Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/1-nOh_fcrGs71syqQUCrDnx6Dh5Q.roa
File:                     1-nOh_fcrGs71syqQUCrDnx6Dh5Q.roa (raw, json)
Hash identifier:          MC3QMP1DMmNJPDq0RMEC/Cc+mBXhBq/i9gsriN4YbrY=
Subject key identifier:   FA:73:A1:FD:F7:2B:1A:CE:F5:B3:2A:90:50:2A:C3:9F:1E:83:87:94
Certificate issuer:       /CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
Certificate serial:       0194244567ACDADC1A3EFBCD6A2ACB149F4E
Authority key identifier: 1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/1-nOh_fcrGs71syqQUCrDnx6Dh5Q.roa
Signing time:             Wed 01 Jan 2025 23:48:35 +0000
ROA not before:           Wed 01 Jan 2025 23:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2200
IP address blocks:        164.81.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:67:ac:da:dc:1a:3e:fb:cd:6a:2a:cb:14:9f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
        Validity
            Not Before: Jan  1 23:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa73a1fdf72b1acef5b32a90502ac39f1e838794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dc:1d:41:27:f6:ab:40:e6:4b:2c:56:e0:92:
                    e7:75:20:04:f2:77:24:fb:db:ca:15:cf:8f:1e:92:
                    a1:55:ea:5b:a6:8c:ac:61:28:f8:53:f5:b4:3b:24:
                    1f:09:8a:ab:44:a1:95:f8:c9:9e:15:03:98:d8:12:
                    a2:35:dd:4d:c7:a6:a7:bb:33:d0:9b:27:f0:24:3d:
                    b4:58:68:dd:d9:8c:80:a4:6c:63:03:17:b7:1d:6d:
                    61:7b:fa:9c:36:fa:cb:d6:5b:23:84:51:6e:fc:27:
                    fb:44:85:5a:30:21:e3:f3:55:44:51:1e:f8:91:9e:
                    19:f1:61:25:7e:37:22:a7:ce:e7:7a:02:40:8e:60:
                    e6:e7:63:0d:52:91:d1:94:29:f4:5a:aa:2a:07:3f:
                    6c:2c:e2:8a:40:1f:77:37:6a:6f:77:30:81:09:7a:
                    f8:c9:6a:ef:33:11:de:17:c3:ad:fc:91:ae:99:a1:
                    11:72:3b:7b:46:5c:9b:cc:c3:a1:1b:ee:62:c0:25:
                    f0:81:3d:5e:f5:80:13:6b:08:f0:b8:81:74:04:63:
                    3e:52:ee:26:97:87:e2:a7:2d:8c:4b:87:ee:d0:f4:
                    6d:0c:18:ca:27:85:d2:4d:9e:63:bd:3b:46:67:cf:
                    80:16:69:4b:da:6e:51:37:d7:9f:4d:69:57:02:00:
                    30:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:73:A1:FD:F7:2B:1A:CE:F5:B3:2A:90:50:2A:C3:9F:1E:83:87:94
            X509v3 Authority Key Identifier:
                keyid:1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/1-nOh_fcrGs71syqQUCrDnx6Dh5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:4c:49:1c:0a:e7:98:ba:d4:c8:64:c8:97:8e:42:e0:af:47:
         a7:f4:cc:9b:53:c9:7b:22:31:b0:d0:d4:de:20:b1:e5:f2:b7:
         5f:78:9c:44:6d:87:fb:58:0d:7a:3e:a3:81:41:f8:b6:45:d1:
         89:71:dc:dc:16:ea:ad:d5:b6:b8:ef:fc:93:56:3c:63:1e:37:
         ca:62:44:dc:a2:99:1e:3c:f7:2a:09:eb:fe:bc:2c:e5:29:6d:
         4e:86:1c:7f:3f:d5:19:1d:c3:72:b7:83:f3:90:5f:b7:b6:60:
         04:dc:d6:20:bf:af:b4:45:2a:65:5e:05:3b:ab:3d:60:56:e3:
         8f:ef:b5:da:7d:93:d1:0f:16:e5:cb:d7:c4:47:56:87:80:c9:
         28:6c:8e:cb:f1:bf:d4:0d:a5:4b:2d:84:a9:a1:79:2d:08:99:
         86:ce:ec:fd:80:b5:9e:ce:53:fa:79:d4:7a:8f:19:7e:6c:00:
         ae:13:6e:c9:04:a2:1c:b2:d3:dc:a9:a7:a7:e1:03:9b:0a:c6:
         b5:3c:76:5a:92:bd:25:5f:25:aa:d8:ae:f4:66:09:89:9f:a8:
         38:9e:7f:56:c0:2c:e6:58:92:ce:7a:fe:1a:ca:4e:7f:5b:2d:
         e3:82:15:e6:8a:5a:92:66:44:0e:7d:51:16:98:c6:a6:d2:19:
         c8:8a:c4:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWes2twaPvvNairLFJ9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmJmYTQ5ODc3YmM1ZDllNGNmNDQ2OTUwZmQxNDI3OTky
OWY0OWEwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTczYTFmZGY3MmIxYWNlZjViMzJhOTA1MDJhYzM5ZjFlODM4Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtwdQSf2q0DmSyxW4JLndSAE8nck
+9vKFc+PHpKhVepbpoysYSj4U/W0OyQfCYqrRKGV+MmeFQOY2BKiNd1Nx6anuzPQ
myfwJD20WGjd2YyApGxjAxe3HW1he/qcNvrL1lsjhFFu/Cf7RIVaMCHj81VEUR74
kZ4Z8WElfjcip87negJAjmDm52MNUpHRlCn0WqoqBz9sLOKKQB93N2pvdzCBCXr4
yWrvMxHeF8Ot/JGumaERcjt7RlybzMOhG+5iwCXwgT1e9YATawjwuIF0BGM+Uu4m
l4fipy2MS4fu0PRtDBjKJ4XSTZ5jvTtGZ8+AFmlL2m5RN9efTWlXAgAwswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPpzof33KxrO9bMqkFAqw58eg4eUMB8GA1UdIwQY
MBaAFBy7+kmHe8XZ5M9EaVD9FCeZKfSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYt
NDZiZjc2MjYxOGU3LzEvMS1uT2hfZmNyR3M3MXN5cVFVQ3JEbng2RGg1US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWMvODUxY2FjLWUxZDgtNDU3MS04MmE2LTQ2YmY3NjI2MThl
Ny8xL0hMdjZTWWQ3eGRua3owUnBVUDBVSjVrcDlKby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAKRRMA0G
CSqGSIb3DQEBCwUAA4IBAQAWTEkcCueYutTIZMiXjkLgr0en9MybU8l7IjGw0NTe
ILHl8rdfeJxEbYf7WA16PqOBQfi2RdGJcdzcFuqt1ba47/yTVjxjHjfKYkTcopke
PPcqCev+vCzlKW1Ohhx/P9UZHcNyt4PzkF+3tmAE3NYgv6+0RSplXgU7qz1gVuOP
77XafZPRDxbly9fER1aHgMkobI7L8b/UDaVLLYSpoXktCJmGzuz9gLWezlP6edR6
jxl+bACuE27JBKIcstPcqaen4QObCsa1PHZakr0lXyWq2K70ZgmJn6g4nn9WwCzm
WJLOev4ayk5/Wy3jghXmilqSZkQOfVEWmMam0hnIisTc
-----END CERTIFICATE-----