Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/XazQXG2c-n81kKei6aAEIGCzQkk.roa
File:                     XazQXG2c-n81kKei6aAEIGCzQkk.roa (raw, json)
Hash identifier:          6K6cajEwr6XzwV0jlcSWtfuziN2YH8eHzt+MUkWO3UI=
Subject key identifier:   5D:AC:D0:5C:6D:9C:FA:7F:35:90:A7:A2:E9:A0:04:20:60:B3:42:49
Certificate issuer:       /CN=c9633fa6fc66b43639c056d02174f80c2426614b
Certificate serial:       019423D74C192C633F6A56B7B2FD92D1A9FA
Authority key identifier: C9:63:3F:A6:FC:66:B4:36:39:C0:56:D0:21:74:F8:0C:24:26:61:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/XazQXG2c-n81kKei6aAEIGCzQkk.roa
Signing time:             Wed 01 Jan 2025 21:48:19 +0000
ROA not before:           Wed 01 Jan 2025 21:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133530
IP address blocks:        185.166.140.0/24 maxlen: 24
                          2a0a:ea00::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:4c:19:2c:63:3f:6a:56:b7:b2:fd:92:d1:a9:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9633fa6fc66b43639c056d02174f80c2426614b
        Validity
            Not Before: Jan  1 21:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dacd05c6d9cfa7f3590a7a2e9a0042060b34249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ce:a6:3f:07:80:60:93:31:ac:9d:8c:29:90:
                    8c:0b:40:a8:00:f2:e7:41:0c:d2:09:ff:00:6d:cf:
                    1a:87:e3:7c:93:3f:43:1d:22:30:79:f8:84:1d:60:
                    d5:96:75:42:19:80:38:b6:45:f7:ee:f7:5d:f1:06:
                    91:f1:8a:46:f7:4d:4d:29:bc:5e:24:75:af:22:18:
                    bd:f7:0a:25:10:0b:27:ea:ba:5b:eb:8c:1c:e4:27:
                    7c:39:d1:6f:04:d9:68:30:0f:c3:3b:67:a7:aa:57:
                    ce:4a:8e:53:ac:13:11:57:94:de:df:1d:90:5a:1c:
                    7e:74:f1:6a:82:16:e3:fe:89:2d:7e:d9:b8:92:b2:
                    04:aa:c5:cf:78:0d:c1:c8:0b:70:23:01:e1:b7:2f:
                    4b:b1:d7:93:15:be:18:54:19:86:74:75:8c:38:4c:
                    07:27:bb:74:bf:76:d0:48:54:9e:9b:26:42:92:25:
                    69:c2:d2:a8:49:f0:86:b8:e1:7e:71:d5:12:cf:dd:
                    62:5d:f2:a9:7c:d7:29:ef:82:68:44:51:3b:2a:33:
                    a9:0d:3a:a4:fa:de:db:e0:b4:dc:b5:b1:74:d4:f8:
                    bd:e7:a0:9a:8a:88:ff:96:6f:79:ef:a8:51:bd:21:
                    a1:24:3f:2b:cf:a2:9d:3e:6e:f3:cf:f0:96:c4:6b:
                    b0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AC:D0:5C:6D:9C:FA:7F:35:90:A7:A2:E9:A0:04:20:60:B3:42:49
            X509v3 Authority Key Identifier:
                keyid:C9:63:3F:A6:FC:66:B4:36:39:C0:56:D0:21:74:F8:0C:24:26:61:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWM_pvxmtDY5wFbQIXT4DCQmYUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/XazQXG2c-n81kKei6aAEIGCzQkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/9cb329-0fe9-4ffe-be5f-038a54e3912f/1/yWM_pvxmtDY5wFbQIXT4DCQmYUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.140.0/24
