Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/_wocLw8I_D0bWM_gydbHP3YBnWM.roa
File:                     _wocLw8I_D0bWM_gydbHP3YBnWM.roa (raw, json)
Hash identifier:          ipZCy+v8LxPOj8oL+HxTUZYzmJcHqr9rYLmV463tU+U=
Subject key identifier:   FF:0A:1C:2F:0F:08:FC:3D:1B:58:CF:E0:C9:D6:C7:3F:76:01:9D:63
Certificate issuer:       /CN=61a14553cacf103274d433e6b268066e01541b25
Certificate serial:       019425FDE07EDCC9F6747358FDB7513FCFD9
Authority key identifier: 61:A1:45:53:CA:CF:10:32:74:D4:33:E6:B2:68:06:6E:01:54:1B:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/_wocLw8I_D0bWM_gydbHP3YBnWM.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201134
IP address blocks:        87.117.70.0/23 maxlen: 24
                          185.82.128.0/23 maxlen: 23
                          185.82.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e0:7e:dc:c9:f6:74:73:58:fd:b7:51:3f:cf:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61a14553cacf103274d433e6b268066e01541b25
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff0a1c2f0f08fc3d1b58cfe0c9d6c73f76019d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:29:67:e3:cc:22:db:7d:b8:9c:a9:33:c9:0d:
                    8f:2e:cf:3e:1d:14:3f:a1:7a:68:f2:3d:be:cc:f5:
                    e0:73:d2:d8:a8:7b:3f:56:98:57:c9:1b:79:ba:1f:
                    c1:91:16:2a:b2:b3:68:d5:d7:24:a3:08:67:cc:6f:
                    ea:e2:2b:8a:e9:57:8d:65:c8:9b:b4:1e:c7:1e:47:
                    ee:6f:5c:4b:0f:20:56:f4:c0:d3:6b:55:10:ce:c2:
                    2b:38:36:ee:8b:f0:8b:71:bd:67:9c:63:1c:c4:a2:
                    b5:ea:88:fa:18:64:f3:5c:f5:57:44:c1:d7:a7:18:
                    0b:85:c2:42:44:47:48:1d:90:9c:18:e4:03:d8:f4:
                    ab:28:4d:ef:e7:43:53:f7:16:d9:79:a8:0a:79:73:
                    9a:bb:7d:53:e2:df:1a:3f:bc:b6:69:4a:3f:72:1b:
                    8d:82:3f:8f:18:4f:d3:4e:c9:1e:b8:08:fe:71:bc:
                    e1:ea:17:6b:f6:ed:5f:12:05:91:ea:98:d2:a3:ea:
                    2a:9b:52:f7:ce:a2:5d:d1:77:db:84:c5:1b:15:19:
                    78:bc:48:de:73:d4:aa:b8:20:7e:af:a1:6c:ad:1f:
                    86:f0:97:5a:0c:59:06:d8:e3:87:64:c3:00:9a:12:
                    6f:2e:af:a4:24:c0:df:cc:3f:4d:08:aa:8c:15:d3:
                    9a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:0A:1C:2F:0F:08:FC:3D:1B:58:CF:E0:C9:D6:C7:3F:76:01:9D:63
            X509v3 Authority Key Identifier:
                keyid:61:A1:45:53:CA:CF:10:32:74:D4:33:E6:B2:68:06:6E:01:54:1B:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/_wocLw8I_D0bWM_gydbHP3YBnWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.117.70.0/23
