Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/szxe0DPYsGTMI_tgKM1yaWgLDtI.roa
File:                     szxe0DPYsGTMI_tgKM1yaWgLDtI.roa (raw, json)
Hash identifier:          fjZgmmGMINi/iYDucRgC4NEVBx45QTUkAnBaw6M5XK4=
Subject key identifier:   B3:3C:5E:D0:33:D8:B0:64:CC:23:FB:60:28:CD:72:69:68:0B:0E:D2
Certificate issuer:       /CN=687c8bf222a26bf1c9c6638cc356d2835502f2d6
Certificate serial:       019423697C880A3F57CD0902673DBF360C8B
Authority key identifier: 68:7C:8B:F2:22:A2:6B:F1:C9:C6:63:8C:C3:56:D2:83:55:02:F2:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHyL8iKia_HJxmOMw1bSg1UC8tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/szxe0DPYsGTMI_tgKM1yaWgLDtI.roa
Signing time:             Wed 01 Jan 2025 19:48:23 +0000
ROA not before:           Wed 01 Jan 2025 19:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204358
IP address blocks:        185.251.60.0/22 maxlen: 22
                          185.251.60.0/24 maxlen: 24
                          185.251.61.0/24 maxlen: 24
                          185.251.62.0/24 maxlen: 24
                          185.251.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/aHyL8iKia_HJxmOMw1bSg1UC8tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/aHyL8iKia_HJxmOMw1bSg1UC8tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aHyL8iKia_HJxmOMw1bSg1UC8tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:7c:88:0a:3f:57:cd:09:02:67:3d:bf:36:0c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687c8bf222a26bf1c9c6638cc356d2835502f2d6
        Validity
            Not Before: Jan  1 19:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b33c5ed033d8b064cc23fb6028cd7269680b0ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:1d:3d:5b:66:e3:97:da:5d:1b:71:34:ce:13:
                    2d:fa:ec:3e:a6:de:49:bf:39:f1:93:a3:d8:59:b3:
                    b9:a6:d5:f8:54:cf:e4:4e:38:68:2d:aa:59:9c:81:
                    c2:8b:bb:df:d8:80:cd:c4:be:e6:40:a2:fd:84:a3:
                    40:61:09:4d:79:aa:31:09:d0:62:2e:b9:06:4b:9c:
                    95:8a:6e:49:09:a3:b8:61:40:bb:cb:ec:1c:82:30:
                    47:0c:ca:61:88:a4:b2:a5:1f:13:59:32:8c:a5:9c:
                    e2:2c:51:6c:2f:2e:cb:9b:a3:8b:b1:92:7e:32:72:
                    18:83:6d:92:22:1f:ce:c0:96:a4:ea:7a:f2:f7:8b:
                    38:c0:2f:24:12:ce:68:20:f5:29:a2:4d:e2:ea:3d:
                    73:9d:cd:d1:87:4f:82:f0:18:63:ca:58:b3:32:29:
                    a6:72:bf:10:22:f3:b8:d4:f1:63:5a:97:cd:f0:bd:
                    fe:32:a5:92:2b:a2:0e:fd:e2:56:ea:bf:b2:56:62:
                    0b:9f:af:a6:66:1f:e3:54:ed:5f:55:3b:e1:87:b6:
                    07:95:eb:22:1f:4a:e4:0c:a2:66:a7:08:0e:21:8a:
                    df:21:1b:86:49:1f:64:b9:f2:cb:df:b1:1a:39:07:
                    2f:a8:c5:e5:46:10:06:b0:a1:d9:c1:33:e2:59:78:
                    73:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3C:5E:D0:33:D8:B0:64:CC:23:FB:60:28:CD:72:69:68:0B:0E:D2