                IPv6:
                  2a0a:ea00::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:35:4f:0c:5b:50:4f:e5:e0:e6:2b:5f:53:0b:aa:44:ff:0d:
         e6:95:97:ef:3b:ec:53:50:a0:a9:c7:35:80:03:21:ab:21:a1:
         f4:a5:70:98:eb:7f:fb:20:ec:39:ed:23:fd:48:9b:7c:15:ba:
         e5:91:95:b2:35:89:89:4c:bd:b5:35:b7:e1:46:02:c9:ea:b6:
         7f:71:92:d5:d3:3e:bb:b0:80:b4:40:f5:39:7a:d1:e0:e2:42:
         09:36:e5:c3:cd:a8:95:fd:d2:0c:4f:91:92:1f:b4:df:55:21:
         54:75:2e:c3:9d:cc:bd:02:d4:fe:c8:bf:25:aa:7a:9f:c3:87:
         e7:19:a4:0a:f1:51:a7:a9:62:3b:81:85:c4:0b:84:d7:b1:31:
         f1:53:b3:34:46:85:a4:08:b0:73:ff:ca:87:1e:a0:0d:22:41:
         e1:bd:02:c3:d9:76:24:ea:b4:b1:6a:20:4d:1a:dc:3b:f7:6d:
         eb:07:27:4c:43:35:23:08:17:3c:aa:c9:2f:b4:b1:a0:33:69:
         19:bf:df:8c:24:27:fd:25:49:bc:25:e5:08:36:b0:8e:69:ce:
         1a:ae:60:b1:5f:a1:f2:27:c7:8f:82:eb:f2:00:d2:4e:3a:5a:
         95:11:1f:62:51:f2:bc:d3:18:f3:67:02:04:da:6e:cc:75:5a:
         9f:9b:e8:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj10wZLGM/ala3sv2S0an6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NjMzZmE2ZmM2NmI0MzYzOWMwNTZkMDIxNzRmODBjMjQy
NjYxNGIwHhcNMjUwMTAxMjE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGFjZDA1YzZkOWNmYTdmMzU5MGE3YTJlOWEwMDQyMDYwYjM0MjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA586mPweAYJMxrJ2MKZCMC0CoAPLn
QQzSCf8Abc8ah+N8kz9DHSIwefiEHWDVlnVCGYA4tkX37vdd8QaR8YpG901NKbxe
JHWvIhi99wolEAsn6rpb64wc5Cd8OdFvBNloMA/DO2enqlfOSo5TrBMRV5Te3x2Q
Whx+dPFqghbj/oktftm4krIEqsXPeA3ByAtwIwHhty9LsdeTFb4YVBmGdHWMOEwH
J7t0v3bQSFSemyZCkiVpwtKoSfCGuOF+cdUSz91iXfKpfNcp74JoRFE7KjOpDTqk
+t7b4LTctbF01Pi956Caioj/lm9576hRvSGhJD8rz6KdPm7zz/CWxGuw9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF2s0FxtnPp/NZCnoumgBCBgs0JJMB8GA1UdIwQY
MBaAFMljP6b8ZrQ2OcBW0CF0+AwkJmFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVdNX3B2eG10RFk1d0ZiUUlYVDREQ1FtWVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi85Y2IzMjktMGZlOS00ZmZlLWJlNWYt
MDM4YTU0ZTM5MTJmLzEvWGF6UVhHMmMtbjgxa0tlaTZhQUVJR0N6UWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi85Y2IzMjktMGZlOS00ZmZlLWJlNWYtMDM4YTU0ZTM5MTJm
LzEveVdNX3B2eG10RFk1d0ZiUUlYVDREQ1FtWVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaaMMA0E
AgACMAcDBQAqCuoAMA0GCSqGSIb3DQEBCwUAA4IBAQAkNU8MW1BP5eDmK19TC6pE
/w3mlZfvO+xTUKCpxzWAAyGrIaH0pXCY63/7IOw57SP9SJt8FbrlkZWyNYmJTL21
NbfhRgLJ6rZ/cZLV0z67sIC0QPU5etHg4kIJNuXDzaiV/dIMT5GSH7TfVSFUdS7D
ncy9AtT+yL8lqnqfw4fnGaQK8VGnqWI7gYXEC4TXsTHxU7M0RoWkCLBz/8qHHqAN
IkHhvQLD2XYk6rSxaiBNGtw7923rBydMQzUjCBc8qskvtLGgM2kZv9+MJCf9JUm8
JeUINrCOac4armCxX6HyJ8ePguvyANJOOlqVER9iUfK80xjzZwIE2m7MdVqfm+hz
-----END CERTIFICATE-----