Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/of94ZnOgSOjGCyJMooBALn1fbB8.roa
File:                     of94ZnOgSOjGCyJMooBALn1fbB8.roa (raw, json)
Hash identifier:          cfQS/QunpP+H990XyQLETMfYIL6SBa9aTz6t3tGBoDw=
Subject key identifier:   A1:FF:78:66:73:A0:48:E8:C6:0B:22:4C:A2:80:40:2E:7D:5F:6C:1F
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01957FF1116D0F6EDB56C74D2933E9093FA8
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/of94ZnOgSOjGCyJMooBALn1fbB8.roa
Signing time:             Mon 10 Mar 2025 12:04:19 +0000
ROA not before:           Mon 10 Mar 2025 12:04:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        188.64.176.0/21 maxlen: 21
                          188.64.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:f1:11:6d:0f:6e:db:56:c7:4d:29:33:e9:09:3f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar 10 12:04:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1ff786673a048e8c60b224ca280402e7d5f6c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:de:a1:78:81:3b:79:7b:66:5c:f4:39:0f:02:
                    f6:fa:e5:6f:86:8b:d2:39:d4:1e:99:89:46:bc:95:
                    fa:b1:39:41:68:3a:5a:25:15:be:fb:38:2b:15:89:
                    a0:36:9a:93:ed:42:19:a7:e8:60:34:66:9f:ff:0c:
                    8d:fa:9b:cc:53:58:c4:9d:1d:0b:93:c6:d4:6b:01:
                    74:5a:b1:29:df:58:f5:10:02:cb:bf:b9:a7:79:c6:
                    90:ac:99:a8:33:60:61:d5:b9:08:3b:be:5f:c3:39:
                    a9:8f:1a:aa:74:80:90:b6:96:7c:44:a8:c6:ad:2c:
                    b1:3f:e5:71:12:19:f3:e0:97:c8:3c:90:45:0f:c9:
                    79:66:1c:d7:22:aa:67:61:e2:68:9a:6a:8b:d4:d0:
                    5c:45:fa:3b:1a:37:73:a9:89:ce:37:d9:65:7d:ba:
                    86:34:b4:ac:64:54:a2:90:71:3d:c9:06:1d:8a:d8:
                    78:82:aa:0a:05:c8:cf:70:aa:9a:53:33:11:82:73:
                    f9:f6:00:a9:bb:59:db:89:f4:b1:f7:2f:1e:ea:65:
                    5f:f9:77:dc:4f:3d:70:90:81:62:9e:f4:56:ba:85:
                    a5:37:b1:71:d3:4e:9d:a5:dc:75:c6:e1:b8:7a:6c:
                    50:a8:e5:70:9e:a9:bf:9a:2f:7b:9b:c8:60:96:3c:
                    91:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FF:78:66:73:A0:48:E8:C6:0B:22:4C:A2:80:40:2E:7D:5F:6C:1F
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/of94ZnOgSOjGCyJMooBALn1fbB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:e0:67:e9:93:8a:7d:85:a6:c5:04:38:63:56:be:52:aa:20:
         1a:ea:55:1d:67:d2:38:a8:f3:6d:1c:aa:68:f9:e5:09:53:e7:
         7c:93:12:23:c1:ab:1c:47:5c:5d:84:87:56:ae:85:6f:f4:e6:
         18:81:3d:57:8b:9c:a6:4b:ee:c9:df:fa:bd:a8:4f:b8:35:89:
         9c:ef:55:1c:c4:00:25:86:bc:f9:de:b7:85:a8:cd:6b:ec:cb:
         39:7e:6c:af:58:c8:3a:1a:87:48:66:40:32:56:72:42:d2:1a:
         81:1e:39:03:d5:fc:1b:3a:7a:21:15:ce:50:6b:e1:ef:12:3b:
         58:8f:56:85:68:72:df:56:e8:43:12:da:ba:b8:de:4e:9d:73:
         26:a0:cf:04:80:82:39:e9:65:ff:ac:d2:57:e1:ae:89:76:7a:
         9d:19:04:8c:10:df:89:c8:b8:1f:59:c1:87:95:cf:b4:df:92:
         fa:2c:f1:d6:49:4e:41:4b:08:da:2d:e4:39:d0:80:4b:cd:7b:
         06:83:80:b3:f2:08:b9:aa:73:2c:29:ce:a7:10:cf:e3:37:84:
         c7:31:7b:66:a2:a1:09:13:2c:67:4a:74:ef:fd:e1:bc:f8:e5:
         91:ac:ff:84:60:a7:64:da:6f:00:f6:c1:ff:39:cd:d0:2f:be:
         53:93:17:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV/8RFtD27bVsdNKTPpCT+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMzEwMTIwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZmNzg2NjczYTA0OGU4YzYwYjIyNGNhMjgwNDAyZTdkNWY2YzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd6heIE7eXtmXPQ5DwL2+uVvhovS
OdQemYlGvJX6sTlBaDpaJRW++zgrFYmgNpqT7UIZp+hgNGaf/wyN+pvMU1jEnR0L
k8bUawF0WrEp31j1EALLv7mnecaQrJmoM2Bh1bkIO75fwzmpjxqqdICQtpZ8RKjG
rSyxP+VxEhnz4JfIPJBFD8l5ZhzXIqpnYeJommqL1NBcRfo7GjdzqYnON9llfbqG
NLSsZFSikHE9yQYdith4gqoKBcjPcKqaUzMRgnP59gCpu1nbifSx9y8e6mVf+Xfc
Tz1wkIFinvRWuoWlN7Fx006dpdx1xuG4emxQqOVwnqm/mi97m8hgljyRiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKH/eGZzoEjoxgsiTKKAQC59X2wfMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvb2Y5NFpuT2dTT2pHQ3lKTW9vQkFMbjFmYkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvECwMA0G
CSqGSIb3DQEBCwUAA4IBAQAc4Gfpk4p9habFBDhjVr5SqiAa6lUdZ9I4qPNtHKpo
+eUJU+d8kxIjwascR1xdhIdWroVv9OYYgT1Xi5ymS+7J3/q9qE+4NYmc71UcxAAl
hrz53reFqM1r7Ms5fmyvWMg6GodIZkAyVnJC0hqBHjkD1fwbOnohFc5Qa+HvEjtY
j1aFaHLfVuhDEtq6uN5OnXMmoM8EgII56WX/rNJX4a6JdnqdGQSMEN+JyLgfWcGH
lc+035L6LPHWSU5BSwjaLeQ50IBLzXsGg4Cz8gi5qnMsKc6nEM/jN4THMXtmoqEJ
EyxnSnTv/eG8+OWRrP+EYKdk2m8A9sH/Oc3QL75Tkxcq
-----END CERTIFICATE-----