Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/zwTIjW4kVksFhIqqz0Hm86Td_eI.roa
File:                     zwTIjW4kVksFhIqqz0Hm86Td_eI.roa (raw, json)
Hash identifier:          4Gmw/YEt79d2ifSjcQjjCNUl4cViPsDbJFWDQ996oV4=
Subject key identifier:   CF:04:C8:8D:6E:24:56:4B:05:84:8A:AA:CF:41:E6:F3:A4:DD:FD:E2
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       019423D7606B05AA418D328AE80363294535
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/zwTIjW4kVksFhIqqz0Hm86Td_eI.roa
Signing time:             Wed 01 Jan 2025 21:48:25 +0000
ROA not before:           Wed 01 Jan 2025 21:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206986
IP address blocks:        185.169.232.0/22 maxlen: 22
                          2a0a:7107:1af4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:60:6b:05:aa:41:8d:32:8a:e8:03:63:29:45:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  1 21:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf04c88d6e24564b05848aaacf41e6f3a4ddfde2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:f0:bf:98:c8:fd:3e:e5:70:9f:7c:03:72:
                    1e:1f:93:0e:b0:17:1a:1a:d0:dc:47:34:2d:bd:51:
                    30:57:ad:d7:80:dc:ee:2a:9a:f6:a6:9d:8a:6f:8e:
                    1c:94:15:56:ce:5d:98:90:01:b4:ab:ec:97:27:95:
                    0c:b2:1d:3d:de:89:66:0d:bc:99:c8:82:8c:36:da:
                    af:3d:55:2a:11:0d:29:78:fd:74:68:27:2b:0a:10:
                    97:7b:14:41:52:5b:f6:4b:b2:b4:9d:88:e8:17:a1:
                    41:af:8b:cc:df:61:84:5d:37:6d:74:93:c4:d3:c0:
                    4b:05:5a:20:a8:39:12:54:c3:91:ca:f6:3f:90:ea:
                    7a:83:88:1a:02:bc:4f:05:13:34:d0:62:59:13:32:
                    db:13:a0:93:62:52:05:cf:b6:f6:d8:cc:ef:96:18:
                    6d:ee:2c:e8:66:46:23:19:e9:48:ba:1d:65:e9:fd:
                    73:52:ac:7e:42:b1:09:35:e2:5c:d1:e7:ae:0e:e3:
                    a8:90:bf:d3:cf:ea:a1:71:1b:18:79:f2:d5:9d:87:
                    dc:50:57:8b:da:c7:d6:77:09:b9:76:01:b7:a2:a5:
                    ba:3e:e2:95:79:a0:f0:bc:67:6f:00:81:6e:0b:ab:
                    a3:cd:83:06:d0:5a:e5:6c:46:f5:b3:d9:40:c9:5e:
                    bb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:04:C8:8D:6E:24:56:4B:05:84:8A:AA:CF:41:E6:F3:A4:DD:FD:E2
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/zwTIjW4kVksFhIqqz0Hm86Td_eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.232.0/22
                IPv6:
                  2a0a:7107:1af4::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:7b:90:42:ec:73:b4:28:04:f8:91:d3:e2:3d:52:9e:c5:2a:
         6a:61:7c:a0:70:04:7a:bc:4e:1a:6f:e5:c9:1b:f5:b3:d0:2a:
         59:33:9c:09:b7:3b:16:c1:ac:2c:e4:8d:fe:0e:db:b1:b3:3c:
         c4:61:59:38:03:80:86:2d:4f:20:77:71:69:a2:55:21:cc:54:
         b1:34:ff:27:5d:f8:6d:25:95:d0:aa:ed:1b:d3:b1:64:d3:8d:
         bf:ea:28:04:c1:74:2f:6e:eb:38:a8:58:39:05:0e:52:d1:77:
         06:77:cb:c4:47:59:75:62:04:9a:2c:6e:ec:59:49:36:8c:3c:
         e8:e0:3f:7a:fb:28:05:cf:64:ba:0d:b7:79:86:3b:b0:82:53:
         2a:c9:86:e0:61:5e:c1:85:02:45:2a:d3:60:65:59:f3:9e:97:
         58:06:f2:08:83:c0:9b:31:c0:67:67:6f:51:15:e7:99:e3:3c:
         53:71:14:d9:4e:12:e7:af:e4:d1:c5:31:9b:cd:4a:3a:09:6d:
         0b:f9:4d:97:53:bc:ad:7f:62:38:75:03:36:db:bb:e7:49:5f:
         5a:de:77:15:0d:3b:d1:0a:73:f1:3b:07:54:d2:6f:6b:ff:0f:
         47:a2:ec:bc:9b:31:db:3b:6c:83:b0:ff:c3:f7:a3:fd:0e:02:
         59:b6:e7:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj12BrBapBjTKK6ANjKUU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjUwMTAxMjE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA0Yzg4ZDZlMjQ1NjRiMDU4NDhhYWFjZjQxZTZmM2E0ZGRmZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXwv5jI/T7lcJ98A3IeH5MOsBca
GtDcRzQtvVEwV63XgNzuKpr2pp2Kb44clBVWzl2YkAG0q+yXJ5UMsh093olmDbyZ
yIKMNtqvPVUqEQ0peP10aCcrChCXexRBUlv2S7K0nYjoF6FBr4vM32GEXTdtdJPE
08BLBVogqDkSVMORyvY/kOp6g4gaArxPBRM00GJZEzLbE6CTYlIFz7b22Mzvlhht
7izoZkYjGelIuh1l6f1zUqx+QrEJNeJc0eeuDuOokL/Tz+qhcRsYefLVnYfcUFeL
2sfWdwm5dgG3oqW6PuKVeaDwvGdvAIFuC6ujzYMG0FrlbEb1s9lAyV67WQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM8EyI1uJFZLBYSKqs9B5vOk3f3iMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvendUSWpXNGtWa3NGaElxcXowSG04NlRkX2VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuanoMA8E
AgACMAkDBwAqCnEHGvQwDQYJKoZIhvcNAQELBQADggEBABx7kELsc7QoBPiR0+I9
Up7FKmphfKBwBHq8Thpv5ckb9bPQKlkznAm3OxbBrCzkjf4O27GzPMRhWTgDgIYt
TyB3cWmiVSHMVLE0/ydd+G0lldCq7RvTsWTTjb/qKATBdC9u6zioWDkFDlLRdwZ3
y8RHWXViBJosbuxZSTaMPOjgP3r7KAXPZLoNt3mGO7CCUyrJhuBhXsGFAkUq02Bl
WfOel1gG8giDwJsxwGdnb1EV55njPFNxFNlOEuev5NHFMZvNSjoJbQv5TZdTvK1/
Yjh1Azbbu+dJX1redxUNO9EKc/E7B1TSb2v/D0ei7LybMds7bIOw/8P3o/0OAlm2
51o=
-----END CERTIFICATE-----