Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/icELWhfd9GPLu8IWkwxM1B9b1F8.roa
File:                     icELWhfd9GPLu8IWkwxM1B9b1F8.roa (raw, json)
Hash identifier:          YOkXqZJxfhwZLYrQswqqRP/8HyClhXqiaW/6Oo79K30=
Subject key identifier:   89:C1:0B:5A:17:DD:F4:63:CB:BB:C2:16:93:0C:4C:D4:1F:5B:D4:5F
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       01953BD8403487E429B3C9F0D7F5860C19B0
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/icELWhfd9GPLu8IWkwxM1B9b1F8.roa
Signing time:             Tue 25 Feb 2025 06:43:02 +0000
ROA not before:           Tue 25 Feb 2025 06:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        185.128.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3b:d8:40:34:87:e4:29:b3:c9:f0:d7:f5:86:0c:19:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Feb 25 06:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89c10b5a17ddf463cbbbc216930c4cd41f5bd45f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2e:62:a5:2a:dd:e9:5c:67:7e:27:58:c3:95:
                    af:60:a1:08:68:d6:22:11:d2:1e:b5:a4:68:86:f7:
                    ea:b9:bf:9b:25:b9:a0:d0:0a:d6:15:70:31:f0:81:
                    71:51:77:ab:a7:31:b3:b8:47:e4:ec:0f:bd:e7:55:
                    b8:3a:6e:a2:58:8b:ec:41:e4:2d:4e:ab:25:4e:65:
                    62:88:b4:b2:c5:2b:4e:5b:62:56:0e:86:5f:99:9b:
                    a1:63:83:2b:24:a0:89:29:22:58:d1:5e:98:b7:08:
                    1f:8c:77:26:0c:f2:9f:28:c1:87:86:d7:4b:8e:92:
                    79:e8:31:c1:e8:ca:ca:22:b2:3c:ca:9b:26:0d:fa:
                    5f:c3:e0:bc:1d:2c:33:d5:dc:10:63:d2:11:a0:55:
                    df:57:af:ca:f1:11:a4:38:6c:a7:47:b2:e9:3a:99:
                    a7:95:f7:9e:02:58:f2:48:c6:72:56:d7:e1:e6:58:
                    5c:9d:86:90:aa:ad:a0:22:a1:f9:ec:aa:2a:30:85:
                    ec:7b:33:35:b9:6d:57:ce:c6:09:e6:6b:61:77:b9:
                    2c:50:c9:6b:2c:09:3d:f7:85:a2:6b:25:7b:45:3f:
                    02:f1:ca:24:cd:bf:3e:e7:0f:f2:10:bc:54:49:e5:
                    0c:7b:de:fc:b3:9a:69:57:a5:8a:b0:16:d2:38:10:
                    92:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C1:0B:5A:17:DD:F4:63:CB:BB:C2:16:93:0C:4C:D4:1F:5B:D4:5F
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/icELWhfd9GPLu8IWkwxM1B9b1F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:de:90:5b:81:72:d2:57:3b:f7:39:8b:cb:76:db:82:1b:91:
         dc:72:29:49:e6:52:69:cb:27:ae:71:39:7f:5f:38:2b:a6:e1:
         31:91:15:ed:27:a5:60:31:23:cb:68:8e:a0:14:80:e8:9d:fa:
         3b:5f:d7:c2:aa:6c:e6:53:a0:c3:9c:41:88:f2:ea:9e:20:af:
         24:f5:6d:6d:40:1e:fa:e5:72:f9:a5:8f:f8:90:ab:0b:18:c6:
         09:d6:12:97:c0:83:28:1e:75:60:3b:3d:04:37:fa:51:78:df:
         6c:ed:5e:b3:b7:28:cc:2e:12:66:43:fa:7c:1e:d5:39:f4:e9:
         51:a9:5b:cf:f9:ad:a2:2a:20:ae:dc:30:28:8a:01:25:c6:df:
         2a:54:d9:4c:0f:d6:07:8a:5d:40:c5:ff:55:70:49:f7:61:9c:
         08:d2:91:b3:8e:9e:28:e4:c0:6b:64:32:20:bc:66:40:66:21:
         64:bb:ea:6d:83:2e:18:f8:47:2a:75:b3:9c:40:86:ae:ed:0c:
         9d:08:20:34:45:60:64:5b:07:b7:fd:56:16:1c:13:e2:5c:e9:
         bd:d1:28:6c:62:c5:95:c7:ea:00:6f:32:26:c5:76:5b:bd:a8:
         18:a9:81:0b:9d:a3:75:cb:0d:a4:5e:d3:1e:b1:53:b2:16:3d:
         03:f8:d1:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU72EA0h+Qps8nw1/WGDBmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjUwMjI1MDY0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWMxMGI1YTE3ZGRmNDYzY2JiYmMyMTY5MzBjNGNkNDFmNWJkNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy5ipSrd6VxnfidYw5WvYKEIaNYi
EdIetaRohvfqub+bJbmg0ArWFXAx8IFxUXerpzGzuEfk7A+951W4Om6iWIvsQeQt
TqslTmViiLSyxStOW2JWDoZfmZuhY4MrJKCJKSJY0V6YtwgfjHcmDPKfKMGHhtdL
jpJ56DHB6MrKIrI8ypsmDfpfw+C8HSwz1dwQY9IRoFXfV6/K8RGkOGynR7LpOpmn
lfeeAljySMZyVtfh5lhcnYaQqq2gIqH57KoqMIXsezM1uW1XzsYJ5mthd7ksUMlr
LAk994WiayV7RT8C8cokzb8+5w/yELxUSeUMe978s5ppV6WKsBbSOBCSuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInBC1oX3fRjy7vCFpMMTNQfW9RfMB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvaWNFTFdoZmQ5R1BMdThJV2t3eE0xQjliMUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDiMA0G
CSqGSIb3DQEBCwUAA4IBAQCg3pBbgXLSVzv3OYvLdtuCG5HccilJ5lJpyyeucTl/
XzgrpuExkRXtJ6VgMSPLaI6gFIDonfo7X9fCqmzmU6DDnEGI8uqeIK8k9W1tQB76
5XL5pY/4kKsLGMYJ1hKXwIMoHnVgOz0EN/pReN9s7V6ztyjMLhJmQ/p8HtU59OlR
qVvP+a2iKiCu3DAoigElxt8qVNlMD9YHil1Axf9VcEn3YZwI0pGzjp4o5MBrZDIg
vGZAZiFku+ptgy4Y+EcqdbOcQIau7QydCCA0RWBkWwe3/VYWHBPiXOm90ShsYsWV
x+oAbzImxXZbvagYqYELnaN1yw2kXtMesVOyFj0D+NHE
-----END CERTIFICATE-----