Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/0c-KKappZ1t73aXjS8mz1x-xTGc.roa
File:                     0c-KKappZ1t73aXjS8mz1x-xTGc.roa (raw, json)
Hash identifier:          MAa3tSzCnjrh/og+z4XVJnuDQ4AqmSQvPQCYBTfEoDQ=
Subject key identifier:   D1:CF:8A:29:AA:69:67:5B:7B:DD:A5:E3:4B:C9:B3:D7:1F:B1:4C:67
Certificate issuer:       /CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
Certificate serial:       019427B5D6D6C09C5FF4D022139A1AEA185B
Authority key identifier: DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/0c-KKappZ1t73aXjS8mz1x-xTGc.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202856
IP address blocks:        62.218.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d6:d6:c0:9c:5f:f4:d0:22:13:9a:1a:ea:18:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1cf8a29aa69675b7bdda5e34bc9b3d71fb14c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:67:5f:9d:60:f6:c2:6c:35:25:e6:4a:53:75:
                    d7:03:5f:45:5d:d7:0d:c0:14:bd:58:ff:f4:61:f6:
                    8c:b3:33:2f:5d:b2:39:b4:b7:ae:ea:28:1e:de:2e:
                    af:63:f5:40:e0:31:ca:e7:25:cc:53:b7:82:43:7e:
                    d2:7b:38:26:9c:28:17:5a:a6:33:f7:37:4f:d4:47:
                    5d:78:07:ac:51:78:37:bd:16:6a:b0:19:62:36:ed:
                    7e:b3:d5:bf:c5:19:f9:44:9e:ea:c5:0c:03:85:71:
                    ec:19:eb:f5:be:f9:d4:37:45:3c:92:48:67:46:27:
                    f7:2a:57:d7:39:01:55:bb:9b:e8:5b:54:e2:45:d5:
                    b1:ea:25:d6:33:66:a5:9b:f3:1e:e8:a1:2e:c4:cc:
                    40:44:46:fa:08:b9:c7:7e:ed:de:92:f9:e8:b3:9c:
                    be:44:48:53:68:1b:49:36:86:38:75:ce:ed:be:46:
                    c6:a7:01:6c:2c:ed:c3:89:98:8a:92:27:43:07:2e:
                    f8:bd:42:3c:b2:70:c7:50:5f:3b:6e:3f:de:d1:44:
                    22:ce:24:2b:a3:9e:37:05:f6:cd:c2:d2:69:61:62:
                    42:7d:3e:d7:28:8d:ef:25:e1:d7:9f:cf:81:b4:bd:
                    23:37:28:a3:20:70:83:61:3f:0c:bc:f0:09:0a:7c:
                    b9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:CF:8A:29:AA:69:67:5B:7B:DD:A5:E3:4B:C9:B3:D7:1F:B1:4C:67
            X509v3 Authority Key Identifier:
                keyid:DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/0c-KKappZ1t73aXjS8mz1x-xTGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.218.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:86:d7:ff:21:72:14:fb:dc:97:07:01:2e:f8:10:ce:e5:cd:
         a8:43:e3:4c:98:15:91:fc:02:23:2d:df:5e:f8:0e:94:80:a7:
         42:53:2f:4f:9c:9b:83:4d:79:5d:85:d5:50:99:12:7d:e7:c1:
         fb:b0:45:26:4e:22:1a:f6:55:47:42:39:eb:3a:25:fb:13:5a:
         b9:1e:b9:64:85:eb:59:69:1c:a6:37:53:8a:db:61:29:d8:ed:
         c5:1b:b9:62:21:1e:5a:9b:d1:0c:a5:8e:b4:e4:c3:b9:32:92:
         27:c3:3d:29:db:0e:e6:69:76:35:90:79:57:41:ff:5e:44:aa:
         f0:f7:55:f8:93:cf:93:27:bd:7c:1a:f7:6a:20:ec:b9:14:d0:
         7a:03:a4:ed:24:52:67:a6:92:12:a8:58:fe:6f:20:6b:d5:ba:
         d3:96:ba:a7:e2:17:9d:12:3d:ca:0a:91:b2:03:e5:32:f8:2d:
         45:ca:6a:56:1b:60:2e:90:f4:34:ca:8e:eb:e0:d9:fa:7e:45:
         47:79:43:cd:ee:6d:65:30:a3:5f:e2:1c:ad:10:11:b6:f2:33:
         97:75:84:2e:6b:81:6f:44:8d:6a:63:9e:63:09:dc:80:c3:0c:
         b4:13:e5:fd:b1:96:5a:7d:73:ad:f0:2f:a0:46:d7:2e:76:08:
         23:bb:7d:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntdbWwJxf9NAiE5oa6hhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWQxOTdmYmJlZTJhMWRjY2I0ZjU1NzIyYTgyMTBkMzEw
NWIwNDIwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWNmOGEyOWFhNjk2NzViN2JkZGE1ZTM0YmM5YjNkNzFmYjE0YzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2dfnWD2wmw1JeZKU3XXA19FXdcN
wBS9WP/0YfaMszMvXbI5tLeu6ige3i6vY/VA4DHK5yXMU7eCQ37SezgmnCgXWqYz
9zdP1EddeAesUXg3vRZqsBliNu1+s9W/xRn5RJ7qxQwDhXHsGev1vvnUN0U8kkhn
Rif3KlfXOQFVu5voW1TiRdWx6iXWM2alm/Me6KEuxMxAREb6CLnHfu3ekvnos5y+
REhTaBtJNoY4dc7tvkbGpwFsLO3DiZiKkidDBy74vUI8snDHUF87bj/e0UQiziQr
o543BfbNwtJpYWJCfT7XKI3vJeHXn8+BtL0jNyijIHCDYT8MvPAJCny5cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHPiimqaWdbe92l40vJs9cfsUxnMB8GA1UdIwQY
MBaAFNudGX+77iodzLT1VyKoIQ0xBbBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMt
NGIyMzk1NmZiZDg2LzEvMGMtS0thcHBaMXQ3M2FYalM4bXoxeC14VEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMtNGIyMzk1NmZiZDg2
LzEvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtqtMA0G
CSqGSIb3DQEBCwUAA4IBAQCWhtf/IXIU+9yXBwEu+BDO5c2oQ+NMmBWR/AIjLd9e
+A6UgKdCUy9PnJuDTXldhdVQmRJ958H7sEUmTiIa9lVHQjnrOiX7E1q5HrlkhetZ
aRymN1OK22Ep2O3FG7liIR5am9EMpY605MO5MpInwz0p2w7maXY1kHlXQf9eRKrw
91X4k8+TJ718GvdqIOy5FNB6A6TtJFJnppISqFj+byBr1brTlrqn4hedEj3KCpGy
A+Uy+C1FympWG2AukPQ0yo7r4Nn6fkVHeUPN7m1lMKNf4hytEBG28jOXdYQua4Fv
RI1qY55jCdyAwwy0E+X9sZZafXOt8C+gRtcudggju32l
-----END CERTIFICATE-----