Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sKdQe_lWcRmDMWwIWE2HOXywhW8.roa
File:                     sKdQe_lWcRmDMWwIWE2HOXywhW8.roa (raw, json)
Hash identifier:          04tNIHHS9NDORSrvYLn/6vqowsM46Xar0e4/G0jzCa4=
Subject key identifier:   B0:A7:50:7B:F9:56:71:19:83:31:6C:08:58:4D:87:39:7C:B0:85:6F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195A2929776755F6DC534A908858DD677FA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sKdQe_lWcRmDMWwIWE2HOXywhW8.roa
Signing time:             Mon 17 Mar 2025 05:27:50 +0000
ROA not before:           Mon 17 Mar 2025 05:27:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213035
IP address blocks:        87.121.69.0/24 maxlen: 24
                          194.49.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a2:92:97:76:75:5f:6d:c5:34:a9:08:85:8d:d6:77:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 17 05:27:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0a7507bf956711983316c08584d87397cb0856f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:f5:8c:e9:67:c9:ae:b2:92:bc:ec:25:13:
                    5c:49:f6:5e:1b:7b:d2:df:b9:06:36:4b:3e:67:68:
                    1b:86:78:06:47:47:02:28:e9:2b:6d:9b:6f:69:73:
                    dc:22:d4:25:df:e8:5a:f0:ee:72:34:6f:b0:fe:92:
                    7c:c3:f1:c4:d2:df:ae:71:27:68:ae:16:7e:1f:a7:
                    a9:2d:bb:6c:fe:80:19:15:82:f6:1b:3c:5b:ba:3c:
                    a5:6d:b8:b5:4f:d2:0a:3e:ea:76:57:79:19:9a:e0:
                    d9:2d:82:e0:6d:a2:c1:3b:15:e5:66:84:8d:cd:ea:
                    39:2a:a9:c2:52:e3:a3:90:71:29:20:55:1c:c6:9d:
                    f3:0d:ac:f5:8a:0b:dd:f4:fc:a2:27:16:d4:12:b6:
                    a1:79:c9:16:9e:ea:a2:5c:c7:d7:22:3d:95:dd:81:
                    8c:13:70:34:a7:07:13:85:2a:e9:f5:8d:57:33:46:
                    da:83:c5:db:a8:b6:32:c7:93:2b:79:1d:e4:38:4a:
                    7d:9b:38:71:f4:c0:33:60:e9:7c:ec:b2:c5:64:a6:
                    54:e6:3c:22:5e:8e:fd:c5:73:2b:0c:2b:78:7b:3c:
                    be:54:65:f8:91:78:98:96:d8:b6:12:a7:3f:10:c9:
                    13:67:a3:51:c8:76:9d:e5:d9:64:0e:80:a9:7f:3f:
                    3c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A7:50:7B:F9:56:71:19:83:31:6C:08:58:4D:87:39:7C:B0:85:6F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sKdQe_lWcRmDMWwIWE2HOXywhW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.69.0/24
                  194.49.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:d0:1a:05:37:a4:2f:ed:6c:7f:52:5a:10:6c:35:01:e9:70:
         3b:b1:2e:1a:cc:73:d0:d4:32:2d:13:cc:40:d0:15:bf:5a:b2:
         01:5b:a7:09:7a:93:0d:b0:0b:eb:87:a5:57:4b:70:93:15:89:
         23:32:e3:e6:3f:83:b8:46:31:d3:78:83:6f:0a:08:0d:5b:18:
         c2:e6:4b:9a:91:d1:86:07:8e:3e:bd:16:8a:0d:00:92:0b:b0:
         42:82:fe:d9:ae:b0:50:b4:bc:ad:ca:6f:8c:ca:05:2b:1b:e5:
         06:ab:14:27:e0:d8:a0:e0:39:fa:97:02:34:93:9e:1a:ff:4b:
         bd:44:f1:62:99:98:d1:69:98:88:14:2b:1a:78:3d:c2:7b:81:
         c9:e7:61:f9:40:57:3f:9e:36:08:54:ec:3d:c6:4b:1d:6c:64:
         89:c6:6b:2b:a9:a5:36:c1:2c:d6:8f:26:72:31:92:c6:93:d7:
         45:74:cb:0c:a5:07:c4:6a:19:fb:8a:bb:f2:11:09:db:ea:b5:
         49:75:c5:3b:71:da:2a:8e:12:1f:fa:d0:41:d3:d4:9b:01:19:
         a2:55:1c:fd:6b:08:23:f1:37:f8:d2:e5:dd:59:5d:fc:d9:47:
         8f:bd:81:24:f0:a4:bd:fb:77:2f:59:18:12:a3:28:b3:64:1a:
         e4:0f:8f:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWikpd2dV9txTSpCIWN1nf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE3MDUyNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGE3NTA3YmY5NTY3MTE5ODMzMTZjMDg1ODRkODczOTdjYjA4NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6P1jOlnya6ykrzsJRNcSfZeG3vS
37kGNks+Z2gbhngGR0cCKOkrbZtvaXPcItQl3+ha8O5yNG+w/pJ8w/HE0t+ucSdo
rhZ+H6epLbts/oAZFYL2Gzxbujylbbi1T9IKPup2V3kZmuDZLYLgbaLBOxXlZoSN
zeo5KqnCUuOjkHEpIFUcxp3zDaz1igvd9PyiJxbUEraheckWnuqiXMfXIj2V3YGM
E3A0pwcThSrp9Y1XM0bag8XbqLYyx5MreR3kOEp9mzhx9MAzYOl87LLFZKZU5jwi
Xo79xXMrDCt4ezy+VGX4kXiYlti2Eqc/EMkTZ6NRyHad5dlkDoCpfz88KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLCnUHv5VnEZgzFsCFhNhzl8sIVvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc0tkUWVfbFdjUm1ETVd3SVdFMkhPWHl3aFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3lFAwQA
wjFeMA0GCSqGSIb3DQEBCwUAA4IBAQBY0BoFN6Qv7Wx/UloQbDUB6XA7sS4azHPQ
1DItE8xA0BW/WrIBW6cJepMNsAvrh6VXS3CTFYkjMuPmP4O4RjHTeINvCggNWxjC
5kuakdGGB44+vRaKDQCSC7BCgv7ZrrBQtLytym+MygUrG+UGqxQn4Nig4Dn6lwI0
k54a/0u9RPFimZjRaZiIFCsaeD3Ce4HJ52H5QFc/njYIVOw9xksdbGSJxmsrqaU2
wSzWjyZyMZLGk9dFdMsMpQfEahn7irvyEQnb6rVJdcU7cdoqjhIf+tBB09SbARmi
VRz9awgj8Tf40uXdWV382UePvYEk8KS9+3cvWRgSoyizZBrkD4/v
-----END CERTIFICATE-----