Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/FRnz626bdZUi5dlnogDmmaKmtDw.roa
File:                     FRnz626bdZUi5dlnogDmmaKmtDw.roa (raw, json)
Hash identifier:          KOMP72ozcqmiyzHqhYqDx7aKQMM+4lcWHZNxZP25854=
Subject key identifier:   15:19:F3:EB:6E:9B:75:95:22:E5:D9:67:A2:00:E6:99:A2:A6:B4:3C
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       019440C23D85427F0E6710E71CA83068A18B
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/FRnz626bdZUi5dlnogDmmaKmtDw.roa
Signing time:             Tue 07 Jan 2025 12:34:19 +0000
ROA not before:           Tue 07 Jan 2025 12:34:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        92.242.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:c2:3d:85:42:7f:0e:67:10:e7:1c:a8:30:68:a1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Jan  7 12:34:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1519f3eb6e9b759522e5d967a200e699a2a6b43c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a1:b7:94:bc:69:b4:ab:67:a6:e0:b9:9b:8b:
                    ff:43:eb:2b:ea:21:14:e8:4b:df:27:63:84:c0:09:
                    29:54:86:36:e0:5d:ed:c1:4e:ab:b0:d1:9a:d1:25:
                    0e:bf:91:b9:8f:2b:12:53:0c:8d:e8:0a:65:04:dd:
                    ed:00:ee:ce:8e:96:ec:09:e2:29:c6:3f:d5:04:6c:
                    b8:aa:99:eb:e2:f2:06:56:28:4f:cf:fb:42:46:4c:
                    16:09:c1:75:49:fa:99:0e:44:18:4f:3f:25:9e:e7:
                    68:8c:b7:b0:97:2f:ad:79:f4:75:07:06:f4:e9:1a:
                    73:e9:5a:1d:4f:d0:6c:43:c0:5f:db:29:c9:2c:2d:
                    46:60:ff:9a:02:fe:fc:c5:25:dc:72:c6:4a:24:2a:
                    b2:ff:e1:d6:d8:ad:51:09:cc:4d:9f:c5:c3:2a:eb:
                    9d:a1:bf:0e:89:1f:ea:38:af:81:b1:d6:80:7d:73:
                    23:e0:d5:5f:dd:3f:1d:15:18:a3:9a:48:bd:a8:7a:
                    39:71:92:9d:0a:7d:c8:8e:9a:c0:d9:7e:f4:b7:a9:
                    55:52:35:51:7c:ad:f1:e1:19:55:04:c5:3d:be:3c:
                    1d:7f:e8:4e:17:c1:78:a8:f8:df:78:e5:2b:aa:fc:
                    a1:44:67:71:66:62:75:7e:5d:d7:86:b3:42:78:26:
                    1e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:19:F3:EB:6E:9B:75:95:22:E5:D9:67:A2:00:E6:99:A2:A6:B4:3C
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/FRnz626bdZUi5dlnogDmmaKmtDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:21:ec:1e:db:62:be:f6:11:d4:ad:74:44:20:f4:cc:15:98:
         7e:07:25:5f:e3:3a:82:c2:83:20:1c:4e:fe:e8:29:07:8c:b1:
         67:94:18:65:9c:87:c4:75:17:ec:3c:ef:0c:33:02:50:a0:43:
         0e:1f:f8:54:08:10:60:f9:e3:ae:93:6e:1c:e3:0b:ae:ae:6a:
         e1:ea:c8:93:b9:ed:5d:3e:48:e8:30:e5:a7:db:9f:9b:26:a8:
         b4:1f:59:26:89:b6:ee:5f:08:86:7b:3c:ea:a1:09:46:b0:3a:
         93:7a:22:af:26:0e:d0:ed:8c:5d:40:cf:78:df:b7:bc:d3:5d:
         52:08:a9:5c:cd:fd:cc:74:69:cd:fe:56:6a:1e:3f:b5:07:f7:
         18:38:ea:e7:e9:b6:5e:67:39:0a:48:6f:44:09:0e:4a:2e:3c:
         21:8d:ef:9a:d1:a8:3f:b1:8c:ce:0b:b6:1f:9c:93:2e:ca:28:
         a6:c3:55:83:32:26:61:a4:58:f1:5f:f0:56:f2:a4:82:a3:10:
         01:09:ec:f3:a1:06:b5:d5:f0:b1:0a:43:2a:d5:6e:2d:3d:07:
         df:d7:29:1b:98:d2:c4:1b:43:e4:d9:a2:f4:46:1d:28:82:3e:
         6c:dc:03:36:90:4e:cf:93:dc:d7:14:c5:fb:31:a1:2d:eb:dc:
         3a:1e:02:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRAwj2FQn8OZxDnHKgwaKGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjUwMTA3MTIzNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTE5ZjNlYjZlOWI3NTk1MjJlNWQ5NjdhMjAwZTY5OWEyYTZiNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26G3lLxptKtnpuC5m4v/Q+sr6iEU
6EvfJ2OEwAkpVIY24F3twU6rsNGa0SUOv5G5jysSUwyN6AplBN3tAO7OjpbsCeIp
xj/VBGy4qpnr4vIGVihPz/tCRkwWCcF1SfqZDkQYTz8lnudojLewly+tefR1Bwb0
6Rpz6VodT9BsQ8Bf2ynJLC1GYP+aAv78xSXccsZKJCqy/+HW2K1RCcxNn8XDKuud
ob8OiR/qOK+BsdaAfXMj4NVf3T8dFRijmki9qHo5cZKdCn3IjprA2X70t6lVUjVR
fK3x4RlVBMU9vjwdf+hOF8F4qPjfeOUrqvyhRGdxZmJ1fl3XhrNCeCYefwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUZ8+tum3WVIuXZZ6IA5pmiprQ8MB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvRlJuejYyNmJkWlVpNWRsbm9nRG1tYUttdER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKnMA0G
CSqGSIb3DQEBCwUAA4IBAQBqIewe22K+9hHUrXREIPTMFZh+ByVf4zqCwoMgHE7+
6CkHjLFnlBhlnIfEdRfsPO8MMwJQoEMOH/hUCBBg+eOuk24c4wuurmrh6siTue1d
PkjoMOWn25+bJqi0H1kmibbuXwiGezzqoQlGsDqTeiKvJg7Q7YxdQM9437e8011S
CKlczf3MdGnN/lZqHj+1B/cYOOrn6bZeZzkKSG9ECQ5KLjwhje+a0ag/sYzOC7Yf
nJMuyiimw1WDMiZhpFjxX/BW8qSCoxABCezzoQa11fCxCkMq1W4tPQff1ykbmNLE
G0Pk2aL0Rh0ogj5s3AM2kE7Pk9zXFMX7MaEt69w6HgLb
-----END CERTIFICATE-----