Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/kkbkneQp8_KK9yf7ChBaOtn_cSA.roa
File:                     kkbkneQp8_KK9yf7ChBaOtn_cSA.roa (raw, json)
Hash identifier:          Qpn/FJmMHx//Lpp7ZAEry0BMPvCWAvPdPrcYi/nQE2g=
Subject key identifier:   92:46:E4:9D:E4:29:F3:F2:8A:F7:27:FB:0A:10:5A:3A:D9:FF:71:20
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       0194FA3EFE12090597147FD39024E5EE1970
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/kkbkneQp8_KK9yf7ChBaOtn_cSA.roa
Signing time:             Wed 12 Feb 2025 13:00:19 +0000
ROA not before:           Wed 12 Feb 2025 13:00:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.101.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:3e:fe:12:09:05:97:14:7f:d3:90:24:e5:ee:19:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Feb 12 13:00:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9246e49de429f3f28af727fb0a105a3ad9ff7120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7c:3d:84:1f:36:d7:b7:b0:a3:fe:03:b8:b9:
                    b7:2f:4a:44:31:f1:a9:39:c7:40:db:06:77:d5:d4:
                    64:a9:5b:ac:f4:f3:ea:a1:07:b3:fe:77:85:0f:3b:
                    8e:ce:25:da:8f:4f:eb:db:3a:55:ee:2d:5c:35:ce:
                    13:d0:b8:79:b4:74:c0:9f:0f:44:97:4f:db:af:0d:
                    46:eb:76:0e:1b:13:bb:c1:4c:d5:c0:b9:c7:96:14:
                    19:e5:71:67:29:f8:2d:03:ef:f9:2f:a5:3e:1b:76:
                    23:5c:34:65:1e:6b:51:ca:34:37:66:68:87:4c:e0:
                    62:a3:63:ab:75:96:35:dc:b3:f5:8b:47:ea:bf:6e:
                    ed:10:cb:9b:da:e2:3d:e8:49:91:2c:d8:06:35:e8:
                    29:91:b5:3f:65:f9:92:d0:72:6a:4c:00:7e:0e:ae:
                    3f:ef:4e:33:d0:ee:e4:43:76:fc:17:99:fb:c2:d3:
                    c3:cc:17:52:57:53:dd:91:4c:a8:c8:6d:59:a0:9f:
                    ce:ab:92:4b:49:04:46:10:50:c4:20:a0:a5:61:d2:
                    c4:22:92:e5:c8:43:93:d6:f6:39:64:ea:b6:3e:d3:
                    d9:9a:0f:42:08:e7:fa:6c:b9:73:8e:5b:79:0e:a2:
                    99:66:40:7d:61:36:fc:a6:ca:11:25:d5:c4:0d:3b:
                    4e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:46:E4:9D:E4:29:F3:F2:8A:F7:27:FB:0A:10:5A:3A:D9:FF:71:20
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/kkbkneQp8_KK9yf7ChBaOtn_cSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:1e:5f:20:e5:9d:5b:3f:34:28:ea:02:f7:20:07:02:9e:6d:
         ac:4e:6e:9b:3f:6b:02:d8:d8:21:61:ba:99:04:56:0f:62:d6:
         d7:af:c4:5c:97:a5:3a:33:7c:14:3b:86:f1:0b:fe:6d:60:cd:
         8c:0c:cb:e9:10:a7:45:66:2f:d4:13:cb:80:85:b9:98:6e:06:
         88:ac:3c:38:86:97:dd:39:ce:7b:54:19:b9:e4:d9:96:c5:c8:
         3f:1d:2a:a8:2e:71:1a:40:9a:5b:b4:1f:ee:0c:28:a4:6e:38:
         ef:6e:03:39:6c:b9:b5:7b:61:0c:9e:ca:69:6f:7e:67:fe:6b:
         e5:ed:73:b8:41:13:06:7b:3d:5c:ca:ec:96:58:22:b4:26:19:
         3d:8f:62:84:f5:41:69:9b:97:21:af:16:f1:2e:df:08:7f:81:
         01:fb:48:a1:fa:64:23:28:fe:a3:91:68:03:f3:1f:99:d5:61:
         be:8e:38:a4:c6:53:18:f1:b4:47:d9:c2:24:ba:93:3b:bb:87:
         18:b4:97:41:cf:5c:e4:66:c4:5b:f4:7b:40:7c:94:e7:f6:93:
         d9:ca:15:57:38:1f:99:cf:e1:57:d0:25:31:06:3c:a9:44:9f:
         b5:6f:12:5e:fa:b6:ba:45:17:63:b2:22:66:2b:c0:39:20:99:
         d3:fc:4a:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT6Pv4SCQWXFH/TkCTl7hlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjUwMjEyMTMwMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ2ZTQ5ZGU0MjlmM2YyOGFmNzI3ZmIwYTEwNWEzYWQ5ZmY3MTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Xw9hB8217ewo/4DuLm3L0pEMfGp
OcdA2wZ31dRkqVus9PPqoQez/neFDzuOziXaj0/r2zpV7i1cNc4T0Lh5tHTAnw9E
l0/brw1G63YOGxO7wUzVwLnHlhQZ5XFnKfgtA+/5L6U+G3YjXDRlHmtRyjQ3ZmiH
TOBio2OrdZY13LP1i0fqv27tEMub2uI96EmRLNgGNegpkbU/ZfmS0HJqTAB+Dq4/
704z0O7kQ3b8F5n7wtPDzBdSV1PdkUyoyG1ZoJ/Oq5JLSQRGEFDEIKClYdLEIpLl
yEOT1vY5ZOq2PtPZmg9CCOf6bLlzjlt5DqKZZkB9YTb8psoRJdXEDTtOjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJG5J3kKfPyivcn+woQWjrZ/3EgMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEva2tia25lUXA4X0tLOXlmN0NoQmFPdG5fY1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWWoMA0G
CSqGSIb3DQEBCwUAA4IBAQCmHl8g5Z1bPzQo6gL3IAcCnm2sTm6bP2sC2NghYbqZ
BFYPYtbXr8Rcl6U6M3wUO4bxC/5tYM2MDMvpEKdFZi/UE8uAhbmYbgaIrDw4hpfd
Oc57VBm55NmWxcg/HSqoLnEaQJpbtB/uDCikbjjvbgM5bLm1e2EMnsppb35n/mvl
7XO4QRMGez1cyuyWWCK0Jhk9j2KE9UFpm5chrxbxLt8If4EB+0ih+mQjKP6jkWgD
8x+Z1WG+jjikxlMY8bRH2cIkupM7u4cYtJdBz1zkZsRb9HtAfJTn9pPZyhVXOB+Z
z+FX0CUxBjypRJ+1bxJe+ra6RRdjsiJmK8A5IJnT/Epm
-----END CERTIFICATE-----