Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/1-z0xCJwtZ7oNjVyEZRiUl707L_U.roa
File:                     1-z0xCJwtZ7oNjVyEZRiUl707L_U.roa (raw, json)
Hash identifier:          kH96KZu4zVwqWimn8lprbltf+L6jN14xGOOzu5+uka8=
Subject key identifier:   FB:3D:31:08:9C:2D:67:BA:0D:8D:5C:84:65:18:94:97:BD:3B:2F:F5
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0195D83ED09E161051FCC69F1CD0FBAC7E39
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/1-z0xCJwtZ7oNjVyEZRiUl707L_U.roa
Signing time:             Thu 27 Mar 2025 15:35:49 +0000
ROA not before:           Thu 27 Mar 2025 15:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214653
IP address blocks:        93.185.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d8:3e:d0:9e:16:10:51:fc:c6:9f:1c:d0:fb:ac:7e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Mar 27 15:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb3d31089c2d67ba0d8d5c8465189497bd3b2ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8c:63:0a:ff:ab:5a:e1:08:ef:dd:e2:da:04:
                    6e:af:72:6c:a9:71:02:77:d3:b4:63:02:6b:77:f8:
                    9b:a3:3d:2f:fa:2f:fe:fc:b2:73:b3:d9:6d:98:68:
                    2a:ee:7b:7d:2f:00:d6:18:70:eb:e1:18:3c:02:10:
                    94:87:11:10:e8:bd:bd:91:71:8e:1c:1e:fa:3b:94:
                    e7:a6:fa:00:68:5a:ef:22:09:8d:a1:f0:db:47:30:
                    a6:0c:bf:3f:03:ff:a1:48:89:85:32:c7:01:93:94:
                    ca:19:07:27:bb:01:96:17:a3:b6:f1:90:4d:4c:17:
                    1c:eb:a9:a7:14:ab:1e:33:f8:0d:30:a1:da:40:98:
                    79:bd:7c:85:29:5c:e8:7d:6c:ea:91:c0:64:9d:11:
                    f6:81:d0:ae:84:7c:a5:f9:92:ec:7b:a7:cf:b6:62:
                    59:70:4d:05:85:d3:f1:a6:d7:8d:33:64:5c:d3:75:
                    d8:75:25:26:81:f9:7e:c6:78:d1:e4:e8:81:4a:15:
                    ab:05:f1:ed:98:da:f8:3c:6a:c9:ea:11:e9:e2:0e:
                    c8:f6:e3:4f:7b:e4:b7:3a:35:2c:4f:03:09:4c:00:
                    5b:b0:fa:d5:b1:c5:9a:a0:26:08:18:65:90:83:bd:
                    53:c4:db:48:68:de:87:70:a6:d9:c7:c4:d0:74:53:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:3D:31:08:9C:2D:67:BA:0D:8D:5C:84:65:18:94:97:BD:3B:2F:F5
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/1-z0xCJwtZ7oNjVyEZRiUl707L_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:d7:23:64:7a:d2:2a:a8:ae:0b:12:8c:02:2b:2b:d3:3a:b7:
         c7:fc:97:f8:ca:b9:99:6f:9b:a0:49:d9:06:12:0e:e3:02:25:
         94:e3:23:a9:7b:41:fd:6a:d4:a2:d6:f6:16:01:06:b9:5f:cc:
         ba:75:1f:4b:25:f5:d6:1f:78:01:80:c2:f6:2d:37:04:15:c7:
         ac:2e:7e:73:ce:10:84:81:3a:44:9c:b4:f2:3f:67:47:59:60:
         41:38:8b:4f:36:64:46:d1:6b:00:06:2f:e4:85:f9:ab:61:69:
         a2:77:c5:8d:8a:31:e3:a6:a1:ff:c0:21:0c:5d:6e:cb:6e:47:
         d3:ea:6b:1a:8e:17:df:81:e3:e4:ac:10:e9:b6:ba:84:13:5e:
         bf:e2:bd:ac:3a:dc:b6:de:bb:e6:72:9c:a2:0c:4b:8c:f3:61:
         d6:0c:5b:76:a2:06:44:93:7f:2d:f7:1b:fb:4b:ef:c1:4a:51:
         e2:69:38:e2:ff:3b:e9:4c:6e:e5:8a:12:b0:e9:1a:42:f9:55:
         1a:93:26:85:37:3a:25:e2:9d:63:82:d8:ab:aa:d0:f8:2a:f6:
         9c:76:45:90:22:84:da:e9:3a:b8:dd:35:19:2a:35:1e:2d:ac:
         f4:e4:83:4e:4b:e1:f9:c4:f0:f0:49:53:e8:0f:90:e3:5b:1e:
         5a:6d:3c:35
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXYPtCeFhBR/MafHND7rH45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwMzI3MTUzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjNkMzEwODljMmQ2N2JhMGQ4ZDVjODQ2NTE4OTQ5N2JkM2IyZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4xjCv+rWuEI793i2gRur3JsqXEC
d9O0YwJrd/iboz0v+i/+/LJzs9ltmGgq7nt9LwDWGHDr4Rg8AhCUhxEQ6L29kXGO
HB76O5TnpvoAaFrvIgmNofDbRzCmDL8/A/+hSImFMscBk5TKGQcnuwGWF6O28ZBN
TBcc66mnFKseM/gNMKHaQJh5vXyFKVzofWzqkcBknRH2gdCuhHyl+ZLse6fPtmJZ
cE0FhdPxpteNM2Rc03XYdSUmgfl+xnjR5OiBShWrBfHtmNr4PGrJ6hHp4g7I9uNP
e+S3OjUsTwMJTABbsPrVscWaoCYIGGWQg71TxNtIaN6HcKbZx8TQdFM1EQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPs9MQicLWe6DY1chGUYlJe9Oy/1MB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvMS16MHhDSnd0WjdvTmpWeUVaUmlVbDcwN0xfVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGIvZjI1ZDdjLTY2NzctNGZkYi04OThlLWVlNzQ2NTc1NGZm
Ni8xL0VhQVEtSG9FbTI0aHEtMmJRSmc3QlBQeHgtZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF25pDAN
BgkqhkiG9w0BAQsFAAOCAQEAPdcjZHrSKqiuCxKMAisr0zq3x/yX+Mq5mW+boEnZ
BhIO4wIllOMjqXtB/WrUotb2FgEGuV/MunUfSyX11h94AYDC9i03BBXHrC5+c84Q
hIE6RJy08j9nR1lgQTiLTzZkRtFrAAYv5IX5q2FponfFjYox46ah/8AhDF1uy25H
0+prGo4X34Hj5KwQ6ba6hBNev+K9rDrctt675nKcogxLjPNh1gxbdqIGRJN/Lfcb
+0vvwUpR4mk44v876Uxu5YoSsOkaQvlVGpMmhTc6JeKdY4LYq6rQ+Cr2nHZFkCKE
2uk6uN01GSo1Hi2s9OSDTkvh+cTw8ElT6A+Q41seWm08NQ==
-----END CERTIFICATE-----