Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/Gx7WZJ-NdyF04pUk4gdMYoHuQzk.roa
File:                     Gx7WZJ-NdyF04pUk4gdMYoHuQzk.roa (raw, json)
Hash identifier:          t6M0KFjILBRmG74F5TahE0UmVDYYLhcbj+iOGjxmViM=
Subject key identifier:   1B:1E:D6:64:9F:8D:77:21:74:E2:95:24:E2:07:4C:62:81:EE:43:39
Certificate issuer:       /CN=22877298dae5d5a3beabca16e92d1a141e948627
Certificate serial:       0195B80D3C4C5AC5EF3D6CB554F44D4A826A
Authority key identifier: 22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/Gx7WZJ-NdyF04pUk4gdMYoHuQzk.roa
Signing time:             Fri 21 Mar 2025 09:33:49 +0000
ROA not before:           Fri 21 Mar 2025 09:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.115.88.0/24 maxlen: 24
                          185.115.89.0/24 maxlen: 24
                          185.115.90.0/24 maxlen: 24
                          185.115.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b8:0d:3c:4c:5a:c5:ef:3d:6c:b5:54:f4:4d:4a:82:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22877298dae5d5a3beabca16e92d1a141e948627
        Validity
            Not Before: Mar 21 09:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b1ed6649f8d772174e29524e2074c6281ee4339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b2:44:16:0d:3a:81:54:20:03:56:35:09:4f:
                    a0:54:46:ab:4a:d0:1b:cc:d6:8a:ba:6c:89:10:e7:
                    ad:a5:c4:91:b6:a4:f5:d1:db:5e:0d:9e:06:25:3e:
                    b6:09:d8:3d:30:b0:6c:ad:64:f8:5a:57:e5:4e:4d:
                    76:9b:b2:0d:66:85:03:7b:4f:8d:bc:57:45:59:88:
                    9c:3f:60:fe:98:76:6a:57:ef:02:ee:87:d6:64:9e:
                    f3:a7:27:97:c3:89:93:d0:81:54:9c:94:16:8c:ed:
                    ad:d6:16:64:a0:6d:e1:51:52:33:52:1c:04:59:9c:
                    ff:6b:bc:df:a2:2c:c6:da:76:44:c8:59:44:1c:ce:
                    50:d7:e3:b1:ae:b6:0b:c7:3f:62:6f:a7:20:e5:b4:
                    f7:6e:b2:b3:fd:46:39:98:60:68:70:11:f4:3c:0f:
                    ed:80:b4:7b:e7:ec:3d:df:8c:86:1c:25:36:00:cb:
                    27:f8:db:23:13:ef:76:70:00:47:e6:ae:d7:2e:00:
                    55:3a:ea:bd:9d:0b:7b:29:f3:2b:4f:ef:9e:60:cd:
                    1b:5b:5a:a4:88:f7:7a:7b:fd:3e:7d:33:e8:b1:25:
                    7e:65:3a:df:88:7c:42:5a:f0:b0:5b:8b:00:e4:8e:
                    e6:02:b9:27:40:ff:64:f6:32:8e:8b:85:40:bc:89:
                    5a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1E:D6:64:9F:8D:77:21:74:E2:95:24:E2:07:4C:62:81:EE:43:39
            X509v3 Authority Key Identifier:
                keyid:22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/Gx7WZJ-NdyF04pUk4gdMYoHuQzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:9c:28:ea:39:78:4e:2a:02:4b:33:04:c4:9b:d4:a3:00:30:
         28:8a:12:3b:1b:33:c3:6f:8b:94:d4:ca:bc:4c:fd:cd:33:8f:
         35:fa:e1:a4:af:fa:07:6c:6c:12:78:32:82:96:fb:35:e8:2a:
         95:dd:1b:e2:28:cb:6c:f3:9e:28:60:75:40:75:ad:96:f1:09:
         dd:83:46:c4:5a:e5:af:9e:96:b3:5d:8f:0f:ae:7c:4e:a0:a6:
         ce:65:dd:a9:77:73:02:82:6e:ae:25:f8:96:12:c2:f1:64:e4:
         ae:f0:85:d6:ee:9f:d1:c5:4c:ba:9a:57:d1:6f:1a:32:97:e0:
         55:d4:40:12:58:8c:bf:01:fe:dc:c1:df:f8:2d:ac:f5:e5:2d:
         9f:34:4a:68:2a:6e:c4:ab:e7:6c:39:82:38:15:31:52:12:72:
         c5:49:c8:36:de:61:3e:be:4a:93:e6:fd:a6:d2:4c:ee:cb:15:
         58:cd:59:e1:ba:39:ba:14:28:bc:44:d9:46:a9:50:e2:68:97:
         2d:ac:f1:22:14:1d:81:cd:99:57:71:fd:6f:3f:50:ba:9c:d3:
         fc:56:4f:40:11:c9:be:c4:60:94:27:01:a0:5a:96:08:31:d3:
         2f:63:09:fa:d3:1a:c2:f9:ab:85:79:ac:14:d6:09:f9:96:19:
         8b:7a:09:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW4DTxMWsXvPWy1VPRNSoJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyODc3Mjk4ZGFlNWQ1YTNiZWFiY2ExNmU5MmQxYTE0MWU5
NDg2MjcwHhcNMjUwMzIxMDkzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjFlZDY2NDlmOGQ3NzIxNzRlMjk1MjRlMjA3NGM2MjgxZWU0MzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLJEFg06gVQgA1Y1CU+gVEarStAb
zNaKumyJEOetpcSRtqT10dteDZ4GJT62Cdg9MLBsrWT4WlflTk12m7INZoUDe0+N
vFdFWYicP2D+mHZqV+8C7ofWZJ7zpyeXw4mT0IFUnJQWjO2t1hZkoG3hUVIzUhwE
WZz/a7zfoizG2nZEyFlEHM5Q1+OxrrYLxz9ib6cg5bT3brKz/UY5mGBocBH0PA/t
gLR75+w934yGHCU2AMsn+NsjE+92cABH5q7XLgBVOuq9nQt7KfMrT++eYM0bW1qk
iPd6e/0+fTPosSV+ZTrfiHxCWvCwW4sA5I7mArknQP9k9jKOi4VAvIlaXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBse1mSfjXchdOKVJOIHTGKB7kM5MB8GA1UdIwQY
MBaAFCKHcpja5dWjvqvKFuktGhQelIYnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYt
NTkzM2EwOWY3MmQxLzEvR3g3V1pKLU5keUYwNHBVazRnZE1Zb0h1UXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYtNTkzM2EwOWY3MmQx
LzEvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXNYMA0G
CSqGSIb3DQEBCwUAA4IBAQAZnCjqOXhOKgJLMwTEm9SjADAoihI7GzPDb4uU1Mq8
TP3NM481+uGkr/oHbGwSeDKClvs16CqV3RviKMts854oYHVAda2W8Qndg0bEWuWv
npazXY8PrnxOoKbOZd2pd3MCgm6uJfiWEsLxZOSu8IXW7p/RxUy6mlfRbxoyl+BV
1EASWIy/Af7cwd/4Laz15S2fNEpoKm7Eq+dsOYI4FTFSEnLFScg23mE+vkqT5v2m
0kzuyxVYzVnhujm6FCi8RNlGqVDiaJctrPEiFB2BzZlXcf1vP1C6nNP8Vk9AEcm+
xGCUJwGgWpYIMdMvYwn60xrC+auFeawU1gn5lhmLegkv
-----END CERTIFICATE-----