Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/4nwbGR9filruN4uTSLu-SAojUdQ.roa
File:                     4nwbGR9filruN4uTSLu-SAojUdQ.roa (raw, json)
Hash identifier:          HwkXIEcexdoJKCLIxKh83QjsjcLInJ+XtPhMd0njyqw=
Subject key identifier:   E2:7C:1B:19:1F:5F:8A:5A:EE:37:8B:93:48:BB:BE:48:0A:23:51:D4
Certificate issuer:       /CN=510b419f0c17b4c8be217f64388d268d14dc261e
Certificate serial:       01966677D090A922982AC74B35B37207EDAE
Authority key identifier: 51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/4nwbGR9filruN4uTSLu-SAojUdQ.roa
Signing time:             Thu 24 Apr 2025 06:24:10 +0000
ROA not before:           Thu 24 Apr 2025 06:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398781
IP address blocks:        188.240.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:77:d0:90:a9:22:98:2a:c7:4b:35:b3:72:07:ed:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510b419f0c17b4c8be217f64388d268d14dc261e
        Validity
            Not Before: Apr 24 06:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27c1b191f5f8a5aee378b9348bbbe480a2351d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6c:a1:80:29:cd:2f:c0:c0:9c:fa:6c:f1:7a:
                    73:f3:23:cc:38:28:e5:fb:36:49:f1:e9:b6:d5:1d:
                    e0:e5:9d:0e:6d:71:b1:79:49:97:71:23:49:13:9f:
                    55:13:40:23:86:68:0d:7b:4f:35:18:6c:c0:da:19:
                    97:40:72:79:47:f4:3f:4e:c6:13:cf:74:25:94:7c:
                    e3:fa:cc:48:5f:a3:c0:d0:da:e9:e2:02:bf:1f:9a:
                    de:39:ba:56:1c:38:fd:37:8f:8a:3a:6a:8a:4a:b5:
                    c1:07:13:8e:7c:e4:7a:9b:3c:34:7b:05:12:2b:ef:
                    9f:9b:04:d1:37:62:5c:d4:53:88:36:8c:da:6d:e1:
                    a0:cd:20:42:3f:f8:88:26:94:3c:ee:ea:8e:14:a9:
                    f3:8d:b1:92:54:0b:dc:92:ac:e1:96:ce:13:66:ec:
                    7b:2a:00:bc:e0:d4:c4:70:98:99:67:2c:68:55:84:
                    37:19:c3:68:3c:41:94:99:0b:d5:66:9f:3b:f6:18:
                    38:5f:5e:e2:b0:a8:f2:b8:60:0c:df:b4:84:75:b6:
                    8f:5b:f7:5b:77:42:93:b1:f9:96:45:b5:b3:7d:6f:
                    6a:a2:f3:ef:75:2a:03:67:6c:7f:23:62:37:9b:04:
                    36:48:30:2e:df:60:60:88:a6:79:e2:08:ab:f9:47:
                    2e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7C:1B:19:1F:5F:8A:5A:EE:37:8B:93:48:BB:BE:48:0A:23:51:D4
            X509v3 Authority Key Identifier:
                keyid:51:0B:41:9F:0C:17:B4:C8:BE:21:7F:64:38:8D:26:8D:14:DC:26:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQtBnwwXtMi-IX9kOI0mjRTcJh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/4nwbGR9filruN4uTSLu-SAojUdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/30cd0a-93cf-45dc-9356-14a09993d671/1/UQtBnwwXtMi-IX9kOI0mjRTcJh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:45:05:d9:1f:ee:93:68:10:e8:76:e1:f6:6c:b6:14:bc:28:
         cb:d9:dd:c2:94:6b:27:86:99:8c:d8:15:d5:26:2d:34:1e:f1:
         e4:95:af:00:e0:56:49:d9:70:a2:9d:92:0e:4d:06:d9:2e:c5:
         2d:7e:54:04:9f:e1:85:81:a6:f5:c7:cd:f6:1a:0c:25:72:95:
         27:60:8f:e7:a7:70:56:f7:50:d9:44:49:ea:f7:23:37:8b:8e:
         e9:52:83:fe:ca:67:f9:5d:cf:8a:1f:da:2a:a1:d8:f1:80:0d:
         96:ff:53:07:28:65:c3:b7:97:af:57:8d:de:52:b5:f0:db:52:
         76:4f:d6:71:b3:85:f2:e9:2a:4b:68:f2:27:d2:0d:02:e4:05:
         be:9d:30:e3:84:58:79:fe:f2:d9:1d:7c:b3:3a:a5:9d:ca:9c:
         28:54:3e:e6:ae:8f:68:56:b5:9f:f6:f7:34:b7:dc:a8:03:35:
         0d:13:fa:f1:85:52:3c:df:f6:ac:f0:b6:dc:fd:71:84:a9:e4:
         9d:24:62:b9:cd:42:9e:df:e2:0e:6a:03:98:c0:f4:8b:09:70:
         6a:3d:5b:c5:63:3b:f3:58:8e:85:82:7d:ef:0d:79:ff:9a:a1:
         99:c0:73:5c:19:3e:51:8b:46:30:ed:88:a7:27:d4:f5:e8:c1:
         60:d3:68:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZmd9CQqSKYKsdLNbNyB+2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGI0MTlmMGMxN2I0YzhiZTIxN2Y2NDM4OGQyNjhkMTRk
YzI2MWUwHhcNMjUwNDI0MDYyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdjMWIxOTFmNWY4YTVhZWUzNzhiOTM0OGJiYmU0ODBhMjM1MWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2yhgCnNL8DAnPps8Xpz8yPMOCjl
+zZJ8em21R3g5Z0ObXGxeUmXcSNJE59VE0AjhmgNe081GGzA2hmXQHJ5R/Q/TsYT
z3QllHzj+sxIX6PA0Nrp4gK/H5reObpWHDj9N4+KOmqKSrXBBxOOfOR6mzw0ewUS
K++fmwTRN2Jc1FOINozabeGgzSBCP/iIJpQ87uqOFKnzjbGSVAvckqzhls4TZux7
KgC84NTEcJiZZyxoVYQ3GcNoPEGUmQvVZp879hg4X17isKjyuGAM37SEdbaPW/db
d0KTsfmWRbWzfW9qovPvdSoDZ2x/I2I3mwQ2SDAu32BgiKZ54gir+Ucu+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJ8GxkfX4pa7jeLk0i7vkgKI1HUMB8GA1UdIwQY
MBaAFFELQZ8MF7TIviF/ZDiNJo0U3CYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYt
MTRhMDk5OTNkNjcxLzEvNG53YkdSOWZpbHJ1TjR1VFNMdS1TQW9qVWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8zMGNkMGEtOTNjZi00NWRjLTkzNTYtMTRhMDk5OTNkNjcx
LzEvVVF0Qm53d1h0TWktSVg5a09JMG1qUlRjSmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPBTMA0G
CSqGSIb3DQEBCwUAA4IBAQAkRQXZH+6TaBDoduH2bLYUvCjL2d3ClGsnhpmM2BXV
Ji00HvHkla8A4FZJ2XCinZIOTQbZLsUtflQEn+GFgab1x832GgwlcpUnYI/np3BW
91DZREnq9yM3i47pUoP+ymf5Xc+KH9oqodjxgA2W/1MHKGXDt5evV43eUrXw21J2
T9Zxs4Xy6SpLaPIn0g0C5AW+nTDjhFh5/vLZHXyzOqWdypwoVD7mro9oVrWf9vc0
t9yoAzUNE/rxhVI83/as8Lbc/XGEqeSdJGK5zUKe3+IOagOYwPSLCXBqPVvFYzvz
WI6Fgn3vDXn/mqGZwHNcGT5Ri0Yw7YinJ9T16MFg02gy
-----END CERTIFICATE-----