                  185.82.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:01:00:52:7a:47:2c:18:0a:58:65:14:93:a8:ec:3d:9e:3e:
         0b:80:21:27:73:59:e5:a7:2b:30:db:71:4b:25:68:15:98:85:
         f0:05:1a:b1:e6:4e:b3:02:25:f1:30:56:a9:9e:e0:81:5f:5b:
         07:75:f9:b9:45:8d:90:e9:3f:a2:9b:02:04:37:16:5b:4c:bb:
         57:1a:1c:83:5e:7b:7b:b6:83:9d:12:5b:a0:69:86:b8:69:40:
         24:c1:16:45:8d:30:e4:40:a6:f5:94:65:db:02:21:1d:56:63:
         88:bc:e4:65:e8:25:3a:8d:96:6c:48:40:8a:29:4f:8d:ae:a7:
         2d:39:12:58:1d:eb:34:7c:23:6f:06:e9:03:b6:f5:fb:71:06:
         12:f6:c8:c1:96:97:c0:a0:c6:b0:5c:b7:47:64:87:98:34:fc:
         fa:83:8b:d4:63:05:3c:8c:75:1a:30:99:4a:ba:d6:8a:5f:34:
         86:e1:25:78:ed:47:4f:16:1c:96:3e:d4:a5:28:bf:15:a4:e5:
         52:b6:42:7a:2b:ff:3a:8b:b1:7a:2b:53:1f:91:58:26:48:bd:
         7b:47:bb:8c:32:77:54:1b:3f:4a:d0:cd:63:c6:df:ea:4d:f6:
         02:e5:62:84:e9:33:9f:b5:56:7c:9d:df:a2:46:e8:3a:51:21:
         63:1c:7c:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/eB+3Mn2dHNY/bdRP8/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYTE0NTUzY2FjZjEwMzI3NGQ0MzNlNmIyNjgwNjZlMDE1
NDFiMjUwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjBhMWMyZjBmMDhmYzNkMWI1OGNmZTBjOWQ2YzczZjc2MDE5ZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyln48wi2324nKkzyQ2PLs8+HRQ/
oXpo8j2+zPXgc9LYqHs/VphXyRt5uh/BkRYqsrNo1dckowhnzG/q4iuK6VeNZcib
tB7HHkfub1xLDyBW9MDTa1UQzsIrODbui/CLcb1nnGMcxKK16oj6GGTzXPVXRMHX
pxgLhcJCREdIHZCcGOQD2PSrKE3v50NT9xbZeagKeXOau31T4t8aP7y2aUo/chuN
gj+PGE/TTskeuAj+cbzh6hdr9u1fEgWR6pjSo+oqm1L3zqJd0XfbhMUbFRl4vEje
c9SquCB+r6FsrR+G8JdaDFkG2OOHZMMAmhJvLq+kJMDfzD9NCKqMFdOauwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP8KHC8PCPw9G1jP4MnWxz92AZ1jMB8GA1UdIwQY
MBaAFGGhRVPKzxAydNQz5rJoBm4BVBslMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFGRlU4clBFREowMURQbXNtZ0diZ0ZVR3lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZGQwNTEtZTJlNy00OTZjLWE5ZDAt
ZmEyNjZiYjcyZjczLzEvX3dvY0x3OElfRDBiV01fZ3lkYkhQM1lCbldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZGQwNTEtZTJlNy00OTZjLWE5ZDAtZmEyNjZiYjcyZjcz
LzEvWWFGRlU4clBFREowMURQbXNtZ0diZ0ZVR3lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV3VGAwQC
uVKAMA0GCSqGSIb3DQEBCwUAA4IBAQBDAQBSekcsGApYZRSTqOw9nj4LgCEnc1nl
pysw23FLJWgVmIXwBRqx5k6zAiXxMFapnuCBX1sHdfm5RY2Q6T+imwIENxZbTLtX
GhyDXnt7toOdElugaYa4aUAkwRZFjTDkQKb1lGXbAiEdVmOIvORl6CU6jZZsSECK
KU+NrqctORJYHes0fCNvBukDtvX7cQYS9sjBlpfAoMawXLdHZIeYNPz6g4vUYwU8
jHUaMJlKutaKXzSG4SV47UdPFhyWPtSlKL8VpOVStkJ6K/86i7F6K1MfkVgmSL17
R7uMMndUGz9K0M1jxt/qTfYC5WKE6TOftVZ8nd+iRug6USFjHHwQ
-----END CERTIFICATE-----