Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/n_A6Qzt5rx35hoVU_97TwDYIfYU.roa
File:                     n_A6Qzt5rx35hoVU_97TwDYIfYU.roa (raw, json)
Hash identifier:          AiRnXdqpWHaW5BVZZURmZ+ZKd/dN4DFkv2OtB71gThk=
Subject key identifier:   9F:F0:3A:43:3B:79:AF:1D:F9:86:85:54:FF:DE:D3:C0:36:08:7D:85
Certificate issuer:       /CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
Certificate serial:       0194282849C30685D3DECB1F0D2095DBD05F
Authority key identifier: 44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/n_A6Qzt5rx35hoVU_97TwDYIfYU.roa
Signing time:             Thu 02 Jan 2025 17:55:16 +0000
ROA not before:           Thu 02 Jan 2025 17:55:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6205
IP address blocks:        185.70.97.0/24 maxlen: 24
                          185.70.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:49:c3:06:85:d3:de:cb:1f:0d:20:95:db:d0:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44af4b76312680e9d40a23b3ca2f19abf2f6c73b
        Validity
            Not Before: Jan  2 17:55:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ff03a433b79af1df9868554ffded3c036087d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f9:66:a9:a6:56:aa:77:1b:56:78:1a:9e:83:
                    df:9b:51:26:d6:74:56:d3:51:c5:cc:06:4c:0a:27:
                    ca:91:31:dd:20:a2:1a:1e:45:4c:ab:51:94:d9:d6:
                    98:97:02:d3:45:44:3b:b3:55:d9:1f:0f:e3:36:f9:
                    9c:d9:1c:9e:75:eb:48:05:11:42:78:0c:fc:df:de:
                    71:28:2a:5b:48:85:b3:56:f5:57:00:a0:b8:d4:a1:
                    a9:8a:eb:e0:57:21:5b:73:bb:35:b8:e3:40:57:8a:
                    eb:43:68:2f:62:fb:ba:07:1d:0e:6b:e1:17:f4:32:
                    a4:fa:b7:bb:23:23:bb:f6:e6:4c:4f:21:40:bb:c7:
                    8c:08:f9:0e:0c:7e:94:eb:ad:6c:59:6a:73:6c:34:
                    7b:99:b0:c6:29:ff:7a:21:64:f2:c8:b0:61:6b:d0:
                    a6:42:dd:21:34:45:b1:41:5d:90:43:fb:28:7c:f2:
                    97:2f:c0:88:c8:11:bd:81:88:95:15:46:f6:7b:4e:
                    20:ab:c7:74:0b:ea:6a:9c:21:57:12:15:88:da:a7:
                    76:61:49:63:2a:99:86:16:27:b1:7e:9f:b7:04:dc:
                    1d:a1:50:d3:38:9d:be:f1:a4:9b:f0:f7:39:7d:28:
                    c8:7f:bb:3c:3c:d4:4d:9c:fb:e1:c0:20:43:5a:29:
                    9b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F0:3A:43:3B:79:AF:1D:F9:86:85:54:FF:DE:D3:C0:36:08:7D:85
            X509v3 Authority Key Identifier:
                keyid:44:AF:4B:76:31:26:80:E9:D4:0A:23:B3:CA:2F:19:AB:F2:F6:C7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/n_A6Qzt5rx35hoVU_97TwDYIfYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/685aa1-ef22-48a5-b70a-5ea8f53ab491/1/RK9LdjEmgOnUCiOzyi8Zq_L2xzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.97.0/24
