Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/DrV2xA7Yd-hZFiq3pO9rygl2qg0.roa
File:                     DrV2xA7Yd-hZFiq3pO9rygl2qg0.roa (raw, json)
Hash identifier:          TVf6eSJU2syGlD0lzcyv3W0pP95vSrCKIhPdX0AUyh0=
Subject key identifier:   0E:B5:76:C4:0E:D8:77:E8:59:16:2A:B7:A4:EF:6B:CA:09:76:AA:0D
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA74D4A7B5E5E5434E704967B1C97
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/DrV2xA7Yd-hZFiq3pO9rygl2qg0.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20946
IP address blocks:        178.170.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a7:4d:4a:7b:5e:5e:54:34:e7:04:96:7b:1c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0eb576c40ed877e859162ab7a4ef6bca0976aa0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a1:5b:22:46:86:9d:da:94:3e:76:7f:6a:7d:
                    80:65:0f:bb:c7:70:1e:7c:95:bd:cf:47:f5:4a:03:
                    8c:75:2f:40:02:14:99:a6:8a:8f:1b:84:74:c8:d1:
                    01:61:b9:78:cf:f7:c4:64:4a:ed:01:2e:f2:b9:dd:
                    30:8c:9f:0c:8b:7d:eb:0c:cf:91:f7:91:37:53:c9:
                    78:97:62:1e:17:50:4d:22:f5:ac:b5:1e:6a:48:9c:
                    fb:82:09:11:a3:bd:92:b4:c4:0d:03:40:f4:1e:1e:
                    d8:58:98:4e:d7:fd:4e:11:e2:75:0d:8d:9a:3c:40:
                    f7:91:97:c2:45:eb:05:b5:1b:6c:7b:4c:2a:5d:d2:
                    84:eb:96:c9:8e:6b:38:b7:fd:e0:27:52:07:17:4f:
                    81:9c:82:c1:4f:b9:d8:cc:31:c4:81:60:f0:79:6b:
                    79:c1:9d:6d:fb:a2:ac:59:7f:5e:c9:18:df:03:01:
                    fc:72:32:6d:d4:07:c3:49:5c:53:19:87:37:c9:ea:
                    25:eb:e2:6e:2f:f6:f8:cb:f8:1c:83:ab:88:80:3d:
                    91:00:91:a9:d2:3f:f7:02:a5:eb:92:0b:1f:f6:72:
                    ac:a5:91:2b:da:df:8e:77:08:63:a8:ca:77:b6:8e:
                    76:d9:af:37:be:67:73:31:a2:15:a7:8b:df:71:37:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B5:76:C4:0E:D8:77:E8:59:16:2A:B7:A4:EF:6B:CA:09:76:AA:0D
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/DrV2xA7Yd-hZFiq3pO9rygl2qg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:24:4f:05:cc:bd:8a:b2:bf:fd:a3:b3:8a:e6:e3:d6:33:f1:
         df:a2:03:fe:86:4f:30:7e:18:d6:02:64:7b:d5:9c:b0:7d:47:
         64:93:0b:42:6e:7b:12:c7:63:20:ec:d7:5c:99:16:02:8f:d4:
         f7:1b:b1:4f:bf:d3:b1:01:a9:a8:58:a8:d5:07:e6:cd:61:cb:
         06:88:3d:83:3d:64:43:09:91:b6:b5:b1:40:47:e1:5c:fa:67:
         00:84:39:7b:5f:45:26:b4:2d:42:99:f1:67:17:1b:e6:c2:a4:
         96:76:ac:45:40:fa:4d:d4:45:0d:15:c9:c2:a9:7f:68:e4:79:
         77:29:df:82:65:b2:80:ca:61:39:39:dd:04:f7:b1:b2:90:e3:
         9e:16:da:cb:49:47:29:37:46:07:34:84:71:6b:ca:74:e8:cf:
         6a:b2:7b:40:ac:73:cd:a3:74:8a:d6:c1:37:5b:d4:7a:94:a3:
         74:77:9a:50:90:8c:cb:99:26:c3:2d:da:d4:40:83:d9:8d:d3:
         c7:44:23:99:49:7d:8b:c3:9e:88:30:1e:97:ee:90:6d:1e:27:
         9a:47:db:e3:9d:96:5e:b0:8d:99:2c:2f:61:56:7e:cd:0e:2b:
         38:79:e0:df:0d:b8:66:f6:18:fd:f8:87:95:01:80:51:03:98:
         82:4d:07:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijadNSnteXlQ05wSWexyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWI1NzZjNDBlZDg3N2U4NTkxNjJhYjdhNGVmNmJjYTA5NzZhYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qFbIkaGndqUPnZ/an2AZQ+7x3Ae
fJW9z0f1SgOMdS9AAhSZpoqPG4R0yNEBYbl4z/fEZErtAS7yud0wjJ8Mi33rDM+R
95E3U8l4l2IeF1BNIvWstR5qSJz7ggkRo72StMQNA0D0Hh7YWJhO1/1OEeJ1DY2a
PED3kZfCResFtRtse0wqXdKE65bJjms4t/3gJ1IHF0+BnILBT7nYzDHEgWDweWt5
wZ1t+6KsWX9eyRjfAwH8cjJt1AfDSVxTGYc3yeol6+JuL/b4y/gcg6uIgD2RAJGp
0j/3AqXrkgsf9nKspZEr2t+OdwhjqMp3to522a83vmdzMaIVp4vfcTfbAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA61dsQO2HfoWRYqt6Tva8oJdqoNMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvRHJWMnhBN1lkLWhaRmlxM3BPOXJ5Z2wycWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrlMA0G
CSqGSIb3DQEBCwUAA4IBAQAiJE8FzL2Ksr/9o7OK5uPWM/HfogP+hk8wfhjWAmR7
1ZywfUdkkwtCbnsSx2Mg7NdcmRYCj9T3G7FPv9OxAamoWKjVB+bNYcsGiD2DPWRD
CZG2tbFAR+Fc+mcAhDl7X0UmtC1CmfFnFxvmwqSWdqxFQPpN1EUNFcnCqX9o5Hl3
Kd+CZbKAymE5Od0E97GykOOeFtrLSUcpN0YHNIRxa8p06M9qsntArHPNo3SK1sE3
W9R6lKN0d5pQkIzLmSbDLdrUQIPZjdPHRCOZSX2Lw56IMB6X7pBtHieaR9vjnZZe
sI2ZLC9hVn7NDis4eeDfDbhm9hj9+IeVAYBRA5iCTQfw
-----END CERTIFICATE-----