Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/rWZ0G5VOafQid-7UN-2veJfKGgo.roa
File:                     rWZ0G5VOafQid-7UN-2veJfKGgo.roa (raw, json)
Hash identifier:          DH2O3e2b1+vrztrC2zTAL363y7HUBnCFCMC6xfBGVbc=
Subject key identifier:   AD:66:74:1B:95:4E:69:F4:22:77:EE:D4:37:ED:AF:78:97:CA:1A:0A
Certificate issuer:       /CN=09c552498881876556f16e323f1ca369b25edb0c
Certificate serial:       01942067EB823852E6E3EED7BA3204840A71
Authority key identifier: 09:C5:52:49:88:81:87:65:56:F1:6E:32:3F:1C:A3:69:B2:5E:DB:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/rWZ0G5VOafQid-7UN-2veJfKGgo.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48943
IP address blocks:        193.28.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:eb:82:38:52:e6:e3:ee:d7:ba:32:04:84:0a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09c552498881876556f16e323f1ca369b25edb0c
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad66741b954e69f42277eed437edaf7897ca1a0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ed:54:21:1d:a7:79:57:cd:f7:4b:83:e3:e2:
                    48:bc:98:a1:40:33:b3:cc:5b:ed:d4:4a:ca:91:02:
                    3d:a5:11:08:08:0a:0c:80:57:68:2c:48:31:b8:3f:
                    58:a2:77:bf:2f:76:81:41:52:c1:c9:2d:bf:13:ed:
                    a7:57:65:65:b5:56:cc:df:cd:20:94:20:40:8a:90:
                    a0:d6:db:7d:44:ad:e0:ed:ab:49:40:ae:d1:78:95:
                    88:18:7b:ea:a3:42:47:cf:d7:57:db:a4:af:58:ce:
                    19:12:05:a2:e2:d3:2e:8b:3c:0b:c1:df:45:4c:db:
                    aa:30:02:0d:79:06:72:bc:54:09:a1:f0:e8:50:43:
                    b0:d5:54:55:ef:1d:e6:b1:b6:3c:28:ae:cd:fe:ca:
                    86:63:79:e5:d7:13:9a:47:94:3e:04:74:3d:23:da:
                    91:20:51:72:48:68:77:35:d3:a2:67:a5:6a:f8:8c:
                    e6:a1:18:79:c1:97:ef:67:84:bd:93:a0:6e:0f:07:
                    ab:5b:e9:99:53:2d:7a:a4:42:13:d3:14:9c:de:bc:
                    80:7f:b8:ed:7a:dd:48:d1:43:d5:67:28:e5:72:52:
                    6a:4f:33:34:04:ef:7e:de:25:c8:b2:c8:d1:6d:3d:
                    d5:70:37:65:20:16:c7:f1:88:dd:54:e4:33:bb:87:
                    9c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:66:74:1B:95:4E:69:F4:22:77:EE:D4:37:ED:AF:78:97:CA:1A:0A
            X509v3 Authority Key Identifier:
                keyid:09:C5:52:49:88:81:87:65:56:F1:6E:32:3F:1C:A3:69:B2:5E:DB:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CcVSSYiBh2VW8W4yPxyjabJe2ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/rWZ0G5VOafQid-7UN-2veJfKGgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/c34c30-81b4-4dbe-83e8-11f365a7352c/1/CcVSSYiBh2VW8W4yPxyjabJe2ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ca:c7:da:4d:91:c6:d4:2f:2d:da:4c:e9:0a:69:fb:07:b5:
         b5:7e:47:cb:4c:aa:0d:94:b5:bf:81:ee:ef:d0:d5:5f:4b:13:
         7b:49:91:95:94:53:a4:42:f0:c9:e9:e1:c7:29:ff:ae:ba:55:
         23:a3:1a:17:71:0d:8a:6f:e1:e5:a4:06:68:e5:d3:4f:d9:31:
         46:52:fa:5c:ef:19:8b:b0:9c:36:8a:d8:ca:f6:16:dc:a9:2b:
         20:de:1f:82:7c:36:3e:6c:60:93:9c:d2:61:cc:ef:e0:93:eb:
         0a:36:02:e6:76:16:c6:d0:67:33:68:86:7c:0f:a2:b4:03:81:
         7c:e7:87:11:69:49:17:08:d0:5a:ff:e0:17:8e:89:e3:f9:96:
         8e:ae:6a:15:b2:d5:6b:a4:84:a3:62:a3:ca:da:ea:40:c6:64:
         63:0d:3a:6e:11:a9:88:45:e3:99:f0:58:08:b3:53:b3:74:46:
         8d:df:ca:e5:e7:57:3a:dd:d8:b7:0d:f1:bb:b4:c7:32:7e:83:
         63:14:61:77:03:9a:a8:2d:19:61:99:85:04:c5:c7:9d:1a:63:
         e3:1d:ba:b1:fc:d2:25:51:d1:b4:a9:ac:ea:79:36:73:2c:c1:
         1b:ca:c4:5c:1f:7a:84:0e:a6:58:f6:44:ee:ff:21:25:c8:4d:
         89:f5:ec:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+uCOFLm4+7XujIEhApxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YzU1MjQ5ODg4MTg3NjU1NmYxNmUzMjNmMWNhMzY5YjI1
ZWRiMGMwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY2NzQxYjk1NGU2OWY0MjI3N2VlZDQzN2VkYWY3ODk3Y2ExYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5u1UIR2neVfN90uD4+JIvJihQDOz
zFvt1ErKkQI9pREICAoMgFdoLEgxuD9Yone/L3aBQVLByS2/E+2nV2VltVbM380g
lCBAipCg1tt9RK3g7atJQK7ReJWIGHvqo0JHz9dX26SvWM4ZEgWi4tMuizwLwd9F
TNuqMAINeQZyvFQJofDoUEOw1VRV7x3msbY8KK7N/sqGY3nl1xOaR5Q+BHQ9I9qR
IFFySGh3NdOiZ6Vq+IzmoRh5wZfvZ4S9k6BuDwerW+mZUy16pEIT0xSc3ryAf7jt
et1I0UPVZyjlclJqTzM0BO9+3iXIssjRbT3VcDdlIBbH8YjdVOQzu4ecKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1mdBuVTmn0Infu1Dftr3iXyhoKMB8GA1UdIwQY
MBaAFAnFUkmIgYdlVvFuMj8co2myXtsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2NWU1NZaUJoMlZXOFc0eVB4eWphYkplMnd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jMzRjMzAtODFiNC00ZGJlLTgzZTgt
MTFmMzY1YTczNTJjLzEvcldaMEc1Vk9hZlFpZC03VU4tMnZlSmZLR2dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jMzRjMzAtODFiNC00ZGJlLTgzZTgtMTFmMzY1YTczNTJj
LzEvQ2NWU1NZaUJoMlZXOFc0eVB4eWphYkplMnd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRwMMA0G
CSqGSIb3DQEBCwUAA4IBAQBAysfaTZHG1C8t2kzpCmn7B7W1fkfLTKoNlLW/ge7v
0NVfSxN7SZGVlFOkQvDJ6eHHKf+uulUjoxoXcQ2Kb+HlpAZo5dNP2TFGUvpc7xmL
sJw2itjK9hbcqSsg3h+CfDY+bGCTnNJhzO/gk+sKNgLmdhbG0GczaIZ8D6K0A4F8
54cRaUkXCNBa/+AXjonj+ZaOrmoVstVrpISjYqPK2upAxmRjDTpuEamIReOZ8FgI
s1OzdEaN38rl51c63di3DfG7tMcyfoNjFGF3A5qoLRlhmYUExcedGmPjHbqx/NIl
UdG0qazqeTZzLMEbysRcH3qEDqZY9kTu/yElyE2J9eyL
-----END CERTIFICATE-----