Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/8znWg7qZ9bI9AKat_qhyP26JqfY.roa
File:                     8znWg7qZ9bI9AKat_qhyP26JqfY.roa (raw, json)
Hash identifier:          Y2YmIOv3jVMh1xIJmeIZI13RLm2nx7Gd9VO4KN+O0Z4=
Subject key identifier:   F3:39:D6:83:BA:99:F5:B2:3D:00:A6:AD:FE:A8:72:3F:6E:89:A9:F6
Certificate issuer:       /CN=7580d16569bb24a328e27b47f7d751659725defb
Certificate serial:       01942521C398E8795908EA69861CE1D9CD61
Authority key identifier: 75:80:D1:65:69:BB:24:A3:28:E2:7B:47:F7:D7:51:65:97:25:DE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/8znWg7qZ9bI9AKat_qhyP26JqfY.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199629
IP address blocks:        185.10.144.0/22 maxlen: 24
                          2a03:3a40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c3:98:e8:79:59:08:ea:69:86:1c:e1:d9:cd:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7580d16569bb24a328e27b47f7d751659725defb
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f339d683ba99f5b23d00a6adfea8723f6e89a9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ac:29:84:d2:dd:3f:29:af:af:b9:cf:a5:27:
                    14:c1:30:86:6b:24:98:1e:e1:8a:cf:01:30:46:9e:
                    ab:ab:f3:bf:02:05:9b:53:60:56:1b:9f:65:a3:c7:
                    4c:f5:e1:84:d6:53:99:d3:f9:95:d5:9f:d2:61:3c:
                    a4:e5:fa:b3:cb:75:7d:16:f0:91:0c:70:03:6c:e2:
                    95:53:03:15:15:e0:f5:6d:8c:b1:40:c5:08:76:d1:
                    a5:74:72:84:5a:c8:cb:e7:fd:ef:b1:cd:df:cb:ec:
                    1b:22:8c:44:87:e2:67:46:f8:37:53:07:41:92:04:
                    43:c7:64:75:b8:38:41:17:46:cc:96:17:7a:13:5e:
                    8d:f0:1b:db:fc:48:f6:77:29:2e:a4:a8:ed:5a:f1:
                    08:39:0d:b4:41:c5:89:13:f9:bd:3b:5a:37:e7:27:
                    63:e4:37:36:bf:cc:64:82:bc:12:75:a4:85:38:26:
                    39:2b:9b:dc:79:cd:a8:5d:f1:e3:d7:05:ac:ad:cb:
                    dc:11:2d:4d:8c:6b:c3:d4:a1:82:34:cf:5d:1f:a9:
                    ef:73:32:b6:22:a5:23:5e:15:79:7a:3f:c7:5a:22:
                    40:e4:ea:2c:f5:82:d4:f5:65:aa:8e:3d:95:3f:23:
                    22:e6:91:26:10:27:0d:9f:44:35:b3:37:5d:20:35:
                    bc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:39:D6:83:BA:99:F5:B2:3D:00:A6:AD:FE:A8:72:3F:6E:89:A9:F6
            X509v3 Authority Key Identifier:
                keyid:75:80:D1:65:69:BB:24:A3:28:E2:7B:47:F7:D7:51:65:97:25:DE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYDRZWm7JKMo4ntH99dRZZcl3vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/8znWg7qZ9bI9AKat_qhyP26JqfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1a18de-efbd-41b5-b336-79fbd385a550/1/dYDRZWm7JKMo4ntH99dRZZcl3vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.144.0/22
