Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/ZnGF6W1D3X-NrkNFr6eImmQhdy8.roa
File:                     ZnGF6W1D3X-NrkNFr6eImmQhdy8.roa (raw, json)
Hash identifier:          Bt9KY5B97syBzqVEmQ0mMOoNBbtJyQudj313FGbVLOw=
Subject key identifier:   66:71:85:E9:6D:43:DD:7F:8D:AE:43:45:AF:A7:88:9A:64:21:77:2F
Certificate issuer:       /CN=18af6a06050e4ca26b2fdd13a7c0ad146cd26dc8
Certificate serial:       019426D9620115F607C407CA16F15AC7FB20
Authority key identifier: 18:AF:6A:06:05:0E:4C:A2:6B:2F:DD:13:A7:C0:AD:14:6C:D2:6D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GK9qBgUOTKJrL90Tp8CtFGzSbcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/ZnGF6W1D3X-NrkNFr6eImmQhdy8.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49402
IP address blocks:        185.56.220.0/24 maxlen: 24
                          185.56.221.0/24 maxlen: 24
                          185.56.222.0/24 maxlen: 24
                          193.169.48.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/GK9qBgUOTKJrL90Tp8CtFGzSbcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/GK9qBgUOTKJrL90Tp8CtFGzSbcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GK9qBgUOTKJrL90Tp8CtFGzSbcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:62:01:15:f6:07:c4:07:ca:16:f1:5a:c7:fb:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18af6a06050e4ca26b2fdd13a7c0ad146cd26dc8
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=667185e96d43dd7f8dae4345afa7889a6421772f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:7e:ae:b5:29:eb:fa:26:9e:ff:56:27:34:
                    7d:36:e3:d9:b9:d7:c9:1d:71:12:a4:60:15:7c:33:
                    09:f1:50:4b:da:a5:ef:4d:70:58:35:19:da:8a:09:
                    89:81:fe:43:fe:e1:e7:c3:8a:fd:03:4b:fa:53:33:
                    17:6f:e1:4d:ac:d2:5d:70:0e:75:28:11:9b:ec:8d:
                    cb:8b:68:12:5d:29:c4:9f:1f:d9:4a:8f:fe:38:b1:
                    9e:55:f5:6c:40:e7:fb:07:12:74:fd:ec:77:c6:44:
                    1f:30:d0:0f:2b:b6:41:79:22:2c:34:34:20:92:ec:
                    88:f4:a0:52:c8:d2:6c:da:d1:e6:f0:5b:74:1f:ad:
                    c7:91:0f:53:e7:1d:52:3b:9b:6b:9c:3b:0c:35:d9:
                    b4:2d:9a:3b:0a:a8:46:cf:ea:0f:02:dc:38:0b:27:
                    3f:98:bd:ed:27:69:91:41:fb:18:ff:97:84:51:b6:
                    35:db:ff:f4:06:0f:d2:5a:d9:23:62:aa:1a:73:7a:
                    ca:ee:4f:92:15:90:51:60:36:66:4d:04:54:1b:a7:
                    fe:60:7d:36:0a:6f:51:2b:b5:ca:30:cb:f2:97:75:
                    77:f8:a2:59:1f:77:5a:03:b4:d4:22:b8:06:8b:c3:
                    f5:1f:b2:9c:6e:61:ff:db:79:d1:6e:2d:da:a4:ec:
                    75:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:71:85:E9:6D:43:DD:7F:8D:AE:43:45:AF:A7:88:9A:64:21:77:2F
            X509v3 Authority Key Identifier:
                keyid:18:AF:6A:06:05:0E:4C:A2:6B:2F:DD:13:A7:C0:AD:14:6C:D2:6D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GK9qBgUOTKJrL90Tp8CtFGzSbcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/ZnGF6W1D3X-NrkNFr6eImmQhdy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1991fe-adf7-4352-ab83-0396e87f5202/1/GK9qBgUOTKJrL90Tp8CtFGzSbcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.220.0-185.56.222.255
                  193.169.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:f0:e4:1c:b3:1c:72:b8:08:21:31:f4:23:e1:8c:66:81:3f:
         c7:fb:58:d0:3b:28:d4:d2:53:cd:0d:b2:2c:ed:0f:1c:59:12:
         ed:77:08:78:30:5b:4f:5a:6c:a0:9c:23:45:2b:49:06:3f:97:
         c6:ea:c5:df:16:d0:b0:49:42:38:59:60:6e:6a:01:70:9c:2b:
         3f:1f:c4:2b:81:7b:6e:ad:ba:fe:9c:e3:2c:c6:28:3b:56:80:
         ce:29:8b:35:a7:c6:5d:86:94:c2:97:c7:e2:4b:e8:24:64:7d:
         c8:84:2a:99:fa:59:12:22:ca:c8:1d:b7:cc:16:c6:ec:af:31:
         c3:91:e2:b7:2f:f6:e1:92:f1:0e:52:0f:7f:ff:66:04:7a:b3:
         96:90:99:a7:23:2c:e5:ee:bc:7f:5b:62:a7:cb:08:74:a6:4e:
         e1:0a:e4:74:6e:d7:85:64:a6:70:8d:72:df:ac:85:84:1d:7c:
         22:ba:b3:71:aa:39:59:fe:a0:f8:6d:84:5c:d6:e9:f7:8a:3e:
         56:11:cb:15:53:58:ba:64:67:77:87:0b:5a:4f:3b:0e:00:8f:
         72:d9:58:4a:a3:26:53:75:60:2c:83:e4:9d:ba:78:3d:a8:5d:
         16:b3:48:49:10:5e:32:7d:bc:b3:e0:48:f7:3b:d8:0b:eb:06:
         a3:b2:8a:74
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQm2WIBFfYHxAfKFvFax/sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YWY2YTA2MDUwZTRjYTI2YjJmZGQxM2E3YzBhZDE0NmNk
MjZkYzgwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjcxODVlOTZkNDNkZDdmOGRhZTQzNDVhZmE3ODg5YTY0MjE3NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfB+rrUp6/omnv9WJzR9NuPZudfJ
HXESpGAVfDMJ8VBL2qXvTXBYNRnaigmJgf5D/uHnw4r9A0v6UzMXb+FNrNJdcA51
KBGb7I3Li2gSXSnEnx/ZSo/+OLGeVfVsQOf7BxJ0/ex3xkQfMNAPK7ZBeSIsNDQg
kuyI9KBSyNJs2tHm8Ft0H63HkQ9T5x1SO5trnDsMNdm0LZo7CqhGz+oPAtw4Cyc/
mL3tJ2mRQfsY/5eEUbY12//0Bg/SWtkjYqoac3rK7k+SFZBRYDZmTQRUG6f+YH02
Cm9RK7XKMMvyl3V3+KJZH3daA7TUIrgGi8P1H7KcbmH/23nRbi3apOx1cwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGZxheltQ91/ja5DRa+niJpkIXcvMB8GA1UdIwQY
MBaAFBivagYFDkyiay/dE6fArRRs0m3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0s5cUJnVU9US0pyTDkwVHA4Q3RGR3pTYmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xOTkxZmUtYWRmNy00MzUyLWFiODMt
MDM5NmU4N2Y1MjAyLzEvWm5HRjZXMUQzWC1OcmtORnI2ZUltbVFoZHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xOTkxZmUtYWRmNy00MzUyLWFiODMtMDM5NmU4N2Y1MjAy
LzEvR0s5cUJnVU9US0pyTDkwVHA4Q3RGR3pTYmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAK5ONwD
BAC5ON4DBAHBqTAwDQYJKoZIhvcNAQELBQADggEBACPw5ByzHHK4CCEx9CPhjGaB
P8f7WNA7KNTSU80NsiztDxxZEu13CHgwW09abKCcI0UrSQY/l8bqxd8W0LBJQjhZ
YG5qAXCcKz8fxCuBe26tuv6c4yzGKDtWgM4pizWnxl2GlMKXx+JL6CRkfciEKpn6
WRIiysgdt8wWxuyvMcOR4rcv9uGS8Q5SD3//ZgR6s5aQmacjLOXuvH9bYqfLCHSm
TuEK5HRu14VkpnCNct+shYQdfCK6s3GqOVn+oPhthFzW6feKPlYRyxVTWLpkZ3eH
C1pPOw4Aj3LZWEqjJlN1YCyD5J26eD2oXRazSEkQXjJ9vLPgSPc72AvrBqOyinQ=
-----END CERTIFICATE-----