Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_alLeSMyFeOSYRylepCQtaDF1fI.roa
File:                     _alLeSMyFeOSYRylepCQtaDF1fI.roa (raw, json)
Hash identifier:          aMx7tVjw6BkgPSjo4TQBKsmi+jznMbKikfQx7cySsrI=
Subject key identifier:   FD:A9:4B:79:23:32:15:E3:92:61:1C:A5:7A:90:90:B5:A0:C5:D5:F2
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0196CA81DD76CCCA2A1D745B09B484D0DCE2
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_alLeSMyFeOSYRylepCQtaDF1fI.roa
Signing time:             Tue 13 May 2025 16:37:10 +0000
ROA not before:           Tue 13 May 2025 16:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22411
IP address blocks:        185.241.122.0/24 maxlen: 24
                          185.241.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ca:81:dd:76:cc:ca:2a:1d:74:5b:09:b4:84:d0:dc:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 13 16:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fda94b79233215e392611ca57a9090b5a0c5d5f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e8:a4:a6:77:b8:af:df:cd:41:fa:81:30:8c:
                    de:e5:a5:ad:3e:4e:d7:8a:1f:af:5c:a0:84:f9:f7:
                    be:33:0e:89:c6:b2:ac:32:d8:28:8f:47:90:aa:11:
                    eb:04:fc:6e:d8:3d:d6:f2:f2:d3:2c:09:75:67:9a:
                    63:1e:34:ec:d3:8b:4d:49:02:dd:3a:9f:58:eb:f4:
                    28:0c:10:2f:7a:cd:73:c6:09:14:da:4e:41:03:95:
                    3b:c7:d4:b6:dc:02:00:82:9b:db:34:2f:78:71:3d:
                    ad:12:14:f0:57:ea:c0:92:98:66:3b:d0:63:95:a7:
                    5b:a3:c7:1e:ce:fe:14:d0:a0:fd:b9:f4:b2:ff:b4:
                    f4:fb:82:09:22:f5:23:1d:9d:51:4c:3d:f1:b6:6f:
                    49:28:c7:91:c3:44:ff:77:81:0a:53:75:8b:34:3e:
                    88:da:c1:1d:b4:d1:7b:5b:e2:87:94:75:56:8f:a7:
                    f7:0a:50:78:f5:95:b3:c5:9b:62:87:83:0a:67:8d:
                    7f:4a:3c:52:21:19:ab:66:ce:63:e7:28:27:b0:29:
                    28:68:a4:29:56:62:4b:0d:04:36:82:d5:ce:fe:04:
                    b4:bd:a4:90:60:36:b0:53:31:6f:ef:13:40:67:7d:
                    af:2f:f4:22:13:db:b7:ea:68:4a:d1:8a:de:89:f4:
                    3d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A9:4B:79:23:32:15:E3:92:61:1C:A5:7A:90:90:B5:A0:C5:D5:F2
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/_alLeSMyFeOSYRylepCQtaDF1fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:54:52:54:07:c0:e4:44:b8:e2:bb:9a:dc:e2:e2:d3:55:c7:
         81:61:c9:10:c2:b8:31:a5:b7:50:70:a7:03:ed:48:c6:c0:69:
         9b:29:f8:f5:68:3a:0f:3d:b2:2a:08:5e:08:3f:13:c8:40:d8:
         c8:b6:fc:59:01:37:5a:cd:26:96:b5:8f:19:5f:9e:e9:43:c7:
         f7:66:98:30:85:42:c0:57:f0:37:81:ba:5f:32:29:d7:d8:f2:
         62:37:78:b7:be:cd:ae:c8:c1:bb:f7:29:b8:6f:91:4e:f0:75:
         1d:fd:d1:e5:78:e5:cf:7e:58:33:03:61:a3:5c:1f:57:c0:14:
         2a:b2:1e:55:3f:90:c3:63:ce:ea:0b:75:23:f8:13:dd:f5:31:
         d9:15:87:02:a0:37:64:cf:eb:24:2d:d8:96:b8:83:b8:6b:78:
         af:d8:4c:a1:bf:32:ef:1f:26:69:3a:3b:11:01:3c:8b:0c:6f:
         ac:9b:07:50:82:3e:3d:4e:e0:87:17:34:71:5b:39:67:81:54:
         eb:de:1c:78:0d:43:ab:aa:53:19:93:59:76:47:2f:51:e1:e6:
         da:43:64:f7:40:9c:9d:ed:34:ae:11:8d:81:45:89:e1:dc:c4:
         45:8c:6d:c1:9a:18:1d:15:fa:0c:d6:18:af:c7:5f:fe:26:83:
         b3:99:bf:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbKgd12zMoqHXRbCbSE0NziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTEzMTYzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGE5NGI3OTIzMzIxNWUzOTI2MTFjYTU3YTkwOTBiNWEwYzVkNWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeikpne4r9/NQfqBMIze5aWtPk7X
ih+vXKCE+fe+Mw6JxrKsMtgoj0eQqhHrBPxu2D3W8vLTLAl1Z5pjHjTs04tNSQLd
Op9Y6/QoDBAves1zxgkU2k5BA5U7x9S23AIAgpvbNC94cT2tEhTwV+rAkphmO9Bj
ladbo8cezv4U0KD9ufSy/7T0+4IJIvUjHZ1RTD3xtm9JKMeRw0T/d4EKU3WLND6I
2sEdtNF7W+KHlHVWj6f3ClB49ZWzxZtih4MKZ41/SjxSIRmrZs5j5ygnsCkoaKQp
VmJLDQQ2gtXO/gS0vaSQYDawUzFv7xNAZ32vL/QiE9u36mhK0YreifQ9NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2pS3kjMhXjkmEcpXqQkLWgxdXyMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvX2FsTGVTTXlGZU9TWVJ5bGVwQ1F0YURGMWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufF6MA0G
CSqGSIb3DQEBCwUAA4IBAQBRVFJUB8DkRLjiu5rc4uLTVceBYckQwrgxpbdQcKcD
7UjGwGmbKfj1aDoPPbIqCF4IPxPIQNjItvxZATdazSaWtY8ZX57pQ8f3ZpgwhULA
V/A3gbpfMinX2PJiN3i3vs2uyMG79ym4b5FO8HUd/dHleOXPflgzA2GjXB9XwBQq
sh5VP5DDY87qC3Uj+BPd9THZFYcCoDdkz+skLdiWuIO4a3iv2EyhvzLvHyZpOjsR
ATyLDG+smwdQgj49TuCHFzRxWzlngVTr3hx4DUOrqlMZk1l2Ry9R4ebaQ2T3QJyd
7TSuEY2BRYnh3MRFjG3BmhgdFfoM1hivx1/+JoOzmb+7
-----END CERTIFICATE-----