Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/fDIcgxuviPH1xRvEDyo8UqwcwI4.roa
File:                     fDIcgxuviPH1xRvEDyo8UqwcwI4.roa (raw, json)
Hash identifier:          rJoyrLL7oo1+w5siaXJh6iXQyoUFBWgTdCtgNT3fEho=
Subject key identifier:   7C:32:1C:83:1B:AF:88:F1:F5:C5:1B:C4:0F:2A:3C:52:AC:1C:C0:8E
Certificate issuer:       /CN=48167dc1dd2bf991d70cf6ee87f4361e75cef20d
Certificate serial:       0194266B9E40584B0930963EA481EF88CF2D
Authority key identifier: 48:16:7D:C1:DD:2B:F9:91:D7:0C:F6:EE:87:F4:36:1E:75:CE:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/fDIcgxuviPH1xRvEDyo8UqwcwI4.roa
Signing time:             Thu 02 Jan 2025 09:49:34 +0000
ROA not before:           Thu 02 Jan 2025 09:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        185.85.208.0/22 maxlen: 24
                          2a0d:9c80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:9e:40:58:4b:09:30:96:3e:a4:81:ef:88:cf:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48167dc1dd2bf991d70cf6ee87f4361e75cef20d
        Validity
            Not Before: Jan  2 09:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c321c831baf88f1f5c51bc40f2a3c52ac1cc08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:70:22:f8:82:bf:69:fa:2c:7d:bb:56:a5:90:
                    0f:39:b2:c2:3d:6b:d4:80:38:cd:15:1f:5f:88:19:
                    67:a7:9c:54:08:fa:6b:17:9a:74:97:e9:af:5f:ba:
                    bb:c4:27:17:da:ae:67:93:53:34:bb:0d:13:2c:72:
                    48:29:f0:c1:b9:93:fc:92:c7:1c:a1:95:0c:fd:88:
                    f7:31:f1:d6:33:19:03:de:3f:0b:03:6d:a3:bb:0c:
                    b7:fe:8b:9b:26:75:89:4d:33:a9:35:76:af:85:3c:
                    20:0b:8b:ff:e6:7b:8f:dc:fe:1b:6a:61:1a:66:5d:
                    ff:51:50:36:f7:47:3e:98:b4:a1:05:66:fe:c5:27:
                    86:eb:7b:ee:cb:a1:67:8d:5e:ab:a3:7f:c1:38:66:
                    d6:6c:14:04:5f:bf:6b:ce:7a:aa:f8:b5:d5:b3:0d:
                    82:d4:fd:88:75:59:3a:01:99:4e:05:9e:a2:4d:0c:
                    62:3b:ff:b7:83:22:16:f8:f4:98:46:3d:27:8a:4f:
                    4f:d6:b3:a8:0a:0f:7a:2e:2b:2a:c4:f7:6c:71:4c:
                    a5:9d:74:54:5a:38:20:97:08:4d:d2:84:80:d0:a5:
                    10:5a:b6:d7:82:11:a8:80:cc:d0:85:9b:94:b6:44:
                    50:09:1e:0e:0b:f4:5d:9f:18:99:90:ef:27:b0:92:
                    5a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:32:1C:83:1B:AF:88:F1:F5:C5:1B:C4:0F:2A:3C:52:AC:1C:C0:8E
            X509v3 Authority Key Identifier:
                keyid:48:16:7D:C1:DD:2B:F9:91:D7:0C:F6:EE:87:F4:36:1E:75:CE:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/fDIcgxuviPH1xRvEDyo8UqwcwI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/616c00-fbeb-4b30-9e25-9e91fca78f47/1/SBZ9wd0r-ZHXDPbuh_Q2HnXO8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.208.0/22
