Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/ZTPqCUD63V4eQMXnLn6AnTQCitU.roa
File:                     ZTPqCUD63V4eQMXnLn6AnTQCitU.roa (raw, json)
Hash identifier:          ywlhEvz+62iFTUdrK6be6oxB9Yvs+N63Zrh3s7mdFzs=
Subject key identifier:   65:33:EA:09:40:FA:DD:5E:1E:40:C5:E7:2E:7E:80:9D:34:02:8A:D5
Certificate issuer:       /CN=363548ed4628966248204c2fe69065f0d7b527a3
Certificate serial:       01941FFA2C234B826C7E9449C74C7ADDEEBC
Authority key identifier: 36:35:48:ED:46:28:96:62:48:20:4C:2F:E6:90:65:F0:D7:B5:27:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/ZTPqCUD63V4eQMXnLn6AnTQCitU.roa
Signing time:             Wed 01 Jan 2025 03:47:56 +0000
ROA not before:           Wed 01 Jan 2025 03:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202523
IP address blocks:        185.91.240.0/22 maxlen: 22
                          2a05:ee80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2c:23:4b:82:6c:7e:94:49:c7:4c:7a:dd:ee:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363548ed4628966248204c2fe69065f0d7b527a3
        Validity
            Not Before: Jan  1 03:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6533ea0940fadd5e1e40c5e72e7e809d34028ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:91:0d:af:61:90:dc:bd:e7:ff:58:c3:d4:a3:
                    6d:10:c5:8a:6d:52:09:05:3b:ad:15:4b:a7:61:ed:
                    45:ee:6a:09:11:bc:99:8d:d0:71:23:04:77:71:85:
                    81:80:a3:65:28:e3:bc:17:14:bd:2f:4f:84:92:ff:
                    ee:1f:14:b6:87:87:61:4b:db:b2:e0:22:97:c3:77:
                    1a:ac:5d:b1:2b:6c:25:31:dd:1c:d9:e3:bf:cc:3d:
                    fc:9b:30:24:fc:93:f6:85:10:ae:74:d0:c2:70:c9:
                    48:8b:b3:01:7a:4b:a9:ef:54:df:06:3e:4a:4a:c4:
                    00:6c:9a:76:3e:21:69:3f:dc:07:ee:90:17:85:01:
                    e1:14:dd:c9:be:94:6e:d9:f6:32:8d:f9:2f:3c:30:
                    4f:3d:c1:1d:1b:78:ec:b5:be:b1:97:69:7e:5b:5d:
                    3d:6d:52:76:e6:a2:f3:3f:09:d4:23:aa:d9:ac:be:
                    a2:34:ea:44:32:35:1c:67:00:12:2f:82:1a:12:37:
                    d5:f2:0f:d1:7e:48:0b:76:e8:9c:55:b5:63:44:4f:
                    a0:ff:be:22:22:e6:e5:48:5d:50:17:06:34:99:55:
                    31:89:7d:ea:5c:cb:1c:15:90:e6:87:a7:d7:5f:29:
                    1b:03:c3:8b:94:a1:fa:31:cd:64:67:12:33:88:37:
                    13:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:33:EA:09:40:FA:DD:5E:1E:40:C5:E7:2E:7E:80:9D:34:02:8A:D5
            X509v3 Authority Key Identifier:
                keyid:36:35:48:ED:46:28:96:62:48:20:4C:2F:E6:90:65:F0:D7:B5:27:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NjVI7UYolmJIIEwv5pBl8Ne1J6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/ZTPqCUD63V4eQMXnLn6AnTQCitU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/55dc83-2707-4917-b63f-95c4e94ad0a9/1/NjVI7UYolmJIIEwv5pBl8Ne1J6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.240.0/22
