Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zpTtVVdLBNfcGNr0p4n76eHMS2E.roa
File:                     zpTtVVdLBNfcGNr0p4n76eHMS2E.roa (raw, json)
Hash identifier:          lxLymhvuikxs06xWjggwNFu/T4/gsVrfeCideW8eF5E=
Subject key identifier:   CE:94:ED:55:57:4B:04:D7:DC:18:DA:F4:A7:89:FB:E9:E1:CC:4B:61
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE3051F93EA460A4B64280260EE4352
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zpTtVVdLBNfcGNr0p4n76eHMS2E.roa
Signing time:             Tue 28 Jan 2025 12:29:06 +0000
ROA not before:           Tue 28 Jan 2025 12:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213035
IP address blocks:        212.192.218.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e3:05:1f:93:ea:46:0a:4b:64:28:02:60:ee:43:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce94ed55574b04d7dc18daf4a789fbe9e1cc4b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d2:b0:a8:4c:ef:a5:af:44:c6:6e:22:44:82:
                    52:aa:1b:54:e0:75:1e:a4:d2:e3:11:3d:d0:78:29:
                    6c:13:d3:6f:fd:60:31:06:65:01:8d:d4:b3:fc:c9:
                    9c:09:61:59:aa:06:7d:1f:47:10:f8:d6:5a:70:7e:
                    84:9a:1b:46:7f:cb:5f:d1:98:c0:c7:15:94:5d:73:
                    ed:d9:00:3b:dc:3b:67:9c:53:e2:78:f9:c8:c0:db:
                    1f:33:23:06:7e:95:ee:45:89:58:8b:0a:25:01:2a:
                    5f:17:f9:0a:b5:a7:03:2c:95:e6:77:d1:8f:49:f8:
                    f5:f8:a5:1d:38:26:e1:b1:38:16:7c:f4:f4:07:e8:
                    7c:2d:a1:1b:2d:b9:dc:fd:0d:91:e1:a6:bb:d1:40:
                    0d:bb:9e:97:44:49:17:50:a7:36:c3:8c:7e:fd:f8:
                    35:4b:c7:0c:00:95:ba:bf:c9:15:1c:40:7d:3c:a0:
                    35:f3:2a:76:96:90:29:2b:b6:2d:94:cb:06:ec:65:
                    e7:af:d2:fd:b1:65:ed:3d:56:d8:0d:c1:6a:b6:5b:
                    22:bd:b0:bc:76:c4:55:85:cf:71:61:ea:77:ca:9b:
                    ec:46:c7:ac:90:f6:a8:df:16:62:36:13:db:c3:19:
                    bf:2d:7b:6e:71:35:ab:d2:5a:b5:c7:63:70:d2:1d:
                    d2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:94:ED:55:57:4B:04:D7:DC:18:DA:F4:A7:89:FB:E9:E1:CC:4B:61
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/zpTtVVdLBNfcGNr0p4n76eHMS2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:ae:35:3c:c6:59:96:ab:ea:7b:e7:41:b0:84:98:63:84:62:
         90:3a:c1:53:51:f6:5e:fd:5d:8d:99:55:87:c3:05:b4:32:14:
         b5:d7:6c:23:33:9e:20:dd:02:18:9e:ff:cd:15:fd:78:1b:cf:
         11:59:cb:2b:97:d6:24:0d:11:78:47:a3:ed:d7:c0:87:60:b8:
         50:f0:2f:f0:dc:a7:8a:4c:05:3f:ee:6f:5f:91:6a:f8:5e:9f:
         2d:dd:07:24:6d:b5:91:57:7d:0a:67:34:31:4a:c3:92:70:3e:
         af:0c:b9:d2:d3:44:e2:d2:2a:7c:61:df:80:41:2b:e0:62:3f:
         ee:81:9a:6d:ac:19:2b:33:9a:f2:16:82:b5:51:08:8a:6c:fd:
         d9:66:a5:63:7f:d7:6d:c9:45:46:4d:fe:1b:2d:dd:d0:28:10:
         65:c0:bb:d2:81:cf:88:fd:ed:1e:6e:01:71:5d:7e:82:3e:2e:
         a7:ba:44:1b:70:18:c9:a5:c2:d1:d6:a0:d4:ae:66:eb:19:cd:
         37:f2:43:d9:8a:03:1c:3d:15:7c:d3:50:70:79:06:4a:cf:12:
         e1:b8:27:ac:9f:0a:6e:fd:62:ee:4b:c2:98:71:21:9d:e9:1f:
         97:1d:01:8d:01:fa:46:fb:ee:54:93:a2:13:20:07:0a:8f:6a:
         e0:1e:41:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs4wUfk+pGCktkKAJg7kNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk0ZWQ1NTU3NGIwNGQ3ZGMxOGRhZjRhNzg5ZmJlOWUxY2M0YjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9KwqEzvpa9Exm4iRIJSqhtU4HUe
pNLjET3QeClsE9Nv/WAxBmUBjdSz/MmcCWFZqgZ9H0cQ+NZacH6EmhtGf8tf0ZjA
xxWUXXPt2QA73DtnnFPiePnIwNsfMyMGfpXuRYlYiwolASpfF/kKtacDLJXmd9GP
Sfj1+KUdOCbhsTgWfPT0B+h8LaEbLbnc/Q2R4aa70UANu56XREkXUKc2w4x+/fg1
S8cMAJW6v8kVHEB9PKA18yp2lpApK7YtlMsG7GXnr9L9sWXtPVbYDcFqtlsivbC8
dsRVhc9xYep3ypvsRseskPao3xZiNhPbwxm/LXtucTWr0lq1x2Nw0h3S+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6U7VVXSwTX3Bja9KeJ++nhzEthMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvenBUdFZWZExCTmZjR05yMHA0bjc2ZUhNUzJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1MDaMA0G
CSqGSIb3DQEBCwUAA4IBAQBwrjU8xlmWq+p750GwhJhjhGKQOsFTUfZe/V2NmVWH
wwW0MhS112wjM54g3QIYnv/NFf14G88RWcsrl9YkDRF4R6Pt18CHYLhQ8C/w3KeK
TAU/7m9fkWr4Xp8t3QckbbWRV30KZzQxSsOScD6vDLnS00Ti0ip8Yd+AQSvgYj/u
gZptrBkrM5ryFoK1UQiKbP3ZZqVjf9dtyUVGTf4bLd3QKBBlwLvSgc+I/e0ebgFx
XX6CPi6nukQbcBjJpcLR1qDUrmbrGc038kPZigMcPRV801BweQZKzxLhuCesnwpu
/WLuS8KYcSGd6R+XHQGNAfpG++5Uk6ITIAcKj2rgHkHL
-----END CERTIFICATE-----