Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/I5z_1hVliNBBM0FrqHpN1qPTca8.roa
File:                     I5z_1hVliNBBM0FrqHpN1qPTca8.roa (raw, json)
Hash identifier:          n/sNB3WBcM+raTHs73p1MwMj7v/dmk/wcLeQX9QTiHw=
Subject key identifier:   23:9C:FF:D6:15:65:88:D0:41:33:41:6B:A8:7A:4D:D6:A3:D3:71:AF
Certificate issuer:       /CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Certificate serial:       019426D9C2FEC0DD0DCDD0C28FCEF0DEF6AC
Authority key identifier: CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/I5z_1hVliNBBM0FrqHpN1qPTca8.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43116
IP address blocks:        213.144.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c2:fe:c0:dd:0d:cd:d0:c2:8f:ce:f0:de:f6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca96218c20efd8fe53fca9990b725dd7963c885c
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=239cffd6156588d04133416ba87a4dd6a3d371af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:79:b1:bc:e0:ca:a8:ef:04:7b:88:b5:df:f5:
                    98:b7:17:5a:c5:92:cb:71:22:6c:d9:61:37:28:0c:
                    d9:4d:19:11:5b:37:bb:71:c0:74:39:08:2a:42:4a:
                    ce:4f:72:29:96:92:ea:e0:2e:41:94:7e:27:f5:2f:
                    1d:f0:81:7a:6b:16:fa:90:2d:59:ef:68:34:de:f4:
                    23:2e:06:42:4a:8f:e3:61:eb:45:c8:cd:ab:e1:dc:
                    a6:40:69:14:2a:b4:9e:b8:2a:f2:b8:14:64:d6:e9:
                    7f:98:9d:c9:bc:23:71:21:48:e9:5e:75:65:a7:e8:
                    fe:1a:4f:d8:71:13:b4:43:d1:cd:b6:9a:8f:b8:d3:
                    b7:a4:13:16:5c:0a:14:b2:dd:6e:80:03:d2:c4:c9:
                    f3:44:9d:36:c9:17:f1:d6:63:bd:7d:99:5a:69:40:
                    fe:bb:94:e3:b6:cd:9c:cd:55:6a:ff:a0:a0:51:ad:
                    bc:b7:5b:65:5f:8f:cd:77:ff:35:3d:6b:4a:d2:5d:
                    52:52:85:12:a8:c1:c0:ae:cb:6c:be:47:87:bd:7f:
                    ee:b2:9d:0e:e9:39:4d:a9:d9:36:1c:60:94:93:07:
                    08:17:64:44:8e:2f:09:75:36:6a:32:15:1e:4a:8a:
                    f6:b2:20:6e:c4:fc:ec:eb:91:1f:80:d9:46:c0:f0:
                    34:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9C:FF:D6:15:65:88:D0:41:33:41:6B:A8:7A:4D:D6:A3:D3:71:AF
            X509v3 Authority Key Identifier:
                keyid:CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/I5z_1hVliNBBM0FrqHpN1qPTca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.144.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:b4:55:e3:49:c5:7c:58:c0:7a:b4:5a:3f:b6:21:2f:3d:24:
         32:17:a3:c4:ed:c5:ed:61:cf:1e:33:ae:3a:2b:d3:0d:cb:05:
         0c:ed:4c:52:41:69:8c:b3:f2:a2:d9:89:b2:c7:05:d5:c7:c5:
         41:56:fc:af:29:63:62:d4:1e:70:12:40:01:97:68:5f:21:28:
         54:60:dd:32:b7:83:91:68:22:79:86:ed:ea:71:0e:8d:7a:b2:
         34:85:68:f8:40:c3:3d:7c:c5:7f:53:cc:b4:ec:9d:7f:c1:f8:
         b5:52:29:f7:ee:65:0a:84:45:21:a1:3f:cb:44:80:42:2e:e7:
         ce:27:5f:47:b2:36:32:4e:8b:3f:8e:32:5f:96:06:f1:53:86:
         a3:4b:25:89:37:98:0d:3a:6a:e7:37:a1:03:2a:70:23:4c:dc:
         5c:6e:ad:94:5b:31:38:ec:1d:48:ab:a2:ba:5c:ed:b5:44:8c:
         9d:d4:32:4b:e9:f0:54:a6:2d:51:ac:88:a8:2f:13:af:cb:71:
         88:2c:ec:25:93:aa:3f:0c:d4:a8:d2:5d:25:85:fa:a9:c0:f7:
         45:49:47:ac:07:78:e2:b5:42:61:48:61:5c:9c:6b:4e:9d:c6:
         04:3c:a7:c9:c3:23:e4:4a:a0:00:ac:f4:c1:7e:9f:18:a3:4d:
         a5:df:76:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cL+wN0NzdDCj87w3vasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTYyMThjMjBlZmQ4ZmU1M2ZjYTk5OTBiNzI1ZGQ3OTYz
Yzg4NWMwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzljZmZkNjE1NjU4OGQwNDEzMzQxNmJhODdhNGRkNmEzZDM3MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3mxvODKqO8Ee4i13/WYtxdaxZLL
cSJs2WE3KAzZTRkRWze7ccB0OQgqQkrOT3IplpLq4C5BlH4n9S8d8IF6axb6kC1Z
72g03vQjLgZCSo/jYetFyM2r4dymQGkUKrSeuCryuBRk1ul/mJ3JvCNxIUjpXnVl
p+j+Gk/YcRO0Q9HNtpqPuNO3pBMWXAoUst1ugAPSxMnzRJ02yRfx1mO9fZlaaUD+
u5Tjts2czVVq/6CgUa28t1tlX4/Nd/81PWtK0l1SUoUSqMHArstsvkeHvX/usp0O
6TlNqdk2HGCUkwcIF2REji8JdTZqMhUeSor2siBuxPzs65EfgNlGwPA0VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOc/9YVZYjQQTNBa6h6Tdaj03GvMB8GA1UdIwQY
MBaAFMqWIYwg79j+U/ypmQtyXdeWPIhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAt
ZDcxMmQ0NzM4MDQ2LzEvSTV6XzFoVmxpTkJCTTBGcnFIcE4xcVBUY2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAtZDcxMmQ0NzM4MDQ2
LzEveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZBmMA0G
CSqGSIb3DQEBCwUAA4IBAQAxtFXjScV8WMB6tFo/tiEvPSQyF6PE7cXtYc8eM646
K9MNywUM7UxSQWmMs/Ki2YmyxwXVx8VBVvyvKWNi1B5wEkABl2hfIShUYN0yt4OR
aCJ5hu3qcQ6NerI0hWj4QMM9fMV/U8y07J1/wfi1Uin37mUKhEUhoT/LRIBCLufO
J19HsjYyTos/jjJflgbxU4ajSyWJN5gNOmrnN6EDKnAjTNxcbq2UWzE47B1Iq6K6
XO21RIyd1DJL6fBUpi1RrIioLxOvy3GILOwlk6o/DNSo0l0lhfqpwPdFSUesB3ji
tUJhSGFcnGtOncYEPKfJwyPkSqAArPTBfp8Yo02l33bO
-----END CERTIFICATE-----