                IPv6:
                  2a03:3a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:d0:81:8f:74:db:c0:8a:72:43:46:5b:00:16:dd:4c:e0:4b:
         0f:25:87:c7:5b:f9:76:19:51:6c:8a:d8:8d:26:89:3e:88:36:
         10:18:b8:4d:6a:fc:5a:9d:ee:ad:2e:19:9f:e0:b0:4b:33:52:
         cc:dd:ba:60:6a:90:cf:e0:fc:b6:bd:05:4d:7a:e4:7f:18:09:
         b2:e9:c7:90:eb:31:f3:18:d5:f8:35:dd:2b:99:0b:0b:ff:09:
         ac:5c:22:83:db:7e:b9:8b:86:25:73:e6:6e:88:2a:48:1b:05:
         15:00:5e:6d:b6:bc:66:2f:7f:09:dc:5f:fb:05:b8:be:ec:34:
         68:d0:46:42:1e:46:1e:c8:85:4a:a9:8a:d2:61:c0:70:0f:43:
         d9:32:96:71:8c:34:2a:71:52:e5:6f:a3:2d:2e:84:bf:f5:7d:
         10:ce:16:90:58:d0:a0:6a:79:52:c7:00:22:b6:c4:ae:94:dd:
         50:23:cd:2b:df:f1:f1:8b:7a:9b:82:ef:3d:4e:5b:88:cf:7e:
         63:e7:05:69:a9:0c:93:77:91:a2:65:74:29:83:7b:21:58:33:
         c7:4d:04:8d:e1:cf:e2:90:47:bf:34:d5:09:fa:71:90:a1:47:
         cd:76:ea:30:99:74:9a:f9:7c:05:1d:72:89:bb:f8:71:8b:6f:
         c3:af:5f:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIcOY6HlZCOpphhzh2c1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODBkMTY1NjliYjI0YTMyOGUyN2I0N2Y3ZDc1MTY1OTcy
NWRlZmIwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzM5ZDY4M2JhOTlmNWIyM2QwMGE2YWRmZWE4NzIzZjZlODlhOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqwphNLdPymvr7nPpScUwTCGaySY
HuGKzwEwRp6rq/O/AgWbU2BWG59lo8dM9eGE1lOZ0/mV1Z/SYTyk5fqzy3V9FvCR
DHADbOKVUwMVFeD1bYyxQMUIdtGldHKEWsjL5/3vsc3fy+wbIoxEh+JnRvg3UwdB
kgRDx2R1uDhBF0bMlhd6E16N8Bvb/Ej2dykupKjtWvEIOQ20QcWJE/m9O1o35ydj
5Dc2v8xkgrwSdaSFOCY5K5vcec2oXfHj1wWsrcvcES1NjGvD1KGCNM9dH6nvczK2
IqUjXhV5ej/HWiJA5Oos9YLU9WWqjj2VPyMi5pEmECcNn0Q1szddIDW8GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPM51oO6mfWyPQCmrf6ocj9uian2MB8GA1UdIwQY
MBaAFHWA0WVpuySjKOJ7R/fXUWWXJd77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFlEUlpXbTdKS01vNG50SDk5ZFJaWmNsM3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xYTE4ZGUtZWZiZC00MWI1LWIzMzYt
NzlmYmQzODVhNTUwLzEvOHpuV2c3cVo5Ykk5QUthdF9xaHlQMjZKcWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xYTE4ZGUtZWZiZC00MWI1LWIzMzYtNzlmYmQzODVhNTUw
LzEvZFlEUlpXbTdKS01vNG50SDk5ZFJaWmNsM3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQqQMA0E
AgACMAcDBQAqAzpAMA0GCSqGSIb3DQEBCwUAA4IBAQBV0IGPdNvAinJDRlsAFt1M
4EsPJYfHW/l2GVFsitiNJok+iDYQGLhNavxane6tLhmf4LBLM1LM3bpgapDP4Py2
vQVNeuR/GAmy6ceQ6zHzGNX4Nd0rmQsL/wmsXCKD2365i4Ylc+ZuiCpIGwUVAF5t
trxmL38J3F/7Bbi+7DRo0EZCHkYeyIVKqYrSYcBwD0PZMpZxjDQqcVLlb6MtLoS/
9X0QzhaQWNCganlSxwAitsSulN1QI80r3/Hxi3qbgu89TluIz35j5wVpqQyTd5Gi
ZXQpg3shWDPHTQSN4c/ikEe/NNUJ+nGQoUfNduowmXSa+XwFHXKJu/hxi2/Dr18k
-----END CERTIFICATE-----