Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/As2aEQ-Qc40w6qz5lbdZOvfcUl4.roa
File:                     As2aEQ-Qc40w6qz5lbdZOvfcUl4.roa (raw, json)
Hash identifier:          wBu3pTqJ+Uf9xdHuwPeUbe92Udv+KfCa1hQtrwjxXdk=
Subject key identifier:   02:CD:9A:11:0F:90:73:8D:30:EA:AC:F9:95:B7:59:3A:F7:DC:52:5E
Certificate issuer:       /CN=ea2f671f10834dae48ea8d987342c375cab3316d
Certificate serial:       01947AFB0E2D0C2CDFC9A50EE5B2EA048FD6
Authority key identifier: EA:2F:67:1F:10:83:4D:AE:48:EA:8D:98:73:42:C3:75:CA:B3:31:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/As2aEQ-Qc40w6qz5lbdZOvfcUl4.roa
Signing time:             Sat 18 Jan 2025 19:54:20 +0000
ROA not before:           Sat 18 Jan 2025 19:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216054
IP address blocks:        185.235.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7a:fb:0e:2d:0c:2c:df:c9:a5:0e:e5:b2:ea:04:8f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2f671f10834dae48ea8d987342c375cab3316d
        Validity
            Not Before: Jan 18 19:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02cd9a110f90738d30eaacf995b7593af7dc525e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7d:89:5e:91:62:f3:10:b1:c3:f5:bd:8a:cb:
                    c9:24:5c:9b:e2:2d:4f:af:9b:a7:03:2b:5c:07:64:
                    4a:62:b8:d0:6f:3e:4c:f0:ce:13:35:1f:a6:73:05:
                    bb:61:74:3c:89:35:6c:81:97:c1:96:cc:0d:04:dd:
                    b1:68:a2:af:ce:2b:c5:5a:c2:c8:39:a7:cb:78:85:
                    8c:71:16:ba:be:44:24:aa:d8:6f:ec:db:27:b7:ec:
                    fb:6c:2f:e2:a0:88:be:32:b5:cb:f4:00:0f:40:8e:
                    1f:33:00:76:f6:f7:8a:2f:89:72:b3:96:3c:19:d3:
                    48:22:10:4e:bf:57:6e:27:98:14:a2:73:c1:e8:73:
                    f3:60:6b:3b:9a:5d:ad:1b:46:78:12:b0:5b:46:54:
                    32:f1:c5:11:a8:9b:81:5a:b5:0f:21:83:c7:f8:16:
                    00:87:f1:27:c2:04:88:af:0d:93:4d:1b:9f:76:93:
                    c2:8c:00:10:82:69:5b:ea:c1:11:7e:1e:48:0e:98:
                    ab:3c:73:23:3b:94:76:5c:df:cc:ac:d0:62:3a:ea:
                    63:88:c5:c4:64:d5:d6:cb:46:91:ff:86:d3:29:2e:
                    15:0f:3c:49:c1:33:65:5f:d7:69:ef:55:aa:ef:36:
                    3e:2e:25:1b:d0:0b:52:43:c0:bd:b1:52:f1:75:40:
                    94:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CD:9A:11:0F:90:73:8D:30:EA:AC:F9:95:B7:59:3A:F7:DC:52:5E
            X509v3 Authority Key Identifier:
                keyid:EA:2F:67:1F:10:83:4D:AE:48:EA:8D:98:73:42:C3:75:CA:B3:31:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/As2aEQ-Qc40w6qz5lbdZOvfcUl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/10ba73-aebc-4771-a3ac-1c420f05579f/1/6i9nHxCDTa5I6o2Yc0LDdcqzMW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:41:f3:88:f2:18:97:4b:b2:71:97:3b:2b:f7:6e:ab:c8:ce:
         1c:ba:de:b4:9f:9b:84:ed:fd:b3:92:56:c7:10:d8:f0:d7:79:
         ed:05:ab:9f:81:0d:85:bb:f3:e5:03:6e:bc:e5:50:80:19:3f:
         5f:60:3a:b9:65:fa:8c:8d:f3:c7:04:41:25:1a:31:4d:11:99:
         2c:9f:00:37:68:f4:9d:ec:7f:ce:75:fb:cb:f3:2e:53:3e:46:
         3b:b0:e3:00:a1:c0:19:1c:a1:8a:2f:72:ae:66:f8:0e:82:99:
         7c:16:72:31:51:4b:9b:df:ab:5c:76:db:18:b9:72:b4:c4:13:
         c2:c6:17:17:56:40:dc:b4:4c:55:51:45:8a:4d:90:62:b5:27:
         4b:20:0c:de:1f:ee:f6:ad:8d:1b:0a:a0:15:6c:d7:82:a7:ad:
         31:dd:61:cb:30:8d:e2:4f:ba:37:95:00:c0:7f:78:1d:f7:a1:
         fb:e9:6e:fc:e0:40:4f:0b:94:47:ec:c0:ff:7f:d7:cd:5c:7a:
         27:99:b8:68:f5:70:48:8f:e9:4f:c8:ee:e4:ab:bc:fe:ec:ae:
         49:fc:f3:35:4b:00:65:e4:66:42:ff:19:48:b8:46:0b:b2:8a:
         20:c7:ed:8b:de:2b:94:99:78:e9:a6:73:04:f4:31:87:99:a3:
         9d:ec:ff:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR6+w4tDCzfyaUO5bLqBI/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmY2NzFmMTA4MzRkYWU0OGVhOGQ5ODczNDJjMzc1Y2Fi
MzMxNmQwHhcNMjUwMTE4MTk1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNkOWExMTBmOTA3MzhkMzBlYWFjZjk5NWI3NTkzYWY3ZGM1MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6n2JXpFi8xCxw/W9isvJJFyb4i1P
r5unAytcB2RKYrjQbz5M8M4TNR+mcwW7YXQ8iTVsgZfBlswNBN2xaKKvzivFWsLI
OafLeIWMcRa6vkQkqthv7Nsnt+z7bC/ioIi+MrXL9AAPQI4fMwB29veKL4lys5Y8
GdNIIhBOv1duJ5gUonPB6HPzYGs7ml2tG0Z4ErBbRlQy8cURqJuBWrUPIYPH+BYA
h/EnwgSIrw2TTRufdpPCjAAQgmlb6sERfh5IDpirPHMjO5R2XN/MrNBiOupjiMXE
ZNXWy0aR/4bTKS4VDzxJwTNlX9dp71Wq7zY+LiUb0AtSQ8C9sVLxdUCUOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALNmhEPkHONMOqs+ZW3WTr33FJeMB8GA1UdIwQY
MBaAFOovZx8Qg02uSOqNmHNCw3XKszFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmk5bkh4Q0RUYTVJNm8yWWMwTERkY3F6TVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xMGJhNzMtYWViYy00NzcxLWEzYWMt
MWM0MjBmMDU1NzlmLzEvQXMyYUVRLVFjNDB3NnF6NWxiZFpPdmZjVWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8xMGJhNzMtYWViYy00NzcxLWEzYWMtMWM0MjBmMDU1Nzlm
LzEvNmk5bkh4Q0RUYTVJNm8yWWMwTERkY3F6TVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuevFMA0G
CSqGSIb3DQEBCwUAA4IBAQCPQfOI8hiXS7Jxlzsr926ryM4cut60n5uE7f2zklbH
ENjw13ntBaufgQ2Fu/PlA2685VCAGT9fYDq5ZfqMjfPHBEElGjFNEZksnwA3aPSd
7H/OdfvL8y5TPkY7sOMAocAZHKGKL3KuZvgOgpl8FnIxUUub36tcdtsYuXK0xBPC
xhcXVkDctExVUUWKTZBitSdLIAzeH+72rY0bCqAVbNeCp60x3WHLMI3iT7o3lQDA
f3gd96H76W784EBPC5RH7MD/f9fNXHonmbho9XBIj+lPyO7kq7z+7K5J/PM1SwBl
5GZC/xlIuEYLsoogx+2L3iuUmXjppnME9DGHmaOd7P9G
-----END CERTIFICATE-----