Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/oJpDXJAu0YqhYsb3XLvaHm4tsBw.roa
File:                     oJpDXJAu0YqhYsb3XLvaHm4tsBw.roa (raw, json)
Hash identifier:          xhyugIU0xCgv9NQxhCyoywbyYjL95zytlkIM+aeR33s=
Subject key identifier:   A0:9A:43:5C:90:2E:D1:8A:A1:62:C6:F7:5C:BB:DA:1E:6E:2D:B0:1C
Certificate issuer:       /CN=b1d596fb1a3f2f4b127fb7cec19fd90bb94c73a4
Certificate serial:       019425FC9A2C66D47BF1C6F7C36A30E8F127
Authority key identifier: B1:D5:96:FB:1A:3F:2F:4B:12:7F:B7:CE:C1:9F:D9:0B:B9:4C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/oJpDXJAu0YqhYsb3XLvaHm4tsBw.roa
Signing time:             Thu 02 Jan 2025 07:48:19 +0000
ROA not before:           Thu 02 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48685
IP address blocks:        185.118.32.0/22 maxlen: 22
                          2a03:5cc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:9a:2c:66:d4:7b:f1:c6:f7:c3:6a:30:e8:f1:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1d596fb1a3f2f4b127fb7cec19fd90bb94c73a4
        Validity
            Not Before: Jan  2 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a09a435c902ed18aa162c6f75cbbda1e6e2db01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a5:6f:05:25:61:9c:16:4c:63:ff:89:74:46:
                    8f:2d:e9:4d:87:c0:d9:09:30:5b:f8:12:04:05:cd:
                    ab:86:a7:59:fc:84:95:ec:ee:9d:0a:50:bf:bf:00:
                    7f:d9:d8:33:a3:2a:a0:f4:85:64:d1:42:8a:33:49:
                    1c:d5:ec:e2:ac:f3:4f:30:14:03:60:d8:cf:52:d0:
                    d1:26:da:13:ee:3c:9f:a4:90:1d:5f:a6:8f:51:2b:
                    c7:98:6f:20:ca:42:6e:25:7d:c2:2b:c9:83:c4:25:
                    41:fa:d6:aa:c5:16:ff:c1:b8:6d:b5:57:5a:86:de:
                    9a:3c:83:f7:f9:c2:13:de:44:78:9a:f7:0d:77:d7:
                    71:c0:cc:cf:69:6a:b6:94:38:78:32:1d:e1:ba:e2:
                    fc:7b:aa:ea:1a:fd:5e:c1:d6:fd:9a:74:a1:2d:48:
                    9a:0d:15:37:c9:5b:51:3c:70:19:28:cd:ba:7b:d9:
                    fe:13:b4:62:c4:c9:bb:41:cf:62:4e:46:73:7c:36:
                    3f:9e:6c:0b:04:05:d7:65:88:54:ba:d2:e1:67:f7:
                    74:87:24:1d:8c:32:7b:7f:3b:8e:82:e6:c4:ef:01:
                    92:54:a5:c0:4b:a0:ee:bc:bf:d0:f3:f5:03:51:b9:
                    25:34:63:1f:cd:2f:c4:f9:7b:fa:49:86:74:22:4b:
                    72:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:9A:43:5C:90:2E:D1:8A:A1:62:C6:F7:5C:BB:DA:1E:6E:2D:B0:1C
            X509v3 Authority Key Identifier:
                keyid:B1:D5:96:FB:1A:3F:2F:4B:12:7F:B7:CE:C1:9F:D9:0B:B9:4C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/oJpDXJAu0YqhYsb3XLvaHm4tsBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/ccc7de-47de-4287-a0b2-1df40145b0be/1/sdWW-xo_L0sSf7fOwZ_ZC7lMc6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.32.0/22
