Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/A8fXWSeNOGLpZBq5n912XqwunjQ.roa
File:                     A8fXWSeNOGLpZBq5n912XqwunjQ.roa (raw, json)
Hash identifier:          AcIcq2rjaaC1zEYSslp0dwr1gScXP+xKrcPZfoqgVE0=
Subject key identifier:   03:C7:D7:59:27:8D:38:62:E9:64:1A:B9:9F:DD:76:5E:AC:2E:9E:34
Certificate issuer:       /CN=454f9d2dbed974538405a79f6ec7e86c4aedd3d1
Certificate serial:       019420D64AA9D5813BC0E538AA2B0CA3FD16
Authority key identifier: 45:4F:9D:2D:BE:D9:74:53:84:05:A7:9F:6E:C7:E8:6C:4A:ED:D3:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/A8fXWSeNOGLpZBq5n912XqwunjQ.roa
Signing time:             Wed 01 Jan 2025 07:48:22 +0000
ROA not before:           Wed 01 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        185.68.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4a:a9:d5:81:3b:c0:e5:38:aa:2b:0c:a3:fd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=454f9d2dbed974538405a79f6ec7e86c4aedd3d1
        Validity
            Not Before: Jan  1 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03c7d759278d3862e9641ab99fdd765eac2e9e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:41:61:8f:6c:8b:3b:f1:55:46:4a:d2:95:d2:
                    94:fd:e8:15:a7:bd:84:b0:eb:fb:57:d4:53:1b:76:
                    cb:3a:2b:0e:f9:91:d1:44:6c:eb:7d:6e:99:2e:51:
                    a4:c0:ab:7b:ce:03:b1:85:26:7e:63:ea:7a:d0:e3:
                    54:dd:18:35:8e:6a:90:f0:09:40:e5:96:e4:03:b2:
                    c7:52:38:9d:83:5e:f9:5d:ab:f0:83:c7:14:c4:1a:
                    35:36:4a:4c:a6:73:f8:f6:e9:9d:1b:52:2e:99:60:
                    27:3c:de:90:e1:2c:fe:c0:fc:dd:7a:3a:4a:a4:28:
                    d3:35:46:10:a9:f6:60:f6:83:4a:87:74:a0:c8:b8:
                    79:56:e1:1e:f8:e8:aa:f4:7d:4d:33:25:42:75:b6:
                    4f:c4:78:50:8c:d9:0f:c0:7d:2d:5b:e0:4f:fb:df:
                    55:6a:9d:ed:00:fc:c6:32:c9:ec:e2:a5:8d:99:1b:
                    3b:c6:5a:5e:39:6e:96:96:c3:53:1c:18:31:ee:45:
                    69:43:de:59:c5:4f:ab:8e:b2:62:95:66:2c:8b:7e:
                    e8:6b:06:d2:62:61:b2:18:b6:ad:da:d6:73:6d:2e:
                    67:20:01:4b:f3:0e:56:e4:53:de:81:b6:be:85:f7:
                    ba:09:45:be:1b:79:aa:30:30:0c:e3:8a:31:47:06:
                    f6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C7:D7:59:27:8D:38:62:E9:64:1A:B9:9F:DD:76:5E:AC:2E:9E:34
            X509v3 Authority Key Identifier:
                keyid:45:4F:9D:2D:BE:D9:74:53:84:05:A7:9F:6E:C7:E8:6C:4A:ED:D3:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RU-dLb7ZdFOEBaefbsfobErt09E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/A8fXWSeNOGLpZBq5n912XqwunjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/3bb1a5-941e-4a61-943e-faae4baebeff/1/RU-dLb7ZdFOEBaefbsfobErt09E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:e2:7f:68:9e:b4:38:d1:47:bc:52:a1:c1:5c:e3:9d:e7:72:
         e7:a4:a8:90:e5:55:f9:0d:84:61:9e:97:ff:7d:b5:f2:fe:ad:
         04:1a:dd:6d:c6:f0:44:1d:d7:c3:b0:02:79:f1:8f:71:b9:b9:
         11:97:3e:8c:63:e0:9d:c2:56:79:7a:67:ff:ff:18:7f:8e:7d:
         8f:b7:c6:b5:01:2f:75:43:ef:37:23:05:07:13:36:3c:24:ed:
         79:17:78:46:1a:54:1b:e1:b2:35:85:9d:4f:ce:b5:6d:d2:78:
         a8:3e:8b:99:e4:65:ff:18:32:32:ce:20:db:92:0e:21:8c:f5:
         b8:45:28:58:be:95:16:09:77:8e:45:a4:43:f9:f8:e2:92:a9:
         dc:15:af:cf:1f:68:a0:04:f9:84:56:96:0d:f9:da:bf:5e:b1:
         7c:33:bd:42:54:44:0c:94:dc:8a:f1:b2:e1:3a:53:6e:c5:8f:
         c2:d8:c2:07:63:99:04:31:ad:bf:11:26:a8:eb:4c:6a:ce:80:
         68:81:fd:5a:1d:dc:87:ee:a0:bb:49:91:77:61:23:ff:3a:ee:
         cc:c6:0b:8a:97:9d:f9:6e:c5:7b:3a:78:25:78:f1:f0:1e:38:
         b8:75:63:4a:a3:3a:64:7a:b5:f6:aa:08:39:81:14:17:73:57:
         de:1c:df:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kqp1YE7wOU4qisMo/0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NGY5ZDJkYmVkOTc0NTM4NDA1YTc5ZjZlYzdlODZjNGFl
ZGQzZDEwHhcNMjUwMTAxMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2M3ZDc1OTI3OGQzODYyZTk2NDFhYjk5ZmRkNzY1ZWFjMmU5ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykFhj2yLO/FVRkrSldKU/egVp72E
sOv7V9RTG3bLOisO+ZHRRGzrfW6ZLlGkwKt7zgOxhSZ+Y+p60ONU3Rg1jmqQ8AlA
5ZbkA7LHUjidg175Xavwg8cUxBo1NkpMpnP49umdG1IumWAnPN6Q4Sz+wPzdejpK
pCjTNUYQqfZg9oNKh3SgyLh5VuEe+Oiq9H1NMyVCdbZPxHhQjNkPwH0tW+BP+99V
ap3tAPzGMsns4qWNmRs7xlpeOW6WlsNTHBgx7kVpQ95ZxU+rjrJilWYsi37oawbS
YmGyGLat2tZzbS5nIAFL8w5W5FPegba+hfe6CUW+G3mqMDAM44oxRwb2NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPH11knjThi6WQauZ/ddl6sLp40MB8GA1UdIwQY
MBaAFEVPnS2+2XRThAWnn27H6GxK7dPRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlUtZExiN1pkRk9FQmFlZmJzZm9iRXJ0MDlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8zYmIxYTUtOTQxZS00YTYxLTk0M2Ut
ZmFhZTRiYWViZWZmLzEvQThmWFdTZU5PR0xwWkJxNW45MTJYcXd1bmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8zYmIxYTUtOTQxZS00YTYxLTk0M2UtZmFhZTRiYWViZWZm
LzEvUlUtZExiN1pkRk9FQmFlZmJzZm9iRXJ0MDlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuURQMA0G
CSqGSIb3DQEBCwUAA4IBAQCa4n9onrQ40Ue8UqHBXOOd53LnpKiQ5VX5DYRhnpf/
fbXy/q0EGt1txvBEHdfDsAJ58Y9xubkRlz6MY+CdwlZ5emf//xh/jn2Pt8a1AS91
Q+83IwUHEzY8JO15F3hGGlQb4bI1hZ1PzrVt0nioPouZ5GX/GDIyziDbkg4hjPW4
RShYvpUWCXeORaRD+fjikqncFa/PH2igBPmEVpYN+dq/XrF8M71CVEQMlNyK8bLh
OlNuxY/C2MIHY5kEMa2/ESao60xqzoBogf1aHdyH7qC7SZF3YSP/Ou7MxguKl535
bsV7OnglePHwHji4dWNKozpkerX2qgg5gRQXc1feHN+k
-----END CERTIFICATE-----