Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/fCKBgjNaPgCYlEAaSC02t2TX-HQ.roa
File:                     fCKBgjNaPgCYlEAaSC02t2TX-HQ.roa (raw, json)
Hash identifier:          z50OwHqPJLgmTj1OD+z+QDtPxp5JJkD8lN3khIG3bwQ=
Subject key identifier:   7C:22:81:82:33:5A:3E:00:98:94:40:1A:48:2D:36:B7:64:D7:F8:74
Certificate issuer:       /CN=9d8f393483d489c429fc18b09342d76d0afe4244
Certificate serial:       019420D5F17C5ACB0DA33EAE742742CED0F9
Authority key identifier: 9D:8F:39:34:83:D4:89:C4:29:FC:18:B0:93:42:D7:6D:0A:FE:42:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nY85NIPUicQp_Biwk0LXbQr-QkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/fCKBgjNaPgCYlEAaSC02t2TX-HQ.roa
Signing time:             Wed 01 Jan 2025 07:47:59 +0000
ROA not before:           Wed 01 Jan 2025 07:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197219
IP address blocks:        93.174.200.0/21 maxlen: 21
                          2a02:1720::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/nY85NIPUicQp_Biwk0LXbQr-QkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/nY85NIPUicQp_Biwk0LXbQr-QkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nY85NIPUicQp_Biwk0LXbQr-QkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f1:7c:5a:cb:0d:a3:3e:ae:74:27:42:ce:d0:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d8f393483d489c429fc18b09342d76d0afe4244
        Validity
            Not Before: Jan  1 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c228182335a3e009894401a482d36b764d7f874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3f:91:9b:1c:f3:8b:75:8d:5d:86:8c:f2:8b:
                    9f:ee:26:5f:13:af:17:50:94:95:77:26:57:97:83:
                    df:95:a8:e5:70:52:f9:fc:40:8e:79:e3:50:1d:f4:
                    d0:0b:77:a7:a6:ba:75:5e:04:d7:2b:b1:95:54:5b:
                    20:de:d0:70:66:fb:1c:a8:28:cb:c7:3b:ce:8a:7e:
                    3c:aa:a6:4a:06:d1:4f:0b:f2:98:c2:fa:8b:5d:09:
                    df:25:26:d6:5a:40:e7:37:73:18:8c:83:06:bd:e4:
                    ec:dd:e3:59:62:e7:0e:09:77:60:c6:d8:0e:68:98:
                    c0:ce:4d:aa:5f:ba:46:f7:3b:43:74:07:9c:34:dc:
                    ac:4a:2d:64:25:b4:81:62:f8:eb:4e:db:5a:22:ba:
                    f5:bc:02:2d:be:8b:ab:bc:b6:20:dd:d6:fa:71:6c:
                    b7:fd:da:a3:0d:6e:f9:c8:eb:93:65:d0:f4:d8:c1:
                    8f:9e:4f:e9:41:63:4b:9e:1f:59:56:0f:c8:f6:84:
                    56:7d:3f:8f:a9:58:09:25:ed:13:6c:8f:94:57:9b:
                    10:6a:db:95:92:a4:de:62:4c:0a:41:e7:6b:73:a3:
                    19:00:29:44:24:f5:4e:11:7d:a9:ea:e8:09:ea:e8:
                    23:24:85:22:ef:f2:45:59:0e:3a:e5:ca:49:48:81:
                    ff:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:22:81:82:33:5A:3E:00:98:94:40:1A:48:2D:36:B7:64:D7:F8:74
            X509v3 Authority Key Identifier:
