Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/4mL1zKKLOxGn25fl7m9On5y2ZYA.roa
File:                     4mL1zKKLOxGn25fl7m9On5y2ZYA.roa (raw, json)
Hash identifier:          9EgYMO8cQ5z/aiE1aC8zT4GRbu01MVUJ2bPVFVsvu8U=
Subject key identifier:   E2:62:F5:CC:A2:8B:3B:11:A7:DB:97:E5:EE:6F:4E:9F:9C:B6:65:80
Certificate issuer:       /CN=c3b4351e0a495c26efdc6e415f0bb189fbbd6edf
Certificate serial:       0194214433F1D064BBB309BB4F02A6D14B28
Authority key identifier: C3:B4:35:1E:0A:49:5C:26:EF:DC:6E:41:5F:0B:B1:89:FB:BD:6E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w7Q1HgpJXCbv3G5BXwuxifu9bt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/4mL1zKKLOxGn25fl7m9On5y2ZYA.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214005
IP address blocks:        80.85.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/w7Q1HgpJXCbv3G5BXwuxifu9bt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/w7Q1HgpJXCbv3G5BXwuxifu9bt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w7Q1HgpJXCbv3G5BXwuxifu9bt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:33:f1:d0:64:bb:b3:09:bb:4f:02:a6:d1:4b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3b4351e0a495c26efdc6e415f0bb189fbbd6edf
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e262f5cca28b3b11a7db97e5ee6f4e9f9cb66580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3c:b6:b7:12:63:d7:22:fb:c8:5f:71:77:0d:
                    ec:a4:e2:1a:14:e9:a5:f0:01:bb:b2:85:9f:0f:81:
                    e4:e4:fa:2c:08:ac:99:53:a8:cc:74:1c:67:8f:41:
                    c8:4d:ad:76:80:b7:4c:ac:9b:ff:88:dd:ca:59:48:
                    73:eb:f0:c5:3e:4e:f0:17:ae:17:de:ba:ab:52:3b:
                    c0:ad:bf:00:f7:f2:d7:4c:ea:78:e5:3a:ed:4c:4f:
                    c8:3d:46:81:ee:9b:9e:13:4a:b2:c8:cc:02:b8:94:
                    87:13:d8:fb:9e:08:76:83:2d:cf:f6:e4:45:bd:2c:
                    dd:63:ea:52:7e:2f:a1:76:42:2c:0d:aa:d1:9e:13:
                    9f:ac:ae:a1:a5:2d:99:cd:f4:de:aa:58:2a:69:a5:
                    b3:0b:6b:6a:f8:89:05:5f:20:4f:41:93:39:da:31:
                    6a:6b:ab:77:f8:8c:19:2f:4d:db:a8:00:55:74:27:
                    5c:04:99:78:c1:fb:e9:9b:76:cf:0d:eb:1b:c4:9d:
                    65:29:9e:f6:b9:82:f1:be:8c:60:d3:33:0c:00:fe:
                    f4:b3:50:03:3d:56:c0:7e:6e:2f:a0:e5:2b:3b:0f:
                    7d:eb:b3:10:ad:9b:c7:3b:ff:03:23:fa:62:4d:da:
                    a4:0f:04:ce:a8:be:1b:51:9b:dd:ea:a8:af:c5:0f:
                    52:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:62:F5:CC:A2:8B:3B:11:A7:DB:97:E5:EE:6F:4E:9F:9C:B6:65:80
            X509v3 Authority Key Identifier:
                keyid:C3:B4:35:1E:0A:49:5C:26:EF:DC:6E:41:5F:0B:B1:89:FB:BD:6E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w7Q1HgpJXCbv3G5BXwuxifu9bt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/4mL1zKKLOxGn25fl7m9On5y2ZYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/37e363-84d1-470e-96a2-0ef1cac7418d/1/w7Q1HgpJXCbv3G5BXwuxifu9bt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b7:58:09:c4:64:8c:d2:d4:0c:a2:a7:b4:66:b0:cb:1a:75:
         08:5e:88:e3:ba:f8:1a:9a:b8:ff:a7:a2:be:f2:3c:47:70:f4:
         6e:a4:b0:00:42:b9:d5:e2:48:6e:64:bb:98:67:dc:10:a9:be:
         60:0a:8a:1a:81:80:66:96:1d:a8:63:5a:fb:42:92:be:9a:0b:
         e9:8d:bf:24:69:9d:35:f6:ff:c9:26:35:31:44:cd:23:fb:4a:
         e9:34:fc:ea:f7:d0:65:04:9e:33:d0:6b:93:97:14:3e:20:53:
         a8:5b:ac:7a:59:26:19:7e:f3:a2:5d:43:56:ca:0d:95:56:76:
         70:e1:1a:cb:8b:fb:be:83:12:de:ec:98:52:9e:b8:72:fd:a2:
         34:63:13:69:61:64:93:c0:ac:5f:1d:fd:29:f1:c6:8e:02:37:
         29:67:da:ed:72:b3:d9:c1:d2:b6:63:19:55:ed:88:ed:b0:25:
         02:6b:d8:79:3d:9f:19:ce:ba:5f:dd:bd:8b:61:44:ae:bb:a4:
         3e:34:15:98:c9:94:46:24:d5:d7:79:e7:17:e4:cd:48:c4:d1:
         96:0d:f1:6b:33:f2:4d:d4:fb:32:31:f4:0f:ce:80:78:bd:25:
         7f:75:df:81:cc:61:5a:b2:7e:1c:28:1a:eb:18:4d:28:59:69:
         ee:99:d1:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDPx0GS7swm7TwKm0UsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYjQzNTFlMGE0OTVjMjZlZmRjNmU0MTVmMGJiMTg5ZmJi
ZDZlZGYwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjYyZjVjY2EyOGIzYjExYTdkYjk3ZTVlZTZmNGU5ZjljYjY2NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzy2txJj1yL7yF9xdw3spOIaFOml
8AG7soWfD4Hk5PosCKyZU6jMdBxnj0HITa12gLdMrJv/iN3KWUhz6/DFPk7wF64X
3rqrUjvArb8A9/LXTOp45TrtTE/IPUaB7pueE0qyyMwCuJSHE9j7ngh2gy3P9uRF
vSzdY+pSfi+hdkIsDarRnhOfrK6hpS2ZzfTeqlgqaaWzC2tq+IkFXyBPQZM52jFq
a6t3+IwZL03bqABVdCdcBJl4wfvpm3bPDesbxJ1lKZ72uYLxvoxg0zMMAP70s1AD
PVbAfm4voOUrOw9967MQrZvHO/8DI/piTdqkDwTOqL4bUZvd6qivxQ9SxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJi9cyiizsRp9uX5e5vTp+ctmWAMB8GA1UdIwQY
MBaAFMO0NR4KSVwm79xuQV8LsYn7vW7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzdRMUhncEpYQ2J2M0c1Qlh3dXhpZnU5YnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zN2UzNjMtODRkMS00NzBlLTk2YTIt
MGVmMWNhYzc0MThkLzEvNG1MMXpLS0xPeEduMjVmbDdtOU9uNXkyWllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zN2UzNjMtODRkMS00NzBlLTk2YTItMGVmMWNhYzc0MThk
LzEvdzdRMUhncEpYQ2J2M0c1Qlh3dXhpZnU5YnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFXQMA0G
CSqGSIb3DQEBCwUAA4IBAQBtt1gJxGSM0tQMoqe0ZrDLGnUIXojjuvgamrj/p6K+
8jxHcPRupLAAQrnV4khuZLuYZ9wQqb5gCooagYBmlh2oY1r7QpK+mgvpjb8kaZ01
9v/JJjUxRM0j+0rpNPzq99BlBJ4z0GuTlxQ+IFOoW6x6WSYZfvOiXUNWyg2VVnZw
4RrLi/u+gxLe7JhSnrhy/aI0YxNpYWSTwKxfHf0p8caOAjcpZ9rtcrPZwdK2YxlV
7YjtsCUCa9h5PZ8Zzrpf3b2LYUSuu6Q+NBWYyZRGJNXXeecX5M1IxNGWDfFrM/JN
1PsyMfQPzoB4vSV/dd+BzGFasn4cKBrrGE0oWWnumdGV
-----END CERTIFICATE-----