            X509v3 Authority Key Identifier:
                keyid:68:7C:8B:F2:22:A2:6B:F1:C9:C6:63:8C:C3:56:D2:83:55:02:F2:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHyL8iKia_HJxmOMw1bSg1UC8tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/szxe0DPYsGTMI_tgKM1yaWgLDtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/61ae21-8f63-4fd0-a6b5-d57255e25fee/1/aHyL8iKia_HJxmOMw1bSg1UC8tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:e1:7a:dc:9f:fb:de:bb:02:a9:90:41:09:92:17:8d:ae:bc:
         42:2f:7a:1b:db:ae:2c:e5:cf:af:f5:bb:fb:9b:61:8d:55:23:
         04:e3:d6:57:63:9f:a3:46:21:fb:b1:f9:d3:be:ab:af:93:dc:
         78:69:2a:11:43:9f:b2:c5:6d:c3:39:bd:f4:85:43:c4:34:86:
         54:19:51:d4:35:6f:75:53:d5:e8:45:36:6e:a5:e9:7e:9c:ed:
         e2:18:b3:4c:2a:6f:3d:0c:9b:fc:05:25:2d:82:85:6f:7c:a6:
         30:ab:25:49:7b:be:bf:c0:c6:0f:32:d7:9b:d9:42:19:99:9d:
         56:46:23:6f:ef:7e:a6:98:b9:1a:51:b6:a9:6f:98:22:87:fc:
         cb:df:5a:be:eb:cf:22:f0:21:17:1b:12:cc:22:79:85:58:3c:
         86:c7:09:d4:dd:ba:0f:aa:a3:6b:ff:66:39:77:36:ac:a6:ff:
         7d:ca:06:d4:f6:b1:bd:6b:e6:99:08:38:60:96:e5:22:05:23:
         c4:9f:5f:f8:6d:a7:eb:d2:46:41:2a:48:81:3b:5e:c0:44:f3:
         73:6e:a9:24:91:09:2a:6d:ae:6e:50:10:5e:75:8c:ee:a7:dc:
         91:58:2f:72:66:78:36:18:0e:19:cd:e8:12:aa:10:7e:14:a0:
         41:a9:db:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaXyICj9XzQkCZz2/NgyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4N2M4YmYyMjJhMjZiZjFjOWM2NjM4Y2MzNTZkMjgzNTUw
MmYyZDYwHhcNMjUwMTAxMTk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNjNWVkMDMzZDhiMDY0Y2MyM2ZiNjAyOGNkNzI2OTY4MGIwZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B09W2bjl9pdG3E0zhMt+uw+pt5J
vznxk6PYWbO5ptX4VM/kTjhoLapZnIHCi7vf2IDNxL7mQKL9hKNAYQlNeaoxCdBi
LrkGS5yVim5JCaO4YUC7y+wcgjBHDMphiKSypR8TWTKMpZziLFFsLy7Lm6OLsZJ+
MnIYg22SIh/OwJak6nry94s4wC8kEs5oIPUpok3i6j1znc3Rh0+C8BhjylizMimm
cr8QIvO41PFjWpfN8L3+MqWSK6IO/eJW6r+yVmILn6+mZh/jVO1fVTvhh7YHlesi
H0rkDKJmpwgOIYrfIRuGSR9kufLL37EaOQcvqMXlRhAGsKHZwTPiWXhzkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLM8XtAz2LBkzCP7YCjNcmloCw7SMB8GA1UdIwQY
MBaAFGh8i/IiomvxycZjjMNW0oNVAvLWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUh5TDhpS2lhX0hKeG1PTXcxYlNnMVVDOHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC82MWFlMjEtOGY2My00ZmQwLWE2YjUt
ZDU3MjU1ZTI1ZmVlLzEvc3p4ZTBEUFlzR1RNSV90Z0tNMXlhV2dMRHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC82MWFlMjEtOGY2My00ZmQwLWE2YjUtZDU3MjU1ZTI1ZmVl
LzEvYUh5TDhpS2lhX0hKeG1PTXcxYlNnMVVDOHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufs8MA0G
CSqGSIb3DQEBCwUAA4IBAQCh4Xrcn/veuwKpkEEJkheNrrxCL3ob264s5c+v9bv7
m2GNVSME49ZXY5+jRiH7sfnTvquvk9x4aSoRQ5+yxW3DOb30hUPENIZUGVHUNW91
U9XoRTZupel+nO3iGLNMKm89DJv8BSUtgoVvfKYwqyVJe76/wMYPMteb2UIZmZ1W
RiNv736mmLkaUbapb5gih/zL31q+688i8CEXGxLMInmFWDyGxwnU3boPqqNr/2Y5
dzaspv99ygbU9rG9a+aZCDhgluUiBSPEn1/4bafr0kZBKkiBO17ARPNzbqkkkQkq
ba5uUBBedYzup9yRWC9yZng2GA4ZzegSqhB+FKBBqdu4
-----END CERTIFICATE-----