Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/2CoStS1PhVOk0Xe0b76gr5yU3sM.roa
File:                     2CoStS1PhVOk0Xe0b76gr5yU3sM.roa (raw, json)
Hash identifier:          kaUq6JiT8bLQt6omc8n9uCI1T0SxY0tZ3BmNCenDeRM=
Subject key identifier:   D8:2A:12:B5:2D:4F:85:53:A4:D1:77:B4:6F:BE:A0:AF:9C:94:DE:C3
Certificate issuer:       /CN=881e31993fa8587568b3fcde5b7fee96db43a9b7
Certificate serial:       01967C1E6ABCC4D66F0F1B61C1C1679B91EF
Authority key identifier: 88:1E:31:99:3F:A8:58:75:68:B3:FC:DE:5B:7F:EE:96:DB:43:A9:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iB4xmT-oWHVos_zeW3_ulttDqbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/2CoStS1PhVOk0Xe0b76gr5yU3sM.roa
Signing time:             Mon 28 Apr 2025 11:18:10 +0000
ROA not before:           Mon 28 Apr 2025 11:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49051
IP address blocks:        94.143.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/iB4xmT-oWHVos_zeW3_ulttDqbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/iB4xmT-oWHVos_zeW3_ulttDqbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iB4xmT-oWHVos_zeW3_ulttDqbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:1e:6a:bc:c4:d6:6f:0f:1b:61:c1:c1:67:9b:91:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=881e31993fa8587568b3fcde5b7fee96db43a9b7
        Validity
            Not Before: Apr 28 11:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d82a12b52d4f8553a4d177b46fbea0af9c94dec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0b:c4:f3:e0:fc:0f:89:82:a3:7f:66:f1:31:
                    67:d0:3b:f5:6c:c2:70:96:41:42:ed:06:62:3b:55:
                    98:2a:1d:a1:bc:fd:34:12:53:4f:61:53:6e:4c:83:
                    e2:da:e4:37:12:67:37:14:fa:a9:56:7d:e8:69:cb:
                    6d:b9:28:e1:e3:0d:98:55:66:d7:b6:a8:bd:31:98:
                    4c:cc:b2:22:c1:8d:28:41:6c:89:90:56:a4:79:26:
                    52:9e:16:65:45:4e:8d:93:40:3d:22:51:ed:88:d2:
                    f8:70:26:0e:37:f2:dc:5a:2d:77:f9:2b:23:3d:75:
                    63:23:5f:94:eb:5a:45:cf:46:06:af:fe:f9:d5:1d:
                    cb:bd:e2:28:0c:a9:63:1d:15:84:21:c3:50:44:c7:
                    9b:b8:48:26:09:bb:42:03:a1:a4:3f:c4:ab:0f:0d:
                    88:1d:78:fa:b8:dd:d9:cf:26:f5:8b:83:d2:e9:55:
                    79:f3:b6:1b:b1:bb:8c:c3:37:70:c0:a5:32:fc:d1:
                    b5:c8:c4:df:d7:27:73:9c:77:7b:cb:7b:93:3c:57:
                    f3:9b:a2:d2:c8:16:37:ff:e2:c6:ec:c8:70:ab:9c:
                    32:cb:81:18:d3:4e:5e:89:29:b0:64:7a:24:f0:1e:
                    72:85:86:f1:ef:e7:49:67:30:a1:e3:5b:e9:47:63:
                    20:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2A:12:B5:2D:4F:85:53:A4:D1:77:B4:6F:BE:A0:AF:9C:94:DE:C3
            X509v3 Authority Key Identifier:
                keyid:88:1E:31:99:3F:A8:58:75:68:B3:FC:DE:5B:7F:EE:96:DB:43:A9:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iB4xmT-oWHVos_zeW3_ulttDqbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/2CoStS1PhVOk0Xe0b76gr5yU3sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/607766-8e57-451a-8b3f-5138f342e9f5/1/iB4xmT-oWHVos_zeW3_ulttDqbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4d:54:e2:7f:d0:d1:74:9c:76:ec:b8:12:b7:64:e7:16:0f:
         07:1f:7e:6e:7f:e0:04:1b:34:e3:12:93:cd:97:1f:16:7a:29:
         ec:51:fc:59:bb:68:c1:0e:ed:ca:33:0e:82:0f:cd:92:2a:48:
         5a:f9:f1:11:09:bb:29:d6:43:d9:60:75:03:ed:74:22:17:77:
         00:74:f8:b9:49:5d:1b:93:92:a7:db:8e:0f:84:99:6a:37:db:
         41:41:a0:78:5a:91:5e:7b:48:df:45:2b:fe:f5:c4:40:bc:cb:
         3d:d5:a2:b3:22:d2:c5:82:4f:d8:61:6b:70:74:d4:e0:34:d9:
         5a:4f:ae:fc:5b:25:5b:87:9d:b3:6d:7f:76:76:1d:7b:67:77:
         6f:2b:4f:1f:39:0d:0c:55:c4:7f:40:7b:fd:5e:24:5d:a6:70:
         7e:2e:28:ff:dd:29:04:a4:8b:51:20:5b:cf:d8:d6:bd:cb:5d:
         ea:7e:db:76:ee:64:34:d3:b2:db:08:b8:14:6c:27:3d:48:23:
         e6:fa:d3:6d:be:e9:03:28:96:65:7c:ba:cc:18:7b:37:d2:3b:
         89:f0:bb:fa:17:16:a1:7f:d3:e8:e6:5a:a9:35:13:91:27:31:
         f6:1c:4c:b1:38:29:c5:8e:b0:c7:51:fe:87:e8:ab:a7:7c:88:
         6d:0d:ab:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8Hmq8xNZvDxthwcFnm5HvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MWUzMTk5M2ZhODU4NzU2OGIzZmNkZTViN2ZlZTk2ZGI0
M2E5YjcwHhcNMjUwNDI4MTExODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJhMTJiNTJkNGY4NTUzYTRkMTc3YjQ2ZmJlYTBhZjljOTRkZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgvE8+D8D4mCo39m8TFn0Dv1bMJw
lkFC7QZiO1WYKh2hvP00ElNPYVNuTIPi2uQ3Emc3FPqpVn3oacttuSjh4w2YVWbX
tqi9MZhMzLIiwY0oQWyJkFakeSZSnhZlRU6Nk0A9IlHtiNL4cCYON/LcWi13+Ssj
PXVjI1+U61pFz0YGr/751R3LveIoDKljHRWEIcNQRMebuEgmCbtCA6GkP8SrDw2I
HXj6uN3Zzyb1i4PS6VV587YbsbuMwzdwwKUy/NG1yMTf1ydznHd7y3uTPFfzm6LS
yBY3/+LG7Mhwq5wyy4EY005eiSmwZHok8B5yhYbx7+dJZzCh41vpR2Mg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgqErUtT4VTpNF3tG++oK+clN7DMB8GA1UdIwQY
MBaAFIgeMZk/qFh1aLP83lt/7pbbQ6m3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUI0eG1ULW9XSFZvc196ZVczX3VsdHREcWJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS82MDc3NjYtOGU1Ny00NTFhLThiM2Yt
NTEzOGYzNDJlOWY1LzEvMkNvU3RTMVBoVk9rMFhlMGI3NmdyNXlVM3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS82MDc3NjYtOGU1Ny00NTFhLThiM2YtNTEzOGYzNDJlOWY1
LzEvaUI0eG1ULW9XSFZvc196ZVczX3VsdHREcWJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo/lMA0G
CSqGSIb3DQEBCwUAA4IBAQB2TVTif9DRdJx27LgSt2TnFg8HH35uf+AEGzTjEpPN
lx8WeinsUfxZu2jBDu3KMw6CD82SKkha+fERCbsp1kPZYHUD7XQiF3cAdPi5SV0b
k5Kn244PhJlqN9tBQaB4WpFee0jfRSv+9cRAvMs91aKzItLFgk/YYWtwdNTgNNla
T678WyVbh52zbX92dh17Z3dvK08fOQ0MVcR/QHv9XiRdpnB+Lij/3SkEpItRIFvP
2Na9y13qftt27mQ007LbCLgUbCc9SCPm+tNtvukDKJZlfLrMGHs30juJ8Lv6Fxah
f9Po5lqpNRORJzH2HEyxOCnFjrDHUf6H6KunfIhtDatm
-----END CERTIFICATE-----