Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/KSs1jOl2vQ2T9aBxS53muqbkeek.roa
File:                     KSs1jOl2vQ2T9aBxS53muqbkeek.roa (raw, json)
Hash identifier:          k6xoKkAhl7uyLISVfEu/5MO1xlAN4gAUOxN8werJasI=
Subject key identifier:   29:2B:35:8C:E9:76:BD:0D:93:F5:A0:71:4B:9D:E6:BA:A6:E4:79:E9
Certificate issuer:       /CN=a2074339bb216b85bdc83d61778821adf9149d56
Certificate serial:       01956C8D139C28382993735ED02982A2ACC0
Authority key identifier: A2:07:43:39:BB:21:6B:85:BD:C8:3D:61:77:88:21:AD:F9:14:9D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/KSs1jOl2vQ2T9aBxS53muqbkeek.roa
Signing time:             Thu 06 Mar 2025 17:42:19 +0000
ROA not before:           Thu 06 Mar 2025 17:42:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50407
IP address blocks:        185.124.49.0/24 maxlen: 24
                          2a0e:8f81::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6c:8d:13:9c:28:38:29:93:73:5e:d0:29:82:a2:ac:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2074339bb216b85bdc83d61778821adf9149d56
        Validity
            Not Before: Mar  6 17:42:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=292b358ce976bd0d93f5a0714b9de6baa6e479e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:68:2d:5f:46:40:d3:b9:d3:c1:40:58:91:9a:
                    56:d6:06:24:49:8c:3f:e8:0d:b8:6d:1a:8c:2c:48:
                    e3:85:51:de:4b:b9:48:69:8d:fd:28:28:4f:d0:48:
                    95:10:17:93:4d:f3:92:ea:a2:fe:65:30:b4:83:d2:
                    f7:0a:ad:67:94:62:9a:26:39:ce:7e:49:12:3f:dd:
                    86:45:b9:08:da:dc:a7:90:d7:ca:4d:87:72:0d:64:
                    b6:c4:2b:81:35:14:34:9d:0c:17:19:54:9f:0a:47:
                    15:5c:0b:b3:b1:f0:13:56:b8:7a:1a:39:22:ed:18:
                    0e:68:e0:56:de:35:38:42:47:72:50:ab:47:0d:80:
                    e2:d8:20:7b:6d:9f:87:e9:37:13:3b:24:fd:62:54:
                    7d:af:b8:f0:c6:92:76:a9:6e:ca:b0:65:6d:06:a8:
                    85:ac:a9:44:40:74:90:3a:28:fc:62:b2:fb:61:24:
                    df:58:53:ac:1f:0e:b7:9e:f4:4e:2a:96:5b:8e:de:
                    f7:e2:c2:bb:50:d8:ed:62:a0:64:53:71:a3:66:3b:
                    d1:a4:b1:ad:ef:04:33:44:48:02:bd:c8:c2:48:b2:
                    aa:c4:b9:e1:79:61:15:59:13:3c:11:81:3a:57:93:
                    e9:0d:41:3e:7e:e7:23:12:a7:1a:f8:dd:92:64:4c:
                    63:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2B:35:8C:E9:76:BD:0D:93:F5:A0:71:4B:9D:E6:BA:A6:E4:79:E9
            X509v3 Authority Key Identifier:
                keyid:A2:07:43:39:BB:21:6B:85:BD:C8:3D:61:77:88:21:AD:F9:14:9D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/KSs1jOl2vQ2T9aBxS53muqbkeek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.49.0/24
