Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/rTBtx-Bmu2ZOtpRDtfhvIKyTitM.roa
File:                     rTBtx-Bmu2ZOtpRDtfhvIKyTitM.roa (raw, json)
Hash identifier:          Iq0BbV7w2uJ4gdlJ4bQ6gjr/K/TFORb3rq+dn6mMlZs=
Subject key identifier:   AD:30:6D:C7:E0:66:BB:66:4E:B6:94:43:B5:F8:6F:20:AC:93:8A:D3
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       0192BEA8F5F3ED8E4ABC936C9E1AAAEE1A37
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/rTBtx-Bmu2ZOtpRDtfhvIKyTitM.roa
Signing time:             Thu 24 Oct 2024 13:13:17 +0000
ROA not before:           Thu 24 Oct 2024 13:13:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200922
IP address blocks:        195.49.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:a8:f5:f3:ed:8e:4a:bc:93:6c:9e:1a:aa:ee:1a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Oct 24 13:13:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad306dc7e066bb664eb69443b5f86f20ac938ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:db:cf:7e:8c:07:59:6c:a8:5e:f7:b6:ad:
                    57:aa:be:7e:54:64:76:6a:19:cc:51:b3:66:ca:06:
                    18:ff:5c:86:71:26:4f:8f:b6:1c:8e:09:37:b8:67:
                    93:0f:03:85:14:1b:45:fa:50:16:c5:0e:be:cf:ab:
                    c7:9b:69:29:aa:cb:14:72:73:1d:f6:34:7a:74:66:
                    ba:37:7a:2d:24:7e:04:25:87:39:c4:88:1c:e0:16:
                    7e:76:22:8a:55:92:b1:e5:b9:ac:b4:44:79:b3:c0:
                    bb:9d:cb:e3:c6:9c:e0:d3:bd:77:4f:d6:66:b1:85:
                    5f:96:2e:25:d6:43:9a:d7:88:d8:c9:7f:2a:89:f1:
                    d3:7e:46:76:02:c3:bc:e9:08:57:e5:54:fe:a4:28:
                    c6:be:13:0b:99:6a:7b:61:5b:08:ca:d8:92:a0:c3:
                    03:bf:7e:1e:87:96:63:92:52:d0:93:42:28:56:5a:
                    8f:b4:d0:5f:ae:70:0a:8d:b1:14:11:ea:aa:57:30:
                    5b:44:6d:0b:f1:3f:e2:c4:fb:c7:d1:74:b4:1a:92:
                    23:01:e0:65:a0:ec:75:5e:43:92:de:97:24:e5:76:
                    ca:17:bd:92:d3:0e:25:d0:f2:62:7c:12:1a:c3:15:
                    5a:ba:ec:28:72:5e:d4:e8:27:1c:55:a5:bd:d0:9a:
                    1b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:30:6D:C7:E0:66:BB:66:4E:B6:94:43:B5:F8:6F:20:AC:93:8A:D3
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/rTBtx-Bmu2ZOtpRDtfhvIKyTitM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a7:ed:87:31:ef:00:d4:e6:53:05:51:21:91:63:58:9b:f7:
         fd:d5:8a:ed:8d:bf:52:85:9e:88:e7:b1:6b:b0:36:34:c0:80:
         73:11:dc:81:45:17:9c:7e:4f:5c:53:1b:23:7a:df:41:fe:33:
         af:06:2d:b6:2b:01:e7:06:6a:03:fe:30:d6:27:7f:2d:6e:19:
         d7:b3:21:9b:87:d1:9c:ae:72:43:93:9b:3c:a7:9a:9e:d8:4e:
         a0:33:be:1b:4b:f1:87:07:a1:ae:b4:33:88:b0:12:fb:f6:45:
         5b:06:dd:d0:e3:05:25:38:48:2e:35:ce:0e:b7:04:92:9a:cf:
         2e:8c:97:29:e8:e7:4e:a2:4d:7c:70:bb:4b:a5:ef:2c:ce:16:
         21:9e:ac:1d:83:c1:7f:67:07:4b:a1:b5:e3:db:ef:9f:26:4d:
         a7:43:80:59:85:2c:8d:30:b5:54:ca:3c:8f:81:f9:24:46:ba:
         ac:3e:3d:d7:87:04:86:fd:23:21:b9:81:4b:84:eb:d6:23:a0:
         71:5c:96:71:40:ae:fe:7f:ef:d5:67:4e:84:d9:2f:7a:d1:30:
         14:28:f9:9e:94:f3:c4:31:d3:c0:70:1e:5c:82:a7:8b:af:e9:
         c1:eb:da:5a:d7:43:15:df:6c:64:d7:2a:9f:e2:e2:75:72:a0:
         11:4a:16:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK+qPXz7Y5KvJNsnhqq7ho3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQxMDI0MTMxMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDMwNmRjN2UwNjZiYjY2NGViNjk0NDNiNWY4NmYyMGFjOTM4YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7rbz36MB1lsqF73tq1Xqr5+VGR2
ahnMUbNmygYY/1yGcSZPj7Ycjgk3uGeTDwOFFBtF+lAWxQ6+z6vHm2kpqssUcnMd
9jR6dGa6N3otJH4EJYc5xIgc4BZ+diKKVZKx5bmstER5s8C7ncvjxpzg0713T9Zm
sYVfli4l1kOa14jYyX8qifHTfkZ2AsO86QhX5VT+pCjGvhMLmWp7YVsIytiSoMMD
v34eh5ZjklLQk0IoVlqPtNBfrnAKjbEUEeqqVzBbRG0L8T/ixPvH0XS0GpIjAeBl
oOx1XkOS3pck5XbKF72S0w4l0PJifBIawxVauuwocl7U6CccVaW90Job6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0wbcfgZrtmTraUQ7X4byCsk4rTMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvclRCdHgtQm11MlpPdHBSRHRmaHZJS3lUaXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzHMMA0G
CSqGSIb3DQEBCwUAA4IBAQCUp+2HMe8A1OZTBVEhkWNYm/f91Yrtjb9ShZ6I57Fr
sDY0wIBzEdyBRRecfk9cUxsjet9B/jOvBi22KwHnBmoD/jDWJ38tbhnXsyGbh9Gc
rnJDk5s8p5qe2E6gM74bS/GHB6GutDOIsBL79kVbBt3Q4wUlOEguNc4OtwSSms8u
jJcp6OdOok18cLtLpe8szhYhnqwdg8F/ZwdLobXj2++fJk2nQ4BZhSyNMLVUyjyP
gfkkRrqsPj3XhwSG/SMhuYFLhOvWI6BxXJZxQK7+f+/VZ06E2S960TAUKPmelPPE
MdPAcB5cgqeLr+nB69pa10MV32xk1yqf4uJ1cqARShZ/
-----END CERTIFICATE-----