Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tX_eiSv6b9gWuAzQ90obdliFuqM.roa
File:                     tX_eiSv6b9gWuAzQ90obdliFuqM.roa (raw, json)
Hash identifier:          ZiFHzPJvZH9N84EKs/55J2Q6VVzMS4porN9rlx3w+2Y=
Subject key identifier:   B5:7F:DE:89:2B:FA:6F:D8:16:B8:0C:D0:F7:4A:1B:76:58:85:BA:A3
Certificate issuer:       /CN=0b62cf8cd90b69f936e82b57801cd779d72e3f3e
Certificate serial:       0196F1BA72D41201F8A38E8AA405B7AC4678
Authority key identifier: 0B:62:CF:8C:D9:0B:69:F9:36:E8:2B:57:80:1C:D7:79:D7:2E:3F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tX_eiSv6b9gWuAzQ90obdliFuqM.roa
Signing time:             Wed 21 May 2025 07:24:10 +0000
ROA not before:           Wed 21 May 2025 07:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214966
IP address blocks:        194.53.216.0/21 maxlen: 21
                          194.53.222.0/24 maxlen: 24
                          194.53.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f1:ba:72:d4:12:01:f8:a3:8e:8a:a4:05:b7:ac:46:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b62cf8cd90b69f936e82b57801cd779d72e3f3e
        Validity
            Not Before: May 21 07:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b57fde892bfa6fd816b80cd0f74a1b765885baa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2b:5a:8a:04:15:58:09:19:6f:c8:9d:5b:80:
                    f0:3f:65:cf:40:bc:65:76:e0:c4:72:ef:e8:38:64:
                    68:80:bf:ac:63:2e:1d:e7:03:e4:2f:97:57:d7:b7:
                    35:f7:f4:e4:83:b2:89:37:d8:e5:24:c0:12:ca:c5:
                    97:52:93:43:1b:ed:46:23:01:3a:89:45:cf:92:c2:
                    59:63:cd:b8:77:63:f2:8f:a6:51:9e:ef:64:f1:bf:
                    5f:26:66:53:5d:89:4d:4f:53:5c:b2:55:27:49:75:
                    5c:43:ef:27:b0:bc:f6:d6:71:ff:f6:b3:4e:5c:be:
                    0d:72:37:3d:b4:23:b2:1d:ce:cf:f3:f1:3b:12:22:
                    a7:ad:e1:74:31:f9:d2:9b:92:1e:b4:72:21:58:5a:
                    d1:42:69:bb:92:73:a2:77:1c:ea:68:d7:18:1b:e6:
                    66:f7:ed:63:7f:ea:e5:f2:4d:e8:50:6b:52:6f:79:
                    65:69:68:60:60:58:02:6a:f8:f8:23:f4:d8:91:e8:
                    ee:29:9c:fd:8c:98:b3:d6:eb:b2:a4:7a:d2:9d:5a:
                    eb:99:15:0f:62:e1:eb:1b:a0:dc:24:52:11:b5:ef:
                    d6:67:97:70:c7:67:27:b6:e7:44:90:09:4c:54:63:
                    d6:77:8b:1e:b3:e5:f3:b1:04:8e:4a:d2:6d:f5:97:
                    37:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7F:DE:89:2B:FA:6F:D8:16:B8:0C:D0:F7:4A:1B:76:58:85:BA:A3
            X509v3 Authority Key Identifier:
