Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/A0Dli097tMkIVnJa3m1bqPYzScQ.roa
File:                     A0Dli097tMkIVnJa3m1bqPYzScQ.roa (raw, json)
Hash identifier:          xNtn+JNQ7hliFuQK823llLTpPPrEWU/YIk1KW2YsDWg=
Subject key identifier:   03:40:E5:8B:4F:7B:B4:C9:08:56:72:5A:DE:6D:5B:A8:F6:33:49:C4
Certificate issuer:       /CN=76bb96839516f6fb3506c62064d63d62879a5277
Certificate serial:       0194258E1C52C079E3B362AFE74F765CB36C
Authority key identifier: 76:BB:96:83:95:16:F6:FB:35:06:C6:20:64:D6:3D:62:87:9A:52:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/druWg5UW9vs1BsYgZNY9YoeaUnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/A0Dli097tMkIVnJa3m1bqPYzScQ.roa
Signing time:             Thu 02 Jan 2025 05:47:37 +0000
ROA not before:           Thu 02 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210983
IP address blocks:        213.232.205.0/24 maxlen: 24
                          2a11:1d00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/druWg5UW9vs1BsYgZNY9YoeaUnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/druWg5UW9vs1BsYgZNY9YoeaUnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/druWg5UW9vs1BsYgZNY9YoeaUnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:1c:52:c0:79:e3:b3:62:af:e7:4f:76:5c:b3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76bb96839516f6fb3506c62064d63d62879a5277
        Validity
            Not Before: Jan  2 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0340e58b4f7bb4c90856725ade6d5ba8f63349c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d5:a4:e3:17:b7:6d:04:1b:18:c3:21:55:fc:
                    64:87:5f:b6:14:b5:3a:7a:8b:6b:c8:e5:16:aa:7a:
                    40:a7:6a:5b:05:08:5e:e0:65:1e:66:23:8e:b2:ff:
                    04:5c:ab:0f:a7:f1:1d:c4:82:c3:d2:a9:4d:42:bb:
                    9a:6e:76:8f:4e:c6:3c:9d:27:16:e8:d6:95:e8:1c:
                    fc:ae:6d:4e:f0:69:4f:93:4b:ae:d5:ed:f4:65:16:
                    a2:dc:24:90:82:54:07:89:55:bd:50:96:df:84:92:
                    1e:e0:90:6c:98:f4:c8:8a:d2:a2:86:ee:3b:5a:73:
                    8c:4a:18:32:56:64:c7:cd:d5:cd:5f:a1:e0:d7:60:
                    ed:ed:bc:21:01:3a:5d:04:ec:23:77:1b:3b:3c:72:
                    ae:40:66:55:69:90:98:c5:ff:65:16:1d:00:63:5a:
                    20:a4:23:a8:e9:fa:e0:2e:8f:d4:ae:9c:37:56:4b:
                    93:bd:8c:04:0b:fc:ff:d4:97:a7:6e:4d:e6:f8:35:
                    98:8e:8b:a1:97:c4:15:f8:f0:9e:fa:26:37:e6:23:
                    0a:08:65:64:f9:49:9f:9e:ec:93:87:77:5f:8b:d4:
                    a9:c8:c0:25:1c:1f:5f:71:74:d6:f7:3a:62:7d:c6:
                    34:a2:db:69:02:28:8b:0b:2b:b7:63:fe:94:fb:30:
                    5f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:40:E5:8B:4F:7B:B4:C9:08:56:72:5A:DE:6D:5B:A8:F6:33:49:C4
            X509v3 Authority Key Identifier:
                keyid:76:BB:96:83:95:16:F6:FB:35:06:C6:20:64:D6:3D:62:87:9A:52:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/druWg5UW9vs1BsYgZNY9YoeaUnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/A0Dli097tMkIVnJa3m1bqPYzScQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e66a35-f6b2-4e3b-a43a-18e8b9814695/1/druWg5UW9vs1BsYgZNY9YoeaUnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.205.0/24
                IPv6:
                  2a11:1d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:eb:4d:4c:47:95:8e:44:d7:b3:e0:c8:91:fe:d7:2d:69:ea:
         f3:b6:e9:ab:c5:fa:ed:c4:a2:5f:d5:89:af:ba:ff:a2:07:01:
         d1:4a:e3:94:c9:e1:8d:f8:a1:cc:b6:e3:fa:48:2b:a3:92:c8:
         38:b4:a7:80:be:61:58:82:38:62:b6:24:77:55:3f:6a:fe:0f:
         c9:e5:a9:20:31:9c:4f:6c:49:f5:d9:4d:3c:24:45:30:64:e9:
         e9:c7:cc:f4:72:f3:4d:31:56:ae:86:fd:40:cb:43:72:dc:9f:
         c7:4d:2d:cd:89:7f:bf:06:6b:07:30:06:52:da:d8:fb:cd:85:
         35:eb:8f:27:e2:c9:c4:6c:85:9a:8d:58:10:7c:a9:8c:da:1e:
         9e:97:7d:ac:3a:ae:d4:8b:a6:e1:ca:b2:54:b2:44:b8:c5:f8:
         d2:0e:67:e9:ce:ed:f7:14:be:35:7d:a6:ce:31:d8:0b:98:0b:
         6f:e4:c1:1c:07:c5:a0:12:34:e8:c4:86:6c:6b:ee:68:47:2f:
         e8:5b:4c:3b:97:45:ee:6b:fd:ae:98:2f:e5:73:70:dc:cd:76:
         bd:0a:49:76:a9:67:3c:0e:51:d9:c4:8c:18:9d:74:9c:76:e4:
         25:93:8c:e3:69:11:88:10:10:20:1d:f9:4d:d0:03:cd:47:68:
         bd:b6:17:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljhxSwHnjs2Kv5092XLNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YmI5NjgzOTUxNmY2ZmIzNTA2YzYyMDY0ZDYzZDYyODc5
YTUyNzcwHhcNMjUwMTAyMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQwZTU4YjRmN2JiNGM5MDg1NjcyNWFkZTZkNWJhOGY2MzM0OWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdWk4xe3bQQbGMMhVfxkh1+2FLU6
eotryOUWqnpAp2pbBQhe4GUeZiOOsv8EXKsPp/EdxILD0qlNQruabnaPTsY8nScW
6NaV6Bz8rm1O8GlPk0uu1e30ZRai3CSQglQHiVW9UJbfhJIe4JBsmPTIitKihu47
WnOMShgyVmTHzdXNX6Hg12Dt7bwhATpdBOwjdxs7PHKuQGZVaZCYxf9lFh0AY1og
pCOo6frgLo/Urpw3VkuTvYwEC/z/1Jenbk3m+DWYjouhl8QV+PCe+iY35iMKCGVk
+UmfnuyTh3dfi9SpyMAlHB9fcXTW9zpifcY0ottpAiiLCyu3Y/6U+zBfDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFANA5YtPe7TJCFZyWt5tW6j2M0nEMB8GA1UdIwQY
MBaAFHa7loOVFvb7NQbGIGTWPWKHmlJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHJ1V2c1VVc5dnMxQnNZZ1pOWTlZb2VhVW5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNjZhMzUtZjZiMi00ZTNiLWE0M2Et
MThlOGI5ODE0Njk1LzEvQTBEbGkwOTd0TWtJVm5KYTNtMWJxUFl6U2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNjZhMzUtZjZiMi00ZTNiLWE0M2EtMThlOGI5ODE0Njk1
LzEvZHJ1V2c1VVc5dnMxQnNZZ1pOWTlZb2VhVW5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1ejNMA0E
AgACMAcDBQMqER0AMA0GCSqGSIb3DQEBCwUAA4IBAQA7601MR5WORNez4MiR/tct
aerztumrxfrtxKJf1Ymvuv+iBwHRSuOUyeGN+KHMtuP6SCujksg4tKeAvmFYgjhi
tiR3VT9q/g/J5akgMZxPbEn12U08JEUwZOnpx8z0cvNNMVauhv1Ay0Ny3J/HTS3N
iX+/BmsHMAZS2tj7zYU1648n4snEbIWajVgQfKmM2h6el32sOq7Ui6bhyrJUskS4
xfjSDmfpzu33FL41fabOMdgLmAtv5MEcB8WgEjToxIZsa+5oRy/oW0w7l0Xua/2u
mC/lc3DczXa9Ckl2qWc8DlHZxIwYnXScduQlk4zjaRGIEBAgHflN0APNR2i9thf/
-----END CERTIFICATE-----