Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/z0sOswKWl1BfFqaGXhPtCyAmPYc.roa
File:                     z0sOswKWl1BfFqaGXhPtCyAmPYc.roa (raw, json)
Hash identifier:          Co3I3DKAzKoyofP77im0ZyVkq8yZfseQvsLlvfdI85s=
Subject key identifier:   CF:4B:0E:B3:02:96:97:50:5F:16:A6:86:5E:13:ED:0B:20:26:3D:87
Certificate issuer:       /CN=570d1b39385a3ded1ef063d1a1be93593b71fc2e
Certificate serial:       0194258F3A522CA84F58EBC52C0B3C462E75
Authority key identifier: 57:0D:1B:39:38:5A:3D:ED:1E:F0:63:D1:A1:BE:93:59:3B:71:FC:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw0bOThaPe0e8GPRob6TWTtx_C4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/z0sOswKWl1BfFqaGXhPtCyAmPYc.roa
Signing time:             Thu 02 Jan 2025 05:48:50 +0000
ROA not before:           Thu 02 Jan 2025 05:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31102
IP address blocks:        195.225.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/Vw0bOThaPe0e8GPRob6TWTtx_C4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/Vw0bOThaPe0e8GPRob6TWTtx_C4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw0bOThaPe0e8GPRob6TWTtx_C4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3a:52:2c:a8:4f:58:eb:c5:2c:0b:3c:46:2e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570d1b39385a3ded1ef063d1a1be93593b71fc2e
        Validity
            Not Before: Jan  2 05:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf4b0eb3029697505f16a6865e13ed0b20263d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:94:f8:59:a3:a2:95:dc:e6:02:77:29:1f:
                    d5:20:52:35:ea:2d:59:93:e3:b7:72:b6:84:b4:3b:
                    2c:34:f1:81:3e:c0:22:7a:44:c4:dc:4b:15:c7:b6:
                    74:35:ba:b3:fe:7b:e7:83:f7:38:7d:f8:5d:19:6c:
                    9f:78:a9:ee:7f:0f:b6:2f:e2:07:7f:39:1d:bf:9e:
                    bd:f4:21:5a:45:50:3c:97:b4:3e:48:70:f5:c9:5d:
                    be:02:37:6e:32:21:0f:4b:2e:87:29:30:ad:7c:4c:
                    35:6b:2f:41:93:22:e4:ef:5a:17:f8:e5:cb:d9:a9:
                    22:bd:94:5a:2b:9d:3f:0a:5b:6d:1c:94:33:f9:31:
                    2d:20:51:ba:ac:16:35:4e:a6:4b:ce:30:18:da:a4:
                    03:7b:7c:3d:ea:ba:1c:16:65:e4:49:eb:ec:dd:43:
                    76:39:dd:b4:60:1b:57:e1:7d:7b:93:93:3e:d1:b5:
                    43:59:c9:02:24:11:53:b5:39:ea:6f:09:3f:f2:64:
                    e8:8f:b3:c8:e9:95:5a:f9:ce:b6:df:61:10:66:cc:
                    03:dd:76:02:2c:bd:c2:58:11:ed:22:23:bb:e1:d4:
                    46:40:ff:2b:60:1a:8b:7b:da:a9:38:a3:85:4c:3f:
                    1a:e9:43:da:28:57:06:6f:1b:79:a2:41:26:e2:ba:
                    9b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4B:0E:B3:02:96:97:50:5F:16:A6:86:5E:13:ED:0B:20:26:3D:87
            X509v3 Authority Key Identifier:
