Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K7Su5tLQd2NMZMj9NBaGujGCyFc.roa
File:                     K7Su5tLQd2NMZMj9NBaGujGCyFc.roa (raw, json)
Hash identifier:          mUfUc0m1Q5fvSqMO5jRLGU7xEPj6/17vBXx5MZ0j9fY=
Subject key identifier:   2B:B4:AE:E6:D2:D0:77:63:4C:64:C8:FD:34:16:86:BA:31:82:C8:57
Certificate issuer:       /CN=8d8740799c91c2630a8092178db824f3a889a75f
Certificate serial:       019425FC45D8832ED2D6290DC9CC8C07A8BA
Authority key identifier: 8D:87:40:79:9C:91:C2:63:0A:80:92:17:8D:B8:24:F3:A8:89:A7:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K7Su5tLQd2NMZMj9NBaGujGCyFc.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44453
IP address blocks:        144.208.0.0/19 maxlen: 32
                          144.208.128.0/22 maxlen: 32
                          144.208.132.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:45:d8:83:2e:d2:d6:29:0d:c9:cc:8c:07:a8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d8740799c91c2630a8092178db824f3a889a75f
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bb4aee6d2d077634c64c8fd341686ba3182c857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7e:d8:5e:01:27:fa:00:03:e5:b1:5a:ac:42:
                    10:0b:8f:a4:e3:90:6b:e0:5e:bb:2e:ac:21:6d:21:
                    a0:91:aa:b2:1f:01:f2:47:42:67:47:47:81:3d:7f:
                    34:63:02:28:c2:19:56:b1:82:f8:7d:8d:82:d8:3e:
                    8c:25:6f:51:c2:13:0b:14:ed:0e:5b:0f:65:b7:63:
                    ff:39:43:95:9e:b0:e3:c9:be:67:82:d4:33:54:e9:
                    73:12:e6:84:8b:ee:64:65:f3:cc:78:6b:83:1f:c2:
                    1f:e9:96:75:18:1f:58:83:d7:9a:ed:c4:7a:1b:00:
                    41:4e:8b:fa:6d:36:98:0c:b8:55:08:4b:c9:17:cd:
                    3d:37:e6:e4:d2:40:64:49:c7:7f:58:db:12:a4:2b:
                    b8:a5:a7:f3:fe:30:a8:5d:bb:d6:f2:70:f0:ca:5e:
                    03:96:e7:99:4e:f9:87:e6:09:ef:84:7e:73:bc:80:
                    d8:3f:46:6f:2a:bd:9d:58:6c:28:c5:29:24:05:4c:
                    51:30:d0:96:64:87:7a:1f:42:37:7c:65:8f:50:52:
                    ba:00:e6:11:05:cf:78:29:87:7b:aa:8f:e6:10:4e:
                    13:53:57:c1:ae:91:46:74:20:44:c2:c5:7f:88:c7:
                    e4:0a:82:e0:98:cc:bc:f2:40:8e:ed:36:b8:0c:b9:
                    a3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B4:AE:E6:D2:D0:77:63:4C:64:C8:FD:34:16:86:BA:31:82:C8:57
            X509v3 Authority Key Identifier:
                keyid:8D:87:40:79:9C:91:C2:63:0A:80:92:17:8D:B8:24:F3:A8:89:A7:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K7Su5tLQd2NMZMj9NBaGujGCyFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.208.0.0/19
