Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/rKcLia0y-4QlTSWH-I5frDT77pU.roa
File:                     rKcLia0y-4QlTSWH-I5frDT77pU.roa (raw, json)
Hash identifier:          dvn3H9WJWj8AZKwySDQ1F4qo4Fa0dQjkVokla1Xiyhc=
Subject key identifier:   AC:A7:0B:89:AD:32:FB:84:25:4D:25:87:F8:8E:5F:AC:34:FB:EE:95
Certificate issuer:       /CN=2f883bd4ea4e3deb28b894b190f8e08baf06f1cc
Certificate serial:       0194266B6A9C0A9011B14181B8FAB33D4B59
Authority key identifier: 2F:88:3B:D4:EA:4E:3D:EB:28:B8:94:B1:90:F8:E0:8B:AF:06:F1:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/rKcLia0y-4QlTSWH-I5frDT77pU.roa
Signing time:             Thu 02 Jan 2025 09:49:21 +0000
ROA not before:           Thu 02 Jan 2025 09:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.230.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:6a:9c:0a:90:11:b1:41:81:b8:fa:b3:3d:4b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f883bd4ea4e3deb28b894b190f8e08baf06f1cc
        Validity
            Not Before: Jan  2 09:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aca70b89ad32fb84254d2587f88e5fac34fbee95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a7:f9:76:9d:3d:21:c6:8e:4a:72:b7:a7:95:
                    72:04:98:24:0a:d7:d0:cb:e4:67:41:85:70:4f:b7:
                    db:01:8c:57:e0:a0:7f:28:1e:72:75:89:d0:9e:24:
                    34:b9:f0:76:89:01:51:86:04:18:b9:88:c1:fd:fd:
                    fd:3b:82:bd:e6:f2:04:1d:5c:13:d6:10:a4:a9:e2:
                    b4:be:9f:ce:07:d4:66:ea:bb:76:50:40:ea:07:0c:
                    66:f1:e7:38:de:64:0a:ed:1c:eb:51:b6:55:69:1b:
                    41:51:34:24:6e:0c:73:49:e4:32:2d:9f:6c:30:a2:
                    6d:7b:51:3b:8b:8c:f1:ee:5f:3d:03:1e:b8:4e:aa:
                    37:23:51:f9:b2:bd:6c:0b:cd:0b:00:e5:cb:06:4d:
                    99:c8:d1:66:0b:c4:e9:17:a4:30:ab:92:4b:86:fc:
                    53:8a:bd:da:14:cd:55:f2:32:25:94:43:06:2e:f0:
                    12:d8:cb:e0:ec:d7:a2:3c:4b:97:d9:c2:ad:82:42:
                    8c:6f:41:38:0d:08:ab:9c:93:95:97:e6:16:39:73:
                    03:48:ab:0c:a5:4c:1b:86:fb:80:b4:f8:4b:3f:ee:
                    c3:33:c0:25:f6:b7:35:3f:a5:c7:f8:3e:4b:4c:08:
                    10:1e:b0:fb:dd:90:53:88:48:ab:12:fc:52:5f:11:
                    d1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A7:0B:89:AD:32:FB:84:25:4D:25:87:F8:8E:5F:AC:34:FB:EE:95
            X509v3 Authority Key Identifier:
                keyid:2F:88:3B:D4:EA:4E:3D:EB:28:B8:94:B1:90:F8:E0:8B:AF:06:F1:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4g71OpOPesouJSxkPjgi68G8cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/rKcLia0y-4QlTSWH-I5frDT77pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b34d6f-66dc-4498-b205-79b6733bc5e6/1/L4g71OpOPesouJSxkPjgi68G8cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:3a:6f:16:d8:f5:18:76:27:92:29:36:a9:12:e5:a4:27:5c:
         93:7f:29:23:40:88:67:45:06:44:d6:31:45:18:70:b7:90:7a:
         97:14:ab:93:bb:02:d4:4e:99:7e:9f:51:89:f9:87:d1:da:03:
         9d:47:8a:1f:79:d6:1e:5f:b4:f6:cb:ee:88:12:92:fb:8a:cd:
         3a:3e:9d:4b:c5:9d:ce:ff:b1:38:df:6e:7a:1b:15:b6:cb:b7:
         d9:c8:f8:3d:0f:96:67:4c:12:b2:0a:00:dc:25:f0:14:8b:06:
         ad:53:5c:b6:d6:b6:f0:ca:76:83:fe:98:5c:30:15:95:18:68:
         25:62:53:c2:71:8d:30:a4:3f:2a:6a:1a:4d:9a:cb:27:2b:ed:
         1b:f3:ba:b7:4f:24:d8:f9:b9:68:a1:4c:15:56:87:b8:23:39:
         4e:5e:be:92:d1:e8:fa:e3:59:66:ab:f5:79:cf:be:c3:e5:0e:
         38:f5:2c:8f:a5:83:99:89:da:c6:01:a9:c4:3e:51:b6:5e:7d:
         91:86:a9:8e:36:e8:bf:6b:81:7c:f0:14:35:79:ae:c4:fb:8c:
         86:63:74:1f:63:8f:f5:a2:85:ae:55:84:4d:ad:81:ef:f4:a1:
         56:79:68:0f:ab:71:8e:b0:28:6e:b7:54:49:ec:05:2a:f8:33:
         7b:bb:29:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma2qcCpARsUGBuPqzPUtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODgzYmQ0ZWE0ZTNkZWIyOGI4OTRiMTkwZjhlMDhiYWYw
NmYxY2MwHhcNMjUwMTAyMDk0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E3MGI4OWFkMzJmYjg0MjU0ZDI1ODdmODhlNWZhYzM0ZmJlZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKf5dp09IcaOSnK3p5VyBJgkCtfQ
y+RnQYVwT7fbAYxX4KB/KB5ydYnQniQ0ufB2iQFRhgQYuYjB/f39O4K95vIEHVwT
1hCkqeK0vp/OB9Rm6rt2UEDqBwxm8ec43mQK7RzrUbZVaRtBUTQkbgxzSeQyLZ9s
MKJte1E7i4zx7l89Ax64Tqo3I1H5sr1sC80LAOXLBk2ZyNFmC8TpF6Qwq5JLhvxT
ir3aFM1V8jIllEMGLvAS2Mvg7NeiPEuX2cKtgkKMb0E4DQirnJOVl+YWOXMDSKsM
pUwbhvuAtPhLP+7DM8Al9rc1P6XH+D5LTAgQHrD73ZBTiEirEvxSXxHRvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKynC4mtMvuEJU0lh/iOX6w0++6VMB8GA1UdIwQY
MBaAFC+IO9TqTj3rKLiUsZD44IuvBvHMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRnNzFPcE9QZXNvdUpTeGtQamdpNjhHOGN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iMzRkNmYtNjZkYy00NDk4LWIyMDUt
NzliNjczM2JjNWU2LzEvcktjTGlhMHktNFFsVFNXSC1JNWZyRFQ3N3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iMzRkNmYtNjZkYy00NDk4LWIyMDUtNzliNjczM2JjNWU2
LzEvTDRnNzFPcE9QZXNvdUpTeGtQamdpNjhHOGN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueZpMA0G
CSqGSIb3DQEBCwUAA4IBAQAfOm8W2PUYdieSKTapEuWkJ1yTfykjQIhnRQZE1jFF
GHC3kHqXFKuTuwLUTpl+n1GJ+YfR2gOdR4ofedYeX7T2y+6IEpL7is06Pp1LxZ3O
/7E43256GxW2y7fZyPg9D5ZnTBKyCgDcJfAUiwatU1y21rbwynaD/phcMBWVGGgl
YlPCcY0wpD8qahpNmssnK+0b87q3TyTY+blooUwVVoe4IzlOXr6S0ej641lmq/V5
z77D5Q449SyPpYOZidrGAanEPlG2Xn2RhqmONui/a4F88BQ1ea7E+4yGY3QfY4/1
ooWuVYRNrYHv9KFWeWgPq3GOsChut1RJ7AUq+DN7uylV
-----END CERTIFICATE-----