                keyid:0B:62:CF:8C:D9:0B:69:F9:36:E8:2B:57:80:1C:D7:79:D7:2E:3F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C2LPjNkLafk26CtXgBzXedcuPz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/tX_eiSv6b9gWuAzQ90obdliFuqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/82cc5d-d6a8-4667-b049-967c57d5a361/1/C2LPjNkLafk26CtXgBzXedcuPz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:15:2a:82:fd:79:38:7f:21:5a:54:37:a6:73:ca:fe:a4:90:
         8c:36:a3:92:e0:d7:6a:63:68:1a:85:18:6c:6e:34:f1:db:ca:
         3c:be:37:3a:25:2d:05:3b:79:22:23:0e:b1:c8:f5:ab:f1:6f:
         58:13:bc:f9:c8:1e:4d:87:09:09:2f:ba:40:ff:7d:3b:68:a6:
         b9:75:fe:b5:2d:e2:2a:bc:88:90:d1:3c:71:f7:27:60:c2:5e:
         b7:fb:1e:aa:a6:15:66:df:be:f0:8c:81:52:42:ef:d4:b3:14:
         3e:d8:ca:bf:19:1a:9e:c8:49:3d:2d:13:8b:47:e3:3f:01:01:
         ae:99:e6:f4:dd:46:cb:5e:0f:f2:aa:7a:d3:f3:02:1e:58:17:
         45:31:0f:43:0e:1a:f1:aa:e8:5a:20:2c:ed:35:a9:73:a6:e7:
         5b:ad:3e:f2:84:bf:de:2b:85:3f:36:eb:76:33:12:30:d8:8d:
         3e:fa:a3:18:66:78:70:6a:c6:dc:16:20:a0:44:9e:bf:59:b5:
         de:70:bb:b5:0e:16:28:3f:fc:c4:75:d4:4f:0d:34:f3:91:d7:
         74:3d:d0:31:05:15:44:f6:d1:ca:98:20:d3:aa:3b:4e:f7:dc:
         84:e3:4c:7c:e8:84:c3:48:e8:c6:39:28:4a:ac:f3:90:e9:95:
         94:02:6a:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbxunLUEgH4o46KpAW3rEZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNjJjZjhjZDkwYjY5ZjkzNmU4MmI1NzgwMWNkNzc5ZDcy
ZTNmM2UwHhcNMjUwNTIxMDcyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdmZGU4OTJiZmE2ZmQ4MTZiODBjZDBmNzRhMWI3NjU4ODViYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CtaigQVWAkZb8idW4DwP2XPQLxl
duDEcu/oOGRogL+sYy4d5wPkL5dX17c19/Tkg7KJN9jlJMASysWXUpNDG+1GIwE6
iUXPksJZY824d2Pyj6ZRnu9k8b9fJmZTXYlNT1NcslUnSXVcQ+8nsLz21nH/9rNO
XL4Ncjc9tCOyHc7P8/E7EiKnreF0MfnSm5IetHIhWFrRQmm7knOidxzqaNcYG+Zm
9+1jf+rl8k3oUGtSb3llaWhgYFgCavj4I/TYkejuKZz9jJiz1uuypHrSnVrrmRUP
YuHrG6DcJFIRte/WZ5dwx2cntudEkAlMVGPWd4ses+XzsQSOStJt9Zc3cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV/3okr+m/YFrgM0PdKG3ZYhbqjMB8GA1UdIwQY
MBaAFAtiz4zZC2n5NugrV4Ac13nXLj8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzJMUGpOa0xhZmsyNkN0WGdCelhlZGN1UHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84MmNjNWQtZDZhOC00NjY3LWIwNDkt
OTY3YzU3ZDVhMzYxLzEvdFhfZWlTdjZiOWdXdUF6UTkwb2JkbGlGdXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84MmNjNWQtZDZhOC00NjY3LWIwNDktOTY3YzU3ZDVhMzYx
LzEvQzJMUGpOa0xhZmsyNkN0WGdCelhlZGN1UHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwjXYMA0G
CSqGSIb3DQEBCwUAA4IBAQAqFSqC/Xk4fyFaVDemc8r+pJCMNqOS4NdqY2gahRhs
bjTx28o8vjc6JS0FO3kiIw6xyPWr8W9YE7z5yB5NhwkJL7pA/307aKa5df61LeIq
vIiQ0Txx9ydgwl63+x6qphVm377wjIFSQu/UsxQ+2Mq/GRqeyEk9LROLR+M/AQGu
meb03UbLXg/yqnrT8wIeWBdFMQ9DDhrxquhaICztNalzpudbrT7yhL/eK4U/Nut2
MxIw2I0++qMYZnhwasbcFiCgRJ6/WbXecLu1DhYoP/zEddRPDTTzkdd0PdAxBRVE
9tHKmCDTqjtO99yE40x86ITDSOjGOShKrPOQ6ZWUAmqY
-----END CERTIFICATE-----