Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/hI0tUC415NEH9XUX9W5_NYjc6b0.roa
File:                     hI0tUC415NEH9XUX9W5_NYjc6b0.roa (raw, json)
Hash identifier:          vIUGWL+jywzP4nOG3s5yRhGXD3r26uV/UoGJVBb5x6o=
Subject key identifier:   84:8D:2D:50:2E:35:E4:D1:07:F5:75:17:F5:6E:7F:35:88:DC:E9:BD
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       01942747E0A70C00019F696F36BEA416E672
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/hI0tUC415NEH9XUX9W5_NYjc6b0.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        85.28.61.0/24 maxlen: 24
                          85.28.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e0:a7:0c:00:01:9f:69:6f:36:be:a4:16:e6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=848d2d502e35e4d107f57517f56e7f3588dce9bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a0:7a:b3:ac:1e:70:dc:9d:5a:a2:0a:06:34:
                    be:ad:0d:ac:00:68:4a:33:7e:42:46:34:0c:be:67:
                    82:ca:7b:a6:be:8e:eb:ae:10:fb:11:2b:c5:76:d3:
                    a8:8a:ef:bd:b3:35:74:9c:b3:71:7a:34:7c:9e:f8:
                    13:81:30:40:d5:ba:e7:a8:fc:d6:5b:bc:a8:61:1d:
                    8f:29:c5:e5:5a:1c:7c:50:3f:66:30:94:5b:8f:46:
                    2e:cb:ec:ef:2f:d4:c4:72:09:87:02:a3:ca:f1:b2:
                    35:3b:00:a4:a3:fb:05:71:d9:a4:05:2c:c0:db:6f:
                    7e:40:d3:90:1d:84:1a:f1:78:96:03:16:4a:2f:e8:
                    3e:f0:41:99:d7:4f:28:d6:77:e2:c0:93:94:6f:e6:
                    8f:81:66:66:ae:86:68:99:92:ec:8d:04:6f:3e:3f:
                    ff:99:71:c4:34:85:32:68:9c:0e:60:8a:4c:ca:a8:
                    96:7a:86:1c:a5:12:45:7f:8e:b7:fa:22:e2:4c:7b:
                    20:5a:84:3c:b0:e9:c0:2d:4f:5a:7a:36:49:e1:db:
                    3d:20:f9:98:80:5a:f2:c6:ec:db:97:00:51:4e:c0:
                    24:e9:bd:c7:ba:41:2d:d4:6b:b6:e3:4e:b7:1d:e4:
                    1f:59:05:f4:1e:c5:91:e6:ff:07:44:75:3a:5f:df:
                    91:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8D:2D:50:2E:35:E4:D1:07:F5:75:17:F5:6E:7F:35:88:DC:E9:BD
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/hI0tUC415NEH9XUX9W5_NYjc6b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.61.0/24
                  85.28.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:49:13:5d:a0:14:a5:a5:bd:cf:66:a8:b4:2c:f4:ce:a0:29:
         a4:0f:26:fe:9b:36:3a:27:a4:05:01:18:46:3a:07:88:5c:1d:
         07:dc:b2:fa:1a:9f:34:c8:13:ee:9d:ec:df:11:7c:c3:92:8a:
         1a:a8:fb:b9:31:cc:58:85:2b:96:3d:e0:51:4d:08:55:21:17:
         02:43:a5:b2:63:4f:3b:26:6d:20:ec:1f:db:c3:b0:2b:9b:90:
         cd:b1:5e:09:fe:53:bb:1e:0a:94:8e:cc:84:6c:0d:26:bf:f4:
         48:0a:c8:26:19:f4:5c:db:e7:51:0c:ff:1a:68:38:50:01:58:
         51:01:c2:aa:94:82:9f:ec:5d:5f:d6:67:94:ee:79:93:b9:f0:
         05:33:27:ba:be:77:7f:00:36:66:95:b3:bc:42:a3:b9:de:2f:
         b3:cd:48:03:26:a2:94:38:1b:92:45:0f:60:ac:9d:8f:e4:ae:
         5f:81:2b:4c:07:c7:c7:7b:3a:f0:ad:23:79:9f:c0:56:92:9e:
         fc:8e:17:47:33:99:ac:e7:74:55:db:24:8f:4d:a8:ad:20:3e:
         d5:85:1c:dd:01:c4:6d:09:30:a7:e9:39:16:e0:4a:46:7a:9d:
         38:5e:1f:89:a5:c8:be:3c:3b:46:49:12:d6:bd:4c:c3:03:51:
         ea:4e:01:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR+CnDAABn2lvNr6kFuZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhkMmQ1MDJlMzVlNGQxMDdmNTc1MTdmNTZlN2YzNTg4ZGNlOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqB6s6wecNydWqIKBjS+rQ2sAGhK
M35CRjQMvmeCynumvo7rrhD7ESvFdtOoiu+9szV0nLNxejR8nvgTgTBA1brnqPzW
W7yoYR2PKcXlWhx8UD9mMJRbj0Yuy+zvL9TEcgmHAqPK8bI1OwCko/sFcdmkBSzA
229+QNOQHYQa8XiWAxZKL+g+8EGZ108o1nfiwJOUb+aPgWZmroZomZLsjQRvPj//
mXHENIUyaJwOYIpMyqiWeoYcpRJFf463+iLiTHsgWoQ8sOnALU9aejZJ4ds9IPmY
gFryxuzblwBRTsAk6b3HukEt1Gu24063HeQfWQX0HsWR5v8HRHU6X9+RLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFISNLVAuNeTRB/V1F/VufzWI3Om9MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvaEkwdFVDNDE1TkVIOVhVWDlXNV9OWWpjNmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVRw9AwQA
VRw/MA0GCSqGSIb3DQEBCwUAA4IBAQA6SRNdoBSlpb3PZqi0LPTOoCmkDyb+mzY6
J6QFARhGOgeIXB0H3LL6Gp80yBPunezfEXzDkooaqPu5McxYhSuWPeBRTQhVIRcC
Q6WyY087Jm0g7B/bw7Arm5DNsV4J/lO7HgqUjsyEbA0mv/RICsgmGfRc2+dRDP8a
aDhQAVhRAcKqlIKf7F1f1meU7nmTufAFMye6vnd/ADZmlbO8QqO53i+zzUgDJqKU
OBuSRQ9grJ2P5K5fgStMB8fHezrwrSN5n8BWkp78jhdHM5ms53RV2ySPTaitID7V
hRzdAcRtCTCn6TkW4EpGep04Xh+Jpci+PDtGSRLWvUzDA1HqTgFy
-----END CERTIFICATE-----