                IPv6:
                  2a03:5cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:b3:87:aa:81:53:60:f6:88:72:46:22:e2:80:46:4c:3b:cc:
         3a:97:12:93:af:06:b9:74:45:89:65:d8:15:da:e2:38:68:40:
         e8:46:0d:ab:a2:7f:4c:04:01:95:78:fe:10:96:32:28:f1:63:
         5a:5a:66:c7:7b:7f:c5:42:ad:3b:66:d6:73:ed:20:7d:25:ea:
         2e:8f:7b:ae:22:08:b8:3a:41:94:ca:6b:30:7e:10:26:9e:b2:
         15:ca:ea:4b:8c:99:1a:3f:b0:3f:08:3f:6b:5a:0d:9e:1d:ec:
         68:d4:06:f2:de:a4:40:d3:ce:9a:09:96:2c:5b:43:26:72:09:
         dd:34:3c:cb:ba:36:c4:84:f6:f5:1a:75:29:7b:53:5e:b8:6e:
         c6:c1:ef:3e:5e:a9:79:86:b8:cb:b4:e8:20:f0:52:e2:17:4d:
         6a:09:74:3e:3d:69:f1:f4:00:c8:04:8d:b5:0c:37:e5:d8:5d:
         77:42:60:47:22:20:c9:2c:ff:1c:1a:01:da:63:46:94:2c:1f:
         62:c0:48:67:d6:07:30:12:4a:45:f5:73:69:9f:8c:c9:69:b5:
         7c:9a:27:10:3c:a5:30:ba:8d:61:bc:74:88:3b:ae:f6:ec:5c:
         60:98:94:d1:f4:1e:a3:20:e8:0a:85:39:26:40:93:1e:45:6c:
         74:fe:40:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/JosZtR78cb3w2ow6PEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZDU5NmZiMWEzZjJmNGIxMjdmYjdjZWMxOWZkOTBiYjk0
YzczYTQwHhcNMjUwMTAyMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDlhNDM1YzkwMmVkMThhYTE2MmM2Zjc1Y2JiZGExZTZlMmRiMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6VvBSVhnBZMY/+JdEaPLelNh8DZ
CTBb+BIEBc2rhqdZ/ISV7O6dClC/vwB/2dgzoyqg9IVk0UKKM0kc1ezirPNPMBQD
YNjPUtDRJtoT7jyfpJAdX6aPUSvHmG8gykJuJX3CK8mDxCVB+taqxRb/wbhttVda
ht6aPIP3+cIT3kR4mvcNd9dxwMzPaWq2lDh4Mh3huuL8e6rqGv1ewdb9mnShLUia
DRU3yVtRPHAZKM26e9n+E7RixMm7Qc9iTkZzfDY/nmwLBAXXZYhUutLhZ/d0hyQd
jDJ7fzuOgubE7wGSVKXAS6DuvL/Q8/UDUbklNGMfzS/E+Xv6SYZ0IktytwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKCaQ1yQLtGKoWLG91y72h5uLbAcMB8GA1UdIwQY
MBaAFLHVlvsaPy9LEn+3zsGf2Qu5THOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2RXVy14b19MMHNTZjdmT3daX1pDN2xNYzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jY2M3ZGUtNDdkZS00Mjg3LWEwYjIt
MWRmNDAxNDViMGJlLzEvb0pwRFhKQXUwWXFoWXNiM1hMdmFIbTR0c0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9jY2M3ZGUtNDdkZS00Mjg3LWEwYjItMWRmNDAxNDViMGJl
LzEvc2RXVy14b19MMHNTZjdmT3daX1pDN2xNYzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXYgMA0E
AgACMAcDBQAqA1zAMA0GCSqGSIb3DQEBCwUAA4IBAQCss4eqgVNg9ohyRiLigEZM
O8w6lxKTrwa5dEWJZdgV2uI4aEDoRg2ron9MBAGVeP4QljIo8WNaWmbHe3/FQq07
ZtZz7SB9Jeouj3uuIgi4OkGUymswfhAmnrIVyupLjJkaP7A/CD9rWg2eHexo1Aby
3qRA086aCZYsW0MmcgndNDzLujbEhPb1GnUpe1NeuG7Gwe8+Xql5hrjLtOgg8FLi
F01qCXQ+PWnx9ADIBI21DDfl2F13QmBHIiDJLP8cGgHaY0aULB9iwEhn1gcwEkpF
9XNpn4zJabV8micQPKUwuo1hvHSIO6727FxgmJTR9B6jIOgKhTkmQJMeRWx0/kDf
-----END CERTIFICATE-----