                IPv6:
                  2a0d:9c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:06:a3:15:a0:03:11:48:60:92:e7:51:6e:51:5b:77:ce:06:
         70:91:1a:95:3d:7f:c5:9a:27:72:42:4f:43:80:64:69:23:e1:
         34:6b:70:cf:81:8f:d9:48:24:a7:58:b8:7e:7c:7b:a7:63:22:
         d6:c6:c0:24:39:70:42:e6:87:35:dc:e2:8f:0e:ca:11:78:94:
         8f:03:41:e1:e1:cb:53:84:75:31:54:50:e0:66:00:1a:e0:71:
         ff:90:57:f4:f2:54:a5:da:ae:cf:39:c9:69:35:e5:99:8c:b2:
         4c:66:49:2a:21:5f:11:d6:2e:b4:30:d0:1d:35:84:26:93:14:
         bd:e3:40:ab:4f:ac:ff:51:26:bc:1a:c9:b8:70:85:d0:0a:94:
         03:bb:85:cf:61:4a:89:23:ce:77:6f:ad:5d:73:97:60:e6:5b:
         3d:27:6c:2c:db:14:7d:d2:fc:06:36:1e:ff:02:67:bc:41:f8:
         e0:1c:40:25:60:30:ca:0b:be:b7:97:06:34:38:23:5b:23:a0:
         84:e0:75:52:bc:f0:b4:5d:fe:48:0d:d8:89:a0:58:72:d1:4e:
         71:f2:a1:b2:01:5e:30:47:46:50:f3:1e:0c:a3:23:65:fb:d7:
         79:c4:0b:50:48:51:a5:bb:d9:81:e0:1e:45:82:eb:49:66:70:
         a0:3f:08:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma55AWEsJMJY+pIHviM8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MTY3ZGMxZGQyYmY5OTFkNzBjZjZlZTg3ZjQzNjFlNzVj
ZWYyMGQwHhcNMjUwMTAyMDk0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzMyMWM4MzFiYWY4OGYxZjVjNTFiYzQwZjJhM2M1MmFjMWNjMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3Ai+IK/afosfbtWpZAPObLCPWvU
gDjNFR9fiBlnp5xUCPprF5p0l+mvX7q7xCcX2q5nk1M0uw0TLHJIKfDBuZP8kscc
oZUM/Yj3MfHWMxkD3j8LA22juwy3/oubJnWJTTOpNXavhTwgC4v/5nuP3P4bamEa
Zl3/UVA290c+mLShBWb+xSeG63vuy6FnjV6ro3/BOGbWbBQEX79rznqq+LXVsw2C
1P2IdVk6AZlOBZ6iTQxiO/+3gyIW+PSYRj0nik9P1rOoCg96LisqxPdscUylnXRU
WjgglwhN0oSA0KUQWrbXghGogMzQhZuUtkRQCR4OC/RdnxiZkO8nsJJaZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHwyHIMbr4jx9cUbxA8qPFKsHMCOMB8GA1UdIwQY
MBaAFEgWfcHdK/mR1wz27of0Nh51zvINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0JaOXdkMHItWkhYRFBidWhfUTJIblhPOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82MTZjMDAtZmJlYi00YjMwLTllMjUt
OWU5MWZjYTc4ZjQ3LzEvZkRJY2d4dXZpUEgxeFJ2RUR5bzhVcXdjd0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82MTZjMDAtZmJlYi00YjMwLTllMjUtOWU5MWZjYTc4ZjQ3
LzEvU0JaOXdkMHItWkhYRFBidWhfUTJIblhPOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVXQMA0E
AgACMAcDBQMqDZyAMA0GCSqGSIb3DQEBCwUAA4IBAQBmBqMVoAMRSGCS51FuUVt3
zgZwkRqVPX/FmidyQk9DgGRpI+E0a3DPgY/ZSCSnWLh+fHunYyLWxsAkOXBC5oc1
3OKPDsoReJSPA0Hh4ctThHUxVFDgZgAa4HH/kFf08lSl2q7POclpNeWZjLJMZkkq
IV8R1i60MNAdNYQmkxS940CrT6z/USa8Gsm4cIXQCpQDu4XPYUqJI853b61dc5dg
5ls9J2ws2xR90vwGNh7/Ame8QfjgHEAlYDDKC763lwY0OCNbI6CE4HVSvPC0Xf5I
DdiJoFhy0U5x8qGyAV4wR0ZQ8x4MoyNl+9d5xAtQSFGlu9mB4B5FgutJZnCgPwjl
-----END CERTIFICATE-----