                IPv6:
                  2a05:ee80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d4:1a:51:37:06:0b:20:1c:d0:8e:4e:18:9c:49:49:19:85:ad:
         21:98:f8:bd:5f:dc:21:36:4e:7b:08:58:8a:53:52:6b:ab:86:
         26:86:9b:37:14:36:ab:4f:e4:31:a7:77:fa:88:b6:d4:06:2c:
         4f:ff:aa:28:17:1d:91:36:57:04:29:a0:45:df:84:98:a4:4c:
         99:66:c6:00:6d:81:8f:f8:77:26:09:da:70:4d:1f:ca:e2:36:
         79:11:1d:90:a9:ba:9a:bc:dc:ea:e6:fc:1b:e9:fa:08:22:1e:
         cb:cc:57:e7:cc:14:e9:da:dd:58:ec:b3:df:a5:72:d5:be:a4:
         41:12:0a:0a:55:39:05:c7:4d:5b:8e:89:d3:6f:14:b6:c0:9b:
         ba:67:59:e0:4e:10:48:98:be:1c:14:7c:81:92:c6:7f:94:54:
         5a:cb:3a:0a:35:d7:ee:29:b7:cf:ce:12:61:15:af:10:b3:de:
         09:fe:70:45:76:47:23:de:dc:25:5b:da:1b:a1:b2:16:f3:4d:
         79:ec:2c:6d:08:7b:b5:7a:f4:22:68:35:6c:30:7e:36:1a:70:
         de:ed:0f:e5:a8:01:54:73:08:97:67:cf:a6:f0:2c:e1:95:3b:
         a7:d6:1d:23:17:98:99:21:7d:f2:3a:03:b4:83:69:3e:47:ef:
         a3:18:f3:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+iwjS4JsfpRJx0x63e68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MzU0OGVkNDYyODk2NjI0ODIwNGMyZmU2OTA2NWYwZDdi
NTI3YTMwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTMzZWEwOTQwZmFkZDVlMWU0MGM1ZTcyZTdlODA5ZDM0MDI4YWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JENr2GQ3L3n/1jD1KNtEMWKbVIJ
BTutFUunYe1F7moJEbyZjdBxIwR3cYWBgKNlKOO8FxS9L0+Ekv/uHxS2h4dhS9uy
4CKXw3carF2xK2wlMd0c2eO/zD38mzAk/JP2hRCudNDCcMlIi7MBekup71TfBj5K
SsQAbJp2PiFpP9wH7pAXhQHhFN3JvpRu2fYyjfkvPDBPPcEdG3jstb6xl2l+W109
bVJ25qLzPwnUI6rZrL6iNOpEMjUcZwASL4IaEjfV8g/RfkgLduicVbVjRE+g/74i
IublSF1QFwY0mVUxiX3qXMscFZDmh6fXXykbA8OLlKH6Mc1kZxIziDcTpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGUz6glA+t1eHkDF5y5+gJ00AorVMB8GA1UdIwQY
MBaAFDY1SO1GKJZiSCBML+aQZfDXtSejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpWSTdVWW9sbUpJSUV3djVwQmw4TmUxSjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NWRjODMtMjcwNy00OTE3LWI2M2Yt
OTVjNGU5NGFkMGE5LzEvWlRQcUNVRDYzVjRlUU1YbkxuNkFuVFFDaXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NWRjODMtMjcwNy00OTE3LWI2M2YtOTVjNGU5NGFkMGE5
LzEvTmpWSTdVWW9sbUpJSUV3djVwQmw4TmUxSjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVvwMA0E
AgACMAcDBQMqBe6AMA0GCSqGSIb3DQEBCwUAA4IBAQDUGlE3BgsgHNCOThicSUkZ
ha0hmPi9X9whNk57CFiKU1Jrq4Ymhps3FDarT+Qxp3f6iLbUBixP/6ooFx2RNlcE
KaBF34SYpEyZZsYAbYGP+HcmCdpwTR/K4jZ5ER2QqbqavNzq5vwb6foIIh7LzFfn
zBTp2t1Y7LPfpXLVvqRBEgoKVTkFx01bjonTbxS2wJu6Z1ngThBImL4cFHyBksZ/
lFRayzoKNdfuKbfPzhJhFa8Qs94J/nBFdkcj3twlW9obobIW80157CxtCHu1evQi
aDVsMH42GnDe7Q/lqAFUcwiXZ8+m8CzhlTun1h0jF5iZIX3yOgO0g2k+R++jGPOY
-----END CERTIFICATE-----