Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/geha7iQ1rH3EuPcaRcUifOKzQvU.roa
File:                     geha7iQ1rH3EuPcaRcUifOKzQvU.roa (raw, json)
Hash identifier:          +mhm2AbX83eujN7tnN0AlZkDl8/zUPKZGbQPpl0Ndlw=
Subject key identifier:   81:E8:5A:EE:24:35:AC:7D:C4:B8:F7:1A:45:C5:22:7C:E2:B3:42:F5
Certificate issuer:       /CN=eaeea20bbbdb9a5d1cdc7114e2af518e76b1426e
Certificate serial:       0196A219519BF871C8476E50B2FC13E96D00
Authority key identifier: EA:EE:A2:0B:BB:DB:9A:5D:1C:DC:71:14:E2:AF:51:8E:76:B1:42:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/geha7iQ1rH3EuPcaRcUifOKzQvU.roa
Signing time:             Mon 05 May 2025 20:18:10 +0000
ROA not before:           Mon 05 May 2025 20:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209223
IP address blocks:        2.57.12.0/24 maxlen: 24
                          2.57.13.0/24 maxlen: 24
                          2.57.14.0/24 maxlen: 24
                          2.57.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a2:19:51:9b:f8:71:c8:47:6e:50:b2:fc:13:e9:6d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaeea20bbbdb9a5d1cdc7114e2af518e76b1426e
        Validity
            Not Before: May  5 20:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81e85aee2435ac7dc4b8f71a45c5227ce2b342f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:65:b5:66:27:f5:02:d5:79:41:36:2a:a7:45:
                    63:10:57:0c:9f:e9:ff:4c:27:ca:3d:70:ed:b7:bc:
                    39:e2:14:cb:ee:2f:f1:ee:9d:79:a7:a8:b4:4f:0b:
                    b0:ee:03:2e:df:b5:7c:3a:8f:66:eb:35:7f:a4:47:
                    00:f2:9f:72:cf:df:61:1b:da:ad:71:c9:f1:80:56:
                    00:b6:8f:9c:dc:1c:b2:47:5a:b2:61:14:87:43:97:
                    7f:92:a5:fc:ac:f7:53:b6:43:d1:78:bb:f3:42:17:
                    56:fa:aa:9c:46:32:c4:11:48:f7:b1:fd:78:36:e0:
                    ad:21:7d:a7:a0:4e:8c:d0:06:11:21:b9:b5:d6:bf:
                    b1:3b:73:12:e5:e4:9b:62:99:5c:05:93:6a:d4:94:
                    1e:08:8c:ff:59:54:c8:99:1d:10:d9:36:3d:77:3c:
                    70:fb:43:90:8f:c9:be:41:c4:40:29:60:80:30:ea:
                    21:fb:1d:14:26:32:70:86:84:04:b4:ea:7d:1a:01:
                    b9:77:4d:93:d4:76:32:25:39:76:c7:17:3a:26:e8:
                    59:e5:c8:de:f5:65:92:a7:00:bb:8b:01:65:2c:3d:
                    4e:04:28:f0:da:fb:6f:76:d3:9d:20:74:e5:16:4f:
                    59:f2:44:ca:6e:15:34:f9:64:86:78:8f:33:0a:89:
                    9e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E8:5A:EE:24:35:AC:7D:C4:B8:F7:1A:45:C5:22:7C:E2:B3:42:F5
            X509v3 Authority Key Identifier:
                keyid:EA:EE:A2:0B:BB:DB:9A:5D:1C:DC:71:14:E2:AF:51:8E:76:B1:42:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6u6iC7vbml0c3HEU4q9RjnaxQm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/geha7iQ1rH3EuPcaRcUifOKzQvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/7df859-2851-43c3-a32b-ab04720930cf/1/6u6iC7vbml0c3HEU4q9RjnaxQm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:b4:fc:30:b2:be:5f:ee:a8:d7:d3:bd:03:2b:7a:86:92:23:
         0d:a9:ef:3b:89:ea:e6:7a:65:5d:49:67:a5:8a:08:47:f5:91:
         2e:2e:6c:4f:da:73:ef:49:d0:cc:64:d4:08:24:07:69:df:35:
         13:68:7a:83:b1:bd:3f:57:73:1b:b5:2f:d0:19:84:ce:92:3b:
         5a:63:ac:43:8c:e2:bf:ad:09:20:a7:96:1f:e3:28:e9:0a:bc:
         22:74:7f:c2:3a:9f:c0:d7:68:19:bf:4e:54:5d:f1:52:54:0e:
         fa:3a:04:a1:f9:21:c2:39:55:d4:d3:a4:32:61:af:cc:b8:8d:
         b2:e5:0d:4c:e0:5f:85:23:67:39:86:38:43:4b:9b:e5:96:e3:
         9e:ab:b1:a6:60:3c:ef:c3:ad:df:c6:6f:fb:ff:fa:09:88:b5:
         5e:1b:48:63:db:e0:6e:cb:cd:43:f4:c5:6c:20:ff:50:52:6d:
         65:74:5c:4c:fb:1e:35:57:a0:72:06:ff:eb:d5:ff:9e:cb:dc:
         fd:d9:f4:1b:f4:e5:f1:0f:14:d8:0a:31:d9:10:d2:6b:5b:ed:
         7f:90:5b:cb:bc:b3:81:be:70:8e:59:fd:49:93:57:d8:51:e0:
         6a:f8:a1:2e:23:40:de:14:29:0a:71:26:64:08:c9:41:da:51:
         b3:a8:4a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaiGVGb+HHIR25QsvwT6W0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZWVhMjBiYmJkYjlhNWQxY2RjNzExNGUyYWY1MThlNzZi
MTQyNmUwHhcNMjUwNTA1MjAxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWU4NWFlZTI0MzVhYzdkYzRiOGY3MWE0NWM1MjI3Y2UyYjM0MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2W1Zif1AtV5QTYqp0VjEFcMn+n/
TCfKPXDtt7w54hTL7i/x7p15p6i0Twuw7gMu37V8Oo9m6zV/pEcA8p9yz99hG9qt
ccnxgFYAto+c3ByyR1qyYRSHQ5d/kqX8rPdTtkPReLvzQhdW+qqcRjLEEUj3sf14
NuCtIX2noE6M0AYRIbm11r+xO3MS5eSbYplcBZNq1JQeCIz/WVTImR0Q2TY9dzxw
+0OQj8m+QcRAKWCAMOoh+x0UJjJwhoQEtOp9GgG5d02T1HYyJTl2xxc6JuhZ5cje
9WWSpwC7iwFlLD1OBCjw2vtvdtOdIHTlFk9Z8kTKbhU0+WSGeI8zComeNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHoWu4kNax9xLj3GkXFInzis0L1MB8GA1UdIwQY
MBaAFOruogu725pdHNxxFOKvUY52sUJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnU2aUM3dmJtbDBjM0hFVTRxOVJqbmF4UW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83ZGY4NTktMjg1MS00M2MzLWEzMmIt
YWIwNDcyMDkzMGNmLzEvZ2VoYTdpUTFySDNFdVBjYVJjVWlmT0t6UXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83ZGY4NTktMjg1MS00M2MzLWEzMmItYWIwNDcyMDkzMGNm
LzEvNnU2aUM3dmJtbDBjM0hFVTRxOVJqbmF4UW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjkMMA0G
CSqGSIb3DQEBCwUAA4IBAQCjtPwwsr5f7qjX070DK3qGkiMNqe87iermemVdSWel
ighH9ZEuLmxP2nPvSdDMZNQIJAdp3zUTaHqDsb0/V3MbtS/QGYTOkjtaY6xDjOK/
rQkgp5Yf4yjpCrwidH/COp/A12gZv05UXfFSVA76OgSh+SHCOVXU06QyYa/MuI2y
5Q1M4F+FI2c5hjhDS5vlluOeq7GmYDzvw63fxm/7//oJiLVeG0hj2+Buy81D9MVs
IP9QUm1ldFxM+x41V6ByBv/r1f+ey9z92fQb9OXxDxTYCjHZENJrW+1/kFvLvLOB
vnCOWf1Jk1fYUeBq+KEuI0DeFCkKcSZkCMlB2lGzqEpS
-----END CERTIFICATE-----