Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/K4TXiO4vx97fOtBrxUmscpYLw7k.roa
File:                     K4TXiO4vx97fOtBrxUmscpYLw7k.roa (raw, json)
Hash identifier:          hogSVOE6lqRzYCTW78AUF5G9qYwC37tvODD3V8YR6bs=
Subject key identifier:   2B:84:D7:88:EE:2F:C7:DE:DF:3A:D0:6B:C5:49:AC:72:96:0B:C3:B9
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       0196CF019859B501B5E9B8C132828BB980A0
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/K4TXiO4vx97fOtBrxUmscpYLw7k.roa
Signing time:             Wed 14 May 2025 13:35:10 +0000
ROA not before:           Wed 14 May 2025 13:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        185.251.80.0/23 maxlen: 23
                          185.251.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:01:98:59:b5:01:b5:e9:b8:c1:32:82:8b:b9:80:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: May 14 13:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b84d788ee2fc7dedf3ad06bc549ac72960bc3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:81:13:3d:e1:27:d3:a3:9b:f8:c3:8d:b8:a7:
                    da:c6:cc:16:b9:19:d4:07:6b:75:59:fa:2a:4d:5f:
                    79:71:c6:29:ea:fd:45:56:10:82:8d:11:52:dd:2b:
                    1b:fb:a4:82:2a:d7:c2:a3:23:7d:9a:ed:7f:a7:94:
                    a1:d4:e5:c8:65:6b:e7:31:c2:54:fd:33:0c:07:bb:
                    4b:87:d3:28:7f:db:c0:8b:a1:65:ba:6d:df:94:1e:
                    06:1e:ed:13:00:22:77:b8:cd:ff:18:ac:59:8e:62:
                    72:bb:37:fe:8c:55:2f:4b:d8:e0:99:98:c3:50:f3:
                    2c:3f:f0:5b:cb:f0:83:a0:4b:cc:eb:9e:03:c3:98:
                    64:1d:ec:16:48:e6:14:f1:91:98:d6:3d:14:9c:8c:
                    99:3b:d5:d8:1a:78:f1:34:52:a3:dc:f2:cf:56:f2:
                    a3:8e:4c:33:4d:a8:d5:48:e5:b8:b1:72:a1:fa:f8:
                    3a:e1:46:e0:20:22:53:5f:74:23:3c:68:09:d2:d0:
                    7a:17:c3:31:40:3e:0c:84:62:cd:71:16:1b:bd:af:
                    52:6d:53:6a:c0:92:56:9c:d9:9e:8f:3a:cb:22:60:
                    e0:ec:46:32:c5:87:8d:f7:28:64:b5:4a:fd:f5:16:
                    a5:44:51:4c:ae:01:c7:c6:8a:15:b6:e3:5f:07:d2:
                    99:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:84:D7:88:EE:2F:C7:DE:DF:3A:D0:6B:C5:49:AC:72:96:0B:C3:B9
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/K4TXiO4vx97fOtBrxUmscpYLw7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:3e:7e:ad:f8:80:6b:ac:03:29:a0:4f:85:8c:0f:7a:fe:74:
         b3:4c:22:03:e3:6b:f7:14:1f:8b:bb:73:fc:eb:aa:19:75:11:
         3d:1e:34:07:28:34:2d:63:e9:a6:f8:ed:66:b6:cb:a4:6a:ff:
         f0:07:c8:dd:1b:f5:53:1c:0b:29:21:7d:b7:a0:c2:7d:e2:c4:
         bb:07:89:7b:cc:ea:0c:66:4f:68:03:85:c1:0f:ee:94:8d:73:
         b2:92:48:0f:a9:79:12:64:fc:21:09:a3:0d:c7:2e:b9:2b:ac:
         82:e2:db:33:59:ae:04:72:9a:22:35:51:8d:ae:16:54:91:bc:
         78:c5:98:6c:90:e6:88:71:d9:c1:90:73:75:64:bf:d2:99:99:
         5f:b3:e7:a7:db:69:60:c3:ae:59:c1:76:f0:8d:d3:5f:7d:f9:
         7a:c8:98:7d:f9:c5:63:cb:1b:86:53:10:77:d4:4a:2a:70:2e:
         65:ff:d8:1d:90:8a:74:14:d9:d3:94:4e:fb:21:e0:1b:2e:d3:
         b6:ec:86:ec:d1:86:d3:cb:c7:ac:8d:a0:29:84:b0:e3:a4:42:
         4d:4e:07:6f:6b:00:4a:6f:b2:ce:d5:9d:e0:1d:52:78:d5:9d:
         92:fe:2a:ce:4c:b0:f6:30:d4:7d:47:35:d8:86:e9:4e:02:8d:
         50:1f:f3:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPAZhZtQG16bjBMoKLuYCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwNTE0MTMzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg0ZDc4OGVlMmZjN2RlZGYzYWQwNmJjNTQ5YWM3Mjk2MGJjM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIETPeEn06Ob+MONuKfaxswWuRnU
B2t1WfoqTV95ccYp6v1FVhCCjRFS3Ssb+6SCKtfCoyN9mu1/p5Sh1OXIZWvnMcJU
/TMMB7tLh9Mof9vAi6Flum3flB4GHu0TACJ3uM3/GKxZjmJyuzf+jFUvS9jgmZjD
UPMsP/Bby/CDoEvM654Dw5hkHewWSOYU8ZGY1j0UnIyZO9XYGnjxNFKj3PLPVvKj
jkwzTajVSOW4sXKh+vg64UbgICJTX3QjPGgJ0tB6F8MxQD4MhGLNcRYbva9SbVNq
wJJWnNmejzrLImDg7EYyxYeN9yhktUr99RalRFFMrgHHxooVtuNfB9KZOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuE14juL8fe3zrQa8VJrHKWC8O5MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvSzRUWGlPNHZ4OTdmT3RCcnhVbXNjcFlMdzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuftQMA0G
CSqGSIb3DQEBCwUAA4IBAQAtPn6t+IBrrAMpoE+FjA96/nSzTCID42v3FB+Lu3P8
66oZdRE9HjQHKDQtY+mm+O1mtsukav/wB8jdG/VTHAspIX23oMJ94sS7B4l7zOoM
Zk9oA4XBD+6UjXOykkgPqXkSZPwhCaMNxy65K6yC4tszWa4EcpoiNVGNrhZUkbx4
xZhskOaIcdnBkHN1ZL/SmZlfs+en22lgw65ZwXbwjdNfffl6yJh9+cVjyxuGUxB3
1EoqcC5l/9gdkIp0FNnTlE77IeAbLtO27Ibs0YbTy8esjaAphLDjpEJNTgdvawBK
b7LO1Z3gHVJ41Z2S/irOTLD2MNR9RzXYhulOAo1QH/PN
-----END CERTIFICATE-----