Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/tODsj4wJmlLizDhD4zx5X4Q0kBs.roa
File:                     tODsj4wJmlLizDhD4zx5X4Q0kBs.roa (raw, json)
Hash identifier:          8ot7Ptkdu5uwMXdssVMoEe9aK4JBYnjK0TXriR+RS5I=
Subject key identifier:   B4:E0:EC:8F:8C:09:9A:52:E2:CC:38:43:E3:3C:79:5F:84:34:90:1B
Certificate issuer:       /CN=cde28f1f18099babf0a19088bea35ba084ec9297
Certificate serial:       0194236A54CCB94F0B5205807534FDD8E724
Authority key identifier: CD:E2:8F:1F:18:09:9B:AB:F0:A1:90:88:BE:A3:5B:A0:84:EC:92:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zeKPHxgJm6vwoZCIvqNboITskpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/tODsj4wJmlLizDhD4zx5X4Q0kBs.roa
Signing time:             Wed 01 Jan 2025 19:49:18 +0000
ROA not before:           Wed 01 Jan 2025 19:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210751
IP address blocks:        185.238.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/zeKPHxgJm6vwoZCIvqNboITskpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/zeKPHxgJm6vwoZCIvqNboITskpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zeKPHxgJm6vwoZCIvqNboITskpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:54:cc:b9:4f:0b:52:05:80:75:34:fd:d8:e7:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cde28f1f18099babf0a19088bea35ba084ec9297
        Validity
            Not Before: Jan  1 19:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4e0ec8f8c099a52e2cc3843e33c795f8434901b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:59:c2:34:e5:e1:ae:6d:4f:f6:36:02:a9:0f:
                    28:02:3c:60:44:44:4d:db:29:6f:bd:af:5d:d3:1f:
                    42:4a:ba:a6:13:a4:c4:c3:34:b5:8f:f7:37:f1:93:
                    9f:3c:56:05:8f:a2:b0:f1:a5:16:50:48:80:9a:93:
                    58:66:14:b7:8e:d5:58:3f:c8:df:a4:65:cd:94:22:
                    7d:c0:dc:9e:68:41:ec:72:84:d0:c7:7e:f4:6c:34:
                    2b:22:34:e4:51:d1:0c:56:d6:6b:b3:7f:9a:ec:0c:
                    79:d5:b1:2d:f3:c9:6a:ab:3f:db:67:30:50:cf:e6:
                    3b:ba:b5:b1:f1:c9:12:6a:2b:05:40:9f:05:40:9a:
                    ec:83:3a:86:6a:ac:4c:79:1b:46:12:ff:a8:b7:a6:
                    12:fe:e9:71:9a:31:8e:bc:46:95:7b:be:81:65:b9:
                    4b:f8:fb:ec:64:5d:f1:3e:37:78:8e:da:00:9e:4f:
                    27:bd:72:1a:6b:1b:4e:ec:fe:09:0b:ce:68:05:12:
                    94:a8:3f:f9:15:13:99:63:b3:91:b0:ed:6e:81:1c:
                    c4:46:59:bd:79:4e:ba:96:cf:3f:ad:dc:5e:59:e3:
                    d7:f9:5f:bf:86:1a:e4:b8:91:f6:d7:5c:e5:8a:3e:
                    da:1d:47:66:79:4c:27:68:d1:9a:52:e6:0e:2f:52:
                    2b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E0:EC:8F:8C:09:9A:52:E2:CC:38:43:E3:3C:79:5F:84:34:90:1B
            X509v3 Authority Key Identifier:
                keyid:CD:E2:8F:1F:18:09:9B:AB:F0:A1:90:88:BE:A3:5B:A0:84:EC:92:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zeKPHxgJm6vwoZCIvqNboITskpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/tODsj4wJmlLizDhD4zx5X4Q0kBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4e10c9-8652-4c84-b99f-e96f96cc9dbd/1/zeKPHxgJm6vwoZCIvqNboITskpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:86:07:7e:ed:e3:ba:0b:35:e7:f8:e6:d4:4e:9f:6c:bf:97:
         89:f4:63:a8:66:0f:b2:cd:df:07:5d:5c:ba:58:43:b3:17:dc:
         a1:4e:da:2b:ab:67:3b:b4:d9:8f:46:80:14:a0:db:75:89:a8:
         19:85:11:d3:59:ea:7a:d1:6b:76:9c:b7:c6:22:80:b4:32:82:
         a7:90:16:c7:4f:b7:cc:2d:3a:a9:9e:2f:a9:40:cb:fc:d4:f6:
         a2:20:ec:89:7b:ca:18:69:45:cb:38:21:d8:49:2a:ec:41:4e:
         50:46:f5:e4:4f:8e:31:59:c2:0c:51:e7:46:cf:c8:7e:e6:05:
         4c:4a:a6:65:bd:fe:d6:ae:19:74:9a:f2:27:03:96:5e:5a:03:
         e4:58:08:5a:04:58:25:17:a2:c2:92:41:60:86:a2:51:da:5f:
         a9:50:8d:8a:54:b7:4e:87:93:e2:9c:95:07:64:a8:08:8d:43:
         34:6b:41:59:62:ce:5c:a6:51:60:6d:38:93:1b:86:02:a5:bb:
         9f:b3:13:98:99:77:03:b3:e6:79:39:98:e5:2a:95:24:f5:7a:
         bd:6d:e9:30:46:ab:35:23:c6:29:5f:37:4f:ae:e5:d8:cb:14:
         05:01:d1:e3:ed:21:80:05:88:ca:78:cd:7c:cf:17:cd:0d:fb:
         b9:83:cf:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalTMuU8LUgWAdTT92OckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZTI4ZjFmMTgwOTliYWJmMGExOTA4OGJlYTM1YmEwODRl
YzkyOTcwHhcNMjUwMTAxMTk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGUwZWM4ZjhjMDk5YTUyZTJjYzM4NDNlMzNjNzk1Zjg0MzQ5MDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lnCNOXhrm1P9jYCqQ8oAjxgRERN
2ylvva9d0x9CSrqmE6TEwzS1j/c38ZOfPFYFj6Kw8aUWUEiAmpNYZhS3jtVYP8jf
pGXNlCJ9wNyeaEHscoTQx370bDQrIjTkUdEMVtZrs3+a7Ax51bEt88lqqz/bZzBQ
z+Y7urWx8ckSaisFQJ8FQJrsgzqGaqxMeRtGEv+ot6YS/ulxmjGOvEaVe76BZblL
+PvsZF3xPjd4jtoAnk8nvXIaaxtO7P4JC85oBRKUqD/5FROZY7ORsO1ugRzERlm9
eU66ls8/rdxeWePX+V+/hhrkuJH211zlij7aHUdmeUwnaNGaUuYOL1IrBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTg7I+MCZpS4sw4Q+M8eV+ENJAbMB8GA1UdIwQY
MBaAFM3ijx8YCZur8KGQiL6jW6CE7JKXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemVLUEh4Z0ptNnZ3b1pDSXZxTmJvSVRza3BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi80ZTEwYzktODY1Mi00Yzg0LWI5OWYt
ZTk2Zjk2Y2M5ZGJkLzEvdE9Ec2o0d0ptbExpekRoRDR6eDVYNFEwa0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi80ZTEwYzktODY1Mi00Yzg0LWI5OWYtZTk2Zjk2Y2M5ZGJk
LzEvemVLUEh4Z0ptNnZ3b1pDSXZxTmJvSVRza3BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue5xMA0G
CSqGSIb3DQEBCwUAA4IBAQA7hgd+7eO6CzXn+ObUTp9sv5eJ9GOoZg+yzd8HXVy6
WEOzF9yhTtorq2c7tNmPRoAUoNt1iagZhRHTWep60Wt2nLfGIoC0MoKnkBbHT7fM
LTqpni+pQMv81PaiIOyJe8oYaUXLOCHYSSrsQU5QRvXkT44xWcIMUedGz8h+5gVM
SqZlvf7Wrhl0mvInA5ZeWgPkWAhaBFglF6LCkkFghqJR2l+pUI2KVLdOh5PinJUH
ZKgIjUM0a0FZYs5cplFgbTiTG4YCpbufsxOYmXcDs+Z5OZjlKpUk9Xq9bekwRqs1
I8YpXzdPruXYyxQFAdHj7SGABYjKeM18zxfNDfu5g8+U
-----END CERTIFICATE-----