Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/VNZ2uED23ISvSNUvT20r4GsH7oo.roa
File:                     VNZ2uED23ISvSNUvT20r4GsH7oo.roa (raw, json)
Hash identifier:          rxCWfcG9ljPfy4GNB4ws8osuxRP7WV5ZXyCpBXvN7MU=
Subject key identifier:   54:D6:76:B8:40:F6:DC:84:AF:48:D5:2F:4F:6D:2B:E0:6B:07:EE:8A
Certificate issuer:       /CN=acc50df6b01dff6f54eb8039b2497aa7f4ef12cd
Certificate serial:       019425FCBC9C1A11DC6B25D07910B9C626E3
Authority key identifier: AC:C5:0D:F6:B0:1D:FF:6F:54:EB:80:39:B2:49:7A:A7:F4:EF:12:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rMUN9rAd_29U64A5skl6p_TvEs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/VNZ2uED23ISvSNUvT20r4GsH7oo.roa
Signing time:             Thu 02 Jan 2025 07:48:27 +0000
ROA not before:           Thu 02 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60893
IP address blocks:        194.9.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/rMUN9rAd_29U64A5skl6p_TvEs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/rMUN9rAd_29U64A5skl6p_TvEs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rMUN9rAd_29U64A5skl6p_TvEs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:bc:9c:1a:11:dc:6b:25:d0:79:10:b9:c6:26:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acc50df6b01dff6f54eb8039b2497aa7f4ef12cd
        Validity
            Not Before: Jan  2 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54d676b840f6dc84af48d52f4f6d2be06b07ee8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:75:de:ea:80:11:13:cf:b5:68:22:bc:e4:26:
                    39:d4:63:44:44:21:1c:d2:21:f1:86:08:84:ad:49:
                    87:e8:8d:10:e8:65:90:d3:e5:32:f7:81:09:ab:86:
                    eb:79:a2:16:c0:28:00:e9:3e:15:56:b2:4d:34:2f:
                    de:05:b8:18:68:c8:f6:0b:b6:70:9a:5f:6e:13:9f:
                    08:ae:f3:1d:80:44:71:3c:5d:ac:24:c4:f1:e7:70:
                    db:1c:cc:68:b4:61:e8:71:0c:26:1d:51:96:9c:c0:
                    aa:8e:97:67:80:3d:08:48:57:98:73:d8:4d:39:6c:
                    b4:24:e9:54:cd:da:ee:95:64:d9:27:fb:f2:4d:9f:
                    6b:fa:e0:77:39:25:fe:e4:35:08:aa:39:88:fa:98:
                    d6:86:2d:a8:57:2d:16:4f:2a:c4:89:1c:e0:c5:aa:
                    39:cd:fd:98:6b:e1:99:0e:e1:c3:73:53:5d:b0:f0:
                    89:66:39:6c:9b:4b:8c:93:94:94:ae:ee:48:02:7f:
                    54:7e:b4:04:53:7c:82:ee:39:e4:5c:38:6e:7d:d2:
                    a3:7c:f4:eb:1a:25:e4:8b:b6:70:58:4c:b6:d7:d8:
                    76:c7:ca:23:fa:2c:c5:38:e1:75:fb:47:5a:a9:05:
                    9a:59:de:32:19:b2:f1:25:d0:5d:ce:01:08:cc:c6:
                    c2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:D6:76:B8:40:F6:DC:84:AF:48:D5:2F:4F:6D:2B:E0:6B:07:EE:8A
            X509v3 Authority Key Identifier:
                keyid:AC:C5:0D:F6:B0:1D:FF:6F:54:EB:80:39:B2:49:7A:A7:F4:EF:12:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rMUN9rAd_29U64A5skl6p_TvEs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/VNZ2uED23ISvSNUvT20r4GsH7oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bf3528-a131-4f51-a59d-31c9313f9f66/1/rMUN9rAd_29U64A5skl6p_TvEs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:2d:4e:7d:b7:7b:e4:30:20:ac:f9:8e:e5:e4:ea:11:c2:54:
         b1:1f:c1:ca:99:15:66:54:b0:dc:ba:b4:5c:4c:9a:5d:0f:df:
         87:af:47:e2:39:a9:6f:f3:77:e5:05:82:11:e3:75:54:9a:ea:
         2f:5d:ff:4e:d2:b4:31:7b:2f:5c:30:09:6f:46:c6:be:9f:8c:
         24:b0:3d:c5:31:92:4c:ab:35:5a:e3:93:24:96:88:03:76:30:
         c4:e1:68:79:dc:44:d4:d4:70:d2:99:aa:4a:be:d7:9a:7b:9f:
         de:f8:04:53:1b:04:a5:55:63:3a:c2:40:49:42:80:fd:31:46:
         a5:45:34:ed:0b:cc:33:db:e4:37:35:b2:4a:68:b7:a5:a0:88:
         0f:33:d2:52:ee:fe:0a:db:d2:47:90:5b:06:8f:fc:59:cc:fd:
         63:61:f3:44:c7:ee:7a:9d:08:a6:46:60:24:8e:64:31:da:14:
         0e:18:b9:64:2b:98:ea:9b:23:1a:f6:7e:0e:96:de:06:bb:b8:
         8c:67:09:d8:f1:af:d8:44:67:92:4b:ef:c7:1d:b7:60:32:aa:
         82:4e:f9:04:40:31:e4:ee:8c:c4:52:37:e5:be:20:ca:f4:f4:
         f1:bd:ad:7e:d2:6b:02:37:0b:f3:e5:f6:1a:07:e4:86:e6:02:
         9a:85:44:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LycGhHcayXQeRC5xibjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYzUwZGY2YjAxZGZmNmY1NGViODAzOWIyNDk3YWE3ZjRl
ZjEyY2QwHhcNMjUwMTAyMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGQ2NzZiODQwZjZkYzg0YWY0OGQ1MmY0ZjZkMmJlMDZiMDdlZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nXe6oARE8+1aCK85CY51GNERCEc
0iHxhgiErUmH6I0Q6GWQ0+Uy94EJq4breaIWwCgA6T4VVrJNNC/eBbgYaMj2C7Zw
ml9uE58IrvMdgERxPF2sJMTx53DbHMxotGHocQwmHVGWnMCqjpdngD0ISFeYc9hN
OWy0JOlUzdrulWTZJ/vyTZ9r+uB3OSX+5DUIqjmI+pjWhi2oVy0WTyrEiRzgxao5
zf2Ya+GZDuHDc1NdsPCJZjlsm0uMk5SUru5IAn9UfrQEU3yC7jnkXDhufdKjfPTr
GiXki7ZwWEy219h2x8oj+izFOOF1+0daqQWaWd4yGbLxJdBdzgEIzMbCowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTWdrhA9tyEr0jVL09tK+BrB+6KMB8GA1UdIwQY
MBaAFKzFDfawHf9vVOuAObJJeqf07xLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck1VTjlyQWRfMjlVNjRBNXNrbDZwX1R2RXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iZjM1MjgtYTEzMS00ZjUxLWE1OWQt
MzFjOTMxM2Y5ZjY2LzEvVk5aMnVFRDIzSVN2U05VdlQyMHI0R3NIN29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iZjM1MjgtYTEzMS00ZjUxLWE1OWQtMzFjOTMxM2Y5ZjY2
LzEvck1VTjlyQWRfMjlVNjRBNXNrbDZwX1R2RXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgkHMA0G
CSqGSIb3DQEBCwUAA4IBAQCXLU59t3vkMCCs+Y7l5OoRwlSxH8HKmRVmVLDcurRc
TJpdD9+Hr0fiOalv83flBYIR43VUmuovXf9O0rQxey9cMAlvRsa+n4wksD3FMZJM
qzVa45MklogDdjDE4Wh53ETU1HDSmapKvteae5/e+ARTGwSlVWM6wkBJQoD9MUal
RTTtC8wz2+Q3NbJKaLeloIgPM9JS7v4K29JHkFsGj/xZzP1jYfNEx+56nQimRmAk
jmQx2hQOGLlkK5jqmyMa9n4Olt4Gu7iMZwnY8a/YRGeSS+/HHbdgMqqCTvkEQDHk
7ozEUjflviDK9PTxva1+0msCNwvz5fYaB+SG5gKahUQ0
-----END CERTIFICATE-----