                  144.208.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         44:dc:a3:5d:c0:fc:81:5a:a3:24:7c:43:9e:25:97:7c:2d:89:
         93:1d:4c:9b:e6:b7:eb:e2:ad:45:28:f9:aa:b3:7d:7d:8c:15:
         48:96:41:e6:04:ba:b3:f5:3f:54:29:1f:ab:b4:d0:55:19:ec:
         83:4a:97:55:8d:61:fa:fb:81:72:3e:21:a7:f4:e4:8c:0f:64:
         bf:6f:7b:7b:cb:41:fa:37:1e:28:cd:79:07:98:2a:28:05:e4:
         9b:70:26:24:3d:44:bc:bb:b4:6c:3a:8a:07:16:33:31:8a:f2:
         68:c5:50:4d:a5:2a:eb:c0:88:f4:cc:de:d7:60:49:a5:b6:9f:
         f2:87:81:d9:c5:9c:ab:53:15:ed:2e:a4:bd:91:72:46:db:93:
         f6:90:8a:e6:08:f1:d4:1c:f9:1d:90:e7:eb:b6:2a:80:44:05:
         97:f9:1d:4a:ae:77:5d:64:27:9d:03:01:14:b1:0d:58:30:a3:
         37:3c:40:aa:6d:9d:3f:42:34:ec:9b:23:73:0f:da:dc:d3:42:
         fd:8d:ad:e4:a1:66:4a:36:88:8e:75:5c:4c:15:0c:2b:89:d8:
         3d:28:5f:4a:e8:27:f6:19:e9:3b:d1:fa:7b:70:a3:b9:27:dd:
         b4:91:49:69:33:1d:17:35:af:73:de:d8:83:34:55:d3:52:bc:
         3a:11:19:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/EXYgy7S1ikNycyMB6i6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODc0MDc5OWM5MWMyNjMwYTgwOTIxNzhkYjgyNGYzYTg4
OWE3NWYwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI0YWVlNmQyZDA3NzYzNGM2NGM4ZmQzNDE2ODZiYTMxODJjODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm37YXgEn+gAD5bFarEIQC4+k45Br
4F67LqwhbSGgkaqyHwHyR0JnR0eBPX80YwIowhlWsYL4fY2C2D6MJW9RwhMLFO0O
Ww9lt2P/OUOVnrDjyb5ngtQzVOlzEuaEi+5kZfPMeGuDH8If6ZZ1GB9Yg9ea7cR6
GwBBTov6bTaYDLhVCEvJF809N+bk0kBkScd/WNsSpCu4pafz/jCoXbvW8nDwyl4D
lueZTvmH5gnvhH5zvIDYP0ZvKr2dWGwoxSkkBUxRMNCWZId6H0I3fGWPUFK6AOYR
Bc94KYd7qo/mEE4TU1fBrpFGdCBEwsV/iMfkCoLgmMy88kCO7Ta4DLmjRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCu0rubS0HdjTGTI/TQWhroxgshXMB8GA1UdIwQY
MBaAFI2HQHmckcJjCoCSF424JPOoiadfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallkQWVaeVJ3bU1LZ0pJWGpiZ2s4NmlKcDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy81YjdjOTQtYTYwZC00Mzk5LTk4Mjkt
NTJiODE2NjgyOWQ3LzEvSzdTdTV0TFFkMk5NWk1qOU5CYUd1akdDeUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy81YjdjOTQtYTYwZC00Mzk5LTk4MjktNTJiODE2NjgyOWQ3
LzEvallkQWVaeVJ3bU1LZ0pJWGpiZ2s4NmlKcDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFkNAAAwQD
kNCAMA0GCSqGSIb3DQEBCwUAA4IBAQBE3KNdwPyBWqMkfEOeJZd8LYmTHUyb5rfr
4q1FKPmqs319jBVIlkHmBLqz9T9UKR+rtNBVGeyDSpdVjWH6+4FyPiGn9OSMD2S/
b3t7y0H6Nx4ozXkHmCooBeSbcCYkPUS8u7RsOooHFjMxivJoxVBNpSrrwIj0zN7X
YEmltp/yh4HZxZyrUxXtLqS9kXJG25P2kIrmCPHUHPkdkOfrtiqARAWX+R1Krndd
ZCedAwEUsQ1YMKM3PECqbZ0/QjTsmyNzD9rc00L9ja3koWZKNoiOdVxMFQwridg9
KF9K6Cf2Gek70fp7cKO5J920kUlpMx0XNa9z3tiDNFXTUrw6ERnS
-----END CERTIFICATE-----