Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/zmLbz4eEw5NbODVzG7rLheEZc3E.roa
File:                     zmLbz4eEw5NbODVzG7rLheEZc3E.roa (raw, json)
Hash identifier:          I9hEe8qaNqq2mLBTSfEYmFwWzcg7/EdSdxzM8S+noz0=
Subject key identifier:   CE:62:DB:CF:87:84:C3:93:5B:38:35:73:1B:BA:CB:85:E1:19:73:71
Certificate issuer:       /CN=f061db4be695ea495a283bbe33022abd289d5ea8
Certificate serial:       01942747925DEBBF147CC92AFF4A69C7DC70
Authority key identifier: F0:61:DB:4B:E6:95:EA:49:5A:28:3B:BE:33:02:2A:BD:28:9D:5E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8GHbS-aV6klaKDu-MwIqvSidXqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/zmLbz4eEw5NbODVzG7rLheEZc3E.roa
Signing time:             Thu 02 Jan 2025 13:49:49 +0000
ROA not before:           Thu 02 Jan 2025 13:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59441
IP address blocks:        185.89.22.0/24 maxlen: 24
                          2a07:7ec0::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/8GHbS-aV6klaKDu-MwIqvSidXqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/8GHbS-aV6klaKDu-MwIqvSidXqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8GHbS-aV6klaKDu-MwIqvSidXqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:92:5d:eb:bf:14:7c:c9:2a:ff:4a:69:c7:dc:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f061db4be695ea495a283bbe33022abd289d5ea8
        Validity
            Not Before: Jan  2 13:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce62dbcf8784c3935b3835731bbacb85e1197371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b9:81:fe:3e:25:cb:c2:b7:d8:8f:af:8e:3e:
                    a2:23:92:a8:34:d0:87:c3:8f:f8:8f:76:8a:70:04:
                    9e:d3:77:4a:1f:d6:ce:89:26:ac:1d:88:e9:34:35:
                    a4:67:f4:ce:31:fa:bb:9e:ad:6b:e2:b3:77:5f:fc:
                    73:c8:76:c7:ee:c8:cc:af:3b:4f:0a:84:d7:33:19:
                    09:26:aa:71:93:fd:f1:73:80:cb:1e:08:3d:9c:15:
                    15:7d:52:20:b5:6f:62:68:d1:ea:65:5c:f7:6d:7d:
                    b9:1a:ab:a9:3e:f0:e7:8b:c6:ba:37:39:8d:d0:31:
                    fb:c4:2a:b1:ba:ff:ae:c4:50:95:3b:1f:49:f8:74:
                    83:7a:fa:f4:f5:dd:41:c3:ea:49:c1:c7:88:02:10:
                    b0:55:c4:b1:40:05:dd:51:10:24:8e:4e:ff:04:57:
                    d7:c3:53:51:1a:bb:18:3f:fa:bb:93:c6:c4:10:ce:
                    ab:3c:cd:e1:01:a5:e6:7e:83:e3:49:a5:22:df:f4:
                    07:ad:50:fc:e0:bb:21:b3:84:65:79:18:fb:fd:24:
                    31:33:c2:c9:fd:af:ea:c7:69:87:eb:ac:aa:b0:25:
                    7b:91:71:ee:81:47:27:a1:4b:f0:c9:b4:33:b5:c4:
                    aa:63:25:f1:8f:6e:3a:5e:0e:f8:0c:f2:d8:e0:db:
                    ad:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:62:DB:CF:87:84:C3:93:5B:38:35:73:1B:BA:CB:85:E1:19:73:71
            X509v3 Authority Key Identifier:
                keyid:F0:61:DB:4B:E6:95:EA:49:5A:28:3B:BE:33:02:2A:BD:28:9D:5E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8GHbS-aV6klaKDu-MwIqvSidXqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/zmLbz4eEw5NbODVzG7rLheEZc3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/25923b-f64e-4798-a37a-da3a3dee05d4/1/8GHbS-aV6klaKDu-MwIqvSidXqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.22.0/24
                IPv6:
                  2a07:7ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:42:55:27:d6:82:5f:0e:40:28:c5:b3:fe:8d:29:bc:23:d6:
         c4:dd:80:b0:43:8d:e7:58:51:84:5d:f2:a2:fd:50:84:29:a9:
         49:f5:66:41:73:60:2e:8f:a3:55:b4:2a:bb:df:f5:4b:22:5c:
         f8:4e:af:54:46:2a:bd:08:92:b4:38:b3:ed:91:e8:4f:bf:3e:
         84:e2:4a:cb:11:78:e1:61:88:2c:3f:9e:a2:d1:88:20:25:2d:
         23:4d:c3:f0:20:8e:09:ce:2a:fd:61:29:86:2a:3c:9e:4f:77:
         29:ab:0e:74:11:85:92:bd:48:19:f2:4e:e5:72:f7:fc:35:7e:
         af:ad:ac:be:3d:e1:4d:32:05:6e:56:c3:cb:7e:c3:8c:30:8a:
         14:d1:7d:c1:02:97:47:68:45:8f:39:c4:9e:5a:99:a9:57:97:
         81:19:c6:41:76:d1:d8:2d:c2:c7:fc:26:0c:0e:6c:22:f1:eb:
         55:cb:25:c9:46:66:3d:3d:12:38:04:15:62:43:02:95:72:54:
         d2:90:75:d8:b6:d5:b7:73:44:40:52:6c:4c:10:74:d9:ea:25:
         6e:38:44:65:50:2d:bd:e9:ca:23:8e:8b:79:d9:b3:c1:a2:cc:
         64:24:60:5b:f6:07:8b:dc:68:1f:2d:6c:9b:27:00:22:97:0d:
         4f:3e:4e:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR5Jd678UfMkq/0ppx9xwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNjFkYjRiZTY5NWVhNDk1YTI4M2JiZTMzMDIyYWJkMjg5
ZDVlYTgwHhcNMjUwMTAyMTM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTYyZGJjZjg3ODRjMzkzNWIzODM1NzMxYmJhY2I4NWUxMTk3MzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLmB/j4ly8K32I+vjj6iI5KoNNCH
w4/4j3aKcASe03dKH9bOiSasHYjpNDWkZ/TOMfq7nq1r4rN3X/xzyHbH7sjMrztP
CoTXMxkJJqpxk/3xc4DLHgg9nBUVfVIgtW9iaNHqZVz3bX25GqupPvDni8a6NzmN
0DH7xCqxuv+uxFCVOx9J+HSDevr09d1Bw+pJwceIAhCwVcSxQAXdURAkjk7/BFfX
w1NRGrsYP/q7k8bEEM6rPM3hAaXmfoPjSaUi3/QHrVD84Lshs4RleRj7/SQxM8LJ
/a/qx2mH66yqsCV7kXHugUcnoUvwybQztcSqYyXxj246Xg74DPLY4Nut1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM5i28+HhMOTWzg1cxu6y4XhGXNxMB8GA1UdIwQY
MBaAFPBh20vmlepJWig7vjMCKr0onV6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEdIYlMtYVY2a2xhS0R1LU13SXF2U2lkWHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8yNTkyM2ItZjY0ZS00Nzk4LWEzN2Et
ZGEzYTNkZWUwNWQ0LzEvem1MYno0ZUV3NU5iT0RWekc3ckxoZUVaYzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8yNTkyM2ItZjY0ZS00Nzk4LWEzN2EtZGEzYTNkZWUwNWQ0
LzEvOEdIYlMtYVY2a2xhS0R1LU13SXF2U2lkWHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVkWMA0E
AgACMAcDBQMqB37AMA0GCSqGSIb3DQEBCwUAA4IBAQCsQlUn1oJfDkAoxbP+jSm8
I9bE3YCwQ43nWFGEXfKi/VCEKalJ9WZBc2Auj6NVtCq73/VLIlz4Tq9URiq9CJK0
OLPtkehPvz6E4krLEXjhYYgsP56i0YggJS0jTcPwII4Jzir9YSmGKjyeT3cpqw50
EYWSvUgZ8k7lcvf8NX6vray+PeFNMgVuVsPLfsOMMIoU0X3BApdHaEWPOcSeWpmp
V5eBGcZBdtHYLcLH/CYMDmwi8etVyyXJRmY9PRI4BBViQwKVclTSkHXYttW3c0RA
UmxMEHTZ6iVuOERlUC296cojjot52bPBosxkJGBb9geL3GgfLWybJwAilw1PPk5+
-----END CERTIFICATE-----