Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/dXA2sXCeF-zEI-_J4kU7kczSGDo.roa
File:                     dXA2sXCeF-zEI-_J4kU7kczSGDo.roa (raw, json)
Hash identifier:          yLUH5uzp/Ib7vlJR5HEnjKQN0s3hZM+CwSBPhsePj6Y=
Subject key identifier:   75:70:36:B1:70:9E:17:EC:C4:23:EF:C9:E2:45:3B:91:CC:D2:18:3A
Certificate issuer:       /CN=53b105065c0d9139b5ffedc32c900cf64b4312eb
Certificate serial:       0194236A255B84937F978BFC59D92C990FF7
Authority key identifier: 53:B1:05:06:5C:0D:91:39:B5:FF:ED:C3:2C:90:0C:F6:4B:43:12:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/dXA2sXCeF-zEI-_J4kU7kczSGDo.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51088
IP address blocks:        185.41.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:25:5b:84:93:7f:97:8b:fc:59:d9:2c:99:0f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b105065c0d9139b5ffedc32c900cf64b4312eb
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=757036b1709e17ecc423efc9e2453b91ccd2183a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0c:b5:80:d2:cc:ea:91:7c:fe:14:95:d5:a8:
                    12:73:0a:07:af:0e:d6:06:1a:57:c0:80:ee:75:93:
                    a8:fb:b2:c9:8c:a5:6d:55:1e:02:18:48:e1:3c:b6:
                    29:92:70:73:90:3f:da:47:7d:76:af:9e:f8:86:55:
                    04:28:a3:f1:67:92:60:d8:36:6a:16:11:8a:eb:5b:
                    d6:1b:9f:e1:e8:37:71:07:88:20:81:b2:42:64:57:
                    33:09:b1:58:f5:f1:73:bd:09:dc:a6:8b:24:27:01:
                    58:14:94:3a:b3:18:06:79:fa:67:e0:f5:9c:28:63:
                    76:83:34:4a:fe:c6:da:ff:bc:b4:3b:70:42:f0:6f:
                    56:59:5a:03:c4:f9:8e:73:9c:76:94:59:ed:34:af:
                    8a:f3:55:b0:12:47:0a:5a:3f:2e:e4:18:ce:78:83:
                    60:f1:4c:23:04:62:1e:4a:2c:24:6d:52:96:f1:32:
                    a4:09:44:79:c7:ce:30:4b:5d:6a:d4:f7:0e:67:23:
                    d8:69:d6:5a:58:c6:e0:ba:1b:fb:78:e8:2c:af:8c:
                    74:75:04:7a:65:95:70:7e:ab:4a:66:36:3e:14:77:
                    47:81:59:ad:87:07:73:87:0f:73:8f:42:cf:83:fa:
                    bc:c3:f6:aa:b1:51:ce:36:55:8e:e7:04:45:4f:84:
                    c0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:70:36:B1:70:9E:17:EC:C4:23:EF:C9:E2:45:3B:91:CC:D2:18:3A
            X509v3 Authority Key Identifier:
                keyid:53:B1:05:06:5C:0D:91:39:B5:FF:ED:C3:2C:90:0C:F6:4B:43:12:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7EFBlwNkTm1_-3DLJAM9ktDEus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/dXA2sXCeF-zEI-_J4kU7kczSGDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/81c091-0a4e-4005-be22-a7e86453abcd/1/U7EFBlwNkTm1_-3DLJAM9ktDEus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:a0:82:fe:65:9c:95:88:e9:5b:0d:9b:a6:da:5f:13:ed:b0:
         78:39:21:d1:b7:5a:af:c6:f0:72:ec:a1:e9:8f:1a:02:fa:a4:
         5d:d4:15:d5:13:f5:04:fc:00:e8:cd:12:82:a2:b4:91:c0:14:
         40:7c:38:6b:a0:fe:a8:27:42:13:d2:55:ba:ac:b7:9c:96:56:
         a8:70:c5:a6:8a:58:f4:ae:89:9c:db:d0:64:a8:a6:6a:31:77:
         9c:3d:07:a2:93:5d:c3:63:b6:7f:d0:d0:43:43:1f:0a:6a:2c:
         2f:72:4f:cc:1e:9b:5f:07:0f:87:c4:48:f9:c7:8e:45:64:3f:
         aa:d1:d3:c0:94:0d:6b:a3:ae:52:c5:a5:fc:46:b9:f8:d2:0d:
         63:af:43:3e:35:2f:e7:91:2a:34:bf:75:1f:e8:fe:3e:ac:79:
         f7:23:8e:35:b3:be:3a:d7:7e:7a:eb:30:84:97:73:58:0c:fe:
         b6:65:9a:79:88:ec:94:dd:ac:f6:09:a0:dd:49:76:33:11:a4:
         0b:38:a7:cb:05:b7:6d:6f:21:e2:58:bc:f1:91:e1:b0:2e:9f:
         36:69:ab:95:c3:c4:d7:25:6d:b4:4d:25:8e:ae:db:40:61:59:
         06:60:52:f2:ee:23:de:d5:c5:d2:40:32:db:a9:8d:b3:b1:bb:
         bb:88:0c:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiVbhJN/l4v8WdksmQ/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjEwNTA2NWMwZDkxMzliNWZmZWRjMzJjOTAwY2Y2NGI0
MzEyZWIwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTcwMzZiMTcwOWUxN2VjYzQyM2VmYzllMjQ1M2I5MWNjZDIxODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowy1gNLM6pF8/hSV1agScwoHrw7W
BhpXwIDudZOo+7LJjKVtVR4CGEjhPLYpknBzkD/aR312r574hlUEKKPxZ5Jg2DZq
FhGK61vWG5/h6DdxB4gggbJCZFczCbFY9fFzvQncposkJwFYFJQ6sxgGefpn4PWc
KGN2gzRK/sba/7y0O3BC8G9WWVoDxPmOc5x2lFntNK+K81WwEkcKWj8u5BjOeINg
8UwjBGIeSiwkbVKW8TKkCUR5x84wS11q1PcOZyPYadZaWMbguhv7eOgsr4x0dQR6
ZZVwfqtKZjY+FHdHgVmthwdzhw9zj0LPg/q8w/aqsVHONlWO5wRFT4TAPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVwNrFwnhfsxCPvyeJFO5HM0hg6MB8GA1UdIwQY
MBaAFFOxBQZcDZE5tf/twyyQDPZLQxLrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdFRkJsd05rVG0xXy0zRExKQU05a3RERXVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MWMwOTEtMGE0ZS00MDA1LWJlMjIt
YTdlODY0NTNhYmNkLzEvZFhBMnNYQ2VGLXpFSS1fSjRrVTdrY3pTR0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MWMwOTEtMGE0ZS00MDA1LWJlMjItYTdlODY0NTNhYmNk
LzEvVTdFRkJsd05rVG0xXy0zRExKQU05a3RERXVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSl8MA0G
CSqGSIb3DQEBCwUAA4IBAQC3oIL+ZZyViOlbDZum2l8T7bB4OSHRt1qvxvBy7KHp
jxoC+qRd1BXVE/UE/ADozRKCorSRwBRAfDhroP6oJ0IT0lW6rLecllaocMWmilj0
romc29BkqKZqMXecPQeik13DY7Z/0NBDQx8Kaiwvck/MHptfBw+HxEj5x45FZD+q
0dPAlA1ro65SxaX8Rrn40g1jr0M+NS/nkSo0v3Uf6P4+rHn3I441s74613566zCE
l3NYDP62ZZp5iOyU3az2CaDdSXYzEaQLOKfLBbdtbyHiWLzxkeGwLp82aauVw8TX
JW20TSWOrttAYVkGYFLy7iPe1cXSQDLbqY2zsbu7iAxE
-----END CERTIFICATE-----