                keyid:9D:8F:39:34:83:D4:89:C4:29:FC:18:B0:93:42:D7:6D:0A:FE:42:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nY85NIPUicQp_Biwk0LXbQr-QkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/fCKBgjNaPgCYlEAaSC02t2TX-HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9e8166-160f-4ce2-9017-1e151aa1afdc/1/nY85NIPUicQp_Biwk0LXbQr-QkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.200.0/21
                IPv6:
                  2a02:1720::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:2c:3e:fd:65:c9:36:6b:56:b7:32:53:9c:83:95:50:5d:f9:
         42:a3:5c:38:f1:08:1e:18:db:1e:24:3b:c3:fe:d4:dc:0f:75:
         a4:c0:74:81:07:a1:36:52:3e:d7:d2:06:c7:b5:6a:81:be:0c:
         5b:bb:45:34:f4:81:c0:c6:e0:c5:56:60:21:61:c8:be:60:f0:
         de:be:2f:da:ba:15:ea:59:45:39:1e:f0:f3:5d:b2:f6:3b:18:
         b4:4a:5d:c2:38:ab:19:dd:6d:79:e4:ad:b2:c1:e8:6c:4c:07:
         05:74:b6:ea:8f:a5:d4:7b:96:fc:9e:6b:fa:c9:2b:77:54:78:
         ec:4e:0e:0c:84:f3:79:e8:69:31:2b:f0:79:2e:4b:76:a8:bb:
         3d:86:65:c8:e7:4a:0c:81:28:59:83:9b:e9:91:50:e8:64:5b:
         4b:61:e6:c5:6b:dc:69:0c:53:17:d5:bf:17:8c:4e:67:31:c9:
         c0:87:93:fd:ac:b9:8f:35:ee:ff:5f:c1:20:f1:a8:0e:e4:69:
         97:22:94:f3:ec:cd:01:cf:06:3c:d8:d6:cd:aa:a7:2e:2b:28:
         df:42:5c:19:74:99:16:1e:96:32:c3:6c:cc:d7:86:ae:89:5d:
         10:4d:be:0f:56:ff:ac:20:d5:7a:68:e4:54:83:89:3b:30:9c:
         f3:cf:e7:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1fF8WssNoz6udCdCztD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOGYzOTM0ODNkNDg5YzQyOWZjMThiMDkzNDJkNzZkMGFm
ZTQyNDQwHhcNMjUwMTAxMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzIyODE4MjMzNWEzZTAwOTg5NDQwMWE0ODJkMzZiNzY0ZDdmODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj+Rmxzzi3WNXYaM8ouf7iZfE68X
UJSVdyZXl4PflajlcFL5/ECOeeNQHfTQC3enprp1XgTXK7GVVFsg3tBwZvscqCjL
xzvOin48qqZKBtFPC/KYwvqLXQnfJSbWWkDnN3MYjIMGveTs3eNZYucOCXdgxtgO
aJjAzk2qX7pG9ztDdAecNNysSi1kJbSBYvjrTttaIrr1vAItvourvLYg3db6cWy3
/dqjDW75yOuTZdD02MGPnk/pQWNLnh9ZVg/I9oRWfT+PqVgJJe0TbI+UV5sQatuV
kqTeYkwKQedrc6MZAClEJPVOEX2p6ugJ6ugjJIUi7/JFWQ465cpJSIH/ZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHwigYIzWj4AmJRAGkgtNrdk1/h0MB8GA1UdIwQY
MBaAFJ2POTSD1InEKfwYsJNC120K/kJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblk4NU5JUFVpY1FwX0Jpd2swTFhiUXItUWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85ZTgxNjYtMTYwZi00Y2UyLTkwMTct
MWUxNTFhYTFhZmRjLzEvZkNLQmdqTmFQZ0NZbEVBYVNDMDJ0MlRYLUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85ZTgxNjYtMTYwZi00Y2UyLTkwMTctMWUxNTFhYTFhZmRj
LzEvblk4NU5JUFVpY1FwX0Jpd2swTFhiUXItUWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXa7IMA0E
AgACMAcDBQAqAhcgMA0GCSqGSIb3DQEBCwUAA4IBAQADLD79Zck2a1a3MlOcg5VQ
XflCo1w48QgeGNseJDvD/tTcD3WkwHSBB6E2Uj7X0gbHtWqBvgxbu0U09IHAxuDF
VmAhYci+YPDevi/auhXqWUU5HvDzXbL2Oxi0Sl3COKsZ3W155K2ywehsTAcFdLbq
j6XUe5b8nmv6ySt3VHjsTg4MhPN56GkxK/B5Lkt2qLs9hmXI50oMgShZg5vpkVDo
ZFtLYebFa9xpDFMX1b8XjE5nMcnAh5P9rLmPNe7/X8Eg8agO5GmXIpTz7M0BzwY8
2NbNqqcuKyjfQlwZdJkWHpYyw2zM14auiV0QTb4PVv+sINV6aORUg4k7MJzzz+eK
-----END CERTIFICATE-----