Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/2FAwhQu6ok9bOg22C73ws6AzeTA.roa
File:                     2FAwhQu6ok9bOg22C73ws6AzeTA.roa (raw, json)
Hash identifier:          NjIG5kr55nDYslaJlr/UrfkcBYGbRIfRwF+wfXlzJDo=
Subject key identifier:   D8:50:30:85:0B:BA:A2:4F:5B:3A:0D:B6:0B:BD:F0:B3:A0:33:79:30
Certificate issuer:       /CN=4b23b06d60ec3e76b4920b2b64141fa3af6e5fbb
Certificate serial:       019420D665FD512C8FACF2BEFB97FBAAAF6F
Authority key identifier: 4B:23:B0:6D:60:EC:3E:76:B4:92:0B:2B:64:14:1F:A3:AF:6E:5F:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyOwbWDsPna0kgsrZBQfo69uX7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/2FAwhQu6ok9bOg22C73ws6AzeTA.roa
Signing time:             Wed 01 Jan 2025 07:48:29 +0000
ROA not before:           Wed 01 Jan 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21495
IP address blocks:        195.242.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/SyOwbWDsPna0kgsrZBQfo69uX7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/SyOwbWDsPna0kgsrZBQfo69uX7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SyOwbWDsPna0kgsrZBQfo69uX7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:65:fd:51:2c:8f:ac:f2:be:fb:97:fb:aa:af:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b23b06d60ec3e76b4920b2b64141fa3af6e5fbb
        Validity
            Not Before: Jan  1 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d85030850bbaa24f5b3a0db60bbdf0b3a0337930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:15:10:0d:22:5e:9e:2a:e8:34:1e:b1:10:37:
                    f9:1d:95:fb:4b:e4:79:31:bb:77:b2:c7:52:ee:92:
                    57:3b:96:24:c9:fa:9f:3e:80:e0:01:01:d6:42:cb:
                    65:c2:64:a0:02:d6:5d:35:bb:59:2b:2c:c0:13:56:
                    67:0b:94:c5:b8:eb:9c:92:46:24:aa:da:d8:ad:df:
                    e5:f2:8b:f0:02:24:85:28:6e:a4:56:df:3a:17:04:
                    57:53:31:90:58:e4:c8:9f:b4:13:62:a7:8d:3c:e2:
                    51:a7:6e:28:31:19:4a:cd:0c:21:80:21:5a:dd:71:
                    3c:0e:bf:1b:5a:75:63:c9:30:61:e4:40:4f:ec:ad:
                    9e:83:c1:57:43:88:4d:74:c0:58:50:41:34:8d:d7:
                    69:b4:c1:d1:4c:57:3d:dd:6d:06:6d:b0:c5:fe:d7:
                    78:7c:e8:cb:6e:e6:ba:b1:90:8b:52:3d:08:bc:8a:
                    68:61:af:62:2e:01:8e:c4:6d:63:30:43:9b:32:6e:
                    53:c0:95:6c:bc:86:5f:55:50:b2:be:38:84:72:16:
                    30:91:6d:ff:48:05:9c:58:a8:b9:ce:e8:f2:19:73:
                    aa:d9:da:12:95:02:1a:cd:2e:ed:77:5d:d7:df:95:
                    24:53:4c:b5:b8:07:8a:c6:f2:b9:71:a8:e1:cc:2b:
                    3d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:50:30:85:0B:BA:A2:4F:5B:3A:0D:B6:0B:BD:F0:B3:A0:33:79:30
            X509v3 Authority Key Identifier:
