Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/z4qyX-331qkRpNendrVE2vuUwMg.roa
File:                     z4qyX-331qkRpNendrVE2vuUwMg.roa (raw, json)
Hash identifier:          1tgnSBh6zavqUvITN/dHmAA7avLexZgbuVDSxY+JNpI=
Subject key identifier:   CF:8A:B2:5F:ED:F7:D6:A9:11:A4:D7:A7:76:B5:44:DA:FB:94:C0:C8
Certificate issuer:       /CN=4801a5b816158f07a8ca8acb37e97e2f20b06911
Certificate serial:       019428253C3074487489FE133F0203787A53
Authority key identifier: 48:01:A5:B8:16:15:8F:07:A8:CA:8A:CB:37:E9:7E:2F:20:B0:69:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/z4qyX-331qkRpNendrVE2vuUwMg.roa
Signing time:             Thu 02 Jan 2025 17:51:56 +0000
ROA not before:           Thu 02 Jan 2025 17:51:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16235
IP address blocks:        109.95.63.0/24 maxlen: 24
                          185.186.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 14:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:3c:30:74:48:74:89:fe:13:3f:02:03:78:7a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4801a5b816158f07a8ca8acb37e97e2f20b06911
        Validity
            Not Before: Jan  2 17:51:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf8ab25fedf7d6a911a4d7a776b544dafb94c0c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:cf:9d:24:a4:ca:a5:e4:f8:c4:34:64:d7:bf:
                    23:a8:da:7d:10:c4:82:5a:67:9e:7a:8c:74:bc:23:
                    d0:10:95:d0:df:f9:75:d5:24:4f:2f:77:3b:7a:37:
                    c3:32:19:ef:9f:1d:75:64:d2:33:16:26:1b:3a:30:
                    6c:e8:f2:f4:81:e0:7b:81:53:5c:4b:bc:97:4d:f5:
                    20:69:ee:79:1b:75:7a:99:96:94:ef:c9:b2:9c:53:
                    9b:4d:d1:c1:d2:b8:b7:37:fa:c2:f6:24:18:ec:ae:
                    72:fb:72:90:05:bc:87:f5:a4:95:19:44:f1:36:76:
                    af:e5:43:14:96:62:bd:9a:4a:31:6f:c0:90:2f:7a:
                    fa:87:90:d7:0e:c7:a1:5e:d1:9f:0e:f2:76:ba:80:
                    34:4c:61:ac:4e:eb:3c:23:09:3e:96:fa:61:f6:be:
                    23:63:6d:b0:19:45:9f:fe:bf:4d:96:5c:fb:41:a3:
                    36:81:da:70:99:56:03:47:b2:e9:ee:ee:7e:bf:7d:
                    85:51:4d:2c:72:67:79:ed:19:a4:46:78:c0:00:d2:
                    9d:71:dd:de:b2:b3:5f:1b:f4:13:c6:bd:32:15:08:
                    12:f6:cb:82:21:83:82:a3:bb:05:81:84:a2:00:21:
                    7f:ae:f4:33:75:55:08:f1:d6:ac:14:61:75:15:a2:
                    ac:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8A:B2:5F:ED:F7:D6:A9:11:A4:D7:A7:76:B5:44:DA:FB:94:C0:C8
            X509v3 Authority Key Identifier:
                keyid:48:01:A5:B8:16:15:8F:07:A8:CA:8A:CB:37:E9:7E:2F:20:B0:69:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/z4qyX-331qkRpNendrVE2vuUwMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.63.0/24