                  185.70.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:28:c6:d3:7f:b4:32:ac:60:a5:58:d5:12:fd:9a:ac:13:
         c1:ea:e1:c2:dc:3c:15:d7:29:19:7d:e8:0d:55:a5:49:cd:1b:
         84:e7:e2:92:f6:29:72:52:15:3f:11:35:92:de:23:52:4c:a6:
         7c:df:1c:30:eb:c9:a5:a9:4f:bd:4d:e8:38:95:4d:90:b2:13:
         01:6c:03:f0:80:64:41:fc:df:bd:e5:0f:aa:78:ba:dd:5f:68:
         ae:8b:9c:a8:1a:d9:ac:f8:cd:18:f6:a9:a4:9d:63:e8:1d:69:
         37:e8:1b:88:cd:30:21:12:70:50:ea:30:da:bf:9d:83:76:06:
         af:dd:cc:a8:c1:36:a5:23:a5:20:3b:e9:76:2e:fb:83:35:10:
         7c:20:40:85:1a:a2:21:18:09:81:d7:93:d0:2a:59:01:99:e5:
         16:47:a5:83:38:61:66:42:b5:b1:27:69:6a:1b:14:c2:97:31:
         e3:50:50:12:e1:9e:72:32:f7:3a:66:6b:93:76:4c:38:fe:4e:
         a2:f5:f6:eb:4f:cd:75:86:2a:fe:7b:d0:69:dc:12:3b:db:cd:
         1d:ab:59:fa:3b:b5:48:de:9c:67:32:a5:b3:db:bc:98:54:b9:
         8a:11:3f:af:fe:a2:57:a7:11:ec:5e:8e:23:dd:c5:0a:0b:2f:
         53:6b:90:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoKEnDBoXT3ssfDSCV29BfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YWY0Yjc2MzEyNjgwZTlkNDBhMjNiM2NhMmYxOWFiZjJm
NmM3M2IwHhcNMjUwMTAyMTc1NTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmYwM2E0MzNiNzlhZjFkZjk4Njg1NTRmZmRlZDNjMDM2MDg3ZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlflmqaZWqncbVnganoPfm1Em1nRW
01HFzAZMCifKkTHdIKIaHkVMq1GU2daYlwLTRUQ7s1XZHw/jNvmc2RyedetIBRFC
eAz8395xKCpbSIWzVvVXAKC41KGpiuvgVyFbc7s1uONAV4rrQ2gvYvu6Bx0Oa+EX
9DKk+re7IyO79uZMTyFAu8eMCPkODH6U661sWWpzbDR7mbDGKf96IWTyyLBha9Cm
Qt0hNEWxQV2QQ/sofPKXL8CIyBG9gYiVFUb2e04gq8d0C+pqnCFXEhWI2qd2YUlj
KpmGFiexfp+3BNwdoVDTOJ2+8aSb8Pc5fSjIf7s8PNRNnPvhwCBDWimbAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ/wOkM7ea8d+YaFVP/e08A2CH2FMB8GA1UdIwQY
MBaAFESvS3YxJoDp1Aojs8ovGavy9sc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEt
NWVhOGY1M2FiNDkxLzEvbl9BNlF6dDVyeDM1aG9WVV85N1R3RFlJZllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82ODVhYTEtZWYyMi00OGE1LWI3MGEtNWVhOGY1M2FiNDkx
LzEvUks5TGRqRW1nT25VQ2lPenlpOFpxX0wyeHpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUZhAwQA
uUZjMA0GCSqGSIb3DQEBCwUAA4IBAQBGsijG03+0MqxgpVjVEv2arBPB6uHC3DwV
1ykZfegNVaVJzRuE5+KS9ilyUhU/ETWS3iNSTKZ83xww68mlqU+9Teg4lU2QshMB
bAPwgGRB/N+95Q+qeLrdX2iui5yoGtms+M0Y9qmknWPoHWk36BuIzTAhEnBQ6jDa
v52Ddgav3cyowTalI6UgO+l2LvuDNRB8IECFGqIhGAmB15PQKlkBmeUWR6WDOGFm
QrWxJ2lqGxTClzHjUFAS4Z5yMvc6ZmuTdkw4/k6i9fbrT811hir+e9Bp3BI7280d
q1n6O7VI3pxnMqWz27yYVLmKET+v/qJXpxHsXo4j3cUKCy9Ta5DX
-----END CERTIFICATE-----