Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/RhrEJBm06vcPBY7X0Je_fY5rgcI.roa
File:                     RhrEJBm06vcPBY7X0Je_fY5rgcI.roa (raw, json)
Hash identifier:          4yKx6aLoX0+QkHu1SlH9OK51/kRC6FYJDLkFroupLIw=
Subject key identifier:   46:1A:C4:24:19:B4:EA:F7:0F:05:8E:D7:D0:97:BF:7D:8E:6B:81:C2
Certificate issuer:       /CN=425bf4375f17a0357019690301f9419324ff7d44
Certificate serial:       019420686A1B9F5D19FCA95500B1AB2FE8AB
Authority key identifier: 42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/RhrEJBm06vcPBY7X0Je_fY5rgcI.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199989
IP address blocks:        185.6.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6a:1b:9f:5d:19:fc:a9:55:00:b1:ab:2f:e8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=425bf4375f17a0357019690301f9419324ff7d44
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=461ac42419b4eaf70f058ed7d097bf7d8e6b81c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:41:b5:58:de:66:d2:1a:81:7c:76:13:63:64:
                    da:e1:fb:4f:66:ff:aa:1c:cc:22:50:92:09:4b:bc:
                    11:6e:84:a8:dd:1d:d8:c2:f8:78:72:84:1a:d9:96:
                    fb:40:00:68:ad:b7:eb:2f:a8:7c:52:f8:ce:ee:93:
                    fa:b1:63:3a:12:00:9b:c2:1f:60:c8:1f:38:83:ed:
                    db:92:77:6a:54:b6:87:00:ca:5a:d9:bf:9c:b7:c2:
                    ba:73:18:76:c9:80:16:e8:dc:55:99:22:98:9b:a3:
                    78:1d:74:32:98:1d:30:34:75:b4:bc:33:e5:e9:93:
                    3e:5a:11:10:6d:ea:2b:f7:95:cb:ea:f9:71:d8:b3:
                    9f:1c:3d:6b:02:14:71:ad:ba:30:63:cc:a1:73:da:
                    1f:ce:42:77:0f:ca:af:a9:3b:4a:65:a6:8d:d7:c7:
                    3a:87:6b:aa:8e:43:9a:1e:dc:cb:e7:c7:84:13:58:
                    c3:5b:b6:98:41:69:77:40:08:71:d7:62:63:62:fd:
                    54:8f:60:df:60:3e:82:fa:87:63:22:c6:94:38:d4:
                    0b:19:0c:3c:bd:b3:65:f2:c1:73:7a:84:9c:e8:cd:
                    1c:5f:8f:15:5c:46:5f:28:b9:ec:23:af:0d:da:be:
                    3c:c8:40:07:3e:54:13:3d:4c:d3:1e:4a:2a:e8:c5:
                    4b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1A:C4:24:19:B4:EA:F7:0F:05:8E:D7:D0:97:BF:7D:8E:6B:81:C2
            X509v3 Authority Key Identifier:
                keyid:42:5B:F4:37:5F:17:A0:35:70:19:69:03:01:F9:41:93:24:FF:7D:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qlv0N18XoDVwGWkDAflBkyT_fUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/RhrEJBm06vcPBY7X0Je_fY5rgcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f28a75-d53f-4e9f-82dd-f0ed8fe82b97/1/Qlv0N18XoDVwGWkDAflBkyT_fUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:35:7a:c8:db:1f:df:5f:43:7a:ce:92:38:03:dd:f2:70:23:
         04:61:f2:59:29:b8:f4:bc:11:da:b1:39:4d:da:bf:07:9c:a2:
         54:90:52:d0:9e:0e:16:bd:9c:ea:57:56:d3:db:45:52:66:79:
         de:2e:4d:79:5c:42:17:6c:86:db:e0:19:80:a1:51:9a:df:35:
         12:83:65:25:53:85:36:e5:2b:5d:2f:df:00:0e:5b:6a:8d:27:
         b1:dd:2f:f8:8b:4f:8f:7d:cf:2e:58:37:f1:cc:9e:1e:d4:51:
         29:dd:db:35:0b:10:8d:66:0f:40:bb:49:2d:fe:03:86:3a:1d:
         44:b6:2f:16:de:7a:9b:32:27:99:cd:ca:25:ec:52:06:80:73:
         26:30:51:2a:db:99:8f:bd:16:0c:01:44:e7:13:40:63:29:71:
         2c:3e:96:90:47:9f:ec:e3:3a:2b:00:c9:7b:05:69:7d:b7:b8:
         61:9a:85:a4:0c:59:66:9b:54:6c:2e:23:4b:5f:c1:82:bf:4c:
         9f:a8:4c:fe:1d:c3:0d:44:8b:ac:06:79:d7:5f:4d:12:0b:b8:
         52:fc:58:7a:08:0f:c0:0f:b6:b6:c4:e8:c0:19:d4:0c:fa:d8:
         8e:2b:04:fd:ae:c7:03:f3:21:ca:6c:76:74:44:d2:00:14:ae:
         69:84:1c:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGobn10Z/KlVALGrL+irMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNWJmNDM3NWYxN2EwMzU3MDE5NjkwMzAxZjk0MTkzMjRm
ZjdkNDQwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFhYzQyNDE5YjRlYWY3MGYwNThlZDdkMDk3YmY3ZDhlNmI4MWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkG1WN5m0hqBfHYTY2Ta4ftPZv+q
HMwiUJIJS7wRboSo3R3Ywvh4coQa2Zb7QABorbfrL6h8UvjO7pP6sWM6EgCbwh9g
yB84g+3bkndqVLaHAMpa2b+ct8K6cxh2yYAW6NxVmSKYm6N4HXQymB0wNHW0vDPl
6ZM+WhEQbeor95XL6vlx2LOfHD1rAhRxrbowY8yhc9ofzkJ3D8qvqTtKZaaN18c6
h2uqjkOaHtzL58eEE1jDW7aYQWl3QAhx12JjYv1Uj2DfYD6C+odjIsaUONQLGQw8
vbNl8sFzeoSc6M0cX48VXEZfKLnsI68N2r48yEAHPlQTPUzTHkoq6MVL6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYaxCQZtOr3DwWO19CXv32Oa4HCMB8GA1UdIwQY
MBaAFEJb9DdfF6A1cBlpAwH5QZMk/31EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWx2ME4xOFhvRFZ3R1drREFmbEJreVRfZlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMjhhNzUtZDUzZi00ZTlmLTgyZGQt
ZjBlZDhmZTgyYjk3LzEvUmhyRUpCbTA2dmNQQlk3WDBKZV9mWTVyZ2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMjhhNzUtZDUzZi00ZTlmLTgyZGQtZjBlZDhmZTgyYjk3
LzEvUWx2ME4xOFhvRFZ3R1drREFmbEJreVRfZlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQZBMA0G
CSqGSIb3DQEBCwUAA4IBAQArNXrI2x/fX0N6zpI4A93ycCMEYfJZKbj0vBHasTlN
2r8HnKJUkFLQng4WvZzqV1bT20VSZnneLk15XEIXbIbb4BmAoVGa3zUSg2UlU4U2
5StdL98ADltqjSex3S/4i0+Pfc8uWDfxzJ4e1FEp3ds1CxCNZg9Au0kt/gOGOh1E
ti8W3nqbMieZzcol7FIGgHMmMFEq25mPvRYMAUTnE0BjKXEsPpaQR5/s4zorAMl7
BWl9t7hhmoWkDFlmm1RsLiNLX8GCv0yfqEz+HcMNRIusBnnXX00SC7hS/Fh6CA/A
D7a2xOjAGdQM+tiOKwT9rscD8yHKbHZ0RNIAFK5phBzJ
-----END CERTIFICATE-----