Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/KZug6FKGZZRd25xEmWgbfg0_wdw.roa
File:                     KZug6FKGZZRd25xEmWgbfg0_wdw.roa (raw, json)
Hash identifier:          ctBKd+yf9Znf9nJH1GwdvGB/+F5ODDOhs9z06Ml25Ow=
Subject key identifier:   29:9B:A0:E8:52:86:65:94:5D:DB:9C:44:99:68:1B:7E:0D:3F:C1:DC
Certificate issuer:       /CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
Certificate serial:       0198493BAFD0417AA11834948E6A10F7D15D
Authority key identifier: EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/KZug6FKGZZRd25xEmWgbfg0_wdw.roa
Signing time:             Sun 27 Jul 2025 00:15:05 +0000
ROA not before:           Sun 27 Jul 2025 00:15:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.33.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:49:3b:af:d0:41:7a:a1:18:34:94:8e:6a:10:f7:d1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
        Validity
            Not Before: Jul 27 00:15:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=299ba0e8528665945ddb9c4499681b7e0d3fc1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:d4:03:16:12:15:f2:c0:1f:64:aa:82:e8:
                    8b:35:4e:89:62:55:8c:6c:dc:20:0e:64:d5:d8:46:
                    d3:ad:cb:57:e7:43:d0:9c:09:d5:23:36:83:47:32:
                    65:cb:2a:49:76:eb:0c:23:f9:8f:df:8b:25:5e:d5:
                    68:45:d6:68:0c:62:b3:e9:61:87:78:9b:4c:7f:57:
                    c1:5d:3e:8a:cd:42:e3:a5:fa:da:d4:8a:e6:f2:2b:
                    e5:6d:f4:67:e3:01:3f:bf:84:fe:c0:67:5b:fb:56:
                    33:2d:95:10:89:c9:4d:9a:ba:75:61:ab:39:77:22:
                    58:1c:4e:8d:e0:f5:a8:b7:ff:39:01:8f:ba:1f:a0:
                    14:9a:76:48:58:b8:ab:57:fb:60:96:40:f2:42:b8:
                    0c:12:7d:1f:1b:dc:21:f6:b3:ec:43:2f:58:f0:b1:
                    70:c6:e6:f2:68:ce:30:02:95:ee:03:5c:54:3c:7c:
                    be:83:97:4e:74:8d:73:63:7f:f1:9b:00:39:a3:87:
                    43:fd:0b:c0:7d:74:e1:53:53:6a:ba:37:c1:33:21:
                    32:09:36:33:f0:10:99:50:72:23:ae:39:90:67:a6:
                    e2:31:80:bc:03:9f:64:f1:7a:d8:05:18:95:e9:cc:
                    31:af:3a:fe:dd:dd:0a:ff:36:ed:4c:ef:ca:57:35:
                    70:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9B:A0:E8:52:86:65:94:5D:DB:9C:44:99:68:1B:7E:0D:3F:C1:DC
            X509v3 Authority Key Identifier:
                keyid:EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/KZug6FKGZZRd25xEmWgbfg0_wdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:8e:cb:b0:bf:12:6e:4a:36:aa:d5:a3:1c:1e:e6:fa:d0:69:
         7a:9d:5c:8b:1c:03:12:23:9d:2d:e1:01:8f:d5:d7:5d:4d:d1:
         69:c5:fd:6d:77:8a:4e:67:9f:cf:a1:ac:0e:48:a7:ba:1d:89:
         1c:74:04:40:13:80:37:d3:20:03:2d:37:2b:d0:de:9b:07:e0:
         e4:a9:67:59:0f:23:fe:eb:18:9b:ce:9e:cd:09:4f:11:4c:af:
         3a:3d:bf:bd:a8:62:7d:87:88:f5:5e:be:f2:8e:72:82:8b:9b:
         42:c0:9d:bd:34:85:6a:7e:8b:c4:27:de:af:b1:19:67:26:d9:
         03:5a:67:c5:15:20:75:98:02:94:f9:70:cd:c5:dc:3d:97:ef:
         5c:62:aa:64:e9:c1:bc:d3:a6:3b:7f:0f:b1:80:a0:1f:73:93:
         d5:cd:a9:c5:cb:2f:a0:6c:8c:df:fc:94:aa:a6:7d:b4:34:08:
         da:88:d8:62:58:3d:97:f6:8f:fe:f3:4b:ca:b2:88:db:04:a4:
         c8:c4:42:b5:ef:15:89:80:db:54:c4:e7:4d:fa:0f:63:6a:99:
         38:81:6b:82:75:9d:7c:89:34:56:83:78:9a:21:5d:ed:ac:00:
         da:74:3c:f0:ac:58:6a:f7:b2:c0:a3:b3:9e:c4:01:0f:8b:0f:
         f4:93:ce:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhJO6/QQXqhGDSUjmoQ99FdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYzY2NDAzYWQwYzQ1MzdhZjljMzJiMGRlZjBjNTJhYzJh
YWIxMDQwHhcNMjUwNzI3MDAxNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTliYTBlODUyODY2NTk0NWRkYjljNDQ5OTY4MWI3ZTBkM2ZjMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9LUAxYSFfLAH2SqguiLNU6JYlWM
bNwgDmTV2EbTrctX50PQnAnVIzaDRzJlyypJdusMI/mP34slXtVoRdZoDGKz6WGH
eJtMf1fBXT6KzULjpfra1Irm8ivlbfRn4wE/v4T+wGdb+1YzLZUQiclNmrp1Yas5
dyJYHE6N4PWot/85AY+6H6AUmnZIWLirV/tglkDyQrgMEn0fG9wh9rPsQy9Y8LFw
xubyaM4wApXuA1xUPHy+g5dOdI1zY3/xmwA5o4dD/QvAfXThU1NqujfBMyEyCTYz
8BCZUHIjrjmQZ6biMYC8A59k8XrYBRiV6cwxrzr+3d0K/zbtTO/KVzVwaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmboOhShmWUXducRJloG34NP8HcMB8GA1UdIwQY
MBaAFOvGZAOtDEU3r5wysN7wxSrCqrEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMt
ZDFhOWRhNGExMzBkLzEvS1p1ZzZGS0daWlJkMjV4RW1XZ2JmZzBfd2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMtZDFhOWRhNGExMzBk
LzEvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSFcMA0G
CSqGSIb3DQEBCwUAA4IBAQBcjsuwvxJuSjaq1aMcHub60Gl6nVyLHAMSI50t4QGP
1dddTdFpxf1td4pOZ5/PoawOSKe6HYkcdARAE4A30yADLTcr0N6bB+DkqWdZDyP+
6xibzp7NCU8RTK86Pb+9qGJ9h4j1Xr7yjnKCi5tCwJ29NIVqfovEJ96vsRlnJtkD
WmfFFSB1mAKU+XDNxdw9l+9cYqpk6cG806Y7fw+xgKAfc5PVzanFyy+gbIzf/JSq
pn20NAjaiNhiWD2X9o/+80vKsojbBKTIxEK17xWJgNtUxOdN+g9japk4gWuCdZ18
iTRWg3iaIV3trADadDzwrFhq97LAo7OexAEPiw/0k84D
-----END CERTIFICATE-----