                  185.186.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:94:e1:54:9e:54:08:91:db:01:5d:2b:22:9c:d1:49:8b:ff:
         d1:5f:d7:ee:f0:e1:c4:fa:55:5f:f9:f0:04:2c:45:76:25:d5:
         85:b3:ee:50:11:6b:cc:a8:6d:e6:14:09:8c:9e:93:59:db:62:
         ec:c1:c6:ea:87:a2:53:41:27:e1:02:64:fb:3d:e1:db:59:ee:
         a2:05:d8:97:ae:ab:97:eb:2f:0c:0e:33:28:ae:8f:83:9b:58:
         b9:3d:ba:4a:8a:74:a9:f1:4a:ae:70:b4:56:56:72:02:97:e0:
         d5:f6:a5:4b:06:8a:f7:63:d6:6e:29:99:ec:ea:a4:e9:f1:86:
         02:7d:4a:c4:25:d0:60:07:13:24:d9:bc:19:54:6d:97:fd:b7:
         f6:e6:14:c9:37:26:0f:25:fb:6c:15:e6:2d:14:1b:8d:f0:78:
         98:78:3a:a0:3c:b9:db:38:76:b8:23:6d:b4:da:e1:e1:05:eb:
         13:9c:4f:5a:29:e8:7b:45:45:93:70:7f:d2:0b:5c:f2:45:3c:
         2e:51:84:c6:83:ee:70:39:45:54:eb:d5:9e:69:5f:fd:45:98:
         e9:eb:74:b0:dc:f7:f2:7b:34:dc:d9:dc:a0:48:da:21:fe:11:
         25:bf:a9:b7:84:8f:1b:67:f7:d2:ee:d7:b3:a9:7d:11:21:5c:
         dd:af:2b:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJTwwdEh0if4TPwIDeHpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDFhNWI4MTYxNThmMDdhOGNhOGFjYjM3ZTk3ZTJmMjBi
MDY5MTEwHhcNMjUwMTAyMTc1MTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjhhYjI1ZmVkZjdkNmE5MTFhNGQ3YTc3NmI1NDRkYWZiOTRjMGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18+dJKTKpeT4xDRk178jqNp9EMSC
Wmeeeox0vCPQEJXQ3/l11SRPL3c7ejfDMhnvnx11ZNIzFiYbOjBs6PL0geB7gVNc
S7yXTfUgae55G3V6mZaU78mynFObTdHB0ri3N/rC9iQY7K5y+3KQBbyH9aSVGUTx
Nnav5UMUlmK9mkoxb8CQL3r6h5DXDsehXtGfDvJ2uoA0TGGsTus8Iwk+lvph9r4j
Y22wGUWf/r9Nllz7QaM2gdpwmVYDR7Lp7u5+v32FUU0scmd57RmkRnjAANKdcd3e
srNfG/QTxr0yFQgS9suCIYOCo7sFgYSiACF/rvQzdVUI8dasFGF1FaKsyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+Ksl/t99apEaTXp3a1RNr7lMDIMB8GA1UdIwQY
MBaAFEgBpbgWFY8HqMqKyzfpfi8gsGkRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FHbHVCWVZqd2VveW9yTE4tbC1MeUN3YVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS83MDkwYTktZmVlZC00ZWExLTg0NTkt
ZWU4MTBiODNhZGNkLzEvejRxeVgtMzMxcWtScE5lbmRyVkUydnVVd01nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS83MDkwYTktZmVlZC00ZWExLTg0NTktZWU4MTBiODNhZGNk
LzEvU0FHbHVCWVZqd2VveW9yTE4tbC1MeUN3YVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbV8/AwQA
ubrxMA0GCSqGSIb3DQEBCwUAA4IBAQAmlOFUnlQIkdsBXSsinNFJi//RX9fu8OHE
+lVf+fAELEV2JdWFs+5QEWvMqG3mFAmMnpNZ22Lswcbqh6JTQSfhAmT7PeHbWe6i
BdiXrquX6y8MDjMoro+Dm1i5PbpKinSp8UqucLRWVnICl+DV9qVLBor3Y9ZuKZns
6qTp8YYCfUrEJdBgBxMk2bwZVG2X/bf25hTJNyYPJftsFeYtFBuN8HiYeDqgPLnb
OHa4I2202uHhBesTnE9aKeh7RUWTcH/SC1zyRTwuUYTGg+5wOUVU69WeaV/9RZjp
63Sw3PfyezTc2dygSNoh/hElv6m3hI8bZ/fS7tezqX0RIVzdryuE
-----END CERTIFICATE-----