Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/dDZBFwtap4thW-74sW-jVlXGuR4.roa
File:                     dDZBFwtap4thW-74sW-jVlXGuR4.roa (raw, json)
Hash identifier:          FLfuvFWVGolNmszXbBbS9jb1QikiZPyQXAU3cIWAlJQ=
Subject key identifier:   74:36:41:17:0B:5A:A7:8B:61:5B:EE:F8:B1:6F:A3:56:55:C6:B9:1E
Certificate issuer:       /CN=1e8f6a46ddf7f93ca2935ebe618246ae6dd31b0d
Certificate serial:       01941FFAADEBB40B30981BDC4C73F5845EF2
Authority key identifier: 1E:8F:6A:46:DD:F7:F9:3C:A2:93:5E:BE:61:82:46:AE:6D:D3:1B:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ho9qRt33-Tyik16-YYJGrm3TGw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/dDZBFwtap4thW-74sW-jVlXGuR4.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57712
IP address blocks:        176.106.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/Ho9qRt33-Tyik16-YYJGrm3TGw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/Ho9qRt33-Tyik16-YYJGrm3TGw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ho9qRt33-Tyik16-YYJGrm3TGw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ad:eb:b4:0b:30:98:1b:dc:4c:73:f5:84:5e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8f6a46ddf7f93ca2935ebe618246ae6dd31b0d
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=743641170b5aa78b615beef8b16fa35655c6b91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:37:a8:5d:d7:a6:6c:d9:f0:73:7d:ef:92:29:
                    29:84:c7:8f:d7:8b:f7:6a:95:19:86:d0:b4:3b:52:
                    a4:c1:a9:40:f4:0d:6c:14:6e:1a:8e:40:71:c5:31:
                    96:46:59:87:82:db:35:8c:f0:c2:1e:54:c1:62:28:
                    c3:d1:ed:2c:61:ce:c1:f8:38:89:7c:6b:75:c7:e3:
                    2b:18:b0:2b:0c:38:3c:51:21:b9:ab:f0:58:9e:1f:
                    89:3e:28:79:c0:1e:a6:d3:71:09:92:d9:87:eb:8c:
                    a2:d2:10:a5:b7:d3:45:d5:df:41:9a:fc:f6:d1:80:
                    4e:7f:6b:1f:07:d9:b8:0c:31:7b:1c:95:c3:57:22:
                    2d:15:23:dd:35:7d:25:b9:1a:c6:e2:e9:53:82:82:
                    f2:88:55:5f:47:31:34:cc:3a:83:d6:36:35:58:0a:
                    98:16:13:7b:fc:7f:cd:60:6b:91:5c:44:70:2d:db:
                    b0:e8:0e:7c:3a:10:8b:8c:3e:97:a2:aa:53:66:f4:
                    64:a8:dd:bd:9e:72:fd:e4:16:35:3b:2c:16:1d:9c:
                    e5:3a:2d:97:4d:22:2a:94:23:00:d2:ee:b2:9d:57:
                    22:02:b7:66:17:99:50:3f:d6:df:be:8f:6f:bd:21:
                    bf:17:8f:61:cb:47:36:f7:0f:13:c1:09:84:9d:92:
                    56:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:36:41:17:0B:5A:A7:8B:61:5B:EE:F8:B1:6F:A3:56:55:C6:B9:1E
            X509v3 Authority Key Identifier:
                keyid:1E:8F:6A:46:DD:F7:F9:3C:A2:93:5E:BE:61:82:46:AE:6D:D3:1B:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ho9qRt33-Tyik16-YYJGrm3TGw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/dDZBFwtap4thW-74sW-jVlXGuR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a93b6-2e7e-487c-b0f3-28d15eb7341d/1/Ho9qRt33-Tyik16-YYJGrm3TGw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.106.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         89:9c:c2:2e:c0:1c:30:9a:18:3c:4c:0f:48:7e:98:a5:46:36:
         37:87:0e:75:74:02:d0:a8:2b:db:c5:16:55:1d:06:81:ee:96:
         76:fa:54:d1:95:ac:be:68:af:0a:5f:9e:c9:52:3e:e2:a3:5b:
         94:97:06:ad:ca:31:29:80:fa:b5:d4:15:b0:2e:4a:98:15:10:
         94:6b:57:a1:5e:3f:57:00:b6:3e:ef:2b:df:9c:b9:4a:f1:44:
         23:82:3b:9e:7d:1c:62:d6:98:9e:6e:26:24:a3:bf:e5:55:f8:
         2d:bb:39:fd:03:20:a9:71:6a:ee:2d:57:df:c8:eb:cd:39:c4:
         4a:3a:2a:f5:86:0b:ee:10:ac:e6:8f:33:0a:e4:c5:c3:7f:58:
         14:87:30:5b:33:cd:df:40:2b:61:fc:15:ea:61:e2:a7:89:14:
         69:0a:2c:3c:5c:22:0d:cc:f9:96:9e:15:b0:63:77:97:48:60:
         4f:cc:63:9d:1f:20:14:de:90:ba:80:66:31:19:f0:10:89:ce:
         f8:a7:19:b9:9a:e8:b2:8f:41:65:5c:53:ed:64:b0:57:3e:ca:
         63:ba:bb:6d:91:04:37:c7:67:fe:7d:d9:ba:79:1c:48:8d:6b:
         46:5d:74:51:68:18:5a:60:7c:5f:cf:ae:32:29:eb:30:dc:84:
         6a:a5:21:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+q3rtAswmBvcTHP1hF7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGY2YTQ2ZGRmN2Y5M2NhMjkzNWViZTYxODI0NmFlNmRk
MzFiMGQwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDM2NDExNzBiNWFhNzhiNjE1YmVlZjhiMTZmYTM1NjU1YzZiOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTeoXdembNnwc33vkikphMeP14v3
apUZhtC0O1KkwalA9A1sFG4ajkBxxTGWRlmHgts1jPDCHlTBYijD0e0sYc7B+DiJ
fGt1x+MrGLArDDg8USG5q/BYnh+JPih5wB6m03EJktmH64yi0hClt9NF1d9Bmvz2
0YBOf2sfB9m4DDF7HJXDVyItFSPdNX0luRrG4ulTgoLyiFVfRzE0zDqD1jY1WAqY
FhN7/H/NYGuRXERwLduw6A58OhCLjD6XoqpTZvRkqN29nnL95BY1OywWHZzlOi2X
TSIqlCMA0u6ynVciArdmF5lQP9bfvo9vvSG/F49hy0c29w8TwQmEnZJWhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQ2QRcLWqeLYVvu+LFvo1ZVxrkeMB8GA1UdIwQY
MBaAFB6Pakbd9/k8opNevmGCRq5t0xsNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG85cVJ0MzMtVHlpazE2LVlZSkdybTNUR3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84YTkzYjYtMmU3ZS00ODdjLWIwZjMt
MjhkMTVlYjczNDFkLzEvZERaQkZ3dGFwNHRoVy03NHNXLWpWbFhHdVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84YTkzYjYtMmU3ZS00ODdjLWIwZjMtMjhkMTVlYjczNDFk
LzEvSG85cVJ0MzMtVHlpazE2LVlZSkdybTNUR3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsGrwMA0G
CSqGSIb3DQEBCwUAA4IBAQCJnMIuwBwwmhg8TA9IfpilRjY3hw51dALQqCvbxRZV
HQaB7pZ2+lTRlay+aK8KX57JUj7io1uUlwatyjEpgPq11BWwLkqYFRCUa1ehXj9X
ALY+7yvfnLlK8UQjgjuefRxi1piebiYko7/lVfgtuzn9AyCpcWruLVffyOvNOcRK
Oir1hgvuEKzmjzMK5MXDf1gUhzBbM83fQCth/BXqYeKniRRpCiw8XCINzPmWnhWw
Y3eXSGBPzGOdHyAU3pC6gGYxGfAQic74pxm5muiyj0FlXFPtZLBXPspjurttkQQ3
x2f+fdm6eRxIjWtGXXRRaBhaYHxfz64yKesw3IRqpSHe
-----END CERTIFICATE-----