Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zfjWVaBt_BelAB4wLgicMa-3gUk.roa
File:                     zfjWVaBt_BelAB4wLgicMa-3gUk.roa (raw, json)
Hash identifier:          mUXFCeRc2Y4QqbwjvPvmqd3yvXigvxAWleegmSOAAXc=
Subject key identifier:   CD:F8:D6:55:A0:6D:FC:17:A5:00:1E:30:2E:08:9C:31:AF:B7:81:49
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       01942445686169D9DD464009EB1D6F263347
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zfjWVaBt_BelAB4wLgicMa-3gUk.roa
Signing time:             Wed 01 Jan 2025 23:48:35 +0000
ROA not before:           Wed 01 Jan 2025 23:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204705
IP address blocks:        195.53.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:68:61:69:d9:dd:46:40:09:eb:1d:6f:26:33:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdf8d655a06dfc17a5001e302e089c31afb78149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e3:44:d0:60:74:7f:63:36:53:34:00:70:eb:
                    a3:fe:e2:71:04:d8:a7:79:87:fb:bf:62:9d:e5:cb:
                    b6:13:de:42:86:44:51:72:af:ed:db:98:70:b8:8d:
                    64:de:a4:51:50:23:b7:6a:ba:36:3b:93:65:e9:10:
                    bb:3c:d2:60:c2:ef:a1:56:4e:09:d9:11:4c:3b:91:
                    d2:25:a7:f2:9d:4a:70:10:13:04:ca:91:56:1b:76:
                    3d:ef:8e:45:83:e5:af:97:0a:49:81:a0:d2:17:d4:
                    20:fb:61:db:64:e9:49:7c:eb:9a:ba:53:61:8b:6d:
                    10:6f:e0:92:6c:f5:0e:71:cf:be:6f:1d:ab:4a:fb:
                    de:b8:4d:31:d6:6b:2d:56:f7:ef:13:35:59:08:f7:
                    38:bc:8c:61:e3:72:27:fe:62:03:7b:ba:bc:21:fd:
                    f7:72:bb:5f:77:7e:36:5d:bd:94:4b:9c:91:08:00:
                    ab:ae:85:9c:5f:1e:bc:0b:ae:90:7b:5b:e7:cd:20:
                    a9:96:8f:ab:87:53:9f:e3:93:80:fa:69:41:1e:0c:
                    88:09:ed:c2:f2:ae:a3:f7:46:dd:e4:2c:84:17:01:
                    8b:20:66:49:e6:82:2d:70:3b:07:41:2b:1e:78:28:
                    fd:05:5a:a3:3b:67:5a:9f:00:fe:e2:85:6d:c0:c4:
                    1c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F8:D6:55:A0:6D:FC:17:A5:00:1E:30:2E:08:9C:31:AF:B7:81:49
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zfjWVaBt_BelAB4wLgicMa-3gUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.53.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:6a:35:b8:33:c6:17:90:0c:f5:69:92:d1:e1:b2:7a:96:ab:
         80:ee:b7:4c:7f:d1:18:03:e2:8d:68:4e:c6:3a:41:e6:81:e6:
         2a:14:55:c0:f5:2d:c6:7a:18:46:d1:12:40:de:ba:62:09:30:
         d6:83:4c:bf:18:f4:82:0c:8f:71:79:6c:81:4f:2c:97:c6:fd:
         55:99:a0:cb:bf:35:11:35:ca:43:1b:23:37:6c:1e:5f:7f:c4:
         df:be:b5:c4:cf:db:68:e3:6c:b4:96:c0:a0:c6:7e:5a:7d:cc:
         03:8f:2c:04:6e:b4:01:e0:d7:d9:65:a2:20:09:ef:55:50:99:
         aa:ae:f3:19:e0:ea:67:b1:59:9b:e5:10:30:51:a9:53:e7:a5:
         9b:3b:4f:65:af:29:e7:b3:66:39:b8:f5:c9:3c:b0:83:83:b6:
         5c:10:bb:e5:97:e5:33:cf:c5:3e:9f:83:10:09:47:86:0e:54:
         44:e5:16:8e:35:d5:54:8a:00:4a:54:f1:0f:7a:54:3d:e9:8c:
         27:10:ec:ed:33:ef:0e:53:97:d5:82:5e:60:4b:96:b1:80:b3:
         10:9b:d4:b1:06:47:4d:25:e9:e6:0a:b7:f2:33:8c:b1:38:7b:
         bf:c8:8d:f1:77:ab:10:f7:9d:fd:8e:f7:18:44:40:21:2a:39:
         2c:78:b5:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWhhadndRkAJ6x1vJjNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY4ZDY1NWEwNmRmYzE3YTUwMDFlMzAyZTA4OWMzMWFmYjc4MTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApONE0GB0f2M2UzQAcOuj/uJxBNin
eYf7v2Kd5cu2E95ChkRRcq/t25hwuI1k3qRRUCO3aro2O5Nl6RC7PNJgwu+hVk4J
2RFMO5HSJafynUpwEBMEypFWG3Y9745Fg+WvlwpJgaDSF9Qg+2HbZOlJfOuaulNh
i20Qb+CSbPUOcc++bx2rSvveuE0x1mstVvfvEzVZCPc4vIxh43In/mIDe7q8If33
crtfd342Xb2US5yRCACrroWcXx68C66Qe1vnzSCplo+rh1Of45OA+mlBHgyICe3C
8q6j90bd5CyEFwGLIGZJ5oItcDsHQSseeCj9BVqjO2danwD+4oVtwMQcewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM341lWgbfwXpQAeMC4InDGvt4FJMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvemZqV1ZhQnRfQmVsQUI0d0xnaWNNYS0zZ1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzWxMA0G
CSqGSIb3DQEBCwUAA4IBAQA7ajW4M8YXkAz1aZLR4bJ6lquA7rdMf9EYA+KNaE7G
OkHmgeYqFFXA9S3GehhG0RJA3rpiCTDWg0y/GPSCDI9xeWyBTyyXxv1VmaDLvzUR
NcpDGyM3bB5ff8TfvrXEz9to42y0lsCgxn5afcwDjywEbrQB4NfZZaIgCe9VUJmq
rvMZ4OpnsVmb5RAwUalT56WbO09lrynns2Y5uPXJPLCDg7ZcELvll+Uzz8U+n4MQ
CUeGDlRE5RaONdVUigBKVPEPelQ96YwnEOztM+8OU5fVgl5gS5axgLMQm9SxBkdN
JenmCrfyM4yxOHu/yI3xd6sQ9539jvcYREAhKjkseLXg
-----END CERTIFICATE-----