Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/VOwZFJ2kzA4iWyaWmWEZLWn-AT4.roa
File:                     VOwZFJ2kzA4iWyaWmWEZLWn-AT4.roa (raw, json)
Hash identifier:          YQUstvHHSMLfCh8uMvOZZqE+6wkkgDZ2K70GWR3RN8k=
Subject key identifier:   54:EC:19:14:9D:A4:CC:0E:22:5B:26:96:99:61:19:2D:69:FE:01:3E
Certificate issuer:       /CN=ec97b72d5d4f750f1b138c2a901dd6510921be41
Certificate serial:       0194274828BC828DF08038C34F604807AA32
Authority key identifier: EC:97:B7:2D:5D:4F:75:0F:1B:13:8C:2A:90:1D:D6:51:09:21:BE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/VOwZFJ2kzA4iWyaWmWEZLWn-AT4.roa
Signing time:             Thu 02 Jan 2025 13:50:27 +0000
ROA not before:           Thu 02 Jan 2025 13:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21080
IP address blocks:        185.76.160.0/22 maxlen: 22
                          195.85.237.0/24 maxlen: 24
                          2001:67c:253c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:28:bc:82:8d:f0:80:38:c3:4f:60:48:07:aa:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec97b72d5d4f750f1b138c2a901dd6510921be41
        Validity
            Not Before: Jan  2 13:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54ec19149da4cc0e225b26969961192d69fe013e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:98:d1:4d:43:98:88:38:11:05:86:da:f9:4c:
                    fc:18:9d:99:44:87:7b:97:8c:c4:62:4c:d2:c5:77:
                    d5:19:22:68:68:9f:49:e2:0a:c2:0b:b0:79:a6:f3:
                    c7:82:ce:0a:e1:f4:e2:07:6e:65:9b:6f:ab:a7:6a:
                    75:76:54:a4:62:44:21:58:bf:dc:c8:9b:23:64:4e:
                    e3:e1:84:9d:f6:d9:24:5f:84:61:b9:9b:7b:bc:0d:
                    e3:02:47:73:14:c7:21:a9:7d:5b:b8:a8:96:ab:b2:
                    a7:fd:3c:eb:6c:5e:16:b6:e5:78:8e:51:4f:14:a8:
                    af:48:25:ce:52:0b:ce:de:13:d7:73:ce:6b:25:f1:
                    79:58:c3:97:50:96:5c:a4:92:0d:eb:1a:0a:77:36:
                    6d:3e:8c:88:d7:27:91:9d:01:85:ce:84:3c:8e:a6:
                    f9:32:90:36:28:d9:12:fd:ce:88:ec:55:41:c8:6a:
                    07:a1:bc:83:04:4f:0d:35:23:a1:1c:7c:4a:ad:bc:
                    c3:0f:60:3f:9f:35:89:3c:4b:85:a2:22:02:d2:c5:
                    56:44:63:65:d3:55:4c:cd:c7:31:fd:f0:9f:8f:38:
                    b5:aa:a3:b5:67:4c:3b:1d:56:fe:8b:fc:cd:76:dd:
                    49:21:22:73:37:e6:2f:9c:28:c7:aa:67:d7:85:fb:
                    9c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:EC:19:14:9D:A4:CC:0E:22:5B:26:96:99:61:19:2D:69:FE:01:3E
            X509v3 Authority Key Identifier:
                keyid:EC:97:B7:2D:5D:4F:75:0F:1B:13:8C:2A:90:1D:D6:51:09:21:BE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/VOwZFJ2kzA4iWyaWmWEZLWn-AT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ef9860-2658-44df-b172-8066fa21241a/1/7Je3LV1PdQ8bE4wqkB3WUQkhvkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.160.0/22
