Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/tDdZfF9_zffjxvEpEwDvjqS4I9k.roa
File:                     tDdZfF9_zffjxvEpEwDvjqS4I9k.roa (raw, json)
Hash identifier:          U2TiVT1eXbO5ylElonLSsn5yN8P2ofyhgwF0HWpyq58=
Subject key identifier:   B4:37:59:7C:5F:7F:CD:F7:E3:C6:F1:29:13:00:EF:8E:A4:B8:23:D9
Certificate issuer:       /CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
Certificate serial:       01942067D83AEA081A650835F79F54B4146D
Authority key identifier: 84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/tDdZfF9_zffjxvEpEwDvjqS4I9k.roa
Signing time:             Wed 01 Jan 2025 05:47:43 +0000
ROA not before:           Wed 01 Jan 2025 05:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.98.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d8:3a:ea:08:1a:65:08:35:f7:9f:54:b4:14:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b437597c5f7fcdf7e3c6f1291300ef8ea4b823d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8b:87:3e:8b:dd:15:a0:33:3c:88:78:77:aa:
                    7c:01:cb:2f:ee:f8:ba:0f:33:34:de:ed:8e:75:99:
                    85:ad:83:a0:f6:b7:4f:34:3b:65:be:61:a7:8a:a3:
                    b5:4b:5b:9b:f5:9b:20:91:20:a3:fa:16:a7:09:7d:
                    ce:b5:54:78:72:0b:d8:6f:b5:32:92:6c:91:8b:3b:
                    df:83:72:4e:ed:03:c4:2d:e4:a4:ba:b1:da:3d:44:
                    80:01:3e:45:4f:4d:c8:ab:3f:e6:da:dc:a7:0b:28:
                    94:89:41:4a:93:ce:a0:71:8a:e3:2b:f9:f6:2f:52:
                    3a:00:94:f6:1d:be:59:3e:86:04:59:37:ed:ad:85:
                    7d:61:22:fc:f3:97:58:53:78:75:9d:de:5a:d2:af:
                    e2:65:a4:c5:3c:c4:b4:11:93:48:bd:e8:3a:82:a2:
                    7f:4e:be:ae:f1:41:d5:2f:bf:70:d3:b7:c5:7f:97:
                    5b:10:8d:f5:4a:c4:11:f4:40:5c:3e:fd:2f:2e:d3:
                    63:b8:67:da:46:f6:4c:22:d5:e4:bc:59:6f:53:03:
                    9a:1b:fa:03:11:7e:25:9e:f4:4f:23:5c:98:ba:80:
                    58:dd:8e:ad:7a:33:86:a8:85:13:f7:70:77:be:dc:
                    37:8a:82:cc:ca:0a:ef:a6:73:d3:55:a3:d4:c0:3a:
                    8b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:37:59:7C:5F:7F:CD:F7:E3:C6:F1:29:13:00:EF:8E:A4:B8:23:D9
            X509v3 Authority Key Identifier:
                keyid:84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/tDdZfF9_zffjxvEpEwDvjqS4I9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:93:0f:bd:45:c9:92:34:cd:59:c3:6c:19:e6:b3:51:8c:d9:
         c8:f9:dc:17:36:8e:1f:28:81:ae:35:5b:29:1f:a6:82:b8:77:
         c1:92:57:70:c9:09:a3:0f:2b:b7:de:32:43:78:8b:51:e3:3f:
         4d:0a:d0:8f:db:40:b3:1a:b5:67:79:fe:e2:d3:82:fb:ad:2d:
         bc:23:0e:c7:61:6c:d1:55:8a:7c:f6:07:dc:95:87:d4:55:9b:
         41:71:3e:7b:c7:af:bd:d3:7f:96:9c:80:45:4b:13:ae:71:0c:
         ff:49:3e:31:af:c4:34:36:8c:2f:5e:17:9a:8f:28:c5:19:6e:
         55:8b:34:47:c9:99:4e:1a:c5:3a:d3:7a:9c:5b:0d:4d:6a:8a:
         fe:39:42:af:44:2d:98:89:8c:c8:cc:b5:a1:cc:98:db:9a:5d:
         8d:10:8e:28:a2:f9:63:90:97:0b:c4:fe:cf:2f:ef:fc:33:58:
         3c:98:ee:9f:8e:50:e5:6d:a1:5b:c9:f9:60:b8:ee:f4:3a:2a:
         17:aa:6f:12:6a:45:49:4c:22:72:40:da:05:5d:09:e5:d5:32:
         3a:14:d2:b4:59:72:89:82:3d:ef:54:ed:90:f9:8b:43:1c:d9:
         89:24:70:6d:cc:76:72:9c:6b:87:fa:ba:b9:6b:f5:d3:89:a6:
         a2:0a:54:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9g66ggaZQg1959UtBRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDYwZDJkYzZhZDgyYTI1NzBlMDAwMGZkZDk5Mzk0OGJj
NDU0ZDgwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDM3NTk3YzVmN2ZjZGY3ZTNjNmYxMjkxMzAwZWY4ZWE0YjgyM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYuHPovdFaAzPIh4d6p8Acsv7vi6
DzM03u2OdZmFrYOg9rdPNDtlvmGniqO1S1ub9ZsgkSCj+hanCX3OtVR4cgvYb7Uy
kmyRizvfg3JO7QPELeSkurHaPUSAAT5FT03Iqz/m2tynCyiUiUFKk86gcYrjK/n2
L1I6AJT2Hb5ZPoYEWTftrYV9YSL885dYU3h1nd5a0q/iZaTFPMS0EZNIveg6gqJ/
Tr6u8UHVL79w07fFf5dbEI31SsQR9EBcPv0vLtNjuGfaRvZMItXkvFlvUwOaG/oD
EX4lnvRPI1yYuoBY3Y6tejOGqIUT93B3vtw3ioLMygrvpnPTVaPUwDqLNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ3WXxff83348bxKRMA746kuCPZMB8GA1UdIwQY
MBaAFITWDS3GrYKiVw4AAP3Zk5SLxFTYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAt
NTRmNmJjODVhYWMwLzEvdERkWmZGOV96ZmZqeHZFcEV3RHZqcVM0STlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAtNTRmNmJjODVhYWMw
LzEvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0G
CSqGSIb3DQEBCwUAA4IBAQAqkw+9RcmSNM1Zw2wZ5rNRjNnI+dwXNo4fKIGuNVsp
H6aCuHfBkldwyQmjDyu33jJDeItR4z9NCtCP20CzGrVnef7i04L7rS28Iw7HYWzR
VYp89gfclYfUVZtBcT57x6+903+WnIBFSxOucQz/ST4xr8Q0NowvXheajyjFGW5V
izRHyZlOGsU603qcWw1Naor+OUKvRC2YiYzIzLWhzJjbml2NEI4oovljkJcLxP7P
L+/8M1g8mO6fjlDlbaFbyflguO70OioXqm8SakVJTCJyQNoFXQnl1TI6FNK0WXKJ
gj3vVO2Q+YtDHNmJJHBtzHZynGuH+rq5a/XTiaaiClSr
-----END CERTIFICATE-----