Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/iipSuvIjR47VudmgbPEDa9JY9oY.roa
File:                     iipSuvIjR47VudmgbPEDa9JY9oY.roa (raw, json)
Hash identifier:          UNIVy+xZ2R8yR9G0m1INDMtIUCeoWGaMGRk0QvHxxTQ=
Subject key identifier:   8A:2A:52:BA:F2:23:47:8E:D5:B9:D9:A0:6C:F1:03:6B:D2:58:F6:86
Certificate issuer:       /CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
Certificate serial:       01942748007F45336251A18EC4F1B157372B
Authority key identifier: B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/iipSuvIjR47VudmgbPEDa9JY9oY.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        95.174.80.0/24 maxlen: 24
                          185.144.16.0/22 maxlen: 24
                          2a04:2f81::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:00:7f:45:33:62:51:a1:8e:c4:f1:b1:57:37:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a2a52baf223478ed5b9d9a06cf1036bd258f686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:df:0a:bb:2f:f7:87:93:cb:00:b7:c7:03:64:
                    29:b6:71:de:60:98:78:d3:87:dd:de:dd:d5:3b:bd:
                    42:6f:b7:bd:4c:e8:d1:f3:e0:50:4c:33:18:4e:89:
                    9a:16:3d:7c:48:54:4a:1a:cb:78:0d:a2:42:82:79:
                    32:34:6d:ba:af:1c:dd:fa:e0:05:24:47:8c:18:7c:
                    f0:ec:3d:27:06:bd:09:46:14:06:65:9d:b6:7d:b6:
                    07:de:d8:1f:8e:3f:c4:d8:d2:67:3a:ba:af:f2:c4:
                    c2:2c:c1:fa:db:a0:23:18:6a:5b:3a:33:2e:54:11:
                    58:8f:b8:a0:31:1c:74:6d:8c:10:db:ed:62:f6:11:
                    a2:41:91:a3:df:3b:8a:0e:e3:a2:44:22:54:3a:17:
                    64:82:7b:ff:eb:e1:da:e2:cc:d7:ce:e7:7a:89:68:
                    eb:36:f2:c3:34:fa:40:e4:ed:3f:0e:b8:62:4e:66:
                    80:4e:2b:df:0f:14:d5:67:5a:fa:ec:c5:31:92:be:
                    97:4b:65:29:70:a9:87:72:10:a0:21:09:e2:6f:15:
                    6d:fb:73:12:7b:e3:61:28:57:c8:e7:4c:4b:38:b6:
                    9f:6c:c2:48:3e:8f:1d:0f:3a:39:0d:7b:41:d2:61:
                    28:72:49:86:7c:81:e7:51:30:dd:9b:d7:a1:51:ae:
                    7d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2A:52:BA:F2:23:47:8E:D5:B9:D9:A0:6C:F1:03:6B:D2:58:F6:86
            X509v3 Authority Key Identifier:
                keyid:B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/iipSuvIjR47VudmgbPEDa9JY9oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.174.80.0/24
                  185.144.16.0/22
                IPv6:
                  2a04:2f81::/42

    Signature Algorithm: sha256WithRSAEncryption
         21:ee:20:50:44:c9:1e:c3:9f:81:1a:84:e6:14:82:e5:52:b2:
         0e:37:2b:31:54:9e:17:f1:d8:f5:49:0b:e5:c3:24:09:e1:ee:
         9c:f0:76:93:0a:25:df:e8:19:3a:3c:75:d0:6f:16:84:7b:30:
         a1:3c:36:82:cb:30:93:37:0b:6e:c9:5c:5f:01:3a:db:c8:a4:
         3b:06:d2:57:a4:1d:58:70:f2:f4:87:dd:36:07:b0:24:08:29:
         83:10:0d:ad:b7:f3:e6:ce:bc:78:a6:05:1d:4b:64:ff:7e:e4:
         d8:2f:c6:64:b9:08:0b:b4:ed:26:9a:be:fb:71:65:e0:18:08:
         07:bf:2f:3d:92:02:f3:3e:13:84:d2:58:c3:fb:53:4a:34:16:
         5d:5e:81:65:c8:5a:60:73:b7:42:09:ae:34:89:06:be:f2:f0:
         59:6e:cd:43:ca:14:f9:22:47:bf:d6:ea:05:ac:a5:37:b6:23:
         e9:a8:b7:3a:62:00:30:86:4e:3c:ac:4a:09:db:73:58:d7:9b:
         35:3f:64:91:f2:8e:e7:26:93:cc:1c:97:8a:89:66:b4:66:37:
         fd:13:cf:6e:4b:6e:a7:77:89:7f:61:81:82:f4:1b:0c:66:1f:
         c5:96:c7:35:1a:4d:3a:8e:4a:26:29:99:0c:07:b6:b1:f7:65:
         bc:a3:1f:7e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQnSAB/RTNiUaGOxPGxVzcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZmZlZTdkYmY3ZjQ1NjZlYTllMzA1NDZiMmMyYTJlNzMz
NmYyZjQwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTJhNTJiYWYyMjM0NzhlZDViOWQ5YTA2Y2YxMDM2YmQyNThmNjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl98Kuy/3h5PLALfHA2QptnHeYJh4
04fd3t3VO71Cb7e9TOjR8+BQTDMYTomaFj18SFRKGst4DaJCgnkyNG26rxzd+uAF
JEeMGHzw7D0nBr0JRhQGZZ22fbYH3tgfjj/E2NJnOrqv8sTCLMH626AjGGpbOjMu
VBFYj7igMRx0bYwQ2+1i9hGiQZGj3zuKDuOiRCJUOhdkgnv/6+Ha4szXzud6iWjr
NvLDNPpA5O0/DrhiTmaATivfDxTVZ1r67MUxkr6XS2UpcKmHchCgIQnibxVt+3MS
e+NhKFfI50xLOLafbMJIPo8dDzo5DXtB0mEockmGfIHnUTDdm9ehUa59rwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIoqUrryI0eO1bnZoGzxA2vSWPaGMB8GA1UdIwQY
MBaAFLH/7n2/f0Vm6p4wVGssKi5zNvL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUt
N2Y1Zjc4MzQ2ZDZmLzEvaWlwU3V2SWpSNDdWdWRtZ2JQRURhOUpZOW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUtN2Y1Zjc4MzQ2ZDZm
LzEvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAX65QAwQC
uZAQMA8EAgACMAkDBwYqBC+BAAAwDQYJKoZIhvcNAQELBQADggEBACHuIFBEyR7D
n4EahOYUguVSsg43KzFUnhfx2PVJC+XDJAnh7pzwdpMKJd/oGTo8ddBvFoR7MKE8
NoLLMJM3C27JXF8BOtvIpDsG0lekHVhw8vSH3TYHsCQIKYMQDa238+bOvHimBR1L
ZP9+5NgvxmS5CAu07SaavvtxZeAYCAe/Lz2SAvM+E4TSWMP7U0o0Fl1egWXIWmBz
t0IJrjSJBr7y8FluzUPKFPkiR7/W6gWspTe2I+motzpiADCGTjysSgnbc1jXmzU/
ZJHyjucmk8wcl4qJZrRmN/0Tz25Lbqd3iX9hgYL0GwxmH8WWxzUaTTqOSiYpmQwH
trH3ZbyjH34=
-----END CERTIFICATE-----