Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/1KCeM_saj2EHwCtmvYUyod5fQVk.roa
File:                     1KCeM_saj2EHwCtmvYUyod5fQVk.roa (raw, json)
Hash identifier:          Pv9o3ZWxmDIYTSHQUpAENmb1SekUnxD3+SSuHyFLNIk=
Subject key identifier:   D4:A0:9E:33:FB:1A:8F:61:07:C0:2B:66:BD:85:32:A1:DE:5F:41:59
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       019427B5B2AEA9417EF95DE6EE7E00A48E03
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/1KCeM_saj2EHwCtmvYUyod5fQVk.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        217.147.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b2:ae:a9:41:7e:f9:5d:e6:ee:7e:00:a4:8e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4a09e33fb1a8f6107c02b66bd8532a1de5f4159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:06:f5:22:f5:48:30:57:1a:18:57:6a:f0:48:
                    ac:43:c0:e8:89:61:0c:8c:af:98:71:d9:29:0c:b6:
                    b0:a1:f7:64:44:13:af:38:39:bf:7c:ec:d9:b3:5d:
                    94:cc:70:77:49:07:94:22:62:5a:4e:dd:c9:13:9f:
                    18:25:e1:66:74:1a:56:ea:79:29:c1:b5:15:55:ec:
                    ca:bc:96:34:60:97:15:89:13:69:b4:48:27:cd:d4:
                    62:ab:7c:4f:f3:6f:c8:ee:61:cf:75:7d:ee:ba:1f:
                    66:ff:fc:1d:eb:4b:58:2d:54:93:78:af:85:6c:40:
                    6d:cc:d5:50:15:2a:d0:4a:bd:26:96:94:f4:03:f3:
                    e3:2b:0a:d8:2b:05:7f:a5:1a:54:82:81:45:d3:80:
                    d9:a5:33:5e:bf:7f:33:e1:0d:4d:1a:09:95:1f:ac:
                    7f:4b:6e:1e:f9:8b:f3:9b:47:83:82:67:da:29:45:
                    0a:46:3c:86:f9:03:e0:72:6b:40:74:03:cd:52:55:
                    4c:36:44:ed:90:6e:d5:7c:1c:8b:1b:d8:f9:ab:57:
                    60:6e:3b:66:55:d6:35:01:0c:20:16:9d:e8:31:8e:
                    0a:d8:ec:28:2a:6f:15:8f:1c:74:3f:fa:18:f5:92:
                    cd:02:a0:7b:53:d5:01:49:b7:34:76:ba:7e:73:e4:
                    a8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:A0:9E:33:FB:1A:8F:61:07:C0:2B:66:BD:85:32:A1:DE:5F:41:59
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/1KCeM_saj2EHwCtmvYUyod5fQVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:a6:3e:ad:a1:a6:65:6c:62:3f:d8:6a:c7:79:eb:0e:bf:2b:
         7b:14:7b:8a:d4:3b:41:5a:0d:5e:84:ea:8f:66:fb:6d:bb:ae:
         18:c1:38:28:c0:85:9f:e7:68:32:17:5f:3b:5b:a3:d0:0e:f3:
         bb:a1:06:95:57:b3:d6:72:57:cf:ef:d6:81:0b:34:67:8f:2b:
         ff:a9:c1:72:b4:31:fb:bf:20:50:43:16:b2:24:1a:09:34:79:
         73:d5:87:c2:44:9d:77:ca:c3:27:5e:c7:b7:a5:4c:a8:8d:a2:
         7b:b7:c9:b5:24:a2:62:86:f7:3c:f4:f9:f7:b7:ec:cd:97:7a:
         0f:8a:81:df:7e:9e:ac:e7:44:40:1b:57:21:4e:f6:ac:d8:61:
         63:f7:c3:23:b8:98:20:c3:36:22:d7:da:d4:bd:9f:bb:1b:e3:
         df:2c:9e:c2:60:8a:23:70:5b:6b:75:bd:27:c1:1b:00:81:c2:
         17:a8:59:f3:1a:99:c4:ef:e8:42:f6:da:9d:5e:cf:74:e7:15:
         5e:54:a9:07:6b:77:9a:03:e0:69:70:e2:f7:b5:bf:02:90:b3:
         09:2c:2a:86:14:4d:04:a4:ab:94:f5:9c:bb:7a:61:1f:90:95:
         0f:24:87:04:19:92:ae:d4:8a:47:b0:8f:0d:82:12:32:3d:fd:
         36:79:49:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbKuqUF++V3m7n4ApI4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGEwOWUzM2ZiMWE4ZjYxMDdjMDJiNjZiZDg1MzJhMWRlNWY0MTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAb1IvVIMFcaGFdq8EisQ8DoiWEM
jK+YcdkpDLawofdkRBOvODm/fOzZs12UzHB3SQeUImJaTt3JE58YJeFmdBpW6nkp
wbUVVezKvJY0YJcViRNptEgnzdRiq3xP82/I7mHPdX3uuh9m//wd60tYLVSTeK+F
bEBtzNVQFSrQSr0mlpT0A/PjKwrYKwV/pRpUgoFF04DZpTNev38z4Q1NGgmVH6x/
S24e+Yvzm0eDgmfaKUUKRjyG+QPgcmtAdAPNUlVMNkTtkG7VfByLG9j5q1dgbjtm
VdY1AQwgFp3oMY4K2OwoKm8Vjxx0P/oY9ZLNAqB7U9UBSbc0drp+c+SoAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSgnjP7Go9hB8ArZr2FMqHeX0FZMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvMUtDZU1fc2FqMkVId0N0bXZZVXlvZDVmUVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMEMA0G
CSqGSIb3DQEBCwUAA4IBAQBEpj6toaZlbGI/2GrHeesOvyt7FHuK1DtBWg1ehOqP
Zvttu64YwTgowIWf52gyF187W6PQDvO7oQaVV7PWclfP79aBCzRnjyv/qcFytDH7
vyBQQxayJBoJNHlz1YfCRJ13ysMnXse3pUyojaJ7t8m1JKJihvc89Pn3t+zNl3oP
ioHffp6s50RAG1chTvas2GFj98MjuJggwzYi19rUvZ+7G+PfLJ7CYIojcFtrdb0n
wRsAgcIXqFnzGpnE7+hC9tqdXs905xVeVKkHa3eaA+BpcOL3tb8CkLMJLCqGFE0E
pKuU9Zy7emEfkJUPJIcEGZKu1IpHsI8NghIyPf02eUmG
-----END CERTIFICATE-----