                IPv6:
                  2a0e:8f81::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:b1:4f:a2:53:8e:84:b8:c7:2f:0e:18:43:26:f4:ed:e0:31:
         92:19:ab:67:2d:69:80:83:af:2c:6d:de:79:9e:f2:9a:c0:1e:
         7a:eb:d1:6b:73:f4:ed:ab:e6:7e:4f:e0:44:78:54:53:e5:1f:
         62:23:84:fb:94:7d:36:9d:3e:5a:37:98:99:b8:da:25:0b:c4:
         b3:92:70:74:c3:15:25:e3:24:cf:bd:b1:15:c6:b4:4c:32:d0:
         77:5e:b3:9a:02:72:06:50:ce:cf:8a:a5:ea:6f:f3:84:a2:72:
         2a:ec:c5:ac:e7:f5:15:95:76:af:94:26:ff:e1:4f:4e:1b:63:
         ce:05:b0:50:3d:b3:44:14:6c:aa:a2:e9:3a:7a:67:2b:af:9f:
         6e:0f:9e:97:e1:51:00:7a:bc:46:c8:c7:7a:8f:c9:1f:80:79:
         4b:57:6b:0b:4f:d4:5d:6d:9f:fe:35:0c:81:d4:0a:14:85:28:
         80:8e:b4:82:70:23:b8:81:da:2c:99:bf:fd:73:95:40:bd:62:
         fc:b3:ab:96:c6:f7:0e:91:64:5c:4b:e4:a7:96:52:e0:c9:84:
         13:56:91:7c:b1:c9:cb:fd:9f:6a:3f:66:df:1a:c1:f3:7b:ed:
         fc:b6:d0:fe:fb:e3:40:e6:b0:6b:64:e1:f3:ee:64:76:8d:8a:
         87:b9:6a:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZVsjROcKDgpk3Ne0CmCoqzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDc0MzM5YmIyMTZiODViZGM4M2Q2MTc3ODgyMWFkZjkx
NDlkNTYwHhcNMjUwMzA2MTc0MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJiMzU4Y2U5NzZiZDBkOTNmNWEwNzE0YjlkZTZiYWE2ZTQ3OWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGgtX0ZA07nTwUBYkZpW1gYkSYw/
6A24bRqMLEjjhVHeS7lIaY39KChP0EiVEBeTTfOS6qL+ZTC0g9L3Cq1nlGKaJjnO
fkkSP92GRbkI2tynkNfKTYdyDWS2xCuBNRQ0nQwXGVSfCkcVXAuzsfATVrh6Gjki
7RgOaOBW3jU4QkdyUKtHDYDi2CB7bZ+H6TcTOyT9YlR9r7jwxpJ2qW7KsGVtBqiF
rKlEQHSQOij8YrL7YSTfWFOsHw63nvROKpZbjt734sK7UNjtYqBkU3GjZjvRpLGt
7wQzREgCvcjCSLKqxLnheWEVWRM8EYE6V5PpDUE+fucjEqca+N2SZExjEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCkrNYzpdr0Nk/WgcUud5rqm5HnpMB8GA1UdIwQY
MBaAFKIHQzm7IWuFvcg9YXeIIa35FJ1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dkRE9ic2hhNFc5eUQxaGQ0Z2hyZmtVblZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81NzFiMzQtYWNmOS00ZWJmLTk4OGIt
MGZlYjY2ZTdmMjhhLzEvS1NzMWpPbDJ2UTJUOWFCeFM1M211cWJrZWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81NzFiMzQtYWNmOS00ZWJmLTk4OGItMGZlYjY2ZTdmMjhh
LzEvb2dkRE9ic2hhNFc5eUQxaGQ0Z2hyZmtVblZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXwxMA0E
AgACMAcDBQAqDo+BMA0GCSqGSIb3DQEBCwUAA4IBAQCtsU+iU46EuMcvDhhDJvTt
4DGSGatnLWmAg68sbd55nvKawB5669Frc/Ttq+Z+T+BEeFRT5R9iI4T7lH02nT5a
N5iZuNolC8SzknB0wxUl4yTPvbEVxrRMMtB3XrOaAnIGUM7PiqXqb/OEonIq7MWs
5/UVlXavlCb/4U9OG2POBbBQPbNEFGyqouk6emcrr59uD56X4VEAerxGyMd6j8kf
gHlLV2sLT9RdbZ/+NQyB1AoUhSiAjrSCcCO4gdosmb/9c5VAvWL8s6uWxvcOkWRc
S+SnllLgyYQTVpF8scnL/Z9qP2bfGsHze+38ttD+++NA5rBrZOHz7mR2jYqHuWoS
-----END CERTIFICATE-----