Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K2eEFp9iH9k7gLxEMfpK9KLE2JM.roa
File:                     K2eEFp9iH9k7gLxEMfpK9KLE2JM.roa (raw, json)
Hash identifier:          0lQdeVhxJN9HNN3eM0TqRZebl98boqiebb+RTNPno3Y=
Subject key identifier:   2B:67:84:16:9F:62:1F:D9:3B:80:BC:44:31:FA:4A:F4:A2:C4:D8:93
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0196DA00D80CD6ECB5CD52C6C095FD14AB72
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K2eEFp9iH9k7gLxEMfpK9KLE2JM.roa
Signing time:             Fri 16 May 2025 16:50:10 +0000
ROA not before:           Fri 16 May 2025 16:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        185.176.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:da:00:d8:0c:d6:ec:b5:cd:52:c6:c0:95:fd:14:ab:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 16 16:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b6784169f621fd93b80bc4431fa4af4a2c4d893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:27:e7:e9:3d:a0:e5:ae:ba:f0:8b:19:97:a4:
                    f0:59:eb:37:cd:00:35:6f:de:82:a6:5a:d0:d0:4b:
                    23:d0:aa:84:a9:57:a5:78:be:32:9b:7f:d3:0d:32:
                    36:dd:73:8f:1c:65:ae:2c:38:be:53:b3:3c:36:ef:
                    14:74:89:f5:47:3e:ac:59:6d:09:f4:2f:3a:58:4b:
                    65:4b:71:0e:94:a9:43:d4:b7:99:20:14:77:43:23:
                    04:f7:f3:59:57:db:cd:ff:ae:5e:92:06:9d:7d:69:
                    62:f0:3c:58:a2:13:64:0f:4c:8b:52:11:f5:e1:0d:
                    62:1c:d4:2d:cf:da:11:a6:db:49:ab:14:1e:01:6a:
                    8f:ed:a4:1a:40:8e:d5:8b:e2:3b:74:95:7b:62:f6:
                    0d:5e:69:fc:74:42:01:ce:34:49:29:57:ce:d3:bd:
                    1c:ff:95:0d:98:a7:b0:51:b7:2c:82:c4:c1:c8:a0:
                    b5:20:45:ca:c5:7c:09:06:9e:ff:e8:b1:61:cf:fe:
                    03:62:2f:0b:11:e2:fb:9d:2c:e2:81:f5:40:0d:44:
                    7a:a3:de:80:99:c4:35:32:ff:0d:70:0f:65:81:16:
                    fc:b5:9c:00:31:f8:0f:8b:84:d9:5c:ca:c6:b1:e6:
                    9e:9c:0f:53:4d:03:a3:24:bb:24:91:c1:5f:f4:c9:
                    35:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:67:84:16:9F:62:1F:D9:3B:80:BC:44:31:FA:4A:F4:A2:C4:D8:93
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/K2eEFp9iH9k7gLxEMfpK9KLE2JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2d:e4:2e:a2:19:03:9f:0d:35:84:cc:eb:fa:b4:14:6b:48:
         55:e2:95:e0:93:aa:e1:5f:74:b3:cf:9f:c8:a8:a4:95:38:76:
         7f:c0:d1:9a:3c:a1:e8:ab:f6:9d:83:f8:58:68:0b:0e:fd:ea:
         7b:81:52:44:3d:9a:1c:63:4b:25:15:07:f2:4b:83:ac:05:28:
         89:6e:45:e7:af:63:a1:00:06:15:55:af:c8:9b:84:78:26:2c:
         bf:71:ee:e1:63:aa:75:7a:c8:08:6f:b2:4b:5d:ff:c4:71:80:
         94:cf:cc:af:0a:25:1b:3a:3f:55:52:4e:eb:35:3a:dd:5b:02:
         eb:6d:46:e7:37:4a:f2:d6:9f:45:4f:58:86:1a:63:cd:c3:95:
         67:09:05:40:b3:e3:6e:18:c4:16:1f:44:d9:ba:a0:cc:ad:23:
         e0:14:ba:10:83:40:dd:ee:b4:66:70:df:f1:54:e3:53:b4:13:
         e0:36:2d:c8:17:b7:1d:db:f4:86:7c:bc:e6:7c:86:1f:58:0e:
         6f:5f:4c:bb:09:63:58:ea:93:1c:20:c2:ec:c4:75:23:d9:c2:
         60:b3:1c:6c:d1:e4:71:70:df:dc:1d:ba:0b:da:fc:6b:3e:fd:
         bf:45:54:64:87:78:eb:63:cd:7a:dd:38:c5:fd:e4:b9:09:85:
         81:63:6a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbaANgM1uy1zVLGwJX9FKtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNTE2MTY1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY3ODQxNjlmNjIxZmQ5M2I4MGJjNDQzMWZhNGFmNGEyYzRkODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxifn6T2g5a668IsZl6TwWes3zQA1
b96CplrQ0Esj0KqEqVeleL4ym3/TDTI23XOPHGWuLDi+U7M8Nu8UdIn1Rz6sWW0J
9C86WEtlS3EOlKlD1LeZIBR3QyME9/NZV9vN/65ekgadfWli8DxYohNkD0yLUhH1
4Q1iHNQtz9oRpttJqxQeAWqP7aQaQI7Vi+I7dJV7YvYNXmn8dEIBzjRJKVfO070c
/5UNmKewUbcsgsTByKC1IEXKxXwJBp7/6LFhz/4DYi8LEeL7nSzigfVADUR6o96A
mcQ1Mv8NcA9lgRb8tZwAMfgPi4TZXMrGseaenA9TTQOjJLskkcFf9Mk1hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtnhBafYh/ZO4C8RDH6SvSixNiTMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSzJlRUZwOWlIOWs3Z0x4RU1mcEs5S0xFMkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBeMA0G
CSqGSIb3DQEBCwUAA4IBAQCRLeQuohkDnw01hMzr+rQUa0hV4pXgk6rhX3Szz5/I
qKSVOHZ/wNGaPKHoq/adg/hYaAsO/ep7gVJEPZocY0slFQfyS4OsBSiJbkXnr2Oh
AAYVVa/Im4R4Jiy/ce7hY6p1esgIb7JLXf/EcYCUz8yvCiUbOj9VUk7rNTrdWwLr
bUbnN0ry1p9FT1iGGmPNw5VnCQVAs+NuGMQWH0TZuqDMrSPgFLoQg0Dd7rRmcN/x
VONTtBPgNi3IF7cd2/SGfLzmfIYfWA5vX0y7CWNY6pMcIMLsxHUj2cJgsxxs0eRx
cN/cHboL2vxrPv2/RVRkh3jrY8163TjF/eS5CYWBY2om
-----END CERTIFICATE-----