Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/gzJT4-cX5kiA_JxRqpqJmyeN7rM.roa
File:                     gzJT4-cX5kiA_JxRqpqJmyeN7rM.roa (raw, json)
Hash identifier:          j7soth2EwPp+uzVpjpNq3DRnu+ZloTBjkFjkTsLwX1c=
Subject key identifier:   83:32:53:E3:E7:17:E6:48:80:FC:9C:51:AA:9A:89:9B:27:8D:EE:B3
Certificate issuer:       /CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
Certificate serial:       0194274724F29C062ABA12FC5359204CBA98
Authority key identifier: 2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/gzJT4-cX5kiA_JxRqpqJmyeN7rM.roa
Signing time:             Thu 02 Jan 2025 13:49:21 +0000
ROA not before:           Thu 02 Jan 2025 13:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        176.67.184.0/21 maxlen: 24
                          185.125.80.0/22 maxlen: 24
                          2a06:b740::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:24:f2:9c:06:2a:ba:12:fc:53:59:20:4c:ba:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e249793e5924a9f25f3a0a8dd994b374eb937d2
        Validity
            Not Before: Jan  2 13:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=833253e3e717e64880fc9c51aa9a899b278deeb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:25:50:b9:1a:87:a0:ac:7b:59:69:d2:62:
                    11:e6:98:10:b3:4b:7b:98:75:f2:a5:5a:03:4d:bb:
                    7b:dd:e9:d0:49:7d:2f:dd:d8:e8:d9:86:61:fa:e2:
                    3f:15:2c:ef:b8:a5:9b:05:d9:e5:90:8a:df:17:60:
                    8a:85:34:77:52:3b:2d:c5:ec:7a:6c:84:de:99:c3:
                    14:85:2a:92:ba:c4:82:96:5f:85:5b:b8:7d:ce:7d:
                    c4:53:18:91:d9:a4:72:27:8c:44:6d:b1:6f:c7:50:
                    44:9a:47:ad:3d:af:3d:90:8e:ee:ca:c4:ac:e2:fd:
                    fe:fe:c1:6e:19:f9:f0:92:a4:2e:3a:81:58:99:eb:
                    89:bd:f9:66:9c:26:77:9b:34:7e:04:b0:5d:04:ca:
                    5b:ac:f6:44:42:dd:9f:56:4a:48:02:9e:22:b1:c5:
                    be:f2:90:61:11:7a:5d:38:60:1c:3c:c9:ce:98:31:
                    4b:f0:91:2b:d7:af:67:1f:cc:fb:52:4e:a6:df:fb:
                    e9:78:07:f4:aa:f0:c3:14:d2:b6:07:2a:97:bf:a1:
                    59:e3:73:e7:bf:07:aa:ec:db:f9:bf:a0:d2:05:0b:
                    ef:92:84:fd:dd:ea:00:d2:1c:fa:45:57:d4:e6:9c:
                    5b:e9:4f:68:85:67:6b:06:85:78:22:24:34:86:f4:
                    ba:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:32:53:E3:E7:17:E6:48:80:FC:9C:51:AA:9A:89:9B:27:8D:EE:B3
            X509v3 Authority Key Identifier:
                keyid:2E:24:97:93:E5:92:4A:9F:25:F3:A0:A8:DD:99:4B:37:4E:B9:37:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiSXk-WSSp8l86Co3ZlLN065N9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/gzJT4-cX5kiA_JxRqpqJmyeN7rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/bfbc8e-eab5-4f20-8eea-96bf143eb452/1/LiSXk-WSSp8l86Co3ZlLN065N9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.184.0/21
