Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Iw7Wkl3t6hbt6V2dIbfJU8gL2gg.roa
File:                     Iw7Wkl3t6hbt6V2dIbfJU8gL2gg.roa (raw, json)
Hash identifier:          sppE5ZNT2LFmjinP+pULhdAy2iH7kvmdsVJXxsl7z4Q=
Subject key identifier:   23:0E:D6:92:5D:ED:EA:16:ED:E9:5D:9D:21:B7:C9:53:C8:0B:DA:08
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D3D0B1FE84E4E0E3BF26DAF199C1D
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Iw7Wkl3t6hbt6V2dIbfJU8gL2gg.roa
Signing time:             Wed 01 Jan 2025 15:47:49 +0000
ROA not before:           Wed 01 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206179
IP address blocks:        185.68.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3d:0b:1f:e8:4e:4e:0e:3b:f2:6d:af:19:9c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=230ed6925dedea16ede95d9d21b7c953c80bda08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cc:5d:10:88:2c:f0:e2:e7:d6:5d:45:43:b5:
                    bd:63:69:47:de:85:ec:19:9f:fd:ed:7c:93:f4:96:
                    55:d6:5b:9f:a0:39:75:98:3e:f3:91:9f:bb:a5:aa:
                    80:ef:3d:b1:fd:86:93:a8:15:57:60:d5:9d:65:a3:
                    09:da:6e:de:7a:0e:cb:50:ac:85:db:10:2a:6a:ba:
                    00:c0:e5:11:6a:e8:4a:20:03:2e:dd:b6:92:01:f9:
                    27:97:45:55:6a:60:bb:15:8f:03:df:ca:a3:b4:6e:
                    90:b5:ac:b7:d1:ca:6f:97:b6:67:5a:9a:6a:be:c0:
                    0b:91:bb:a1:e2:99:f1:64:62:38:f9:6f:66:46:c8:
                    f4:00:bc:a5:f6:f0:42:31:52:e2:01:90:70:f6:3e:
                    4a:0c:44:51:0d:9e:d3:8b:d5:33:7d:ee:dd:1f:79:
                    8a:1f:71:5e:0f:68:11:dc:dd:44:74:be:9f:a2:bc:
                    a1:e8:d7:08:32:67:32:bf:cd:4b:da:9a:38:bb:ec:
                    05:ec:f6:5d:e6:b1:c8:3e:14:e0:48:5a:a4:ff:3a:
                    53:36:e1:ee:b1:24:9a:87:06:a1:20:99:98:2c:85:
                    e1:5d:f8:37:ab:0f:95:e7:8c:73:c1:96:6a:88:6f:
                    00:64:63:4f:0d:73:23:e1:a1:9a:d8:14:75:6f:49:
                    87:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0E:D6:92:5D:ED:EA:16:ED:E9:5D:9D:21:B7:C9:53:C8:0B:DA:08
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Iw7Wkl3t6hbt6V2dIbfJU8gL2gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:0f:5e:5a:f3:0d:b7:91:cb:04:b2:e5:92:7d:8e:ca:1f:8c:
         29:e1:52:d5:79:a4:3c:9f:44:50:eb:4d:53:8c:a9:f1:a3:18:
         b4:3b:fc:cd:14:ba:36:2f:ac:f2:5d:97:d2:3b:fc:1f:51:6e:
         9a:82:a1:02:8b:d2:4d:81:36:8c:7f:e9:ba:ae:67:c9:ce:ae:
         b9:06:65:83:00:a0:d4:3f:57:dc:48:a4:78:5b:67:e2:7b:0a:
         32:99:2f:43:9f:3d:e4:18:5c:83:e6:8e:7a:70:ae:63:0b:01:
         d6:14:8d:40:14:00:ba:41:75:ec:80:93:06:45:6d:40:5d:a8:
         52:b6:20:af:00:70:ae:70:22:52:77:60:e1:f4:f1:07:db:f9:
         c4:71:92:6f:a7:13:58:e5:ad:2f:fc:dc:8e:46:78:20:e2:1b:
         1d:39:88:3e:25:39:7e:ab:a2:4b:e9:03:80:b2:52:08:cb:34:
         26:14:94:3a:89:d8:16:15:15:c5:fb:ad:99:d7:0c:73:0e:0e:
         81:d6:4d:dc:45:9e:a7:b6:17:14:f4:eb:6a:ca:57:5d:9a:fe:
         9b:4a:4f:05:6a:28:80:3b:e2:3a:3b:f7:86:76:45:9a:45:a9:
         00:ab:a7:ef:90:34:30:62:e2:77:f1:99:f0:e9:7e:a2:da:be:
         de:a0:22:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijT0LH+hOTg478m2vGZwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzBlZDY5MjVkZWRlYTE2ZWRlOTVkOWQyMWI3Yzk1M2M4MGJkYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucxdEIgs8OLn1l1FQ7W9Y2lH3oXs
GZ/97XyT9JZV1lufoDl1mD7zkZ+7paqA7z2x/YaTqBVXYNWdZaMJ2m7eeg7LUKyF
2xAqaroAwOURauhKIAMu3baSAfknl0VVamC7FY8D38qjtG6Qtay30cpvl7ZnWppq
vsALkbuh4pnxZGI4+W9mRsj0ALyl9vBCMVLiAZBw9j5KDERRDZ7Ti9Uzfe7dH3mK
H3FeD2gR3N1EdL6foryh6NcIMmcyv81L2po4u+wF7PZd5rHIPhTgSFqk/zpTNuHu
sSSahwahIJmYLIXhXfg3qw+V54xzwZZqiG8AZGNPDXMj4aGa2BR1b0mH/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMO1pJd7eoW7eldnSG3yVPIC9oIMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvSXc3V2tsM3Q2aGJ0NlYyZEliZkpVOGdMMmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUSQMA0G
CSqGSIb3DQEBCwUAA4IBAQBBD15a8w23kcsEsuWSfY7KH4wp4VLVeaQ8n0RQ601T
jKnxoxi0O/zNFLo2L6zyXZfSO/wfUW6agqECi9JNgTaMf+m6rmfJzq65BmWDAKDU
P1fcSKR4W2fiewoymS9Dnz3kGFyD5o56cK5jCwHWFI1AFAC6QXXsgJMGRW1AXahS
tiCvAHCucCJSd2Dh9PEH2/nEcZJvpxNY5a0v/NyORngg4hsdOYg+JTl+q6JL6QOA
slIIyzQmFJQ6idgWFRXF+62Z1wxzDg6B1k3cRZ6nthcU9Otqylddmv6bSk8FaiiA
O+I6O/eGdkWaRakAq6fvkDQwYuJ38Znw6X6i2r7eoCLs
-----END CERTIFICATE-----