Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/TRZ-bXVpGuPzmHQA948WyQR5KOg.roa
File:                     TRZ-bXVpGuPzmHQA948WyQR5KOg.roa (raw, json)
Hash identifier:          DS5TFuJAWuJAhwbXFziYJwVjw+lHGW5/W63yt+OmaIw=
Subject key identifier:   4D:16:7E:6D:75:69:1A:E3:F3:98:74:00:F7:8F:16:C9:04:79:28:E8
Certificate issuer:       /CN=50da7c8ae0150eb8c946d7bf1e05c042ddf6a3d4
Certificate serial:       0194214377DEA40746D5332FDACEEACA0D41
Authority key identifier: 50:DA:7C:8A:E0:15:0E:B8:C9:46:D7:BF:1E:05:C0:42:DD:F6:A3:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNp8iuAVDrjJRte_HgXAQt32o9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/TRZ-bXVpGuPzmHQA948WyQR5KOg.roa
Signing time:             Wed 01 Jan 2025 09:47:37 +0000
ROA not before:           Wed 01 Jan 2025 09:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43311
IP address blocks:        185.83.189.0/24 maxlen: 24
                          185.83.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/UNp8iuAVDrjJRte_HgXAQt32o9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/UNp8iuAVDrjJRte_HgXAQt32o9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UNp8iuAVDrjJRte_HgXAQt32o9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:77:de:a4:07:46:d5:33:2f:da:ce:ea:ca:0d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50da7c8ae0150eb8c946d7bf1e05c042ddf6a3d4
        Validity
            Not Before: Jan  1 09:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d167e6d75691ae3f3987400f78f16c9047928e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:56:72:fe:fb:bf:d9:d3:fb:86:f8:3c:dd:d7:
                    b7:71:0d:f0:80:98:38:cb:98:e5:ae:3f:34:c8:47:
                    78:bd:04:b0:f8:56:1a:da:06:73:93:69:73:4a:c5:
                    ae:c7:fa:27:8c:82:d5:db:be:2a:e6:13:bf:e3:7a:
                    60:96:6b:93:2a:e4:ca:eb:14:c8:29:1b:56:5f:4d:
                    a5:c4:a1:3d:f5:9d:89:8c:ba:5b:f4:36:62:68:a3:
                    e0:09:cc:6a:ed:dd:77:43:8c:cf:85:51:ec:05:ff:
                    47:bd:29:66:e2:7a:7a:e3:06:5d:b7:d2:a0:f1:54:
                    9e:cd:a0:c1:64:82:b7:83:17:1c:68:b1:c0:c5:78:
                    de:d2:35:bf:5e:cc:48:c1:e8:2a:8e:c0:40:14:6e:
                    7c:c5:3d:24:0a:95:c1:10:35:2f:dc:16:a2:02:6f:
                    2c:d4:37:6d:98:fe:cd:ba:6b:da:7d:e4:f7:2d:ae:
                    7b:fc:24:0d:ff:64:0e:fe:29:83:5a:65:c8:8a:ab:
                    fd:04:17:5f:fb:32:bd:89:25:44:b5:7e:8e:ca:f0:
                    84:89:5a:97:68:5d:15:91:bc:be:b5:5d:1e:1d:80:
                    d7:ee:5b:fe:c3:c4:08:2d:cc:e0:59:4f:f1:e4:42:
                    00:db:ee:d0:45:73:64:9b:55:d0:8b:cf:82:88:60:
                    93:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:16:7E:6D:75:69:1A:E3:F3:98:74:00:F7:8F:16:C9:04:79:28:E8
            X509v3 Authority Key Identifier:
                keyid:50:DA:7C:8A:E0:15:0E:B8:C9:46:D7:BF:1E:05:C0:42:DD:F6:A3:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNp8iuAVDrjJRte_HgXAQt32o9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/TRZ-bXVpGuPzmHQA948WyQR5KOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/dbddc8-4633-4acb-a978-b6f1f031721e/1/UNp8iuAVDrjJRte_HgXAQt32o9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.189.0/24
                  185.83.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e4:2b:c0:4c:f1:de:82:91:42:3c:3c:f8:fa:5e:45:bc:ef:
         6b:3b:e9:29:45:7b:3a:6f:30:77:74:c6:f3:97:52:2f:f2:85:
         7c:94:c5:d0:a2:88:9d:a6:4f:04:a4:d8:3a:8b:6b:43:4f:18:
         72:f4:90:64:ed:63:c2:a0:a4:64:65:a6:59:31:f7:d6:37:6b:
         8e:a3:cc:53:f0:44:75:e3:b1:11:8e:05:dc:65:3c:db:da:95:
         fe:6a:e3:84:e6:ee:ed:0f:da:5b:42:2a:7b:59:34:f8:3c:a7:
         94:fd:4f:2a:20:f4:8e:6c:84:76:4e:49:2c:c7:93:63:27:f8:
         3c:11:08:e1:97:a5:a3:8d:8d:b5:67:b0:0c:20:40:57:41:3d:
         1b:b0:37:7e:89:a1:fc:8a:2a:1d:7f:fc:14:c0:9a:c7:80:33:
         ba:e6:8a:78:f5:e1:93:5f:85:04:48:d7:cb:aa:74:ea:e0:5b:
         60:32:70:49:a3:ac:17:9b:99:77:45:bf:64:02:f4:ac:98:b5:
         8e:17:80:79:87:d0:97:db:8f:88:8f:e7:43:e0:7c:42:a0:c4:
         2a:11:32:42:29:39:d8:62:49:4e:e8:03:be:91:b1:a6:ce:91:
         85:ec:7a:4c:b4:59:6a:50:0e:65:d0:5e:f6:ea:aa:74:c5:86:
         70:2e:2f:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ3fepAdG1TMv2s7qyg1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZGE3YzhhZTAxNTBlYjhjOTQ2ZDdiZjFlMDVjMDQyZGRm
NmEzZDQwHhcNMjUwMTAxMDk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDE2N2U2ZDc1NjkxYWUzZjM5ODc0MDBmNzhmMTZjOTA0NzkyOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlZy/vu/2dP7hvg83de3cQ3wgJg4
y5jlrj80yEd4vQSw+FYa2gZzk2lzSsWux/onjILV274q5hO/43pglmuTKuTK6xTI
KRtWX02lxKE99Z2JjLpb9DZiaKPgCcxq7d13Q4zPhVHsBf9HvSlm4np64wZdt9Kg
8VSezaDBZIK3gxccaLHAxXje0jW/XsxIwegqjsBAFG58xT0kCpXBEDUv3BaiAm8s
1DdtmP7NumvafeT3La57/CQN/2QO/imDWmXIiqv9BBdf+zK9iSVEtX6OyvCEiVqX
aF0Vkby+tV0eHYDX7lv+w8QILczgWU/x5EIA2+7QRXNkm1XQi8+CiGCT1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE0Wfm11aRrj85h0APePFskEeSjoMB8GA1UdIwQY
MBaAFFDafIrgFQ64yUbXvx4FwELd9qPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5wOGl1QVZEcmpKUnRlX0hnWEFRdDMybzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9kYmRkYzgtNDYzMy00YWNiLWE5Nzgt
YjZmMWYwMzE3MjFlLzEvVFJaLWJYVnBHdVB6bUhRQTk0OFd5UVI1S09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9kYmRkYzgtNDYzMy00YWNiLWE5NzgtYjZmMWYwMzE3MjFl
LzEvVU5wOGl1QVZEcmpKUnRlX0hnWEFRdDMybzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVO9AwQA
uVO/MA0GCSqGSIb3DQEBCwUAA4IBAQA45CvATPHegpFCPDz4+l5FvO9rO+kpRXs6
bzB3dMbzl1Iv8oV8lMXQooidpk8EpNg6i2tDTxhy9JBk7WPCoKRkZaZZMffWN2uO
o8xT8ER147ERjgXcZTzb2pX+auOE5u7tD9pbQip7WTT4PKeU/U8qIPSObIR2Tkks
x5NjJ/g8EQjhl6WjjY21Z7AMIEBXQT0bsDd+iaH8iiodf/wUwJrHgDO65op49eGT
X4UESNfLqnTq4FtgMnBJo6wXm5l3Rb9kAvSsmLWOF4B5h9CX24+Ij+dD4HxCoMQq
ETJCKTnYYklO6AO+kbGmzpGF7HpMtFlqUA5l0F726qp0xYZwLi+4
-----END CERTIFICATE-----