                keyid:4B:23:B0:6D:60:EC:3E:76:B4:92:0B:2B:64:14:1F:A3:AF:6E:5F:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyOwbWDsPna0kgsrZBQfo69uX7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/2FAwhQu6ok9bOg22C73ws6AzeTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/5aacf3-bbc9-43c4-86f0-54f6e52f547b/1/SyOwbWDsPna0kgsrZBQfo69uX7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:9f:96:88:cb:77:14:4f:c8:a1:f2:34:f3:85:ec:8d:d0:81:
         42:d1:3c:d6:61:22:7f:ae:19:9c:ca:44:d5:3a:99:2e:b3:2d:
         bb:74:ca:be:ce:67:72:bb:4c:e8:99:f4:62:7f:e0:9d:1d:cc:
         57:cb:4c:4c:5e:ef:ca:0b:70:9a:cf:c8:30:0b:2f:aa:aa:19:
         9a:96:d3:fa:08:a9:b5:84:4b:62:5e:08:bc:11:78:77:0f:b8:
         5a:1a:1e:c6:32:f8:26:0b:b1:91:b4:6a:4d:5a:24:ec:3a:f7:
         85:0a:44:31:1e:82:b9:7c:9a:91:8a:a9:84:ad:ca:d7:33:d6:
         61:93:5a:c0:c7:41:72:f9:3f:0e:b5:0a:54:45:85:d0:88:2a:
         5b:24:e2:94:ef:88:5e:b6:64:c5:1a:9b:c9:da:0a:82:0c:96:
         0b:1c:ea:31:30:f0:40:29:32:02:22:66:87:12:c4:3a:17:e3:
         46:24:be:b2:c9:9f:ab:c6:e2:89:6f:ba:16:ba:cb:ab:6e:e7:
         43:10:aa:0b:05:4e:e2:90:03:55:e1:23:67:55:16:c6:e8:48:
         06:da:4d:89:48:36:ea:c3:03:d1:01:a9:90:61:55:a5:a9:fa:
         87:b4:53:ae:ff:58:7d:a1:e9:c4:9f:a9:af:09:04:65:9e:82:
         ec:9d:58:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mX9USyPrPK++5f7qq9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMjNiMDZkNjBlYzNlNzZiNDkyMGIyYjY0MTQxZmEzYWY2
ZTVmYmIwHhcNMjUwMTAxMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODUwMzA4NTBiYmFhMjRmNWIzYTBkYjYwYmJkZjBiM2EwMzM3OTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRUQDSJeniroNB6xEDf5HZX7S+R5
Mbt3ssdS7pJXO5YkyfqfPoDgAQHWQstlwmSgAtZdNbtZKyzAE1ZnC5TFuOuckkYk
qtrYrd/l8ovwAiSFKG6kVt86FwRXUzGQWOTIn7QTYqeNPOJRp24oMRlKzQwhgCFa
3XE8Dr8bWnVjyTBh5EBP7K2eg8FXQ4hNdMBYUEE0jddptMHRTFc93W0GbbDF/td4
fOjLbua6sZCLUj0IvIpoYa9iLgGOxG1jMEObMm5TwJVsvIZfVVCyvjiEchYwkW3/
SAWcWKi5zujyGXOq2doSlQIazS7td13X35UkU0y1uAeKxvK5cajhzCs9DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhQMIULuqJPWzoNtgu98LOgM3kwMB8GA1UdIwQY
MBaAFEsjsG1g7D52tJILK2QUH6Ovbl+7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3lPd2JXRHNQbmEwa2dzclpCUWZvNjl1WDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS81YWFjZjMtYmJjOS00M2M0LTg2ZjAt
NTRmNmU1MmY1NDdiLzEvMkZBd2hRdTZvazliT2cyMkM3M3dzNkF6ZVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS81YWFjZjMtYmJjOS00M2M0LTg2ZjAtNTRmNmU1MmY1NDdi
LzEvU3lPd2JXRHNQbmEwa2dzclpCUWZvNjl1WDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/K3MA0G
CSqGSIb3DQEBCwUAA4IBAQBEn5aIy3cUT8ih8jTzheyN0IFC0TzWYSJ/rhmcykTV
Opkusy27dMq+zmdyu0zomfRif+CdHcxXy0xMXu/KC3Caz8gwCy+qqhmaltP6CKm1
hEtiXgi8EXh3D7haGh7GMvgmC7GRtGpNWiTsOveFCkQxHoK5fJqRiqmErcrXM9Zh
k1rAx0Fy+T8OtQpURYXQiCpbJOKU74hetmTFGpvJ2gqCDJYLHOoxMPBAKTICImaH
EsQ6F+NGJL6yyZ+rxuKJb7oWusurbudDEKoLBU7ikANV4SNnVRbG6EgG2k2JSDbq
wwPRAamQYVWlqfqHtFOu/1h9oenEn6mvCQRlnoLsnVhN
-----END CERTIFICATE-----