Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/nD2FojKO7bGyMYSc_km6FxF9OQw.roa
File:                     nD2FojKO7bGyMYSc_km6FxF9OQw.roa (raw, json)
Hash identifier:          MJthcbFLTQ4qYvaISXw/LfG3ni1OzmPoLMDcwKerRhQ=
Subject key identifier:   9C:3D:85:A2:32:8E:ED:B1:B2:31:84:9C:FE:49:BA:17:11:7D:39:0C
Certificate issuer:       /CN=d2e4cfe7f47f52464545adbb0bbc4d33478aaeb2
Certificate serial:       0196108CDFBA19E4C0D0D7A9AF8A107AF59B
Authority key identifier: D2:E4:CF:E7:F4:7F:52:46:45:45:AD:BB:0B:BC:4D:33:47:8A:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/nD2FojKO7bGyMYSc_km6FxF9OQw.roa
Signing time:             Mon 07 Apr 2025 13:59:49 +0000
ROA not before:           Mon 07 Apr 2025 13:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        185.198.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:10:8c:df:ba:19:e4:c0:d0:d7:a9:af:8a:10:7a:f5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2e4cfe7f47f52464545adbb0bbc4d33478aaeb2
        Validity
            Not Before: Apr  7 13:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c3d85a2328eedb1b231849cfe49ba17117d390c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:50:a1:95:41:89:ab:5f:af:d3:41:bb:d5:61:
                    bd:95:5e:4b:34:ea:e5:17:b3:79:26:c5:cc:6e:a2:
                    6a:95:1f:71:43:75:95:f0:35:c2:8e:16:3d:b5:10:
                    c1:df:e0:1c:30:f0:15:dc:8e:6d:33:12:64:25:42:
                    2e:5d:f2:8b:9c:47:4c:5d:9e:12:1c:37:f4:ce:ef:
                    3d:38:03:f7:e5:20:86:1a:4c:7e:50:57:6f:31:be:
                    d0:90:fa:82:c7:74:59:9f:c1:cb:04:13:b8:a4:6c:
                    e6:c4:8a:a8:e5:cd:68:4f:b0:c6:86:8f:22:df:f1:
                    35:a6:46:6c:2d:98:43:ef:6e:91:66:2b:a6:81:8e:
                    b2:d5:4f:50:ff:5a:ad:09:67:91:a1:21:56:7c:81:
                    00:c8:ea:2d:d8:6f:b2:18:b8:70:5a:81:ec:b3:e3:
                    47:44:fd:09:69:c2:6f:c5:0c:b9:f9:89:2a:c7:57:
                    f2:3f:70:cb:d3:54:a4:ab:4e:c6:4a:4e:57:21:37:
                    f1:cf:e8:bc:5d:f8:91:53:2f:c2:90:0f:1c:e6:08:
                    b4:0a:29:ea:e2:53:78:0f:ad:ee:d0:d3:38:bc:8c:
                    7f:72:dd:21:76:f0:e6:bb:2d:3b:cf:38:40:cb:e4:
                    1e:10:53:9c:cc:d4:ef:bc:ba:2a:44:e8:17:c8:2b:
                    56:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:3D:85:A2:32:8E:ED:B1:B2:31:84:9C:FE:49:BA:17:11:7D:39:0C
            X509v3 Authority Key Identifier:
                keyid:D2:E4:CF:E7:F4:7F:52:46:45:45:AD:BB:0B:BC:4D:33:47:8A:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0uTP5_R_UkZFRa27C7xNM0eKrrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/nD2FojKO7bGyMYSc_km6FxF9OQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0f1ed3-63ba-423b-b9c3-8f231f7317b9/1/0uTP5_R_UkZFRa27C7xNM0eKrrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:f3:bb:94:bb:ca:4d:4b:08:27:97:f0:08:46:f9:e4:26:41:
         b3:e0:38:99:27:e4:13:b4:a2:e7:e0:61:34:dd:4d:a2:b2:34:
         0e:d8:c2:10:bd:14:8a:af:88:55:1b:ff:07:27:e1:30:14:37:
         1b:04:f0:68:b6:6d:74:af:2c:38:93:2e:0b:ec:00:18:7b:8d:
         78:04:01:45:41:6f:bd:14:59:29:a5:8d:56:bf:fe:05:05:99:
         53:d7:5f:3a:97:21:06:d1:b0:26:ec:1d:42:15:14:99:4b:86:
         55:79:9e:a7:08:da:bf:7c:52:0c:d4:60:d6:29:43:4c:97:50:
         a6:f0:8d:5e:7c:9f:a4:9d:11:fe:16:67:91:73:85:e7:70:b0:
         bd:29:9f:0f:b4:40:e6:6f:22:2a:33:a5:b6:dc:f6:19:18:3d:
         8f:5f:b4:e5:ed:c6:da:89:3a:14:6d:ba:ca:96:30:58:d3:0b:
         49:13:bf:76:17:a5:9d:df:3e:23:d2:fc:df:ef:f4:35:e6:5f:
         26:7f:dd:76:01:16:02:70:d1:7a:77:32:6e:89:f3:7a:04:dc:
         73:32:b9:eb:f2:b9:19:bd:a2:af:d2:46:67:ee:3c:b5:59:32:
         6f:ec:7e:8d:48:5a:bc:6a:96:f2:39:62:fe:2b:53:d0:24:95:
         cb:c5:4c:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYQjN+6GeTA0Nepr4oQevWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZTRjZmU3ZjQ3ZjUyNDY0NTQ1YWRiYjBiYmM0ZDMzNDc4
YWFlYjIwHhcNMjUwNDA3MTM1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNkODVhMjMyOGVlZGIxYjIzMTg0OWNmZTQ5YmExNzExN2QzOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVChlUGJq1+v00G71WG9lV5LNOrl
F7N5JsXMbqJqlR9xQ3WV8DXCjhY9tRDB3+AcMPAV3I5tMxJkJUIuXfKLnEdMXZ4S
HDf0zu89OAP35SCGGkx+UFdvMb7QkPqCx3RZn8HLBBO4pGzmxIqo5c1oT7DGho8i
3/E1pkZsLZhD726RZiumgY6y1U9Q/1qtCWeRoSFWfIEAyOot2G+yGLhwWoHss+NH
RP0JacJvxQy5+Ykqx1fyP3DL01Skq07GSk5XITfxz+i8XfiRUy/CkA8c5gi0Cinq
4lN4D63u0NM4vIx/ct0hdvDmuy07zzhAy+QeEFOczNTvvLoqROgXyCtWjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJw9haIyju2xsjGEnP5JuhcRfTkMMB8GA1UdIwQY
MBaAFNLkz+f0f1JGRUWtuwu8TTNHiq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHVUUDVfUl9Va1pGUmEyN0M3eE5NMGVLcnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8wZjFlZDMtNjNiYS00MjNiLWI5YzMt
OGYyMzFmNzMxN2I5LzEvbkQyRm9qS083Ykd5TVlTY19rbTZGeEY5T1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8wZjFlZDMtNjNiYS00MjNiLWI5YzMtOGYyMzFmNzMxN2I5
LzEvMHVUUDVfUl9Va1pGUmEyN0M3eE5NMGVLcnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucYNMA0G
CSqGSIb3DQEBCwUAA4IBAQAw87uUu8pNSwgnl/AIRvnkJkGz4DiZJ+QTtKLn4GE0
3U2isjQO2MIQvRSKr4hVG/8HJ+EwFDcbBPBotm10ryw4ky4L7AAYe414BAFFQW+9
FFkppY1Wv/4FBZlT1186lyEG0bAm7B1CFRSZS4ZVeZ6nCNq/fFIM1GDWKUNMl1Cm
8I1efJ+knRH+FmeRc4XncLC9KZ8PtEDmbyIqM6W23PYZGD2PX7Tl7cbaiToUbbrK
ljBY0wtJE792F6Wd3z4j0vzf7/Q15l8mf912ARYCcNF6dzJuifN6BNxzMrnr8rkZ
vaKv0kZn7jy1WTJv7H6NSFq8apbyOWL+K1PQJJXLxUwu
-----END CERTIFICATE-----