Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tL1J0NtmUttz_rcwHxLnXK2PdPo.roa
File:                     tL1J0NtmUttz_rcwHxLnXK2PdPo.roa (raw, json)
Hash identifier:          PUWwC8StzaLGZf41J8Z9nZ+2ZJF8MbN2VoLzOJM1nEg=
Subject key identifier:   B4:BD:49:D0:DB:66:52:DB:73:FE:B7:30:1F:12:E7:5C:AD:8F:74:FA
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01977D1FFD547C08247E592B5F5551E7CE3B
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tL1J0NtmUttz_rcwHxLnXK2PdPo.roa
Signing time:             Tue 17 Jun 2025 09:02:17 +0000
ROA not before:           Tue 17 Jun 2025 09:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        193.168.203.0/24 maxlen: 24
                          207.244.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:1f:fd:54:7c:08:24:7e:59:2b:5f:55:51:e7:ce:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jun 17 09:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4bd49d0db6652db73feb7301f12e75cad8f74fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:16:9e:72:cf:c5:ac:f9:56:22:e1:63:ec:
                    f6:45:ca:94:8d:1d:c3:1b:35:70:f8:a9:ba:0e:4f:
                    87:56:18:44:a6:0d:9e:1c:fa:e8:81:88:5b:65:b1:
                    23:d7:ff:f7:b3:1f:45:8a:49:e3:4a:48:c8:23:46:
                    c3:b2:22:d6:83:51:30:be:9d:f2:8d:11:4f:8e:6d:
                    f7:9c:3a:15:c6:74:ee:c8:35:e2:f1:e7:83:24:73:
                    75:26:36:9d:ce:01:45:ca:cd:e4:48:52:b2:f3:16:
                    e1:50:86:c9:79:44:94:1d:7d:b6:69:29:c5:78:28:
                    2e:97:a9:24:75:09:df:05:22:0a:2d:b6:c8:00:bc:
                    7b:81:ba:64:ef:53:e5:dc:54:77:1e:c0:0f:c4:96:
                    f5:4c:aa:ea:8e:b6:7d:19:23:78:3d:83:84:a5:55:
                    c2:69:dd:91:d2:52:40:b2:7a:c8:03:0f:13:3c:eb:
                    83:09:89:a4:18:19:cf:4f:67:04:3d:96:55:0d:b1:
                    6d:ab:b4:9e:e6:e6:b5:f5:c6:21:3d:c3:de:62:f7:
                    91:f8:cb:b3:3f:20:1c:2c:8b:42:bb:03:de:3c:5a:
                    29:20:fc:cf:06:f4:dd:5a:ab:e8:91:b5:cb:10:c7:
                    29:6d:12:ae:dc:a3:ea:11:cd:ba:ce:e7:6d:27:9e:
                    2b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:BD:49:D0:DB:66:52:DB:73:FE:B7:30:1F:12:E7:5C:AD:8F:74:FA
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/tL1J0NtmUttz_rcwHxLnXK2PdPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.203.0/24
                  207.244.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:f3:04:dc:f8:8a:15:98:d9:39:6f:46:de:79:27:a6:56:25:
         c6:c7:8e:ed:c2:41:65:ba:80:0a:f4:d9:ec:1d:51:bf:8f:c1:
         77:5e:7d:52:8a:eb:83:60:dd:7f:b9:3f:e4:d8:ca:1a:2f:20:
         b4:56:be:3b:b9:9d:4d:82:ac:68:d3:c6:50:37:34:b3:d0:95:
         1c:55:03:1c:0b:d4:3e:23:68:a2:92:6c:a4:db:03:4c:99:de:
         4e:d2:2d:5e:f9:13:4a:be:24:f6:e5:54:15:b8:22:e9:4d:ef:
         25:ad:0f:03:0b:fc:4f:bf:39:eb:97:e5:33:b7:5e:dd:2c:ec:
         30:9f:70:63:82:87:32:20:80:70:27:b0:aa:bd:f7:fd:9b:f6:
         ab:ff:aa:29:0c:25:f3:58:50:aa:46:02:f7:d9:6e:42:56:07:
         f5:2a:41:15:9a:19:6f:9c:3e:54:be:93:b4:7a:8d:6e:53:c4:
         d3:cb:7e:49:67:a3:61:c6:e5:fc:26:6b:9b:a3:2a:d8:28:e9:
         75:52:7f:c6:bc:10:f2:11:70:0d:3f:0e:f2:5a:f4:99:d5:38:
         fd:a8:80:10:7f:f2:18:fc:82:97:6c:ff:63:26:0e:3f:8b:7f:
         0f:ab:bc:d0:fb:ea:e4:ca:cb:51:50:28:01:bf:4a:56:65:b9:
         42:f4:6f:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd9H/1UfAgkflkrX1VR5847MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNjE3MDkwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJkNDlkMGRiNjY1MmRiNzNmZWI3MzAxZjEyZTc1Y2FkOGY3NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvMWnnLPxaz5ViLhY+z2RcqUjR3D
GzVw+Km6Dk+HVhhEpg2eHProgYhbZbEj1//3sx9FiknjSkjII0bDsiLWg1Ewvp3y
jRFPjm33nDoVxnTuyDXi8eeDJHN1JjadzgFFys3kSFKy8xbhUIbJeUSUHX22aSnF
eCgul6kkdQnfBSIKLbbIALx7gbpk71Pl3FR3HsAPxJb1TKrqjrZ9GSN4PYOEpVXC
ad2R0lJAsnrIAw8TPOuDCYmkGBnPT2cEPZZVDbFtq7Se5ua19cYhPcPeYveR+Muz
PyAcLItCuwPePFopIPzPBvTdWqvokbXLEMcpbRKu3KPqEc26zudtJ54r2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLS9SdDbZlLbc/63MB8S51ytj3T6MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdEwxSjBOdG1VdHR6X3Jjd0h4TG5YSzJQZFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwajLAwQA
z/TRMA0GCSqGSIb3DQEBCwUAA4IBAQAh8wTc+IoVmNk5b0beeSemViXGx47twkFl
uoAK9NnsHVG/j8F3Xn1SiuuDYN1/uT/k2MoaLyC0Vr47uZ1Ngqxo08ZQNzSz0JUc
VQMcC9Q+I2iikmyk2wNMmd5O0i1e+RNKviT25VQVuCLpTe8lrQ8DC/xPvznrl+Uz
t17dLOwwn3BjgocyIIBwJ7Cqvff9m/ar/6opDCXzWFCqRgL32W5CVgf1KkEVmhlv
nD5UvpO0eo1uU8TTy35JZ6NhxuX8JmuboyrYKOl1Un/GvBDyEXANPw7yWvSZ1Tj9
qIAQf/IY/IKXbP9jJg4/i38Pq7zQ++rkystRUCgBv0pWZblC9G8T
-----END CERTIFICATE-----