                  195.85.237.0/24
                IPv6:
                  2001:67c:253c::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:5f:be:d7:4d:f7:13:23:3b:4e:f2:68:ea:a4:cc:7e:2e:55:
         71:d3:d7:ce:9e:68:c1:ce:57:92:ef:e3:93:18:e1:62:72:b1:
         21:83:ef:84:8e:c5:93:85:8c:b9:d4:bc:92:b4:b9:d5:39:df:
         cc:d3:7d:8a:a4:db:e7:9e:9b:30:b1:76:ab:60:b7:41:d1:17:
         d5:61:08:1f:a9:42:71:b3:5b:c0:c9:c5:00:a4:53:4e:ce:5b:
         9f:84:87:62:53:e7:bf:bc:e4:39:58:f1:f9:d8:cd:30:40:3d:
         8d:42:9a:ca:88:43:c8:72:d0:a8:77:d2:da:6d:86:49:de:4c:
         c6:c0:4e:10:08:92:0c:cc:2a:54:9a:60:c7:32:8e:ae:9a:01:
         e9:cf:e8:c1:14:09:f1:48:46:55:16:a9:3e:c4:ed:a1:67:46:
         89:99:00:cd:7c:47:73:f4:a8:a9:4f:12:84:4f:9f:84:aa:ae:
         bb:9a:46:3a:c1:ac:1d:c6:83:95:4c:db:39:ee:aa:48:ce:0d:
         a0:b1:37:c5:ff:73:49:08:0b:41:30:6f:6b:d5:54:22:e2:a2:
         25:71:0d:db:42:39:f5:77:aa:96:24:18:25:ff:bd:82:ec:9d:
         33:05:7d:0b:e6:96:56:be:61:2f:95:36:8d:f7:f9:2a:65:82:
         39:2d:02:3b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQnSCi8go3wgDjDT2BIB6oyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOTdiNzJkNWQ0Zjc1MGYxYjEzOGMyYTkwMWRkNjUxMDky
MWJlNDEwHhcNMjUwMTAyMTM1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVjMTkxNDlkYTRjYzBlMjI1YjI2OTY5OTYxMTkyZDY5ZmUwMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZjRTUOYiDgRBYba+Uz8GJ2ZRId7
l4zEYkzSxXfVGSJoaJ9J4grCC7B5pvPHgs4K4fTiB25lm2+rp2p1dlSkYkQhWL/c
yJsjZE7j4YSd9tkkX4RhuZt7vA3jAkdzFMchqX1buKiWq7Kn/TzrbF4WtuV4jlFP
FKivSCXOUgvO3hPXc85rJfF5WMOXUJZcpJIN6xoKdzZtPoyI1yeRnQGFzoQ8jqb5
MpA2KNkS/c6I7FVByGoHobyDBE8NNSOhHHxKrbzDD2A/nzWJPEuFoiIC0sVWRGNl
01VMzccx/fCfjzi1qqO1Z0w7HVb+i/zNdt1JISJzN+YvnCjHqmfXhfucWQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFTsGRSdpMwOIlsmlplhGS1p/gE+MB8GA1UdIwQY
MBaAFOyXty1dT3UPGxOMKpAd1lEJIb5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0plM0xWMVBkUThiRTR3cWtCM1dVUWtodmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lZjk4NjAtMjY1OC00NGRmLWIxNzIt
ODA2NmZhMjEyNDFhLzEvVk93WkZKMmt6QTRpV3lhV21XRVpMV24tQVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lZjk4NjAtMjY1OC00NGRmLWIxNzItODA2NmZhMjEyNDFh
LzEvN0plM0xWMVBkUThiRTR3cWtCM1dVUWtodmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuUygAwQA
w1XtMA8EAgACMAkDBwAgAQZ8JTwwDQYJKoZIhvcNAQELBQADggEBADBfvtdN9xMj
O07yaOqkzH4uVXHT186eaMHOV5Lv45MY4WJysSGD74SOxZOFjLnUvJK0udU538zT
fYqk2+eemzCxdqtgt0HRF9VhCB+pQnGzW8DJxQCkU07OW5+Eh2JT57+85DlY8fnY
zTBAPY1CmsqIQ8hy0Kh30tpthkneTMbAThAIkgzMKlSaYMcyjq6aAenP6MEUCfFI
RlUWqT7E7aFnRomZAM18R3P0qKlPEoRPn4SqrruaRjrBrB3Gg5VM2znuqkjODaCx
N8X/c0kIC0Ewb2vVVCLioiVxDdtCOfV3qpYkGCX/vYLsnTMFfQvmlla+YS+VNo33
+SplgjktAjs=
-----END CERTIFICATE-----