Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/66D5GH85kpdoRl5xE-EYGnJIu7s.roa
File:                     66D5GH85kpdoRl5xE-EYGnJIu7s.roa (raw, json)
Hash identifier:          FRI0FnMjIpTP/o+NpM2rBO+2noxEcPY4kmpjzIRRmcw=
Subject key identifier:   EB:A0:F9:18:7F:39:92:97:68:46:5E:71:13:E1:18:1A:72:48:BB:BB
Certificate issuer:       /CN=1b4d80373e3e34d00a85b84128d405399bcf8a45
Certificate serial:       0196E97D89FB5EB48BF0D8E278F267B11566
Authority key identifier: 1B:4D:80:37:3E:3E:34:D0:0A:85:B8:41:28:D4:05:39:9B:CF:8A:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G02ANz4-NNAKhbhBKNQFOZvPikU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/66D5GH85kpdoRl5xE-EYGnJIu7s.roa
Signing time:             Mon 19 May 2025 17:00:40 +0000
ROA not before:           Mon 19 May 2025 17:00:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        185.237.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/G02ANz4-NNAKhbhBKNQFOZvPikU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/G02ANz4-NNAKhbhBKNQFOZvPikU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G02ANz4-NNAKhbhBKNQFOZvPikU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:7d:89:fb:5e:b4:8b:f0:d8:e2:78:f2:67:b1:15:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b4d80373e3e34d00a85b84128d405399bcf8a45
        Validity
            Not Before: May 19 17:00:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eba0f9187f39929768465e7113e1181a7248bbbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:38:bd:0f:47:2b:ab:65:7b:a3:95:c7:c4:7f:
                    13:71:0b:00:e2:60:9c:f9:18:ae:f5:2d:47:c0:e9:
                    68:80:71:25:55:f8:21:7e:ab:8e:dd:9d:97:db:72:
                    2c:72:de:1b:0f:14:d5:6a:32:0b:0c:92:ac:95:59:
                    5c:c4:d8:5e:de:c1:29:18:a3:60:62:b4:9d:00:0d:
                    3f:f2:c3:3b:e8:b9:98:34:9a:a9:68:c9:aa:f6:4e:
                    b3:25:81:2b:ab:ea:e2:50:4a:79:31:44:fa:89:f9:
                    eb:b3:4c:6e:73:ba:31:c8:e6:74:58:9a:7e:a1:cf:
                    3c:af:6b:5a:d6:33:da:c5:d5:c6:6f:ed:51:32:33:
                    16:13:82:6c:05:7f:54:ab:2e:e5:d1:6f:10:8c:e4:
                    60:d1:9f:32:e7:1b:1e:58:51:ea:2d:9d:75:23:58:
                    21:9e:d4:3a:42:4d:2c:03:21:00:d5:80:99:4c:16:
                    e4:99:50:33:56:e6:a5:86:99:f3:bc:59:d7:8b:13:
                    d2:3b:8f:c3:da:cd:ed:7d:10:20:3f:23:f2:16:f0:
                    2b:41:8f:d7:8c:ff:45:8d:61:52:6c:1f:c6:78:2d:
                    6a:76:a7:a9:fb:2e:a9:b3:a1:92:26:39:48:04:ee:
                    4c:c3:20:24:95:0a:a2:06:60:bb:00:e9:18:e1:19:
                    9b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A0:F9:18:7F:39:92:97:68:46:5E:71:13:E1:18:1A:72:48:BB:BB
            X509v3 Authority Key Identifier:
