Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/bQtNQrz7uupq8WwJ0zj2qgNEvEE.roa
File:                     bQtNQrz7uupq8WwJ0zj2qgNEvEE.roa (raw, json)
Hash identifier:          LuK2xioKTlO/it/wlbVGzTsMCqttNVchyXL/BIuc9lc=
Subject key identifier:   6D:0B:4D:42:BC:FB:BA:EA:6A:F1:6C:09:D3:38:F6:AA:03:44:BC:41
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       01941FFA3D45F74D7A966E47BCC488660DF6
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/bQtNQrz7uupq8WwJ0zj2qgNEvEE.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58174
IP address blocks:        85.204.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3d:45:f7:4d:7a:96:6e:47:bc:c4:88:66:0d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d0b4d42bcfbbaea6af16c09d338f6aa0344bc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:40:a0:0d:cc:88:bd:3b:ae:53:26:95:d7:cf:
                    70:61:b5:4f:86:80:16:6a:9c:27:aa:46:92:41:aa:
                    40:89:cf:25:df:82:df:97:08:c9:b4:4c:74:32:18:
                    97:0d:ab:7a:4e:f4:cf:19:58:a9:6a:df:5c:b4:13:
                    e0:56:38:70:44:9b:a3:5e:02:70:b9:8d:73:3c:b2:
                    ec:eb:45:f8:3b:7a:f7:3a:c4:63:34:f9:48:36:a6:
                    06:46:33:51:f8:44:d9:4f:c5:4e:85:6b:e2:bb:50:
                    eb:00:f8:49:be:62:e8:30:c9:2e:b3:43:33:7a:cd:
                    93:75:cd:03:eb:d1:10:9a:1d:62:79:dd:03:fe:06:
                    76:b2:8d:f6:22:e5:88:0c:7c:93:10:12:56:8f:1c:
                    e2:f9:1a:c0:93:84:06:1c:9b:6c:82:7d:3b:e5:11:
                    1f:12:56:b4:c5:5f:b7:4b:69:ac:41:a8:5f:28:af:
                    ea:7e:b4:b8:61:c9:86:88:93:0c:1d:f4:2d:c4:6c:
                    c8:5d:ef:f8:20:c9:89:5e:26:a0:35:34:a6:dc:66:
                    bc:ae:c5:f9:c5:37:75:9e:55:1b:52:f8:d3:1c:54:
                    58:f9:8d:a3:5d:3c:f1:e6:75:66:c7:9c:8b:b9:90:
                    1a:8e:d4:76:61:63:93:ca:00:b5:95:b5:4b:f1:34:
                    02:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0B:4D:42:BC:FB:BA:EA:6A:F1:6C:09:D3:38:F6:AA:03:44:BC:41
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/bQtNQrz7uupq8WwJ0zj2qgNEvEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:72:98:d9:b0:46:4f:18:de:e1:d9:66:23:fb:ec:2f:42:a9:
         ed:cf:94:c0:d2:2c:0c:d2:fa:ff:17:b3:a8:f7:40:33:81:e3:
         9f:05:5b:a2:49:1c:cc:9b:ec:fb:a5:02:1c:2f:c6:14:af:34:
         c3:70:e2:3c:44:28:78:9f:13:fc:74:53:6b:40:f3:ef:b3:ce:
         c7:34:95:2f:90:c1:93:f3:8b:6f:ec:c7:35:e8:37:f4:a1:6e:
         a6:15:e7:56:4a:5f:b1:f9:6a:8a:a4:f6:15:1d:e5:1f:f6:23:
         be:b0:a6:af:5a:8f:e8:7c:32:48:aa:91:e5:8b:c3:b4:29:40:
         c3:55:63:32:b6:b2:54:5a:eb:8e:3b:07:f7:e6:8f:58:27:74:
         ca:07:aa:0a:b0:3f:e4:d7:78:e8:80:d0:36:a5:50:b0:2c:ca:
         8f:17:dc:ec:86:95:c3:7e:6a:4f:c0:e1:7b:42:47:3f:9e:25:
         9e:86:8a:91:37:d1:ed:cd:31:b1:97:c2:f1:b5:74:89:32:92:
         64:d6:51:40:a3:5e:0a:9e:0f:08:1d:51:5a:e3:22:13:1c:1f:
         87:6f:01:5b:76:04:8e:40:12:50:4e:e4:67:0d:e7:bb:16:da:
         fd:4c:bb:52:3d:97:f3:c2:e0:6e:00:cf:23:78:66:27:24:41:
         9b:d9:35:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+j1F9016lm5HvMSIZg32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBiNGQ0MmJjZmJiYWVhNmFmMTZjMDlkMzM4ZjZhYTAzNDRiYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0CgDcyIvTuuUyaV189wYbVPhoAW
apwnqkaSQapAic8l34LflwjJtEx0MhiXDat6TvTPGVipat9ctBPgVjhwRJujXgJw
uY1zPLLs60X4O3r3OsRjNPlINqYGRjNR+ETZT8VOhWviu1DrAPhJvmLoMMkus0Mz
es2Tdc0D69EQmh1ied0D/gZ2so32IuWIDHyTEBJWjxzi+RrAk4QGHJtsgn075REf
Ela0xV+3S2msQahfKK/qfrS4YcmGiJMMHfQtxGzIXe/4IMmJXiagNTSm3Ga8rsX5
xTd1nlUbUvjTHFRY+Y2jXTzx5nVmx5yLuZAajtR2YWOTygC1lbVL8TQCIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0LTUK8+7rqavFsCdM49qoDRLxBMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvYlF0TlFyejd1dXBxOFd3SjB6ajJxZ05FdkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcxEMA0G
CSqGSIb3DQEBCwUAA4IBAQABcpjZsEZPGN7h2WYj++wvQqntz5TA0iwM0vr/F7Oo
90AzgeOfBVuiSRzMm+z7pQIcL8YUrzTDcOI8RCh4nxP8dFNrQPPvs87HNJUvkMGT
84tv7Mc16Df0oW6mFedWSl+x+WqKpPYVHeUf9iO+sKavWo/ofDJIqpHli8O0KUDD
VWMytrJUWuuOOwf35o9YJ3TKB6oKsD/k13jogNA2pVCwLMqPF9zshpXDfmpPwOF7
Qkc/niWehoqRN9HtzTGxl8LxtXSJMpJk1lFAo14Kng8IHVFa4yITHB+HbwFbdgSO
QBJQTuRnDee7Ftr9TLtSPZfzwuBuAM8jeGYnJEGb2TX+
-----END CERTIFICATE-----