Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/RZsQW2mn0p77cUSrDj82xlpY4kU.roa
File:                     RZsQW2mn0p77cUSrDj82xlpY4kU.roa (raw, json)
Hash identifier:          PgZwlEZ/SO6/ySPSoJ7naRU3kSxO9+Lme8pB8HNwF8Q=
Subject key identifier:   45:9B:10:5B:69:A7:D2:9E:FB:71:44:AB:0E:3F:36:C6:5A:58:E2:45
Certificate issuer:       /CN=0074ec3ec53f52f7f52835bb510ab6bedaa00a3d
Certificate serial:       019426D997CBED7AFDE0AEE4768E24CA24B9
Authority key identifier: 00:74:EC:3E:C5:3F:52:F7:F5:28:35:BB:51:0A:B6:BE:DA:A0:0A:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/RZsQW2mn0p77cUSrDj82xlpY4kU.roa
Signing time:             Thu 02 Jan 2025 11:49:41 +0000
ROA not before:           Thu 02 Jan 2025 11:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        193.16.112.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:97:cb:ed:7a:fd:e0:ae:e4:76:8e:24:ca:24:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0074ec3ec53f52f7f52835bb510ab6bedaa00a3d
        Validity
            Not Before: Jan  2 11:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=459b105b69a7d29efb7144ab0e3f36c65a58e245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ab:df:ed:8b:a4:5a:33:00:87:74:ec:e8:01:
                    73:b3:3f:6a:2e:a3:4a:7f:7f:97:b4:99:00:f7:cf:
                    d4:b3:6a:5e:67:d7:0b:68:de:56:d0:4e:85:77:2a:
                    14:1f:bb:7e:35:53:b1:ea:bc:b5:7a:cf:0a:c7:53:
                    1a:2a:66:08:93:4b:d4:9f:c2:f7:f5:86:19:5c:b0:
                    94:62:b3:6e:8f:92:ee:55:39:1e:e8:45:06:b6:3b:
                    96:6c:3b:fc:b1:b5:b4:b1:7d:3f:4c:f8:9d:5b:14:
                    38:55:c8:cf:cb:0e:fa:9c:6e:23:f1:77:9d:dd:5f:
                    b6:d1:d0:1e:48:c2:c4:73:77:35:3e:61:48:ed:6f:
                    44:a0:63:4a:9a:21:a5:33:a9:89:f8:a3:2c:8f:0c:
                    b1:dc:6b:0c:f9:09:98:d1:c8:54:34:b8:6c:2b:b7:
                    26:b4:82:56:10:4c:c8:d5:da:07:43:c8:2d:20:5e:
                    31:80:6e:26:98:49:64:3d:20:32:6d:b3:2d:20:8f:
                    b4:fd:54:95:a4:bb:19:c0:4d:19:cc:5a:05:30:26:
                    f3:75:a1:60:be:c6:85:4f:7e:3a:bf:c7:d8:64:cc:
                    67:30:94:a8:75:09:18:26:82:02:ec:f1:dd:a9:76:
                    18:2f:98:a2:86:5d:2a:01:e1:9a:f8:5b:33:c4:41:
                    30:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9B:10:5B:69:A7:D2:9E:FB:71:44:AB:0E:3F:36:C6:5A:58:E2:45
            X509v3 Authority Key Identifier:
                keyid:00:74:EC:3E:C5:3F:52:F7:F5:28:35:BB:51:0A:B6:BE:DA:A0:0A:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/RZsQW2mn0p77cUSrDj82xlpY4kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/908a8a-58db-4509-a285-1ac2edda8e2a/1/AHTsPsU_Uvf1KDW7UQq2vtqgCj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4c:04:f4:e8:59:1b:4f:6c:45:3f:9a:dd:bf:df:cd:38:c4:11:
         14:9c:dc:36:4b:c3:78:17:d5:8c:dc:e5:bc:46:52:a2:1a:21:
         75:62:9f:38:44:46:02:92:9e:21:94:5b:8c:10:b2:05:d1:6b:
         0c:d9:67:71:f2:ae:6a:26:6c:9c:4b:a8:13:fb:9e:11:25:cf:
         74:e5:2c:b9:13:66:0f:8b:c0:9b:47:be:da:9d:e1:39:57:58:
         63:e5:eb:29:35:bd:11:8f:15:bc:6a:e0:f3:b1:bf:02:54:c9:
         f7:6e:96:a2:1b:0e:25:2d:98:d3:77:68:8b:70:77:a2:23:3c:
         8f:ba:eb:b8:ee:82:56:9c:bf:84:dd:1a:1f:d2:7b:df:80:e6:
         28:95:a2:e3:39:a0:b8:99:c1:77:96:dd:4f:22:3e:87:59:c9:
         be:41:f7:51:3f:a7:22:d6:1d:a9:ed:34:8a:d1:c4:45:9a:90:
         4a:ef:cb:81:ac:bb:e9:be:5e:80:a1:01:04:f9:0f:52:a1:5d:
         e2:de:97:39:f8:f9:c1:f2:bd:f9:40:d8:58:88:41:25:bb:bd:
         2a:ba:18:40:6b:e8:0a:44:2b:b6:7b:4a:58:71:c1:5e:8a:95:
         22:b2:6c:d1:a0:d6:5d:12:57:55:70:a9:6d:b2:fd:52:c1:b3:
         67:25:26:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ZfL7Xr94K7kdo4kyiS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzRlYzNlYzUzZjUyZjdmNTI4MzViYjUxMGFiNmJlZGFh
MDBhM2QwHhcNMjUwMTAyMTE0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTliMTA1YjY5YTdkMjllZmI3MTQ0YWIwZTNmMzZjNjVhNThlMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKvf7YukWjMAh3Ts6AFzsz9qLqNK
f3+XtJkA98/Us2peZ9cLaN5W0E6FdyoUH7t+NVOx6ry1es8Kx1MaKmYIk0vUn8L3
9YYZXLCUYrNuj5LuVTke6EUGtjuWbDv8sbW0sX0/TPidWxQ4VcjPyw76nG4j8Xed
3V+20dAeSMLEc3c1PmFI7W9EoGNKmiGlM6mJ+KMsjwyx3GsM+QmY0chUNLhsK7cm
tIJWEEzI1doHQ8gtIF4xgG4mmElkPSAybbMtII+0/VSVpLsZwE0ZzFoFMCbzdaFg
vsaFT346v8fYZMxnMJSodQkYJoIC7PHdqXYYL5iihl0qAeGa+FszxEEwmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWbEFtpp9Ke+3FEqw4/NsZaWOJFMB8GA1UdIwQY
MBaAFAB07D7FP1L39Sg1u1EKtr7aoAo9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhUc1BzVV9VdmYxS0RXN1VRcTJ2dHFnQ2owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85MDhhOGEtNThkYi00NTA5LWEyODUt
MWFjMmVkZGE4ZTJhLzEvUlpzUVcybW4wcDc3Y1VTckRqODJ4bHBZNGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85MDhhOGEtNThkYi00NTA5LWEyODUtMWFjMmVkZGE4ZTJh
LzEvQUhUc1BzVV9VdmYxS0RXN1VRcTJ2dHFnQ2owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwRBwMA0G
CSqGSIb3DQEBCwUAA4IBAQBMBPToWRtPbEU/mt2/3804xBEUnNw2S8N4F9WM3OW8
RlKiGiF1Yp84REYCkp4hlFuMELIF0WsM2Wdx8q5qJmycS6gT+54RJc905Sy5E2YP
i8CbR77aneE5V1hj5espNb0RjxW8auDzsb8CVMn3bpaiGw4lLZjTd2iLcHeiIzyP
uuu47oJWnL+E3Rof0nvfgOYolaLjOaC4mcF3lt1PIj6HWcm+QfdRP6ci1h2p7TSK
0cRFmpBK78uBrLvpvl6AoQEE+Q9SoV3i3pc5+PnB8r35QNhYiEElu70quhhAa+gK
RCu2e0pYccFeipUismzRoNZdEldVcKltsv1SwbNnJSbi
-----END CERTIFICATE-----