Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/vM4pwSi8sw4lUOIAjvajCx7ETsM.roa
File:                     vM4pwSi8sw4lUOIAjvajCx7ETsM.roa (raw, json)
Hash identifier:          fyFTTUciTRmBPzGF2SYSyVt7KyF04gllHZfanVt+Ptc=
Subject key identifier:   BC:CE:29:C1:28:BC:B3:0E:25:50:E2:00:8E:F6:A3:0B:1E:C4:4E:C3
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       0195815F46F3C2E48982D9056ABEA98A8E8C
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/vM4pwSi8sw4lUOIAjvajCx7ETsM.roa
Signing time:             Mon 10 Mar 2025 18:44:19 +0000
ROA not before:           Mon 10 Mar 2025 18:44:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205518
IP address blocks:        185.224.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:81:5f:46:f3:c2:e4:89:82:d9:05:6a:be:a9:8a:8e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Mar 10 18:44:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcce29c128bcb30e2550e2008ef6a30b1ec44ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:89:a8:76:47:32:63:2b:20:0f:7b:1b:41:de:
                    5d:ed:24:a2:11:9e:b1:d8:66:ac:9d:5a:8e:91:13:
                    a3:d1:31:b9:05:f1:58:ed:1c:09:be:74:d8:6c:56:
                    55:8d:9f:4f:bb:03:92:6d:7f:23:2b:25:ed:94:44:
                    b1:89:9f:2d:46:6c:c4:60:7e:f9:57:3e:73:c4:16:
                    07:c5:ed:62:d5:67:57:7f:14:c6:67:03:39:25:c5:
                    85:b7:4e:d7:ee:74:16:9a:b2:a0:58:c1:c8:22:70:
                    a6:3c:c4:00:c1:13:65:91:7c:f3:88:17:82:7f:8e:
                    44:67:70:5c:51:c9:a7:85:e0:3d:9f:45:24:52:80:
                    04:c9:11:bd:da:7b:8c:a6:93:69:91:17:5c:83:5a:
                    7f:bd:9e:59:17:e6:d8:7a:cb:de:f0:fc:2c:80:39:
                    e3:e8:76:ac:f4:c3:ee:4f:18:3b:ac:6c:64:06:62:
                    dd:4a:0e:9a:e2:9a:48:6f:fe:7c:1f:6e:cb:7c:a9:
                    b1:d7:2e:40:d1:9b:5d:9a:94:b9:3b:02:ec:65:b2:
                    68:c9:f8:64:19:3a:6c:4c:ee:f5:1c:52:a4:1f:2c:
                    37:7d:4b:63:73:7c:0d:5e:3b:34:5d:ea:4c:81:53:
                    97:8b:59:16:86:23:08:ff:17:58:73:d9:d3:cc:45:
                    8e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:CE:29:C1:28:BC:B3:0E:25:50:E2:00:8E:F6:A3:0B:1E:C4:4E:C3
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/vM4pwSi8sw4lUOIAjvajCx7ETsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:f7:5f:25:94:bb:e0:d4:e6:8a:57:0b:40:79:d0:74:b1:99:
         19:42:82:e1:58:c1:99:99:a0:9e:68:d0:42:61:06:13:fa:86:
         45:66:68:fc:e2:1e:f9:b5:04:41:22:a7:a8:02:39:62:3e:4a:
         12:a2:93:75:6f:eb:61:dc:d0:46:7a:bc:54:e1:d7:ca:e5:76:
         3a:29:3f:30:90:1b:cd:a6:9d:f9:cf:b0:ce:8f:24:1b:f2:ee:
         4f:2f:73:b6:ff:17:9f:4d:16:a5:d2:90:da:1e:a8:50:bf:96:
         5a:23:eb:86:b8:5b:8f:e7:a5:bb:15:13:7d:b5:a8:9d:40:78:
         3c:00:f1:af:fe:9a:27:5f:09:87:38:6a:13:b3:dd:dd:88:30:
         1f:a3:ce:ec:15:3a:68:f9:8b:10:b4:90:77:a2:15:cc:5d:dd:
         26:80:02:47:1f:df:08:f0:6b:05:e9:58:eb:79:2c:ad:f8:33:
         2e:c1:7b:5a:75:f9:fc:ac:63:53:b7:80:d5:8c:d1:35:64:a1:
         ec:1f:d0:ac:8a:d1:9f:57:c2:2a:52:13:79:44:16:bc:49:ec:
         ea:ff:1c:8d:45:80:6a:2d:1d:d0:af:a8:ba:93:40:e8:e4:e7:
         8f:e1:09:b3:a3:ad:a0:85:c0:8a:bf:90:5b:99:43:c4:3b:d9:
         23:f1:7e:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWBX0bzwuSJgtkFar6pio6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwMzEwMTg0NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2NlMjljMTI4YmNiMzBlMjU1MGUyMDA4ZWY2YTMwYjFlYzQ0ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArImodkcyYysgD3sbQd5d7SSiEZ6x
2GasnVqOkROj0TG5BfFY7RwJvnTYbFZVjZ9PuwOSbX8jKyXtlESxiZ8tRmzEYH75
Vz5zxBYHxe1i1WdXfxTGZwM5JcWFt07X7nQWmrKgWMHIInCmPMQAwRNlkXzziBeC
f45EZ3BcUcmnheA9n0UkUoAEyRG92nuMppNpkRdcg1p/vZ5ZF+bYesve8PwsgDnj
6Has9MPuTxg7rGxkBmLdSg6a4ppIb/58H27LfKmx1y5A0ZtdmpS5OwLsZbJoyfhk
GTpsTO71HFKkHyw3fUtjc3wNXjs0XepMgVOXi1kWhiMI/xdYc9nTzEWOfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzOKcEovLMOJVDiAI72owsexE7DMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvdk00cHdTaThzdzRsVU9JQWp2YWpDeDdFVHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueBPMA0G
CSqGSIb3DQEBCwUAA4IBAQAO918llLvg1OaKVwtAedB0sZkZQoLhWMGZmaCeaNBC
YQYT+oZFZmj84h75tQRBIqeoAjliPkoSopN1b+th3NBGerxU4dfK5XY6KT8wkBvN
pp35z7DOjyQb8u5PL3O2/xefTRal0pDaHqhQv5ZaI+uGuFuP56W7FRN9taidQHg8
APGv/ponXwmHOGoTs93diDAfo87sFTpo+YsQtJB3ohXMXd0mgAJHH98I8GsF6Vjr
eSyt+DMuwXtadfn8rGNTt4DVjNE1ZKHsH9CsitGfV8IqUhN5RBa8Sezq/xyNRYBq
LR3Qr6i6k0Do5OeP4Qmzo62ghcCKv5BbmUPEO9kj8X5Q
-----END CERTIFICATE-----