Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/Dg_nZXNMxQynE5ehC7tXyWYcMIY.roa
File:                     Dg_nZXNMxQynE5ehC7tXyWYcMIY.roa (raw, json)
Hash identifier:          GdXBqs86r5DAb+MyyV4wEtv+zLO6JrCMc/QjbYWwSSo=
Subject key identifier:   0E:0F:E7:65:73:4C:C5:0C:A7:13:97:A1:0B:BB:57:C9:66:1C:30:86
Certificate issuer:       /CN=b7a230316b3e258e9255f46b20802ae2f3cb46a0
Certificate serial:       01942369896E712B67CAFA79B2EDD0C89080
Authority key identifier: B7:A2:30:31:6B:3E:25:8E:92:55:F4:6B:20:80:2A:E2:F3:CB:46:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6IwMWs-JY6SVfRrIIAq4vPLRqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/Dg_nZXNMxQynE5ehC7tXyWYcMIY.roa
Signing time:             Wed 01 Jan 2025 19:48:26 +0000
ROA not before:           Wed 01 Jan 2025 19:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203836
IP address blocks:        185.66.132.0/24 maxlen: 24
                          185.66.133.0/24 maxlen: 24
                          185.66.134.0/24 maxlen: 24
                          185.66.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/t6IwMWs-JY6SVfRrIIAq4vPLRqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/t6IwMWs-JY6SVfRrIIAq4vPLRqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6IwMWs-JY6SVfRrIIAq4vPLRqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:89:6e:71:2b:67:ca:fa:79:b2:ed:d0:c8:90:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7a230316b3e258e9255f46b20802ae2f3cb46a0
        Validity
            Not Before: Jan  1 19:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e0fe765734cc50ca71397a10bbb57c9661c3086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:08:03:78:61:bf:a9:f0:c9:dc:3f:13:47:5b:
                    82:df:17:c8:ea:bd:82:97:f3:6c:8f:b4:ff:a9:5a:
                    15:f4:b9:c4:7a:29:53:d5:40:b3:41:23:4d:9b:b8:
                    8c:56:1b:51:dc:26:ae:d8:e7:52:83:5a:79:c6:60:
                    bb:bc:1e:d8:68:4f:36:1e:91:41:ec:99:50:c1:6a:
                    4e:15:38:d7:76:25:56:e1:bf:d4:e1:d9:db:68:6c:
                    8a:4d:80:86:68:86:81:2e:52:33:67:51:34:bf:f1:
                    b5:92:cc:06:55:aa:0f:76:ab:58:21:40:86:68:55:
                    57:4f:5f:59:ea:dd:3a:ee:1a:90:13:98:8f:6c:4f:
                    e3:f5:7d:13:72:b1:cb:84:42:d4:52:58:e3:51:0a:
                    d3:08:68:b5:02:7a:9c:00:e0:f5:cc:de:61:4b:14:
                    a6:cf:d3:5e:08:6c:82:d4:4e:44:e3:2f:e4:d6:64:
                    33:26:48:da:c2:d1:d3:cb:c6:7c:eb:40:c0:c6:12:
                    f0:03:bb:09:5e:07:53:91:19:79:df:29:f3:c5:89:
                    4f:08:6d:de:03:1b:b0:8f:88:00:b5:38:f6:d3:fa:
                    1e:4e:9d:ee:09:47:46:36:b7:f4:7a:dc:10:70:c7:
                    9c:b2:8c:d4:44:8f:af:44:f5:55:54:d6:20:55:b1:
                    26:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0F:E7:65:73:4C:C5:0C:A7:13:97:A1:0B:BB:57:C9:66:1C:30:86
            X509v3 Authority Key Identifier:
                keyid:B7:A2:30:31:6B:3E:25:8E:92:55:F4:6B:20:80:2A:E2:F3:CB:46:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6IwMWs-JY6SVfRrIIAq4vPLRqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/Dg_nZXNMxQynE5ehC7tXyWYcMIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/7fe559-2f1d-47e8-8466-ef9135a2c82f/1/t6IwMWs-JY6SVfRrIIAq4vPLRqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:f5:3b:6a:45:86:d0:86:fe:0b:77:4b:3e:23:5b:b8:9f:c8:
         09:59:37:64:aa:93:6f:82:02:8f:07:40:87:ff:ce:42:ae:e1:
         8e:b3:d4:4c:8b:15:15:dd:b8:5e:1d:da:bb:84:6c:63:64:98:
         3c:f8:2f:79:ec:4b:2f:84:f4:e3:15:1e:78:e7:5c:87:cf:dc:
         8a:12:67:d4:fe:95:b1:69:59:90:f2:ca:58:46:84:8e:00:1b:
         29:3e:4a:28:25:76:8f:7a:69:de:8e:a6:44:5f:57:76:c5:41:
         ad:7a:d1:21:f2:4c:c3:92:b4:d4:32:d7:42:77:37:3a:72:4a:
         7d:4f:c8:46:16:09:73:cb:96:7d:44:c6:b3:2c:6e:b4:a9:11:
         0e:c2:a8:1a:17:a2:57:09:bf:81:fb:eb:d8:c6:4d:54:a4:19:
         52:f1:5c:69:3b:4a:35:c5:f3:55:e6:8f:0a:40:68:ed:9e:dd:
         ee:2c:30:a0:dd:7f:c2:a6:71:ae:28:c6:01:7f:64:d2:22:b7:
         49:6a:ed:f5:c4:72:ab:97:bb:92:28:70:d7:7d:40:1b:5e:96:
         39:f4:ca:72:55:4f:a6:1d:7d:27:ab:f2:31:8d:37:a4:0c:de:
         15:76:22:77:d8:c9:cf:34:1d:05:05:73:b7:50:49:7d:ce:2a:
         4e:76:22:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaYlucStnyvp5su3QyJCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YTIzMDMxNmIzZTI1OGU5MjU1ZjQ2YjIwODAyYWUyZjNj
YjQ2YTAwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTBmZTc2NTczNGNjNTBjYTcxMzk3YTEwYmJiNTdjOTY2MWMzMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxggDeGG/qfDJ3D8TR1uC3xfI6r2C
l/Nsj7T/qVoV9LnEeilT1UCzQSNNm7iMVhtR3Cau2OdSg1p5xmC7vB7YaE82HpFB
7JlQwWpOFTjXdiVW4b/U4dnbaGyKTYCGaIaBLlIzZ1E0v/G1kswGVaoPdqtYIUCG
aFVXT19Z6t067hqQE5iPbE/j9X0TcrHLhELUUljjUQrTCGi1AnqcAOD1zN5hSxSm
z9NeCGyC1E5E4y/k1mQzJkjawtHTy8Z860DAxhLwA7sJXgdTkRl53ynzxYlPCG3e
Axuwj4gAtTj20/oeTp3uCUdGNrf0etwQcMecsozURI+vRPVVVNYgVbEmVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4P52VzTMUMpxOXoQu7V8lmHDCGMB8GA1UdIwQY
MBaAFLeiMDFrPiWOklX0ayCAKuLzy0agMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZJd01Xcy1KWTZTVmZScklJQXE0dlBMUnFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83ZmU1NTktMmYxZC00N2U4LTg0NjYt
ZWY5MTM1YTJjODJmLzEvRGdfblpYTk14UXluRTVlaEM3dFh5V1ljTUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83ZmU1NTktMmYxZC00N2U4LTg0NjYtZWY5MTM1YTJjODJm
LzEvdDZJd01Xcy1KWTZTVmZScklJQXE0dlBMUnFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUKEMA0G
CSqGSIb3DQEBCwUAA4IBAQBL9TtqRYbQhv4Ld0s+I1u4n8gJWTdkqpNvggKPB0CH
/85CruGOs9RMixUV3bheHdq7hGxjZJg8+C957EsvhPTjFR5451yHz9yKEmfU/pWx
aVmQ8spYRoSOABspPkooJXaPemnejqZEX1d2xUGtetEh8kzDkrTUMtdCdzc6ckp9
T8hGFglzy5Z9RMazLG60qREOwqgaF6JXCb+B++vYxk1UpBlS8VxpO0o1xfNV5o8K
QGjtnt3uLDCg3X/CpnGuKMYBf2TSIrdJau31xHKrl7uSKHDXfUAbXpY59MpyVU+m
HX0nq/IxjTekDN4VdiJ32MnPNB0FBXO3UEl9zipOdiIl
-----END CERTIFICATE-----