Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/4Ibv1mRm3BSugEZRLZ50GEzm6Bc.roa
File:                     4Ibv1mRm3BSugEZRLZ50GEzm6Bc.roa (raw, json)
Hash identifier:          Ox7Eku50X67DCQ6L0nXfJGgK/iPhql76+0sQGSQq9Q4=
Subject key identifier:   E0:86:EF:D6:64:66:DC:14:AE:80:46:51:2D:9E:74:18:4C:E6:E8:17
Certificate issuer:       /CN=75a856785392da27d00bdb27091c5926c3155d89
Certificate serial:       019425214AD450206896628A8C61235FC6F6
Authority key identifier: 75:A8:56:78:53:92:DA:27:D0:0B:DB:27:09:1C:59:26:C3:15:5D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dahWeFOS2ifQC9snCRxZJsMVXYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/4Ibv1mRm3BSugEZRLZ50GEzm6Bc.roa
Signing time:             Thu 02 Jan 2025 03:48:46 +0000
ROA not before:           Thu 02 Jan 2025 03:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        185.199.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/dahWeFOS2ifQC9snCRxZJsMVXYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/dahWeFOS2ifQC9snCRxZJsMVXYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dahWeFOS2ifQC9snCRxZJsMVXYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:4a:d4:50:20:68:96:62:8a:8c:61:23:5f:c6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75a856785392da27d00bdb27091c5926c3155d89
        Validity
            Not Before: Jan  2 03:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e086efd66466dc14ae8046512d9e74184ce6e817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7c:22:9f:23:7e:32:d4:bb:43:f6:b2:5a:25:
                    28:ac:8b:43:37:29:66:87:c7:05:87:06:65:07:7b:
                    95:b4:51:38:c3:da:52:0b:ef:69:b2:03:e0:df:11:
                    7f:f9:c9:ea:17:bf:98:d7:83:b0:61:05:79:5b:fb:
                    c0:53:fb:3e:a7:0d:bc:d0:13:d9:f8:69:e2:a9:12:
                    5a:37:92:96:6a:52:08:65:81:a5:2b:d3:26:ba:ef:
                    03:26:b9:11:e2:78:61:1d:ae:fb:cd:1a:ae:74:0f:
                    91:52:77:a7:df:95:f7:2f:77:ad:73:4c:e3:4d:a7:
                    13:b9:ea:95:f6:14:d8:53:6b:65:4a:74:be:f7:77:
                    35:ea:9b:04:ba:28:1c:61:ac:19:3a:4f:92:a3:7c:
                    60:9d:e6:26:29:ca:84:2d:ce:1b:48:83:7a:92:2d:
                    1b:71:27:7b:79:50:11:b7:1e:ba:d0:bd:06:c8:bf:
                    f9:d6:be:36:00:9e:5f:51:c6:a6:bc:5a:b1:b2:eb:
                    fd:6a:d3:9d:07:15:c0:f5:3d:7b:22:ac:a0:bc:f3:
                    a7:53:14:97:79:c6:f2:13:01:f2:a4:be:21:ca:1f:
                    3f:cc:59:94:43:69:09:d5:56:ae:2a:99:20:6f:cc:
                    c8:f1:69:69:15:bc:68:c5:be:35:4b:51:2b:fc:14:
                    11:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:86:EF:D6:64:66:DC:14:AE:80:46:51:2D:9E:74:18:4C:E6:E8:17
            X509v3 Authority Key Identifier:
                keyid:75:A8:56:78:53:92:DA:27:D0:0B:DB:27:09:1C:59:26:C3:15:5D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dahWeFOS2ifQC9snCRxZJsMVXYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/4Ibv1mRm3BSugEZRLZ50GEzm6Bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/ec0da9-ea8c-4b8e-a32a-a5bc0c70c513/1/dahWeFOS2ifQC9snCRxZJsMVXYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:43:fd:e3:e9:98:2f:96:ba:2c:9f:c0:d6:c1:ea:b8:ad:74:
         22:c7:ff:79:35:55:33:2b:a5:11:bb:c1:ed:c6:fa:b1:73:5a:
         ba:83:c7:de:15:21:6d:78:4c:9b:67:6c:2c:f0:a5:de:a3:28:
         0c:7c:43:4c:35:db:ad:e6:90:16:2f:57:ad:e7:f8:88:2d:83:
         70:4e:52:d7:ae:03:a2:d6:96:7a:8f:71:16:26:88:da:08:e6:
         06:72:07:2a:f1:e6:5b:9c:d7:06:7f:0e:a7:7b:11:1a:62:49:
         06:41:0e:32:db:94:e8:2c:6e:ee:37:cc:42:04:8e:ab:2c:fc:
         59:ce:d2:d3:d9:fa:6b:c1:fb:3b:3f:c6:8a:d0:2b:39:c0:b8:
         c3:3d:73:a2:14:fa:81:b0:f0:57:7d:89:fe:e9:ee:71:1e:06:
         fa:cf:cc:8c:c9:34:93:31:4f:98:e4:23:d0:1e:09:5f:b5:4c:
         93:8c:1d:cc:97:84:23:05:0f:44:7a:eb:22:3c:ec:52:49:ae:
         a3:07:55:b2:0d:6d:86:b5:80:5f:7d:52:70:fd:3a:79:42:c3:
         f2:7e:15:28:3a:f6:09:95:ca:ee:54:5a:1b:9a:38:36:8c:d7:
         e1:f3:9e:5a:94:00:1c:b2:13:79:be:0e:b5:b1:4b:37:20:77:
         b3:11:e3:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUrUUCBolmKKjGEjX8b2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1YTg1Njc4NTM5MmRhMjdkMDBiZGIyNzA5MWM1OTI2YzMx
NTVkODkwHhcNMjUwMTAyMDM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg2ZWZkNjY0NjZkYzE0YWU4MDQ2NTEyZDllNzQxODRjZTZlODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHwinyN+MtS7Q/ayWiUorItDNylm
h8cFhwZlB3uVtFE4w9pSC+9psgPg3xF/+cnqF7+Y14OwYQV5W/vAU/s+pw280BPZ
+GniqRJaN5KWalIIZYGlK9Mmuu8DJrkR4nhhHa77zRqudA+RUnen35X3L3etc0zj
TacTueqV9hTYU2tlSnS+93c16psEuigcYawZOk+So3xgneYmKcqELc4bSIN6ki0b
cSd7eVARtx660L0GyL/51r42AJ5fUcamvFqxsuv9atOdBxXA9T17IqygvPOnUxSX
ecbyEwHypL4hyh8/zFmUQ2kJ1VauKpkgb8zI8WlpFbxoxb41S1Er/BQRNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCG79ZkZtwUroBGUS2edBhM5ugXMB8GA1UdIwQY
MBaAFHWoVnhTkton0AvbJwkcWSbDFV2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGFoV2VGT1MyaWZRQzlzbkNSeFpKc01WWFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lYzBkYTktZWE4Yy00YjhlLWEzMmEt
YTViYzBjNzBjNTEzLzEvNElidjFtUm0zQlN1Z0VaUkxaNTBHRXptNkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lYzBkYTktZWE4Yy00YjhlLWEzMmEtYTViYzBjNzBjNTEz
LzEvZGFoV2VGT1MyaWZRQzlzbkNSeFpKc01WWFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucfMMA0G
CSqGSIb3DQEBCwUAA4IBAQBIQ/3j6Zgvlrosn8DWweq4rXQix/95NVUzK6URu8Ht
xvqxc1q6g8feFSFteEybZ2ws8KXeoygMfENMNdut5pAWL1et5/iILYNwTlLXrgOi
1pZ6j3EWJojaCOYGcgcq8eZbnNcGfw6nexEaYkkGQQ4y25ToLG7uN8xCBI6rLPxZ
ztLT2fprwfs7P8aK0Cs5wLjDPXOiFPqBsPBXfYn+6e5xHgb6z8yMyTSTMU+Y5CPQ
HglftUyTjB3Ml4QjBQ9EeusiPOxSSa6jB1WyDW2GtYBffVJw/Tp5QsPyfhUoOvYJ
lcruVFobmjg2jNfh855alAAcshN5vg61sUs3IHezEePx
-----END CERTIFICATE-----