Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/vALZjp3Y_8vzqJPszimC3tG6CYA.roa
File:                     vALZjp3Y_8vzqJPszimC3tG6CYA.roa (raw, json)
Hash identifier:          3a6oqJrQjy+G/zx4bhAzAt1DS1UwmeP3dtTyF2RbQKI=
Subject key identifier:   BC:02:D9:8E:9D:D8:FF:CB:F3:A8:93:EC:CE:29:82:DE:D1:BA:09:80
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0194222008E50911706D915910A4CF7C2479
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/vALZjp3Y_8vzqJPszimC3tG6CYA.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215439
IP address blocks:        212.80.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:08:e5:09:11:70:6d:91:59:10:a4:cf:7c:24:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc02d98e9dd8ffcbf3a893ecce2982ded1ba0980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:63:04:d5:2d:f5:97:0b:f7:ed:73:7c:c2:8f:
                    c3:30:16:ad:9e:2c:82:1a:7a:89:36:f0:f9:27:0d:
                    37:3e:3a:3f:eb:85:7b:74:94:45:8f:36:12:21:e4:
                    21:24:89:af:5c:52:1b:07:35:7c:5f:d4:e3:47:4e:
                    36:92:0e:3d:1e:e2:86:d9:2f:73:88:82:06:9c:a6:
                    e6:24:86:63:7f:9c:ab:03:74:b3:d1:76:ec:97:22:
                    e1:68:a1:e9:7e:9f:21:7b:22:af:c6:e0:dc:64:99:
                    82:7d:0a:61:94:9a:83:e8:d1:82:7c:68:d7:63:48:
                    e4:4f:4a:48:4d:2b:f9:79:5e:56:e9:85:43:f9:c1:
                    3e:1d:b6:9a:15:fc:00:0a:08:b4:99:cd:c2:4e:25:
                    46:73:15:cc:29:9b:bd:3a:18:ee:88:bd:5b:29:6d:
                    b5:3a:6d:60:68:90:b1:f5:a8:83:4d:72:dc:d1:59:
                    12:cd:f1:00:f5:d4:e8:27:24:90:f5:6a:38:4d:e4:
                    29:d8:f8:8f:69:81:cc:e9:4d:3b:fb:ed:23:8f:7f:
                    c3:96:54:37:6d:0e:83:96:27:94:be:f2:1f:91:13:
                    46:4c:c2:74:b8:9f:91:2d:eb:8d:91:2f:95:81:cb:
                    fb:49:60:89:49:58:6a:98:59:67:2c:17:f5:45:f4:
                    1c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:02:D9:8E:9D:D8:FF:CB:F3:A8:93:EC:CE:29:82:DE:D1:BA:09:80
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/vALZjp3Y_8vzqJPszimC3tG6CYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:36:a6:5d:fe:6f:88:14:35:59:c6:2e:a6:a9:7e:0e:07:8e:
         b7:e7:35:9d:27:75:fd:75:a0:e1:74:b0:bb:6f:34:3b:32:09:
         07:42:80:4d:3e:9b:8c:45:e6:36:ec:59:be:34:4d:8c:78:42:
         d6:a7:39:2c:0d:9d:27:5b:da:43:15:7b:bf:ab:04:8d:78:db:
         e2:d8:17:6c:b6:02:03:70:e2:15:bb:10:ce:2d:9a:e4:7b:5c:
         67:9c:b9:de:98:5b:f8:b7:32:1d:55:f1:4e:03:27:cb:00:fd:
         1e:3e:51:7c:99:f9:1c:3a:23:0e:0f:84:a4:b5:90:84:cb:3f:
         88:ea:4d:a4:0c:a7:a4:95:68:b0:c1:38:df:40:15:a7:30:0a:
         f3:3b:b7:3a:88:79:2a:38:ed:44:df:79:66:23:7b:4a:75:f2:
         f8:63:1b:55:08:b0:9e:5b:4e:92:b6:42:60:f4:d0:6e:32:84:
         18:19:ce:4c:8b:44:cc:a1:3e:4b:a7:7f:09:60:96:da:d2:5f:
         e0:ea:42:f2:d3:9c:33:66:36:09:13:df:40:f6:52:0a:40:2a:
         06:f3:03:a0:1b:4a:86:f8:d3:e6:53:06:96:55:3f:90:27:9b:
         02:f4:4e:e5:31:c0:9a:01:23:77:8b:a2:fb:94:c0:16:71:9c:
         dc:d6:48:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAjlCRFwbZFZEKTPfCR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAyZDk4ZTlkZDhmZmNiZjNhODkzZWNjZTI5ODJkZWQxYmEwOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42ME1S31lwv37XN8wo/DMBatniyC
GnqJNvD5Jw03Pjo/64V7dJRFjzYSIeQhJImvXFIbBzV8X9TjR042kg49HuKG2S9z
iIIGnKbmJIZjf5yrA3Sz0XbslyLhaKHpfp8heyKvxuDcZJmCfQphlJqD6NGCfGjX
Y0jkT0pITSv5eV5W6YVD+cE+HbaaFfwACgi0mc3CTiVGcxXMKZu9OhjuiL1bKW21
Om1gaJCx9aiDTXLc0VkSzfEA9dToJySQ9Wo4TeQp2PiPaYHM6U07++0jj3/DllQ3
bQ6DlieUvvIfkRNGTMJ0uJ+RLeuNkS+Vgcv7SWCJSVhqmFlnLBf1RfQc3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwC2Y6d2P/L86iT7M4pgt7RugmAMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvdkFMWmpwM1lfOHZ6cUpQc3ppbUMzdEc2Q1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAHMA0G
CSqGSIb3DQEBCwUAA4IBAQAqNqZd/m+IFDVZxi6mqX4OB4635zWdJ3X9daDhdLC7
bzQ7MgkHQoBNPpuMReY27Fm+NE2MeELWpzksDZ0nW9pDFXu/qwSNeNvi2BdstgID
cOIVuxDOLZrke1xnnLnemFv4tzIdVfFOAyfLAP0ePlF8mfkcOiMOD4SktZCEyz+I
6k2kDKeklWiwwTjfQBWnMArzO7c6iHkqOO1E33lmI3tKdfL4YxtVCLCeW06StkJg
9NBuMoQYGc5Mi0TMoT5Lp38JYJba0l/g6kLy05wzZjYJE99A9lIKQCoG8wOgG0qG
+NPmUwaWVT+QJ5sC9E7lMcCaASN3i6L7lMAWcZzc1khS
-----END CERTIFICATE-----