Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/RsZOcDmkBIUPjHAIBtXdE1isEIo.roa
File:                     RsZOcDmkBIUPjHAIBtXdE1isEIo.roa (raw, json)
Hash identifier:          YV+XRYidOStCwFSLI7pqeek9g91t1Wq016mp7gDOMSA=
Subject key identifier:   46:C6:4E:70:39:A4:04:85:0F:8C:70:08:06:D5:DD:13:58:AC:10:8A
Certificate issuer:       /CN=8e8b1071131763aadab1f294e37cd50adac0939c
Certificate serial:       019424B3C66F0BE5A1A7DBE9D57320BCC412
Authority key identifier: 8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/RsZOcDmkBIUPjHAIBtXdE1isEIo.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.55.132.0/24 maxlen: 24
                          185.55.133.0/24 maxlen: 24
                          185.55.134.0/24 maxlen: 24
                          185.55.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c6:6f:0b:e5:a1:a7:db:e9:d5:73:20:bc:c4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e8b1071131763aadab1f294e37cd50adac0939c
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46c64e7039a404850f8c700806d5dd1358ac108a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:74:67:d5:31:ce:f2:13:84:5b:dd:ea:62:02:
                    5c:3e:51:96:6d:fa:7d:07:d3:7a:2e:9e:d9:5a:86:
                    8f:5c:0d:52:3b:f5:34:b0:3b:f0:1f:1c:3b:2d:ca:
                    f3:cb:40:4b:29:4b:38:bd:f0:bf:fb:25:81:c9:1c:
                    71:25:c5:5c:ad:40:94:c8:b5:47:8e:8e:47:74:eb:
                    4a:f0:32:40:2b:0f:c8:1b:4e:9d:75:8e:9a:ad:8e:
                    08:e1:e3:71:64:cd:66:52:df:34:b5:1c:de:9d:87:
                    78:eb:61:02:7c:2f:82:8a:27:ca:60:fc:20:61:ad:
                    19:cf:32:66:bd:d2:83:1c:9a:5d:2f:b2:0a:88:d9:
                    9f:39:4a:49:a1:23:46:05:91:25:d8:f8:70:2f:a7:
                    99:8a:51:b8:fa:da:14:ea:7f:37:c0:a5:95:2b:3e:
                    e3:4b:c2:0f:70:66:74:ad:6f:25:20:74:6d:18:13:
                    20:ee:b6:b8:5b:f6:5e:a2:50:7f:2a:7f:8e:49:36:
                    5e:96:af:99:5d:ef:28:cb:29:af:c0:53:4d:76:ff:
                    a7:f0:86:a3:fe:29:66:61:bc:5a:b0:eb:49:00:7d:
                    20:af:b4:70:5b:0f:52:7c:33:92:66:db:7b:92:02:
                    23:f5:e1:ea:cf:ee:ac:d8:0a:12:d8:bd:b2:13:7a:
                    0e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C6:4E:70:39:A4:04:85:0F:8C:70:08:06:D5:DD:13:58:AC:10:8A
            X509v3 Authority Key Identifier:
                keyid:8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/RsZOcDmkBIUPjHAIBtXdE1isEIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:2a:cc:0f:cb:b0:de:a8:24:27:d0:d2:1a:aa:48:a3:3c:52:
         b4:5f:15:9c:8d:f6:31:e5:ea:8a:d7:19:b9:1f:8b:45:2a:fc:
         4d:ca:80:0d:0f:7c:d2:f5:b6:f6:5d:48:92:60:4f:bb:a3:59:
         d6:ed:e7:ab:4a:ff:89:34:a9:34:4d:ab:f2:8b:8a:5f:60:16:
         e1:46:36:ff:8d:09:39:97:ed:72:d1:ee:bc:78:1c:1f:96:c7:
         52:f6:9a:f2:63:a4:06:05:13:d4:18:22:df:32:53:5c:27:99:
         14:55:bb:e1:04:2e:90:68:15:6b:8c:8d:39:d6:23:41:d6:67:
         bd:bf:e3:bf:a8:cb:c5:12:99:56:e3:66:e1:51:72:df:a9:48:
         3e:78:f9:5a:83:99:d0:cd:27:50:80:4c:c5:0a:d0:a7:2a:53:
         3c:cf:6d:2f:3c:5e:e6:80:b4:8f:8c:78:bc:b1:ad:d2:dd:39:
         84:cb:60:58:6c:71:cd:01:f9:5d:9b:94:05:16:97:5e:37:37:
         ec:14:72:c4:47:23:d1:4b:45:1e:c9:31:4a:21:c3:d7:c5:08:
         2e:d3:d8:a3:78:9f:88:77:57:83:99:a3:85:02:35:19:7e:03:
         93:21:4f:86:8c:9f:81:5d:4a:f4:3e:1a:67:45:63:b0:73:9e:
         b7:35:a2:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8ZvC+Whp9vp1XMgvMQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOGIxMDcxMTMxNzYzYWFkYWIxZjI5NGUzN2NkNTBhZGFj
MDkzOWMwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmM2NGU3MDM5YTQwNDg1MGY4YzcwMDgwNmQ1ZGQxMzU4YWMxMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXRn1THO8hOEW93qYgJcPlGWbfp9
B9N6Lp7ZWoaPXA1SO/U0sDvwHxw7Lcrzy0BLKUs4vfC/+yWByRxxJcVcrUCUyLVH
jo5HdOtK8DJAKw/IG06ddY6arY4I4eNxZM1mUt80tRzenYd462ECfC+CiifKYPwg
Ya0ZzzJmvdKDHJpdL7IKiNmfOUpJoSNGBZEl2PhwL6eZilG4+toU6n83wKWVKz7j
S8IPcGZ0rW8lIHRtGBMg7ra4W/ZeolB/Kn+OSTZelq+ZXe8oyymvwFNNdv+n8Iaj
/ilmYbxasOtJAH0gr7RwWw9SfDOSZtt7kgIj9eHqz+6s2AoS2L2yE3oOMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbGTnA5pASFD4xwCAbV3RNYrBCKMB8GA1UdIwQY
MBaAFI6LEHETF2Oq2rHylON81QrawJOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAt
MWM5NGNiN2RmZWIzLzEvUnNaT2NEbWtCSVVQakhBSUJ0WGRFMWlzRUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAtMWM5NGNiN2RmZWIz
LzEvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTeEMA0G
CSqGSIb3DQEBCwUAA4IBAQAlKswPy7DeqCQn0NIaqkijPFK0XxWcjfYx5eqK1xm5
H4tFKvxNyoAND3zS9bb2XUiSYE+7o1nW7eerSv+JNKk0Tavyi4pfYBbhRjb/jQk5
l+1y0e68eBwflsdS9pryY6QGBRPUGCLfMlNcJ5kUVbvhBC6QaBVrjI051iNB1me9
v+O/qMvFEplW42bhUXLfqUg+ePlag5nQzSdQgEzFCtCnKlM8z20vPF7mgLSPjHi8
sa3S3TmEy2BYbHHNAfldm5QFFpdeNzfsFHLERyPRS0UeyTFKIcPXxQgu09ijeJ+I
d1eDmaOFAjUZfgOTIU+GjJ+BXUr0PhpnRWOwc563NaLZ
-----END CERTIFICATE-----