Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/b0tYC7kbQ5yQLuO0rNO86tSY9_M.roa
File:                     b0tYC7kbQ5yQLuO0rNO86tSY9_M.roa (raw, json)
Hash identifier:          JhPFYcaqWvvNtwLm0T45vgJgebIRB5cWijzT6ON31V0=
Subject key identifier:   6F:4B:58:0B:B9:1B:43:9C:90:2E:E3:B4:AC:D3:BC:EA:D4:98:F7:F3
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       0194221F69EA91396C129B58121ED3EB0B95
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/b0tYC7kbQ5yQLuO0rNO86tSY9_M.roa
Signing time:             Wed 01 Jan 2025 13:47:51 +0000
ROA not before:           Wed 01 Jan 2025 13:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        185.126.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:69:ea:91:39:6c:12:9b:58:12:1e:d3:eb:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  1 13:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f4b580bb91b439c902ee3b4acd3bcead498f7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b7:e3:43:70:39:7e:04:ea:e1:0d:85:ee:cf:
                    e5:ca:39:1a:75:54:e7:30:d1:e1:3c:1c:0d:b3:72:
                    c6:60:25:33:8f:17:fa:91:6d:31:16:25:1d:88:6a:
                    c7:14:19:77:1d:a8:85:ec:1a:7d:58:e8:c7:5e:b8:
                    0d:80:c1:24:94:14:b5:9f:9e:77:71:c4:ba:48:d7:
                    8a:24:d3:65:13:52:a5:96:2c:b1:60:b9:3a:da:54:
                    dd:71:d5:66:a3:90:cc:ab:46:b6:a9:ba:62:10:47:
                    26:b9:92:1f:9e:9c:c4:5e:4c:7f:09:f6:9f:8a:ee:
                    cc:fb:64:16:8d:78:ba:87:47:b9:8d:af:d1:d3:20:
                    8c:3a:df:35:34:55:b7:25:a5:ea:19:c9:d6:52:9a:
                    ea:25:30:b9:a8:3f:d6:7a:e0:21:5c:0e:87:6a:a4:
                    90:7c:4e:eb:b4:42:04:f9:f4:99:d0:b0:19:f6:32:
                    bf:73:b7:4b:8b:99:4e:ce:84:da:bf:33:e7:8c:4c:
                    d6:bb:95:68:ba:8a:dc:33:a9:69:75:88:ab:45:8d:
                    c1:76:1b:1b:fe:b5:0d:84:a4:fe:94:ee:1f:43:32:
                    d9:f9:d5:65:25:ea:9c:46:98:dd:03:2e:43:2c:c4:
                    a5:ea:17:86:ef:f7:2e:c9:39:ab:16:db:33:33:1c:
                    d3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:4B:58:0B:B9:1B:43:9C:90:2E:E3:B4:AC:D3:BC:EA:D4:98:F7:F3
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/b0tYC7kbQ5yQLuO0rNO86tSY9_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:36:23:ae:79:4a:8a:94:d0:b8:66:b7:ee:43:b4:2b:05:de:
         ce:4f:77:cf:ac:d0:7d:88:00:1e:90:f1:23:fd:7c:68:a3:1c:
         3f:89:4b:45:ba:42:b1:17:57:00:10:af:09:25:55:78:9b:23:
         e0:17:fb:2f:09:d8:cb:d0:32:86:2a:41:5c:0a:81:50:77:4c:
         af:69:84:52:92:82:71:8c:b7:c2:3a:5a:65:38:1a:4f:e7:84:
         4b:69:93:11:75:39:ad:45:c3:df:7b:1f:b9:db:80:59:33:4c:
         ba:a2:e5:f9:18:85:76:3c:ea:b6:70:0e:cb:15:eb:65:3c:be:
         5d:3d:f6:d9:ba:16:19:f6:03:6d:15:68:8e:b6:de:f5:59:7d:
         2c:ff:aa:26:65:b1:43:b1:8f:1b:89:05:dd:05:8d:62:a7:bf:
         04:53:0b:a7:e1:17:a1:4b:35:0c:61:e7:c0:8b:19:40:d3:11:
         61:4a:41:8a:74:4b:50:ba:7a:d2:7c:b1:8f:e4:c7:5f:75:14:
         d5:10:3e:ed:70:07:91:61:0a:7c:fc:6d:eb:2b:d4:31:11:bb:
         76:4e:74:0c:4f:f8:07:d3:ec:e4:3e:70:0a:99:8c:01:10:cb:
         fe:a1:1d:66:b5:0f:d1:b0:fb:a1:7c:2d:70:4a:a9:ca:fb:0d:
         ef:ff:1c:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH2nqkTlsEptYEh7T6wuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjUwMTAxMTM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRiNTgwYmI5MWI0MzljOTAyZWUzYjRhY2QzYmNlYWQ0OThmN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbfjQ3A5fgTq4Q2F7s/lyjkadVTn
MNHhPBwNs3LGYCUzjxf6kW0xFiUdiGrHFBl3HaiF7Bp9WOjHXrgNgMEklBS1n553
ccS6SNeKJNNlE1KlliyxYLk62lTdcdVmo5DMq0a2qbpiEEcmuZIfnpzEXkx/Cfaf
iu7M+2QWjXi6h0e5ja/R0yCMOt81NFW3JaXqGcnWUprqJTC5qD/WeuAhXA6HaqSQ
fE7rtEIE+fSZ0LAZ9jK/c7dLi5lOzoTavzPnjEzWu5VouorcM6lpdYirRY3Bdhsb
/rUNhKT+lO4fQzLZ+dVlJeqcRpjdAy5DLMSl6heG7/cuyTmrFtszMxzT5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9LWAu5G0OckC7jtKzTvOrUmPfzMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvYjB0WUM3a2JRNXlRTHVPMHJOTzg2dFNZOV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX4jMA0G
CSqGSIb3DQEBCwUAA4IBAQAkNiOueUqKlNC4ZrfuQ7QrBd7OT3fPrNB9iAAekPEj
/Xxooxw/iUtFukKxF1cAEK8JJVV4myPgF/svCdjL0DKGKkFcCoFQd0yvaYRSkoJx
jLfCOlplOBpP54RLaZMRdTmtRcPfex+524BZM0y6ouX5GIV2POq2cA7LFetlPL5d
PfbZuhYZ9gNtFWiOtt71WX0s/6omZbFDsY8biQXdBY1ip78EUwun4RehSzUMYefA
ixlA0xFhSkGKdEtQunrSfLGP5MdfdRTVED7tcAeRYQp8/G3rK9QxEbt2TnQMT/gH
0+zkPnAKmYwBEMv+oR1mtQ/RsPuhfC1wSqnK+w3v/xyF
-----END CERTIFICATE-----