Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/XDROFBDLzXZk58Wa7Gj_bxIFP24.roa
File:                     XDROFBDLzXZk58Wa7Gj_bxIFP24.roa (raw, json)
Hash identifier:          oEZB4Wy5f3UZqEPOPaZ8r51Wy4lzW93yWdCW8EWeAw0=
Subject key identifier:   5C:34:4E:14:10:CB:CD:76:64:E7:C5:9A:EC:68:FF:6F:12:05:3F:6E
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       0194236A27A64396BEE48E814AC22EB5FF20
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/XDROFBDLzXZk58Wa7Gj_bxIFP24.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35758
IP address blocks:        185.114.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:27:a6:43:96:be:e4:8e:81:4a:c2:2e:b5:ff:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c344e1410cbcd7664e7c59aec68ff6f12053f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:35:be:3f:31:7d:bc:45:3c:1b:82:40:65:37:
                    69:db:7d:ce:a2:00:51:2c:50:35:ea:25:57:b7:6c:
                    db:7f:11:1a:0a:76:b2:99:4c:99:18:d4:f4:b0:6b:
                    a7:1b:ab:53:ed:e2:6f:af:d0:86:e5:ac:8f:7b:ae:
                    5a:7e:a8:69:3f:38:73:4b:42:84:36:56:d0:ff:e9:
                    31:ba:14:e0:e7:ab:8b:c1:c7:3a:5b:7e:6b:ff:54:
                    dd:23:87:91:a3:79:b4:6f:4c:05:55:15:e6:7a:7e:
                    94:f0:ec:92:2c:99:b0:fd:75:3e:f3:f2:af:a5:6f:
                    a9:50:43:e0:09:96:04:25:b4:da:68:aa:dd:08:84:
                    a6:64:7c:61:15:09:06:bf:79:cd:70:a0:92:df:5e:
                    6f:e3:37:2d:6b:ba:04:bb:d8:13:d4:29:7a:b3:37:
                    d8:1b:18:20:dd:27:9f:38:7c:17:e0:94:40:8b:1d:
                    5f:24:45:8e:e8:2f:7d:e4:65:8e:82:28:6d:c9:1a:
                    fa:25:03:e5:49:ff:93:7e:e4:d3:23:a5:08:58:c6:
                    4b:1f:9d:a5:96:d7:fb:06:73:27:80:2a:38:e8:0f:
                    f6:a8:c8:27:d4:d5:08:41:99:4f:ef:17:c2:44:c2:
                    12:01:80:be:be:0c:a0:6f:6f:8e:13:f3:b6:95:97:
                    68:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:34:4E:14:10:CB:CD:76:64:E7:C5:9A:EC:68:FF:6F:12:05:3F:6E
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/XDROFBDLzXZk58Wa7Gj_bxIFP24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:bf:68:95:5f:ca:84:1e:f4:41:b5:57:0a:d8:66:70:8e:a1:
         83:27:b1:0f:9c:b9:17:4a:32:32:ed:d3:a2:6d:5e:70:9d:3e:
         77:a6:5a:32:e3:67:b9:fb:06:e4:b6:da:ab:08:c9:2b:e1:76:
         70:2c:99:14:1d:04:61:2f:54:00:9a:31:6f:a9:74:1e:00:bb:
         8b:3b:77:14:10:e7:63:dc:1b:db:e5:0a:d1:31:b0:d5:d4:67:
         ad:26:49:8c:ff:df:43:39:35:f8:04:4c:ec:95:84:49:cf:7b:
         f0:a0:1c:c3:aa:15:f9:37:aa:e8:f0:13:7c:f2:1f:24:aa:d4:
         ad:0e:06:d9:e6:39:de:b2:58:af:ed:8d:3d:0a:cc:1b:75:41:
         7e:b9:33:82:8d:3d:3e:55:ea:16:35:7a:13:17:c3:31:7d:4c:
         9a:f8:44:db:58:3d:71:45:8f:3a:6b:79:3d:f9:a3:d4:bc:60:
         24:7f:82:20:26:ca:ee:40:ad:16:41:84:30:4e:1e:f5:14:cd:
         7b:91:28:f5:ab:4b:a1:24:66:38:7a:08:69:c2:65:5c:11:fa:
         f6:64:ae:95:a3:16:cb:f2:47:aa:ed:78:56:ab:10:ad:cd:ac:
         26:d2:77:48:c6:71:4b:a4:6b:fc:b5:f1:19:e3:5f:08:98:95:
         78:86:d6:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiemQ5a+5I6BSsIutf8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzM0NGUxNDEwY2JjZDc2NjRlN2M1OWFlYzY4ZmY2ZjEyMDUzZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDW+PzF9vEU8G4JAZTdp233OogBR
LFA16iVXt2zbfxEaCnaymUyZGNT0sGunG6tT7eJvr9CG5ayPe65afqhpPzhzS0KE
NlbQ/+kxuhTg56uLwcc6W35r/1TdI4eRo3m0b0wFVRXmen6U8OySLJmw/XU+8/Kv
pW+pUEPgCZYEJbTaaKrdCISmZHxhFQkGv3nNcKCS315v4zcta7oEu9gT1Cl6szfY
Gxgg3SefOHwX4JRAix1fJEWO6C995GWOgihtyRr6JQPlSf+TfuTTI6UIWMZLH52l
ltf7BnMngCo46A/2qMgn1NUIQZlP7xfCRMISAYC+vgygb2+OE/O2lZdonwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw0ThQQy812ZOfFmuxo/28SBT9uMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvWERST0ZCREx6WFprNThXYTdHal9ieElGUDI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXLNMA0G
CSqGSIb3DQEBCwUAA4IBAQCJv2iVX8qEHvRBtVcK2GZwjqGDJ7EPnLkXSjIy7dOi
bV5wnT53ploy42e5+wbkttqrCMkr4XZwLJkUHQRhL1QAmjFvqXQeALuLO3cUEOdj
3Bvb5QrRMbDV1GetJkmM/99DOTX4BEzslYRJz3vwoBzDqhX5N6ro8BN88h8kqtSt
DgbZ5jnesliv7Y09CswbdUF+uTOCjT0+VeoWNXoTF8MxfUya+ETbWD1xRY86a3k9
+aPUvGAkf4IgJsruQK0WQYQwTh71FM17kSj1q0uhJGY4eghpwmVcEfr2ZK6VoxbL
8keq7XhWqxCtzawm0ndIxnFLpGv8tfEZ418ImJV4htYO
-----END CERTIFICATE-----