Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sUXFPW0NRpJM4hG7LzPDan-v-Ek.roa
File:                     sUXFPW0NRpJM4hG7LzPDan-v-Ek.roa (raw, json)
Hash identifier:          p4O9sfEQ+qJe5DEqRIHGkARxsLT8DQyNzXhwr7CF1/w=
Subject key identifier:   B1:45:C5:3D:6D:0D:46:92:4C:E2:11:BB:2F:33:C3:6A:7F:AF:F8:49
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0195BF22E48776BDE5D0B3A12E83A92533CF
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sUXFPW0NRpJM4hG7LzPDan-v-Ek.roa
Signing time:             Sat 22 Mar 2025 18:34:49 +0000
ROA not before:           Sat 22 Mar 2025 18:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        195.96.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:22:e4:87:76:bd:e5:d0:b3:a1:2e:83:a9:25:33:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 22 18:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b145c53d6d0d46924ce211bb2f33c36a7faff849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8e:58:a5:8c:cd:21:b3:d0:63:cc:b3:15:ee:
                    ed:17:a5:12:5f:67:a4:58:2e:96:54:42:e6:27:fc:
                    da:bb:ab:7d:a3:cf:1f:1b:a2:ce:90:85:53:ec:0b:
                    92:25:08:a8:bc:2e:34:0a:b8:e3:48:cd:fe:60:59:
                    34:39:1d:23:fe:7a:c9:c7:84:6c:70:fd:f7:38:b4:
                    1e:09:97:86:4f:ac:aa:6f:93:5b:4a:46:dc:14:02:
                    00:e2:a8:cc:d1:c7:be:3c:be:2d:46:18:b5:86:83:
                    37:30:9e:a6:bf:45:96:8b:f8:92:61:43:49:86:93:
                    59:7f:46:71:52:78:b7:a3:35:51:0b:b3:05:bc:40:
                    8a:ee:7e:75:df:94:21:a5:04:67:8d:4a:21:e3:25:
                    47:e4:9f:b2:c5:7f:e2:f4:5d:cd:d6:4a:ef:2c:0e:
                    69:08:65:55:61:01:62:7f:42:c4:1f:7a:48:6c:a6:
                    20:0a:ff:86:85:90:f8:e5:f7:ee:ec:12:71:2e:61:
                    b6:0c:3e:cf:79:9d:f7:37:9d:1d:2f:33:30:ca:5f:
                    0f:ad:ef:92:c1:fa:0a:cd:78:83:11:27:df:52:13:
                    0a:35:2f:8b:ff:77:ff:e0:4d:15:99:74:92:65:3f:
                    fc:15:b3:62:87:9b:3f:13:00:98:81:1c:29:8c:21:
                    85:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:45:C5:3D:6D:0D:46:92:4C:E2:11:BB:2F:33:C3:6A:7F:AF:F8:49
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sUXFPW0NRpJM4hG7LzPDan-v-Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:93:6a:4f:e7:06:39:0b:52:b2:de:ee:98:de:bf:33:23:2d:
         13:03:a1:58:e3:c2:85:5b:82:51:bb:09:7a:f2:3b:8c:3b:ca:
         9f:8a:fc:d2:05:66:8b:76:13:38:b2:5f:55:d4:2a:96:a6:82:
         ae:cf:36:5b:98:10:32:9a:b0:05:1c:f3:82:2c:ee:8f:57:d0:
         e6:fe:7b:de:1b:e2:e2:22:c8:29:58:fb:e0:18:f1:3f:26:a8:
         57:10:f0:cf:4e:7f:64:06:11:75:81:c7:82:3d:43:f8:d7:c7:
         54:b6:fe:47:d7:ad:4b:5c:da:b5:ee:3c:29:f5:92:71:0d:ce:
         e9:73:bf:f7:ce:88:5b:ed:36:94:d7:c4:01:18:3a:ff:c5:01:
         09:9b:9f:be:6d:37:68:48:37:98:5d:e1:55:7b:57:db:39:69:
         c7:b9:1b:23:31:6f:c1:c8:55:b2:18:02:ee:fe:84:c6:32:b2:
         27:92:26:f0:a9:49:80:46:a9:b7:43:1e:9a:3b:6d:b6:86:9a:
         a5:b2:f7:8b:06:d0:42:dd:a1:de:38:4d:dd:e0:aa:6e:fc:1a:
         c7:0c:92:fe:b0:bc:50:fd:ac:f9:a2:25:ae:7f:3c:05:fd:7e:
         c8:09:45:d8:c1:3f:f3:ba:ab:68:08:eb:cf:43:a8:b7:fd:14:
         18:5b:f2:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW/IuSHdr3l0LOhLoOpJTPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMzIyMTgzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ1YzUzZDZkMGQ0NjkyNGNlMjExYmIyZjMzYzM2YTdmYWZmODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Y5YpYzNIbPQY8yzFe7tF6USX2ek
WC6WVELmJ/zau6t9o88fG6LOkIVT7AuSJQiovC40CrjjSM3+YFk0OR0j/nrJx4Rs
cP33OLQeCZeGT6yqb5NbSkbcFAIA4qjM0ce+PL4tRhi1hoM3MJ6mv0WWi/iSYUNJ
hpNZf0ZxUni3ozVRC7MFvECK7n5135QhpQRnjUoh4yVH5J+yxX/i9F3N1krvLA5p
CGVVYQFif0LEH3pIbKYgCv+GhZD45ffu7BJxLmG2DD7PeZ33N50dLzMwyl8Pre+S
wfoKzXiDESffUhMKNS+L/3f/4E0VmXSSZT/8FbNih5s/EwCYgRwpjCGFzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFFxT1tDUaSTOIRuy8zw2p/r/hJMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvc1VYRlBXME5ScEpNNGhHN0x6UERhbi12LUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CBMA0G
CSqGSIb3DQEBCwUAA4IBAQAnk2pP5wY5C1Ky3u6Y3r8zIy0TA6FY48KFW4JRuwl6
8juMO8qfivzSBWaLdhM4sl9V1CqWpoKuzzZbmBAymrAFHPOCLO6PV9Dm/nveG+Li
IsgpWPvgGPE/JqhXEPDPTn9kBhF1gceCPUP418dUtv5H161LXNq17jwp9ZJxDc7p
c7/3zohb7TaU18QBGDr/xQEJm5++bTdoSDeYXeFVe1fbOWnHuRsjMW/ByFWyGALu
/oTGMrInkibwqUmARqm3Qx6aO222hpqlsveLBtBC3aHeOE3d4Kpu/BrHDJL+sLxQ
/az5oiWufzwF/X7ICUXYwT/zuqtoCOvPQ6i3/RQYW/J1
-----END CERTIFICATE-----