Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/D7sSJq2EzuylXPTSVOWPxBm3Ho8.roa
File:                     D7sSJq2EzuylXPTSVOWPxBm3Ho8.roa (raw, json)
Hash identifier:          gmpCwmfjITdv8gtFNL4Zn9iouUW+u1PcPnCsYBgoNzM=
Subject key identifier:   0F:BB:12:26:AD:84:CE:EC:A5:5C:F4:D2:54:E5:8F:C4:19:B7:1E:8F
Certificate issuer:       /CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
Certificate serial:       01942067FA554ED2494AA2CF005845A581A0
Authority key identifier: D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/D7sSJq2EzuylXPTSVOWPxBm3Ho8.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203734
IP address blocks:        185.69.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fa:55:4e:d2:49:4a:a2:cf:00:58:45:a5:81:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fbb1226ad84ceeca55cf4d254e58fc419b71e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:44:4f:52:8f:17:8e:ad:4f:5e:e6:2e:58:
                    82:62:77:59:17:c7:15:1d:d2:1b:2b:dd:64:93:95:
                    c4:b8:bc:8c:28:a8:38:e6:5a:66:ad:84:c6:94:93:
                    26:19:13:d7:ed:61:4a:32:5a:94:78:9a:c7:5c:9f:
                    06:35:56:e9:6b:d4:fd:95:28:60:18:fb:31:04:29:
                    f5:08:11:1a:20:7c:a9:cb:89:d4:8a:f3:6b:71:5b:
                    76:7b:5a:67:1a:9a:03:76:33:af:e9:04:d4:52:22:
                    9e:aa:23:94:d7:32:93:c7:b9:9d:bc:9d:74:0a:a5:
                    bd:8d:7c:fb:9a:99:f8:98:68:38:20:6c:37:9f:50:
                    aa:90:c2:77:f3:a0:f7:72:45:40:a8:94:ea:60:22:
                    68:d1:2b:17:24:82:75:85:f3:b5:d9:3a:67:d8:21:
                    52:9e:b8:e7:ed:ad:db:80:2b:0e:f8:c2:9b:a3:5c:
                    88:a2:fe:f2:d1:b4:8d:d8:0b:12:1a:75:af:a5:93:
                    74:82:3f:29:27:a9:58:cb:41:1a:83:08:00:ec:e2:
                    6a:58:93:cc:38:b9:12:c5:96:21:e9:33:6b:05:66:
                    20:af:82:8a:d6:f3:a6:f1:f4:f6:3a:08:50:c1:77:
                    08:81:8e:af:41:f0:8c:b2:9f:52:23:ef:8c:1a:59:
                    a5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BB:12:26:AD:84:CE:EC:A5:5C:F4:D2:54:E5:8F:C4:19:B7:1E:8F
            X509v3 Authority Key Identifier:
                keyid:D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/D7sSJq2EzuylXPTSVOWPxBm3Ho8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:b0:44:d0:ce:71:9b:7a:5a:7d:76:6e:a9:5d:4a:c1:d6:4f:
         47:23:05:a5:18:89:ee:71:ad:10:dd:e2:df:73:81:4a:69:41:
         32:8c:ec:72:e0:5c:2d:c4:73:f5:fd:02:43:69:70:19:cd:20:
         c7:db:6c:81:a2:d2:b4:51:56:cc:de:f2:e0:5b:41:51:3c:6f:
         90:f6:f2:5d:97:8e:47:be:3f:71:6f:26:55:6f:b9:d3:5e:f2:
         0e:d9:1a:66:67:80:ac:1e:97:5c:a2:f1:70:ab:f5:7e:a1:68:
         ae:01:aa:57:3e:82:11:a2:d7:bf:c4:14:da:0d:99:1a:28:65:
         89:aa:34:33:96:9c:53:ad:5d:11:78:97:ef:53:9b:90:6e:58:
         51:4e:92:c4:3a:cb:9a:b5:8f:2a:2e:a5:49:28:0c:ab:c9:67:
         fd:60:33:85:a4:19:fa:91:ff:d9:99:ad:46:ac:5c:6d:6e:47:
         4e:f8:ca:ee:05:0e:4a:dc:db:ce:a8:d9:46:8b:6d:b3:a9:ba:
         0c:6c:73:3d:c2:41:d3:e2:b7:c4:9b:23:d8:35:21:57:de:a7:
         c5:7b:74:43:da:67:aa:90:54:73:04:56:62:d2:1e:07:35:f5:
         6b:a4:5a:2e:d6:6a:48:32:7c:6c:33:d3:a9:c3:f8:88:d1:20:
         13:83:5a:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/pVTtJJSqLPAFhFpYGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWE3ZjdmZGQ1NGExN2NlNWUxMmE0MTgyZWI2NTI0Nzlm
OWQ3NTgwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJiMTIyNmFkODRjZWVjYTU1Y2Y0ZDI1NGU1OGZjNDE5YjcxZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwdET1KPF46tT17mLliCYndZF8cV
HdIbK91kk5XEuLyMKKg45lpmrYTGlJMmGRPX7WFKMlqUeJrHXJ8GNVbpa9T9lShg
GPsxBCn1CBEaIHypy4nUivNrcVt2e1pnGpoDdjOv6QTUUiKeqiOU1zKTx7mdvJ10
CqW9jXz7mpn4mGg4IGw3n1CqkMJ386D3ckVAqJTqYCJo0SsXJIJ1hfO12Tpn2CFS
nrjn7a3bgCsO+MKbo1yIov7y0bSN2AsSGnWvpZN0gj8pJ6lYy0EagwgA7OJqWJPM
OLkSxZYh6TNrBWYgr4KK1vOm8fT2OghQwXcIgY6vQfCMsp9SI++MGlmluQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+7EiathM7spVz00lTlj8QZtx6PMB8GA1UdIwQY
MBaAFNCaf3/dVKF85eEqQYLrZSR5+ddYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgt
NTg3NWE0NDg5ZGJhLzEvRDdzU0pxMkV6dXlsWFBUU1ZPV1B4Qm0zSG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgtNTg3NWE0NDg5ZGJh
LzEvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUX7MA0G
CSqGSIb3DQEBCwUAA4IBAQC0sETQznGbelp9dm6pXUrB1k9HIwWlGInuca0Q3eLf
c4FKaUEyjOxy4FwtxHP1/QJDaXAZzSDH22yBotK0UVbM3vLgW0FRPG+Q9vJdl45H
vj9xbyZVb7nTXvIO2RpmZ4CsHpdcovFwq/V+oWiuAapXPoIRote/xBTaDZkaKGWJ
qjQzlpxTrV0ReJfvU5uQblhRTpLEOsuatY8qLqVJKAyryWf9YDOFpBn6kf/Zma1G
rFxtbkdO+MruBQ5K3NvOqNlGi22zqboMbHM9wkHT4rfEmyPYNSFX3qfFe3RD2meq
kFRzBFZi0h4HNfVrpFou1mpIMnxsM9Opw/iI0SATg1o/
-----END CERTIFICATE-----