Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/ZaDqc_0TrJFdc0RcFG7yl2ai7QY.roa
File:                     ZaDqc_0TrJFdc0RcFG7yl2ai7QY.roa (raw, json)
Hash identifier:          1d+OdKCY8+hZg9LHrOFXWt2cShXAAKGX+jfmOnROX3w=
Subject key identifier:   65:A0:EA:73:FD:13:AC:91:5D:73:44:5C:14:6E:F2:97:66:A2:ED:06
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       01942825C4862818A1FD3335818FF83672F1
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/ZaDqc_0TrJFdc0RcFG7yl2ai7QY.roa
Signing time:             Thu 02 Jan 2025 17:52:31 +0000
ROA not before:           Thu 02 Jan 2025 17:52:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43726
IP address blocks:        91.198.130.0/24 maxlen: 24
                          193.26.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:c4:86:28:18:a1:fd:33:35:81:8f:f8:36:72:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  2 17:52:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65a0ea73fd13ac915d73445c146ef29766a2ed06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2f:ba:68:ba:c0:f9:81:4a:5b:dc:fe:8e:41:
                    e9:c8:a6:ad:db:30:95:bc:3b:68:c6:7f:e8:ae:0e:
                    c6:cb:54:e0:80:4c:24:80:c6:69:74:5c:64:bd:45:
                    72:e2:e8:b2:77:8f:73:46:79:0d:cd:3c:42:dc:cc:
                    a7:58:0e:0a:5f:cf:ac:8a:1a:5c:f4:3d:e4:f0:43:
                    2d:42:87:99:5a:10:be:6c:fc:0e:0a:b9:20:ca:61:
                    0e:21:75:e5:67:24:32:be:8d:1f:9d:1e:f1:13:49:
                    37:30:91:66:0c:17:b5:da:aa:ed:23:03:40:39:d8:
                    c5:33:1e:ce:bf:50:88:e7:93:aa:2f:2e:b5:bb:7d:
                    6f:57:46:39:27:f8:3c:b1:19:6b:52:1b:bc:4a:59:
                    71:3b:0f:76:98:90:53:7e:cb:a4:fb:25:35:52:58:
                    b9:05:83:d5:ea:08:32:e6:9b:86:97:ab:9f:ba:e4:
                    b6:ce:ef:68:e4:68:dc:ba:f0:40:08:3d:d4:a2:d9:
                    a5:ee:dc:61:9c:ef:f9:8e:69:b2:70:d4:ec:a0:ec:
                    c5:1b:77:80:a3:02:bb:1d:bc:b3:3a:1e:38:e8:56:
                    a8:1e:53:4c:b6:bc:70:69:0e:23:25:82:48:68:55:
                    35:ce:4b:d4:e3:6a:4f:6a:ce:6d:5a:2a:4a:0e:44:
                    8f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A0:EA:73:FD:13:AC:91:5D:73:44:5C:14:6E:F2:97:66:A2:ED:06
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/ZaDqc_0TrJFdc0RcFG7yl2ai7QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.130.0/24
                  193.26.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:b9:96:81:f1:6c:58:83:09:f8:04:b5:ae:f3:13:27:72:6a:
         be:51:69:d9:b3:15:bc:3d:4a:1e:71:55:ba:14:d5:fa:01:32:
         98:41:6d:4a:25:20:b4:93:c5:75:7c:53:41:3a:c2:14:46:05:
         e2:88:5b:0e:93:ae:8b:f3:c3:02:51:a3:ed:2b:11:ab:60:1b:
         ab:f3:b3:bd:53:9b:3f:23:5d:27:db:05:ba:64:42:c7:f7:06:
         1e:6e:7f:b6:0b:46:7d:58:e8:fb:b6:2f:f8:5c:9d:cd:12:3a:
         bd:6f:e6:4d:51:71:c5:3d:af:1c:2c:57:d6:73:4c:0b:03:26:
         58:1e:f0:29:52:04:c8:df:31:66:cb:e1:b8:08:6a:35:6b:7e:
         a2:a1:eb:65:6e:c0:d5:20:55:fb:48:4d:c0:f9:a6:97:15:48:
         fa:26:72:ca:7e:55:f3:f5:16:63:15:cb:5e:76:38:77:47:8e:
         00:46:32:ee:4f:5f:5b:a0:6d:88:3b:c9:50:89:4d:53:34:c3:
         41:87:09:c2:a2:ea:38:2c:99:65:7f:63:fb:19:b2:30:58:01:
         c5:49:92:2f:de:ff:28:9c:96:14:b2:f2:19:7f:86:64:b7:32:
         d6:3c:8a:90:ef:e9:25:fe:7a:9f:56:27:3e:99:22:f2:81:7d:
         82:a4:56:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJcSGKBih/TM1gY/4NnLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjUwMTAyMTc1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWEwZWE3M2ZkMTNhYzkxNWQ3MzQ0NWMxNDZlZjI5NzY2YTJlZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi+6aLrA+YFKW9z+jkHpyKat2zCV
vDtoxn/org7Gy1TggEwkgMZpdFxkvUVy4uiyd49zRnkNzTxC3MynWA4KX8+sihpc
9D3k8EMtQoeZWhC+bPwOCrkgymEOIXXlZyQyvo0fnR7xE0k3MJFmDBe12qrtIwNA
OdjFMx7Ov1CI55OqLy61u31vV0Y5J/g8sRlrUhu8SllxOw92mJBTfsuk+yU1Uli5
BYPV6ggy5puGl6ufuuS2zu9o5GjcuvBACD3Uotml7txhnO/5jmmycNTsoOzFG3eA
owK7HbyzOh446FaoHlNMtrxwaQ4jJYJIaFU1zkvU42pPas5tWipKDkSP1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWg6nP9E6yRXXNEXBRu8pdmou0GMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvWmFEcWNfMFRySkZkYzBSY0ZHN3lsMmFpN1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8aCAwQA
wRrWMA0GCSqGSIb3DQEBCwUAA4IBAQAWuZaB8WxYgwn4BLWu8xMncmq+UWnZsxW8
PUoecVW6FNX6ATKYQW1KJSC0k8V1fFNBOsIURgXiiFsOk66L88MCUaPtKxGrYBur
87O9U5s/I10n2wW6ZELH9wYebn+2C0Z9WOj7ti/4XJ3NEjq9b+ZNUXHFPa8cLFfW
c0wLAyZYHvApUgTI3zFmy+G4CGo1a36ioetlbsDVIFX7SE3A+aaXFUj6JnLKflXz
9RZjFctedjh3R44ARjLuT19boG2IO8lQiU1TNMNBhwnCouo4LJllf2P7GbIwWAHF
SZIv3v8onJYUsvIZf4ZktzLWPIqQ7+kl/nqfVic+mSLygX2CpFYi
-----END CERTIFICATE-----