Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/gOoOuIZOmTcmldEZvCq4XtMtjO0.roa
File:                     gOoOuIZOmTcmldEZvCq4XtMtjO0.roa (raw, json)
Hash identifier:          hmwK87HYYcPAKwIEHNLhFiTNPFHHx/u4UOy/l/S/Aj8=
Subject key identifier:   80:EA:0E:B8:86:4E:99:37:26:95:D1:19:BC:2A:B8:5E:D3:2D:8C:ED
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       01941FFA2B66C6639611ADD4A1D56176336A
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/gOoOuIZOmTcmldEZvCq4XtMtjO0.roa
Signing time:             Wed 01 Jan 2025 03:47:56 +0000
ROA not before:           Wed 01 Jan 2025 03:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.114.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 00:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2b:66:c6:63:96:11:ad:d4:a1:d5:61:76:33:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 03:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80ea0eb8864e99372695d119bc2ab85ed32d8ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a1:87:f2:4e:a9:04:5f:54:b0:4a:3f:ba:4a:
                    ea:a4:32:13:08:7d:65:f6:84:a2:36:0c:46:36:fe:
                    e0:f5:e5:86:61:c4:10:43:da:d2:7f:a2:32:76:43:
                    08:30:90:43:28:c7:ae:69:17:1a:dc:4b:5a:d1:9b:
                    29:08:b3:33:e3:9b:93:dd:bc:7c:5b:4b:95:c6:01:
                    3e:6b:24:63:9d:2d:46:38:f2:27:f8:39:6a:45:a4:
                    1f:73:f4:e3:4d:89:6e:09:0d:78:54:c1:7a:e6:41:
                    c3:68:1e:78:f6:b3:89:6d:60:26:ff:d6:4b:19:1f:
                    e5:4e:85:b7:b3:82:a5:eb:59:55:f5:5c:84:d5:64:
                    71:b8:c9:38:f1:2a:a7:c0:88:af:d1:da:3c:eb:75:
                    8a:d4:57:f4:19:76:13:9a:63:9a:4d:49:b3:00:04:
                    cb:78:df:20:27:72:12:4d:ea:56:d9:0d:a1:5e:78:
                    08:5f:29:3d:cb:2b:54:92:e1:74:30:e6:a5:51:4a:
                    12:b8:e1:ba:45:98:47:44:89:ce:ac:5b:4e:c1:4a:
                    e2:69:5b:e6:83:11:8c:0d:b8:bb:5b:36:97:1a:8a:
                    07:25:0f:23:a6:5a:d2:79:d3:60:af:9c:7f:3c:7e:
                    ec:a3:53:d3:58:9f:38:dd:f8:4e:ca:2c:22:6b:f0:
                    43:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:EA:0E:B8:86:4E:99:37:26:95:D1:19:BC:2A:B8:5E:D3:2D:8C:ED
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/gOoOuIZOmTcmldEZvCq4XtMtjO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:cc:b3:8f:fb:40:40:b1:b3:ba:e3:7b:d0:85:58:28:5d:e9:
         15:ad:84:70:fc:1f:8d:fd:9d:18:a1:67:91:14:45:4d:4d:7f:
         d0:ab:75:b5:3d:d2:17:43:cf:27:5d:18:7e:ab:82:84:81:d8:
         31:e5:d3:61:05:b1:9a:1c:cf:3a:24:c1:cb:7b:a9:c3:8b:12:
         3c:88:4e:ab:8c:99:33:c3:18:c0:8b:37:eb:80:f1:bc:72:cb:
         f3:5e:fc:45:96:cb:ae:ed:df:47:a0:e0:2c:12:34:89:56:5d:
         b4:07:61:a1:88:a2:66:0b:bd:c2:b0:b0:dd:5a:30:0e:1e:80:
         71:46:9f:94:b6:cb:72:08:be:a5:4f:ba:c5:c7:46:28:56:e6:
         65:65:a9:2d:c9:8d:34:12:37:99:0c:c2:2b:01:89:8f:6b:c9:
         5a:a9:3d:4c:19:60:f4:d1:c5:f3:e3:5c:a9:be:55:25:91:04:
         d2:1d:06:87:29:13:a4:d9:f7:6b:13:3f:7f:6d:73:09:fb:3d:
         d8:f7:9a:2e:df:55:13:27:d6:3a:ac:b7:ca:9f:89:fb:fd:e2:
         b0:31:48:88:c9:b0:29:6e:7f:b5:5e:a4:dc:5e:41:56:e5:0e:
         d0:d0:cf:2b:cc:9d:21:65:8d:b4:6c:78:07:fe:4b:44:6b:c0:
         47:d9:10:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+itmxmOWEa3UodVhdjNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGVhMGViODg2NGU5OTM3MjY5NWQxMTliYzJhYjg1ZWQzMmQ4Y2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6GH8k6pBF9UsEo/ukrqpDITCH1l
9oSiNgxGNv7g9eWGYcQQQ9rSf6IydkMIMJBDKMeuaRca3Eta0ZspCLMz45uT3bx8
W0uVxgE+ayRjnS1GOPIn+DlqRaQfc/TjTYluCQ14VMF65kHDaB549rOJbWAm/9ZL
GR/lToW3s4Kl61lV9VyE1WRxuMk48SqnwIiv0do863WK1Ff0GXYTmmOaTUmzAATL
eN8gJ3ISTepW2Q2hXngIXyk9yytUkuF0MOalUUoSuOG6RZhHRInOrFtOwUriaVvm
gxGMDbi7WzaXGooHJQ8jplrSedNgr5x/PH7so1PTWJ843fhOyiwia/BDNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDqDriGTpk3JpXRGbwquF7TLYztMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvZ09vT3VJWk9tVGNtbGRFWnZDcTRYdE10ak8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIiMA0G
CSqGSIb3DQEBCwUAA4IBAQAvzLOP+0BAsbO643vQhVgoXekVrYRw/B+N/Z0YoWeR
FEVNTX/Qq3W1PdIXQ88nXRh+q4KEgdgx5dNhBbGaHM86JMHLe6nDixI8iE6rjJkz
wxjAizfrgPG8csvzXvxFlsuu7d9HoOAsEjSJVl20B2GhiKJmC73CsLDdWjAOHoBx
Rp+UtstyCL6lT7rFx0YoVuZlZaktyY00EjeZDMIrAYmPa8laqT1MGWD00cXz41yp
vlUlkQTSHQaHKROk2fdrEz9/bXMJ+z3Y95ou31UTJ9Y6rLfKn4n7/eKwMUiIybAp
bn+1XqTcXkFW5Q7Q0M8rzJ0hZY20bHgH/ktEa8BH2RAu
-----END CERTIFICATE-----