Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/1XOKZ2XklGPcq5QMqMVrBtsz3DI.roa
File:                     1XOKZ2XklGPcq5QMqMVrBtsz3DI.roa (raw, json)
Hash identifier:          uOLEsbZmCJPEZSYbgL/3UoBOworDcneFhX8ZOrNbRIs=
Subject key identifier:   D5:73:8A:67:65:E4:94:63:DC:AB:94:0C:A8:C5:6B:06:DB:33:DC:32
Certificate issuer:       /CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
Certificate serial:       019422FB8C4ABB7A5808CE309AA7619E3FBB
Authority key identifier: 78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/1XOKZ2XklGPcq5QMqMVrBtsz3DI.roa
Signing time:             Wed 01 Jan 2025 17:48:18 +0000
ROA not before:           Wed 01 Jan 2025 17:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5505
IP address blocks:        185.210.225.0/24 maxlen: 24
                          185.210.226.0/24 maxlen: 24
                          185.210.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:8c:4a:bb:7a:58:08:ce:30:9a:a7:61:9e:3f:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78dc3c6ab4afba864ba0d4fdb09e6f0eb06f43fa
        Validity
            Not Before: Jan  1 17:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5738a6765e49463dcab940ca8c56b06db33dc32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:41:89:d8:b2:9f:f5:d6:23:03:f9:43:c6:99:
                    94:0d:3d:17:1d:20:5e:76:a2:89:bc:5a:98:56:0d:
                    6f:09:e8:4b:10:3a:4f:8c:18:9d:c2:84:bf:00:95:
                    73:14:c9:23:ce:e5:3c:9a:84:fb:38:f6:47:85:6a:
                    89:fa:b5:82:cf:85:f7:c7:1b:ce:06:c4:ab:a3:97:
                    5a:a4:05:84:16:f8:8f:a4:93:d5:81:b9:d9:de:fb:
                    49:2b:3d:96:f9:2a:f2:40:d8:f5:79:8f:6f:4a:ea:
                    fd:69:2c:e0:a0:b3:88:6b:aa:5a:6c:fa:c4:dd:3e:
                    f5:2b:4c:e6:1d:7b:1f:3f:73:97:96:d6:16:f2:07:
                    32:14:d3:2a:63:e8:84:c4:ac:02:7b:b3:a6:c0:05:
                    68:05:32:ba:09:dc:b7:08:01:43:e4:10:be:d3:e7:
                    de:c0:8b:a6:6f:2e:d8:90:97:fe:4b:49:35:40:dc:
                    6f:45:92:a5:a9:84:0f:15:52:c8:cb:b4:f1:41:e1:
                    0d:b0:f9:7e:62:45:23:b7:94:9b:86:e5:00:fa:b5:
                    78:3d:8d:68:43:cc:1f:22:2c:16:f5:1a:1b:34:46:
                    f4:95:0d:49:3d:8a:a5:b3:bf:28:f9:d7:ad:3a:12:
                    4a:0f:15:49:1c:67:15:14:0d:5d:63:f1:c2:8d:ca:
                    94:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:73:8A:67:65:E4:94:63:DC:AB:94:0C:A8:C5:6B:06:DB:33:DC:32
            X509v3 Authority Key Identifier:
                keyid:78:DC:3C:6A:B4:AF:BA:86:4B:A0:D4:FD:B0:9E:6F:0E:B0:6F:43:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/1XOKZ2XklGPcq5QMqMVrBtsz3DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/54f6a2-10d1-4195-95bc-9ee76583c71a/1/eNw8arSvuoZLoNT9sJ5vDrBvQ_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.225.0-185.210.227.255

    Signature Algorithm: sha256WithRSAEncryption
         a7:26:71:23:fe:ec:66:c3:5a:92:bf:41:0f:ea:bc:60:21:94:
         13:73:38:22:e3:bc:11:dc:cd:25:61:97:c2:26:48:86:14:5a:
         26:11:24:4b:fd:ae:f1:7f:e8:8c:ba:1e:67:41:d6:e8:85:d7:
         39:62:be:40:80:c4:9d:c6:ab:21:4d:d8:44:6e:6b:c1:08:59:
         97:61:68:4c:37:88:3c:30:6a:be:fe:a1:fc:1d:ed:93:84:a7:
         f3:60:b7:a7:84:a4:89:db:a3:bf:4f:15:f2:09:2a:cf:c6:22:
         5e:11:09:db:01:ac:f0:4d:0d:97:51:ef:a5:7a:24:91:3f:6a:
         b3:b2:aa:b0:3d:83:97:9b:1d:6f:20:31:ab:aa:64:45:eb:1e:
         c0:9d:85:d8:64:fe:81:e6:bd:51:bf:66:cd:2c:ad:5a:24:f8:
         0a:5e:3c:7e:a4:17:4c:52:95:d3:7d:62:45:66:2f:42:83:3d:
         38:4b:38:57:be:34:9f:8d:b5:dd:0c:11:a9:7e:ce:f3:82:38:
         20:d1:53:ae:a5:ee:81:2c:07:67:25:e4:7b:98:13:af:21:96:
         b3:4d:b4:c4:51:06:3e:8b:00:b7:c0:53:20:83:b1:8c:db:3f:
         dc:a2:c4:42:9b:2d:de:92:51:5f:7b:ac:70:ff:fb:5e:64:2f:
         ed:c9:21:ce
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+4xKu3pYCM4wmqdhnj+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZGMzYzZhYjRhZmJhODY0YmEwZDRmZGIwOWU2ZjBlYjA2
ZjQzZmEwHhcNMjUwMTAxMTc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTczOGE2NzY1ZTQ5NDYzZGNhYjk0MGNhOGM1NmIwNmRiMzNkYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUGJ2LKf9dYjA/lDxpmUDT0XHSBe
dqKJvFqYVg1vCehLEDpPjBidwoS/AJVzFMkjzuU8moT7OPZHhWqJ+rWCz4X3xxvO
BsSro5dapAWEFviPpJPVgbnZ3vtJKz2W+SryQNj1eY9vSur9aSzgoLOIa6pabPrE
3T71K0zmHXsfP3OXltYW8gcyFNMqY+iExKwCe7OmwAVoBTK6Cdy3CAFD5BC+0+fe
wIumby7YkJf+S0k1QNxvRZKlqYQPFVLIy7TxQeENsPl+YkUjt5SbhuUA+rV4PY1o
Q8wfIiwW9RobNEb0lQ1JPYqls78o+detOhJKDxVJHGcVFA1dY/HCjcqUrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNVzimdl5JRj3KuUDKjFawbbM9wyMB8GA1UdIwQY
MBaAFHjcPGq0r7qGS6DU/bCebw6wb0P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMt
OWVlNzY1ODNjNzFhLzEvMVhPS1oyWGtsR1BjcTVRTXFNVnJCdHN6M0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81NGY2YTItMTBkMS00MTk1LTk1YmMtOWVlNzY1ODNjNzFh
LzEvZU53OGFyU3Z1b1pMb05UOXNKNXZEckJ2UV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC50uED
BAK50uAwDQYJKoZIhvcNAQELBQADggEBAKcmcSP+7GbDWpK/QQ/qvGAhlBNzOCLj
vBHczSVhl8ImSIYUWiYRJEv9rvF/6Iy6HmdB1uiF1zlivkCAxJ3GqyFN2ERua8EI
WZdhaEw3iDwwar7+ofwd7ZOEp/Ngt6eEpInbo79PFfIJKs/GIl4RCdsBrPBNDZdR
76V6JJE/arOyqrA9g5ebHW8gMauqZEXrHsCdhdhk/oHmvVG/Zs0srVok+ApePH6k
F0xSldN9YkVmL0KDPThLOFe+NJ+Ntd0MEal+zvOCOCDRU66l7oEsB2cl5HuYE68h
lrNNtMRRBj6LALfAUyCDsYzbP9yixEKbLd6SUV97rHD/+15kL+3JIc4=
-----END CERTIFICATE-----