                keyid:1B:4D:80:37:3E:3E:34:D0:0A:85:B8:41:28:D4:05:39:9B:CF:8A:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G02ANz4-NNAKhbhBKNQFOZvPikU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/66D5GH85kpdoRl5xE-EYGnJIu7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2574d2-cb0c-4b2a-be83-8e00bda3b245/1/G02ANz4-NNAKhbhBKNQFOZvPikU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5b:c6:36:2b:24:18:2e:6c:6d:a4:f7:84:8e:d9:54:e4:24:
         ae:3d:7e:46:7e:6b:b7:0f:5d:a7:42:85:7f:44:65:8f:53:10:
         c6:ba:c0:0d:62:ff:c7:38:66:b2:4f:1f:52:34:22:72:d7:22:
         bb:45:62:4c:b6:f1:7c:a5:bf:b8:e3:eb:57:61:e9:bf:95:73:
         ec:89:f7:df:83:04:39:0a:d2:66:40:8a:39:06:f2:86:a3:1f:
         ab:f6:29:95:6e:93:f6:58:a2:89:c3:50:31:84:f6:09:cd:b6:
         ed:61:75:d7:06:3b:ad:84:36:7d:a1:00:c1:98:ab:8d:5e:9f:
         54:22:61:44:d6:7c:bb:78:36:1a:e7:fd:1e:db:b4:19:55:34:
         b0:7d:98:85:17:bf:fa:80:87:7b:97:47:fb:04:c9:f7:b8:2e:
         55:7c:5d:e9:65:67:d1:91:61:7d:03:74:89:da:95:1e:c4:f4:
         06:a1:d2:d6:b9:c4:69:5b:dd:38:0d:67:20:8c:04:22:83:55:
         e2:63:b1:57:34:be:91:77:41:a0:8e:10:68:12:08:58:fd:7e:
         d9:6b:d9:17:b1:d6:e0:33:60:95:58:64:93:99:4a:1f:8d:4b:
         f8:4c:44:d2:ab:44:28:b0:fb:f2:7b:59:e8:10:06:54:0a:ef:
         91:14:b7:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbpfYn7XrSL8NjiePJnsRVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNGQ4MDM3M2UzZTM0ZDAwYTg1Yjg0MTI4ZDQwNTM5OWJj
ZjhhNDUwHhcNMjUwNTE5MTcwMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmEwZjkxODdmMzk5Mjk3Njg0NjVlNzExM2UxMTgxYTcyNDhiYmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoji9D0crq2V7o5XHxH8TcQsA4mCc
+Riu9S1HwOlogHElVfghfquO3Z2X23Isct4bDxTVajILDJKslVlcxNhe3sEpGKNg
YrSdAA0/8sM76LmYNJqpaMmq9k6zJYErq+riUEp5MUT6ifnrs0xuc7oxyOZ0WJp+
oc88r2ta1jPaxdXGb+1RMjMWE4JsBX9Uqy7l0W8QjORg0Z8y5xseWFHqLZ11I1gh
ntQ6Qk0sAyEA1YCZTBbkmVAzVualhpnzvFnXixPSO4/D2s3tfRAgPyPyFvArQY/X
jP9FjWFSbB/GeC1qdqep+y6ps6GSJjlIBO5MwyAklQqiBmC7AOkY4RmbtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOug+Rh/OZKXaEZecRPhGBpySLu7MB8GA1UdIwQY
MBaAFBtNgDc+PjTQCoW4QSjUBTmbz4pFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzAyQU56NC1OTkFLaGJoQktOUUZPWnZQaWtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yNTc0ZDItY2IwYy00YjJhLWJlODMt
OGUwMGJkYTNiMjQ1LzEvNjZENUdIODVrcGRvUmw1eEUtRVlHbkpJdTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yNTc0ZDItY2IwYy00YjJhLWJlODMtOGUwMGJkYTNiMjQ1
LzEvRzAyQU56NC1OTkFLaGJoQktOUUZPWnZQaWtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1dMA0G
CSqGSIb3DQEBCwUAA4IBAQB0W8Y2KyQYLmxtpPeEjtlU5CSuPX5Gfmu3D12nQoV/
RGWPUxDGusANYv/HOGayTx9SNCJy1yK7RWJMtvF8pb+44+tXYem/lXPsifffgwQ5
CtJmQIo5BvKGox+r9imVbpP2WKKJw1AxhPYJzbbtYXXXBjuthDZ9oQDBmKuNXp9U
ImFE1ny7eDYa5/0e27QZVTSwfZiFF7/6gId7l0f7BMn3uC5VfF3pZWfRkWF9A3SJ
2pUexPQGodLWucRpW904DWcgjAQig1XiY7FXNL6Rd0GgjhBoEghY/X7Za9kXsdbg
M2CVWGSTmUofjUv4TETSq0QosPvye1noEAZUCu+RFLeP
-----END CERTIFICATE-----