Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pGvZFqdJfVwAhNj34rEhjtwcqqs.roa
File:                     pGvZFqdJfVwAhNj34rEhjtwcqqs.roa (raw, json)
Hash identifier:          xskFCPdKZw/j4SJCIetQoQZeZl6kQRAE9JdBqHbYOdY=
Subject key identifier:   A4:6B:D9:16:A7:49:7D:5C:00:84:D8:F7:E2:B1:21:8E:DC:1C:AA:AB
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       0194266B57DCE055F3853BC24CDC72A0FB9F
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pGvZFqdJfVwAhNj34rEhjtwcqqs.roa
Signing time:             Thu 02 Jan 2025 09:49:16 +0000
ROA not before:           Thu 02 Jan 2025 09:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41059
IP address blocks:        185.1.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:57:dc:e0:55:f3:85:3b:c2:4c:dc:72:a0:fb:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  2 09:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a46bd916a7497d5c0084d8f7e2b1218edc1caaab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d1:1c:c8:46:3f:fc:e3:e6:d8:ba:08:10:da:
                    eb:46:a5:3a:74:72:9f:d6:b3:e3:75:29:89:48:a1:
                    0b:56:b8:85:d7:ea:8c:e7:df:e8:ca:d8:5d:0a:a1:
                    cc:08:d3:f5:50:2b:a2:bb:bc:d5:b8:61:8d:ca:f7:
                    51:ea:1f:a5:c4:5e:5b:97:24:38:aa:89:11:53:27:
                    73:50:5e:e5:e6:5d:a5:87:ff:45:aa:5c:12:ac:a0:
                    2c:12:2b:b7:92:6d:84:b8:50:42:9d:fe:38:9b:89:
                    22:a7:db:a4:b3:92:2a:d4:a7:7a:dd:42:31:86:4c:
                    08:a5:7c:ca:80:81:f3:ee:19:44:c1:44:1c:fa:c9:
                    d9:ff:12:08:c6:63:cf:ea:20:39:90:3d:8d:6a:45:
                    64:0a:dc:7c:c5:6c:1f:47:86:fd:0c:20:1e:de:72:
                    16:cc:50:47:45:05:cc:ad:4b:85:b6:4d:10:e0:ed:
                    32:1e:ca:22:43:49:7b:f0:ce:c0:00:6b:74:f4:f5:
                    dc:85:fc:fe:67:89:4e:61:06:20:a5:e8:43:76:05:
                    1e:7a:96:49:63:5f:b4:c5:d4:08:a9:e5:83:16:97:
                    c0:7b:17:3d:31:e3:46:97:bc:6a:89:fd:19:f1:2b:
                    9f:7c:13:19:57:67:bb:b0:0e:64:a9:a0:27:73:56:
                    62:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6B:D9:16:A7:49:7D:5C:00:84:D8:F7:E2:B1:21:8E:DC:1C:AA:AB
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pGvZFqdJfVwAhNj34rEhjtwcqqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:07:fc:9a:4f:c6:ca:30:77:6b:b9:a2:a4:95:bc:48:bd:ea:
         85:08:94:82:5e:53:62:ca:ec:d5:d0:e0:2f:13:8c:2f:69:dd:
         13:18:64:cd:50:09:10:30:77:44:9c:e9:b3:a5:92:bc:e5:f5:
         d8:63:54:f1:32:b0:63:33:29:46:c6:ba:a7:0b:2d:4e:a1:00:
         c6:32:13:8f:f7:a5:d3:21:35:16:8a:0e:65:f3:89:b9:d6:04:
         a4:7f:18:2a:be:18:d8:b8:52:c6:3e:7b:68:64:e4:e4:77:51:
         e3:94:d4:97:58:d3:c0:8a:ad:78:53:12:59:bf:43:99:48:f6:
         78:79:a1:af:c0:28:93:c7:65:ec:17:2c:8d:a9:c9:63:35:bd:
         68:fc:61:e6:81:ac:a1:f1:87:72:f0:db:3d:67:41:93:9d:80:
         34:a8:61:26:00:df:ea:ba:04:7b:eb:f2:b7:f0:06:20:4e:94:
         9d:26:fc:96:25:c7:cb:14:86:09:12:8e:fa:58:87:ce:10:87:
         b3:8d:75:65:fd:a1:f3:c9:6d:c9:97:cd:78:8c:ad:65:8e:08:
         ea:65:a5:8c:98:06:ad:d2:e5:06:27:e6:c0:94:07:fa:c0:27:
         41:e4:b0:14:a0:88:1f:1b:45:8d:e5:24:51:cb:cb:2c:48:7d:
         b5:19:d8:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma1fc4FXzhTvCTNxyoPufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjUwMTAyMDk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDZiZDkxNmE3NDk3ZDVjMDA4NGQ4ZjdlMmIxMjE4ZWRjMWNhYWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydEcyEY//OPm2LoIENrrRqU6dHKf
1rPjdSmJSKELVriF1+qM59/oythdCqHMCNP1UCuiu7zVuGGNyvdR6h+lxF5blyQ4
qokRUydzUF7l5l2lh/9FqlwSrKAsEiu3km2EuFBCnf44m4kip9uks5Iq1Kd63UIx
hkwIpXzKgIHz7hlEwUQc+snZ/xIIxmPP6iA5kD2NakVkCtx8xWwfR4b9DCAe3nIW
zFBHRQXMrUuFtk0Q4O0yHsoiQ0l78M7AAGt09PXchfz+Z4lOYQYgpehDdgUeepZJ
Y1+0xdQIqeWDFpfAexc9MeNGl7xqif0Z8SuffBMZV2e7sA5kqaAnc1ZiFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRr2RanSX1cAITY9+KxIY7cHKqrMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvcEd2WkZxZEpmVndBaE5qMzRyRWhqdHdjcXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEoMA0G
CSqGSIb3DQEBCwUAA4IBAQA1B/yaT8bKMHdruaKklbxIveqFCJSCXlNiyuzV0OAv
E4wvad0TGGTNUAkQMHdEnOmzpZK85fXYY1TxMrBjMylGxrqnCy1OoQDGMhOP96XT
ITUWig5l84m51gSkfxgqvhjYuFLGPntoZOTkd1HjlNSXWNPAiq14UxJZv0OZSPZ4
eaGvwCiTx2XsFyyNqcljNb1o/GHmgayh8Ydy8Ns9Z0GTnYA0qGEmAN/qugR76/K3
8AYgTpSdJvyWJcfLFIYJEo76WIfOEIezjXVl/aHzyW3Jl814jK1ljgjqZaWMmAat
0uUGJ+bAlAf6wCdB5LAUoIgfG0WN5SRRy8ssSH21Gdj/
-----END CERTIFICATE-----