Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Ibq5XqmtsL45nGpc_U7Kk4po4wg.roa
File:                     Ibq5XqmtsL45nGpc_U7Kk4po4wg.roa (raw, json)
Hash identifier:          lJgyZTT2jWrUUFdUbFR+DosrDNpikSIo1DlipAFkhss=
Subject key identifier:   21:BA:B9:5E:A9:AD:B0:BE:39:9C:6A:5C:FD:4E:CA:93:8A:68:E3:08
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BCDB3EA43EE2B12563C04287F0F50
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Ibq5XqmtsL45nGpc_U7Kk4po4wg.roa
Signing time:             Thu 02 Jan 2025 09:49:46 +0000
ROA not before:           Thu 02 Jan 2025 09:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5588
IP address blocks:        85.202.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:cd:b3:ea:43:ee:2b:12:56:3c:04:28:7f:0f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21bab95ea9adb0be399c6a5cfd4eca938a68e308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:30:fb:fa:21:ee:6e:eb:dd:f7:a5:8d:3e:05:
                    c9:a5:cd:cc:a9:8c:02:27:47:31:73:39:27:79:55:
                    b6:b8:cb:9a:c8:95:0d:c8:e4:38:63:49:99:b5:18:
                    1b:7c:d5:32:66:49:47:53:77:c9:20:6c:bb:a0:aa:
                    e7:b2:80:47:f2:b6:27:0f:e7:78:50:40:43:8e:1d:
                    fa:b5:08:6c:fb:8f:88:3b:76:90:5f:1f:b1:11:f1:
                    76:27:b1:59:93:e2:78:1f:49:aa:28:c5:62:04:91:
                    6c:1b:36:aa:77:9d:01:dc:f4:61:5b:12:5f:9f:c8:
                    54:2b:b4:07:25:39:58:ad:4f:ac:1a:e0:6d:5b:06:
                    21:cf:38:c4:99:b8:b7:fa:91:8f:76:f0:c4:ee:cc:
                    fe:3d:dc:a6:58:58:bc:32:4a:d0:3d:be:3d:89:1c:
                    b9:f5:61:d8:e7:06:77:a8:21:a6:9f:35:c6:57:72:
                    e4:9d:df:8a:9c:6c:19:c3:a4:f6:4d:41:8c:2e:31:
                    36:16:fc:32:00:83:ce:5a:82:76:fa:c9:79:bf:b6:
                    d7:cb:36:0c:22:0d:c3:97:e7:00:82:fd:c7:0d:04:
                    f7:1e:d1:d6:7b:28:e9:11:bf:b7:31:35:b9:61:e3:
                    50:b8:2c:6f:2d:3c:22:20:4d:a9:6d:b4:55:03:64:
                    46:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BA:B9:5E:A9:AD:B0:BE:39:9C:6A:5C:FD:4E:CA:93:8A:68:E3:08
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Ibq5XqmtsL45nGpc_U7Kk4po4wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:96:f1:46:58:2a:de:62:21:bf:48:bd:e0:1d:e9:34:a8:ac:
         9f:73:cf:c3:49:a2:d5:9e:cb:7d:e6:eb:04:db:f3:0f:1e:3f:
         88:f3:de:b7:92:8d:29:f5:69:1a:75:8a:4c:c8:b9:6b:49:f5:
         7b:27:16:f9:69:7a:70:43:d6:43:57:6d:dc:1b:43:04:92:e1:
         fe:60:77:67:e5:d4:88:33:7e:d0:63:47:04:40:6e:22:ab:d8:
         b0:75:b6:f3:cb:93:07:88:2a:c8:0f:ec:8f:0e:90:80:c8:bf:
         35:30:60:09:60:34:4b:10:1e:37:3d:f0:ff:63:33:cd:7b:b3:
         7e:35:7d:44:ce:9f:d1:a8:47:be:76:42:e2:b4:c0:c4:81:d5:
         b6:a4:de:a7:49:e6:a0:61:d0:e7:c6:8b:62:d6:49:a8:ec:57:
         52:5a:92:8c:03:c1:99:8d:bd:dd:60:f3:cb:32:53:51:74:4e:
         ff:79:27:f2:dd:a2:6c:f6:68:4a:8f:24:98:07:62:ff:d8:ed:
         88:33:0b:af:70:8b:2d:2a:97:ec:9c:4f:e0:8f:25:f5:5b:9f:
         79:5c:4f:a4:bf:80:7c:1f:d5:9b:d3:3f:a4:1c:a8:74:4c:ca:
         c6:5e:9f:12:2e:74:6f:e8:68:26:0a:0e:e9:2e:e1:e9:a1:78:
         1d:22:59:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma82z6kPuKxJWPAQofw9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJhYjk1ZWE5YWRiMGJlMzk5YzZhNWNmZDRlY2E5MzhhNjhlMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzD7+iHubuvd96WNPgXJpc3MqYwC
J0cxczkneVW2uMuayJUNyOQ4Y0mZtRgbfNUyZklHU3fJIGy7oKrnsoBH8rYnD+d4
UEBDjh36tQhs+4+IO3aQXx+xEfF2J7FZk+J4H0mqKMViBJFsGzaqd50B3PRhWxJf
n8hUK7QHJTlYrU+sGuBtWwYhzzjEmbi3+pGPdvDE7sz+PdymWFi8MkrQPb49iRy5
9WHY5wZ3qCGmnzXGV3Lknd+KnGwZw6T2TUGMLjE2FvwyAIPOWoJ2+sl5v7bXyzYM
Ig3Dl+cAgv3HDQT3HtHWeyjpEb+3MTW5YeNQuCxvLTwiIE2pbbRVA2RGawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCG6uV6prbC+OZxqXP1OypOKaOMIMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvSWJxNVhxbXRzTDQ1bkdwY19VN0trNHBvNHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVco4MA0G
CSqGSIb3DQEBCwUAA4IBAQAglvFGWCreYiG/SL3gHek0qKyfc8/DSaLVnst95usE
2/MPHj+I8963ko0p9WkadYpMyLlrSfV7Jxb5aXpwQ9ZDV23cG0MEkuH+YHdn5dSI
M37QY0cEQG4iq9iwdbbzy5MHiCrID+yPDpCAyL81MGAJYDRLEB43PfD/YzPNe7N+
NX1Ezp/RqEe+dkLitMDEgdW2pN6nSeagYdDnxoti1kmo7FdSWpKMA8GZjb3dYPPL
MlNRdE7/eSfy3aJs9mhKjySYB2L/2O2IMwuvcIstKpfsnE/gjyX1W595XE+kv4B8
H9Wb0z+kHKh0TMrGXp8SLnRv6GgmCg7pLuHpoXgdIlmG
-----END CERTIFICATE-----