Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/9BUOtYErHOT5nI5nnBmuo2Xdhug.roa
File:                     9BUOtYErHOT5nI5nnBmuo2Xdhug.roa (raw, json)
Hash identifier:          Rs1YqGK7wrwo+RArMme5ww//40nOwuUee+FJ/tQiW00=
Subject key identifier:   F4:15:0E:B5:81:2B:1C:E4:F9:9C:8E:67:9C:19:AE:A3:65:DD:86:E8
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B679F06B2E133CBEBB8F54A170220E
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/9BUOtYErHOT5nI5nnBmuo2Xdhug.roa
Signing time:             Thu 02 Jan 2025 15:50:57 +0000
ROA not before:           Thu 02 Jan 2025 15:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35533
IP address blocks:        193.138.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:79:f0:6b:2e:13:3c:be:bb:8f:54:a1:70:22:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4150eb5812b1ce4f99c8e679c19aea365dd86e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:70:e7:3c:d4:3e:7d:c2:31:cc:c9:81:d5:6f:
                    5f:1f:69:92:f4:f7:97:8a:38:6e:fa:e3:02:d3:93:
                    d4:a9:77:13:26:9a:e0:82:3e:13:78:1e:cd:0a:ff:
                    56:8c:b9:2c:2a:1f:2e:3d:ec:94:c6:94:af:b2:17:
                    c8:b1:08:51:5c:4b:31:c8:65:09:9c:c3:d7:78:8d:
                    2b:b6:67:bb:08:4f:45:e3:24:cc:80:15:9e:0f:0a:
                    da:05:e6:42:80:af:32:b9:8f:93:c0:b8:51:9c:a1:
                    73:cb:d2:07:22:13:07:e7:6d:39:03:1a:4c:11:1b:
                    19:2d:e9:90:15:57:20:c5:c5:1c:c3:89:37:a5:46:
                    f0:28:c5:cb:8b:3f:86:6b:63:e9:6d:66:ee:59:96:
                    88:37:9d:17:71:3b:d3:79:4b:a5:45:f3:4f:9d:a4:
                    4e:3f:51:fc:e3:2b:7f:dc:de:e2:8b:9a:2d:46:b8:
                    1c:4e:bc:c7:3c:6b:0e:51:26:7a:93:e3:63:ad:a5:
                    41:aa:7e:12:8a:8f:af:24:b9:4c:2a:e3:a3:4a:20:
                    8f:67:f0:c1:25:63:84:50:09:bb:42:af:e6:8f:e5:
                    04:d6:d7:2f:2d:60:bf:1c:e4:c0:d4:c8:d4:b0:cc:
                    da:a2:4d:60:00:86:c2:46:9b:ec:63:8f:45:9f:f0:
                    8e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:15:0E:B5:81:2B:1C:E4:F9:9C:8E:67:9C:19:AE:A3:65:DD:86:E8
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/9BUOtYErHOT5nI5nnBmuo2Xdhug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:76:57:75:6a:5e:c9:31:b1:cb:a5:ea:f9:05:d0:bd:b4:6d:
         b2:05:9e:d6:2a:a8:3f:7f:21:9d:41:de:14:cc:a5:75:5b:99:
         2a:ff:47:d9:35:fe:a9:3c:a9:7b:fe:5f:13:93:d6:c4:ea:4b:
         00:ac:2d:ae:29:a5:c7:68:0a:fa:1c:5d:b7:e7:dc:6a:90:47:
         4e:50:e2:2c:6e:38:00:6b:fe:1a:e3:81:37:eb:f4:b6:cd:25:
         54:4e:ed:6a:c7:3f:52:30:2f:f1:15:98:ce:31:37:0d:35:9e:
         c2:df:6b:45:2e:02:3d:93:44:21:32:22:7b:5f:d1:50:67:ae:
         e4:e1:8a:c9:cf:bf:f5:1b:74:77:5e:11:37:82:0b:f8:ac:fc:
         80:f9:d5:85:3d:f7:a0:8b:10:f6:3e:a8:8e:78:3b:16:69:b6:
         c7:80:0e:ab:e1:c0:f2:43:37:c4:a2:22:85:ef:4b:a2:0f:ca:
         9d:8a:88:1e:43:6f:49:18:fb:08:13:78:02:bb:02:77:69:66:
         d3:f6:cb:28:bb:b5:6d:41:23:fc:98:d5:35:e2:41:02:11:e8:
         28:79:8e:e1:44:6b:12:d2:32:b7:c6:a9:b2:b5:59:d8:95:de:
         2d:52:ff:bb:6f:3a:3e:a8:d6:d1:2a:e7:50:c4:61:6f:50:ed:
         a7:be:c7:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntnnway4TPL67j1ShcCIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE1MGViNTgxMmIxY2U0Zjk5YzhlNjc5YzE5YWVhMzY1ZGQ4NmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHDnPNQ+fcIxzMmB1W9fH2mS9PeX
ijhu+uMC05PUqXcTJprggj4TeB7NCv9WjLksKh8uPeyUxpSvshfIsQhRXEsxyGUJ
nMPXeI0rtme7CE9F4yTMgBWeDwraBeZCgK8yuY+TwLhRnKFzy9IHIhMH5205AxpM
ERsZLemQFVcgxcUcw4k3pUbwKMXLiz+Ga2PpbWbuWZaIN50XcTvTeUulRfNPnaRO
P1H84yt/3N7ii5otRrgcTrzHPGsOUSZ6k+NjraVBqn4Sio+vJLlMKuOjSiCPZ/DB
JWOEUAm7Qq/mj+UE1tcvLWC/HOTA1MjUsMzaok1gAIbCRpvsY49Fn/COwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQVDrWBKxzk+ZyOZ5wZrqNl3YboMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvOUJVT3RZRXJIT1Q1bkk1bm5CbXVvMlhkaHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpUMA0G
CSqGSIb3DQEBCwUAA4IBAQBadld1al7JMbHLper5BdC9tG2yBZ7WKqg/fyGdQd4U
zKV1W5kq/0fZNf6pPKl7/l8Tk9bE6ksArC2uKaXHaAr6HF2359xqkEdOUOIsbjgA
a/4a44E36/S2zSVUTu1qxz9SMC/xFZjOMTcNNZ7C32tFLgI9k0QhMiJ7X9FQZ67k
4YrJz7/1G3R3XhE3ggv4rPyA+dWFPfegixD2PqiOeDsWabbHgA6r4cDyQzfEoiKF
70uiD8qdiogeQ29JGPsIE3gCuwJ3aWbT9ssou7VtQSP8mNU14kECEegoeY7hRGsS
0jK3xqmytVnYld4tUv+7bzo+qNbRKudQxGFvUO2nvscu
-----END CERTIFICATE-----