAoZ3RxQ0MRbwcibThRhJsElfak8hRPdVjQkrW6PFTK8MZ3+X5FEO5wI
7z3+CIkFEjuer/MyUOEghjo9Mj4fW0qDcooNOkbPXgDFlkFjB5vAgoLmPbnaHnnS
pDZhq7Uwxg38xiFGKOv9M90nTIvNNNsJX2PHqKVoknbD
-----END CERTIFICATE-----