                keyid:57:0D:1B:39:38:5A:3D:ED:1E:F0:63:D1:A1:BE:93:59:3B:71:FC:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw0bOThaPe0e8GPRob6TWTtx_C4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/z0sOswKWl1BfFqaGXhPtCyAmPYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/b13164-2fc3-4e31-bfc3-c58c5393cff8/1/Vw0bOThaPe0e8GPRob6TWTtx_C4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:99:cd:97:87:be:62:fc:e5:e8:16:c0:f0:62:0b:18:3d:03:
         8e:ff:94:44:b6:bb:a8:15:4e:84:42:a7:b3:11:b2:66:f8:fc:
         e4:29:d5:10:02:f3:76:0f:07:10:ea:aa:83:ba:61:e9:6b:eb:
         a0:23:61:9e:ac:9e:fb:67:f1:1f:60:25:e8:a0:16:93:18:e8:
         9a:02:b5:d5:be:07:30:9b:9d:fb:db:7e:c7:2e:4e:64:f6:99:
         e3:82:ab:6b:35:df:73:0d:62:84:a8:54:57:9e:76:af:12:fb:
         d3:80:e4:75:ad:b6:d2:fb:7f:6f:38:7b:49:6c:aa:ae:1d:3e:
         2a:e3:98:22:44:0c:10:da:a6:55:52:78:c0:08:f0:44:79:39:
         3b:f5:3f:aa:33:73:b3:f8:07:ee:4d:c7:31:b2:fa:2a:cb:8e:
         27:9f:4b:43:5c:78:e4:c8:31:6f:1e:33:1c:3d:89:52:fe:6e:
         8b:0b:7b:06:22:81:2b:a9:b4:65:76:b3:50:bc:b9:2d:15:23:
         2e:1f:55:42:d7:5b:d4:2a:db:5d:da:77:91:b9:5a:76:96:29:
         ab:4a:fb:05:87:ba:29:86:e1:5f:b2:fb:bf:90:36:e8:10:63:
         ec:48:31:99:b5:89:11:5b:ba:cd:17:ab:7c:10:ab:79:e6:b2:
         65:c0:27:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzpSLKhPWOvFLAs8Ri51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGQxYjM5Mzg1YTNkZWQxZWYwNjNkMWExYmU5MzU5M2I3
MWZjMmUwHhcNMjUwMTAyMDU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRiMGViMzAyOTY5NzUwNWYxNmE2ODY1ZTEzZWQwYjIwMjYzZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYuU+FmjopXc5gJ3KR/VIFI16i1Z
k+O3craEtDssNPGBPsAiekTE3EsVx7Z0Nbqz/nvng/c4ffhdGWyfeKnufw+2L+IH
fzkdv5699CFaRVA8l7Q+SHD1yV2+AjduMiEPSy6HKTCtfEw1ay9BkyLk71oX+OXL
2akivZRaK50/ClttHJQz+TEtIFG6rBY1TqZLzjAY2qQDe3w96rocFmXkSevs3UN2
Od20YBtX4X17k5M+0bVDWckCJBFTtTnqbwk/8mToj7PI6ZVa+c6232EQZswD3XYC
LL3CWBHtIiO74dRGQP8rYBqLe9qpOKOFTD8a6UPaKFcGbxt5okEm4rqbIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9LDrMClpdQXxamhl4T7QsgJj2HMB8GA1UdIwQY
MBaAFFcNGzk4Wj3tHvBj0aG+k1k7cfwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVncwYk9UaGFQZTBlOEdQUm9iNlRXVHR4X0M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iMTMxNjQtMmZjMy00ZTMxLWJmYzMt
YzU4YzUzOTNjZmY4LzEvejBzT3N3S1dsMUJmRnFhR1hoUHRDeUFtUFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iMTMxNjQtMmZjMy00ZTMxLWJmYzMtYzU4YzUzOTNjZmY4
LzEvVncwYk9UaGFQZTBlOEdQUm9iNlRXVHR4X0M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+GMMA0G
CSqGSIb3DQEBCwUAA4IBAQC0mc2Xh75i/OXoFsDwYgsYPQOO/5REtruoFU6EQqez
EbJm+PzkKdUQAvN2DwcQ6qqDumHpa+ugI2GerJ77Z/EfYCXooBaTGOiaArXVvgcw
m537237HLk5k9pnjgqtrNd9zDWKEqFRXnnavEvvTgOR1rbbS+39vOHtJbKquHT4q
45giRAwQ2qZVUnjACPBEeTk79T+qM3Oz+AfuTccxsvoqy44nn0tDXHjkyDFvHjMc
PYlS/m6LC3sGIoErqbRldrNQvLktFSMuH1VC11vUKttd2neRuVp2limrSvsFh7op
huFfsvu/kDboEGPsSDGZtYkRW7rNF6t8EKt55rJlwCf1
-----END CERTIFICATE-----