Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IVogcCidyN1dNuwpsamnpeeBOzo.roa
File:                     IVogcCidyN1dNuwpsamnpeeBOzo.roa (raw, json)
Hash identifier:          dkkhuPZPZuxNohscz0NJjTL21i/+81ygggp48FtsTTU=
Subject key identifier:   21:5A:20:70:28:9D:C8:DD:5D:36:EC:29:B1:A9:A7:A5:E7:81:3B:3A
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       01957FEF3C7599E959905055A3D47DD72204
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IVogcCidyN1dNuwpsamnpeeBOzo.roa
Signing time:             Mon 10 Mar 2025 12:02:19 +0000
ROA not before:           Mon 10 Mar 2025 12:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25211
IP address blocks:        85.11.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 00:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7f:ef:3c:75:99:e9:59:90:50:55:a3:d4:7d:d7:22:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Mar 10 12:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=215a2070289dc8dd5d36ec29b1a9a7a5e7813b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3f:41:57:df:48:75:96:69:ec:04:83:c3:c8:
                    46:03:80:61:37:d8:3d:6c:35:35:7d:d4:0b:ac:75:
                    b0:db:72:0d:be:8d:87:52:90:43:8e:4b:c0:3b:a5:
                    38:3f:12:50:b7:46:7f:a8:5e:be:05:ce:83:b8:33:
                    46:fb:22:9b:3b:ef:f5:75:7f:63:eb:82:86:73:e9:
                    d0:88:fa:20:ed:2e:9f:53:54:4d:0f:ee:4e:0e:8a:
                    89:fc:29:ef:6c:fb:e6:c1:18:14:c1:ed:f8:ce:51:
                    7c:38:31:f9:19:ba:fd:b0:e4:22:16:6b:3b:8a:f5:
                    69:f1:69:19:ee:84:63:45:c2:45:29:e5:d9:55:8c:
                    b6:1d:e6:15:ed:7b:55:46:58:9c:ef:f4:84:d6:49:
                    81:27:43:e8:b9:4a:b5:49:fe:bd:05:91:49:dd:56:
                    b4:73:c2:8c:b5:40:56:88:79:8e:03:0a:59:03:9b:
                    e0:9f:2c:17:30:8f:55:7b:b2:81:1f:88:85:12:3f:
                    ed:32:f5:58:ca:89:56:6c:64:44:d9:bd:de:04:57:
                    2e:69:08:ca:eb:7d:c4:07:d7:1b:e1:69:37:2d:ee:
                    44:db:bc:04:30:fa:a5:b9:4a:74:7e:90:e6:83:65:
                    5c:db:6a:86:93:9b:2a:b0:56:38:f1:da:3a:fe:39:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5A:20:70:28:9D:C8:DD:5D:36:EC:29:B1:A9:A7:A5:E7:81:3B:3A
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IVogcCidyN1dNuwpsamnpeeBOzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f5:e1:47:c7:6e:c9:9f:2b:6b:89:de:fd:29:2e:41:23:1b:
         6a:cf:de:a2:33:e0:c2:b5:4d:bb:48:54:0b:d9:9c:02:c7:15:
         da:48:00:75:df:ae:53:26:45:d0:5e:1a:22:b9:c0:20:23:8f:
         2b:27:57:09:d2:10:7d:9b:4e:9d:73:26:af:7e:2a:61:0d:df:
         1c:99:f1:df:0b:33:44:89:15:07:c1:2e:84:3a:0d:e0:50:bc:
         27:2a:fc:a4:50:3b:66:7e:9b:f6:f3:a0:a5:cc:5e:8f:58:09:
         34:78:ad:da:24:e9:f2:d5:d9:2e:60:f6:00:d9:0e:e1:2a:22:
         f0:74:6d:22:f8:37:fa:c7:b8:2b:74:1a:d1:fd:04:3d:6c:2f:
         b5:8f:fb:43:49:df:ee:cf:d5:51:01:9f:0a:4e:ba:5e:db:6f:
         4b:6f:67:ed:1b:f8:68:72:57:ea:6b:43:ab:b7:23:bc:27:47:
         fb:ac:e5:95:ef:6f:d5:b4:4f:7a:3b:1f:d0:0f:2d:d5:a4:ad:
         d8:11:b7:b3:38:5c:e3:1f:2b:9f:4a:30:5f:29:47:1d:80:a3:
         b0:30:ac:7b:18:2b:1f:99:33:c4:b2:7d:dd:7f:54:0e:f3:6b:
         e7:1b:c6:8c:81:01:eb:2a:de:a6:a0:06:8d:a7:5f:61:26:98:
         4b:5b:c0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV/7zx1melZkFBVo9R91yIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjUwMzEwMTIwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTVhMjA3MDI4OWRjOGRkNWQzNmVjMjliMWE5YTdhNWU3ODEzYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyj9BV99IdZZp7ASDw8hGA4BhN9g9
bDU1fdQLrHWw23INvo2HUpBDjkvAO6U4PxJQt0Z/qF6+Bc6DuDNG+yKbO+/1dX9j
64KGc+nQiPog7S6fU1RND+5ODoqJ/CnvbPvmwRgUwe34zlF8ODH5Gbr9sOQiFms7
ivVp8WkZ7oRjRcJFKeXZVYy2HeYV7XtVRlic7/SE1kmBJ0PouUq1Sf69BZFJ3Va0
c8KMtUBWiHmOAwpZA5vgnywXMI9Ve7KBH4iFEj/tMvVYyolWbGRE2b3eBFcuaQjK
633EB9cb4Wk3Le5E27wEMPqluUp0fpDmg2Vc22qGk5sqsFY48do6/jn6iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFaIHAoncjdXTbsKbGpp6XngTs6MB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvSVZvZ2NDaWR5TjFkTnV3cHNhbW5wZWVCT3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQujMA0G
CSqGSIb3DQEBCwUAA4IBAQAo9eFHx27Jnytrid79KS5BIxtqz96iM+DCtU27SFQL
2ZwCxxXaSAB1365TJkXQXhoiucAgI48rJ1cJ0hB9m06dcyavfiphDd8cmfHfCzNE
iRUHwS6EOg3gULwnKvykUDtmfpv286ClzF6PWAk0eK3aJOny1dkuYPYA2Q7hKiLw
dG0i+Df6x7grdBrR/QQ9bC+1j/tDSd/uz9VRAZ8KTrpe229Lb2ftG/hoclfqa0Or
tyO8J0f7rOWV72/VtE96Ox/QDy3VpK3YEbezOFzjHyufSjBfKUcdgKOwMKx7GCsf
mTPEsn3df1QO82vnG8aMgQHrKt6moAaNp19hJphLW8Du
-----END CERTIFICATE-----