                  185.125.80.0/22
                IPv6:
                  2a06:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:e4:77:e8:dd:4c:b4:44:b8:24:6e:11:aa:63:3b:11:fb:a2:
         97:38:99:16:15:27:f0:6a:46:5c:75:2c:4a:f6:c7:ea:6e:f3:
         93:10:03:42:d0:b8:bc:4d:f3:2e:f2:8d:ee:2e:23:e4:7e:fa:
         20:ee:f4:71:08:1e:67:8c:c9:ed:bb:e9:67:6d:b4:92:e3:e3:
         37:c1:51:a6:22:b4:a1:ff:cf:92:6b:01:9a:da:7f:12:5d:5b:
         fa:9c:0d:8a:e0:1c:cc:61:39:35:98:8c:89:85:c0:58:70:c2:
         88:6f:4d:c4:9f:39:05:ff:a3:f2:3c:a0:88:d3:5d:30:e0:26:
         a0:59:51:6f:d5:ca:f4:23:a8:32:8a:9b:0f:2c:c2:a7:30:64:
         b4:08:a6:57:f2:fd:ab:69:97:e4:f2:7a:21:0c:c0:0d:d6:fa:
         04:00:66:46:d5:7e:cf:75:82:3f:7f:b9:5e:db:c3:2a:0a:d1:
         2f:14:d7:56:8a:67:b9:a1:63:45:ee:2a:b1:e8:99:1d:6c:cd:
         89:59:f0:3d:1c:03:27:e0:9a:e9:17:e5:75:7d:af:7e:43:c2:
         1b:cb:60:9b:79:96:d5:1a:4c:34:98:8f:36:24:dd:c8:6e:80:
         8e:5d:b4:1e:ec:c9:88:98:7f:56:1c:6a:ca:42:fa:48:ba:aa:
         fb:9e:d6:05
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnRyTynAYquhL8U1kgTLqYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjQ5NzkzZTU5MjRhOWYyNWYzYTBhOGRkOTk0YjM3NGVi
OTM3ZDIwHhcNMjUwMTAyMTM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzMyNTNlM2U3MTdlNjQ4ODBmYzljNTFhYTlhODk5YjI3OGRlZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQolULkah6Cse1lp0mIR5pgQs0t7
mHXypVoDTbt73enQSX0v3djo2YZh+uI/FSzvuKWbBdnlkIrfF2CKhTR3Ujstxex6
bITemcMUhSqSusSCll+FW7h9zn3EUxiR2aRyJ4xEbbFvx1BEmketPa89kI7uysSs
4v3+/sFuGfnwkqQuOoFYmeuJvflmnCZ3mzR+BLBdBMpbrPZEQt2fVkpIAp4iscW+
8pBhEXpdOGAcPMnOmDFL8JEr169nH8z7Uk6m3/vpeAf0qvDDFNK2ByqXv6FZ43Pn
vweq7Nv5v6DSBQvvkoT93eoA0hz6RVfU5pxb6U9ohWdrBoV4IiQ0hvS6TwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIMyU+PnF+ZIgPycUaqaiZsnje6zMB8GA1UdIwQY
MBaAFC4kl5PlkkqfJfOgqN2ZSzdOuTfSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEt
OTZiZjE0M2ViNDUyLzEvZ3pKVDQtY1g1a2lBX0p4UnFwcUpteWVON3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iZmJjOGUtZWFiNS00ZjIwLThlZWEtOTZiZjE0M2ViNDUy
LzEvTGlTWGstV1NTcDhsODZDbzNabExOMDY1TjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsEO4AwQC
uX1QMA0EAgACMAcDBQMqBrdAMA0GCSqGSIb3DQEBCwUAA4IBAQB95Hfo3Uy0RLgk
bhGqYzsR+6KXOJkWFSfwakZcdSxK9sfqbvOTEANC0Li8TfMu8o3uLiPkfvog7vRx
CB5njMntu+lnbbSS4+M3wVGmIrSh/8+SawGa2n8SXVv6nA2K4BzMYTk1mIyJhcBY
cMKIb03EnzkF/6PyPKCI010w4CagWVFv1cr0I6gyipsPLMKnMGS0CKZX8v2raZfk
8nohDMAN1voEAGZG1X7PdYI/f7le28MqCtEvFNdWime5oWNF7iqx6JkdbM2JWfA9
HAMn4JrpF+V1fa9+Q8Iby2CbeZbVGkw0mI82JN3IboCOXbQe7MmImH9WHGrKQvpI
uqr7ntYF
-----END CERTIFICATE-----