Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4nzais8T6C-vVNrhZHBjkPemSzI.roa
File:                     4nzais8T6C-vVNrhZHBjkPemSzI.roa (raw, json)
Hash identifier:          dW5496KAXSJAX7UHEZ3tLnwWWVijbvmtjkjYvLqPMS0=
Subject key identifier:   E2:7C:DA:8A:CF:13:E8:2F:AF:54:DA:E1:64:70:63:90:F7:A6:4B:32
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019546E1917042A0A9BD5776686BBD76A961
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4nzais8T6C-vVNrhZHBjkPemSzI.roa
Signing time:             Thu 27 Feb 2025 10:09:02 +0000
ROA not before:           Thu 27 Feb 2025 10:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        185.194.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:e1:91:70:42:a0:a9:bd:57:76:68:6b:bd:76:a9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 27 10:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27cda8acf13e82faf54dae164706390f7a64b32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7f:46:b4:1e:22:99:09:d3:bb:13:db:8d:17:
                    9d:6f:e9:bd:01:00:71:d6:c4:ca:0a:76:17:75:92:
                    da:45:d2:cb:6c:5d:51:d0:7a:08:68:87:33:a5:f6:
                    fc:a8:fd:cf:a4:80:df:ec:af:e5:fe:cc:b1:88:9e:
                    62:68:d6:6b:3f:df:d2:c7:57:53:9f:6e:64:7c:07:
                    2f:c9:dd:d7:69:01:72:f0:21:01:f0:f7:9b:8b:20:
                    e2:e7:84:aa:3e:f2:b9:63:64:52:af:11:29:74:e0:
                    f7:ce:aa:b7:79:af:2f:03:5f:5f:25:6e:53:f4:18:
                    0c:b0:be:a3:64:51:53:39:6c:93:c6:b3:d7:fa:43:
                    a4:8f:a9:08:67:81:09:02:4b:86:4a:ff:d8:71:66:
                    fe:aa:bb:96:f5:a8:d3:75:5c:75:9d:73:83:34:91:
                    65:e7:43:31:d5:fd:93:2c:3c:25:d9:17:07:fd:38:
                    ca:bc:aa:56:b0:8d:39:22:75:54:ac:99:3c:5f:cd:
                    91:4b:03:04:a5:8b:9f:96:ab:bc:aa:2f:e3:5f:d1:
                    05:6e:df:26:c6:1b:21:be:3f:8d:15:a5:c4:2b:8c:
                    d7:86:ed:bf:65:21:a1:5b:78:8c:35:40:66:d8:5c:
                    eb:6c:82:5b:4b:6f:ca:74:48:82:a1:37:90:c9:60:
                    d4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7C:DA:8A:CF:13:E8:2F:AF:54:DA:E1:64:70:63:90:F7:A6:4B:32
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4nzais8T6C-vVNrhZHBjkPemSzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:62:12:65:bf:d0:99:5e:df:ae:2b:e3:97:3a:55:cd:f7:b3:
         b2:ca:42:32:89:56:78:cc:33:9a:a9:53:81:5a:d7:bf:66:97:
         80:29:d2:92:a8:de:aa:c3:15:b0:42:32:2d:c2:a2:8b:a6:a0:
         b5:f0:ec:42:ac:ba:ae:00:b3:e6:0b:4f:2d:0a:87:7a:39:ea:
         95:eb:57:eb:c5:f9:95:28:d4:cc:e8:db:0b:66:d4:26:29:a5:
         4e:d2:f6:f1:01:88:36:49:eb:3f:51:fa:47:b4:33:a2:ce:5a:
         e0:4f:c0:0e:39:2a:8c:09:b3:ff:73:c0:06:d2:8c:d1:52:db:
         6d:11:72:aa:fb:df:fd:69:f7:a3:be:b6:93:84:f1:d2:1f:42:
         cf:a7:eb:51:a3:b8:43:cf:c3:49:b0:76:e5:f1:ea:7c:73:fe:
         3a:a6:22:6c:e0:86:8b:ba:41:6c:da:db:8c:3b:0c:a6:13:bf:
         b2:03:aa:22:bc:86:6f:14:09:13:b2:29:2a:da:79:81:d9:6f:
         8d:41:f2:ec:2a:d6:b8:9b:73:33:ec:2a:3f:b9:5a:24:c0:d5:
         6c:86:26:31:53:99:bd:7b:43:65:fa:80:ce:48:52:18:61:b9:
         5c:6f:2e:81:34:a1:48:65:53:ab:0f:4e:2a:51:fc:77:00:62:
         ee:ec:3e:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVG4ZFwQqCpvVd2aGu9dqlhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMjI3MTAwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdjZGE4YWNmMTNlODJmYWY1NGRhZTE2NDcwNjM5MGY3YTY0YjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl39GtB4imQnTuxPbjRedb+m9AQBx
1sTKCnYXdZLaRdLLbF1R0HoIaIczpfb8qP3PpIDf7K/l/syxiJ5iaNZrP9/Sx1dT
n25kfAcvyd3XaQFy8CEB8PebiyDi54SqPvK5Y2RSrxEpdOD3zqq3ea8vA19fJW5T
9BgMsL6jZFFTOWyTxrPX+kOkj6kIZ4EJAkuGSv/YcWb+qruW9ajTdVx1nXODNJFl
50Mx1f2TLDwl2RcH/TjKvKpWsI05InVUrJk8X82RSwMEpYuflqu8qi/jX9EFbt8m
xhshvj+NFaXEK4zXhu2/ZSGhW3iMNUBm2FzrbIJbS2/KdEiCoTeQyWDUJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJ82orPE+gvr1Ta4WRwY5D3pksyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNG56YWlzOFQ2Qy12Vk5yaFpIQmprUGVtU3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIeMA0G
CSqGSIb3DQEBCwUAA4IBAQAfYhJlv9CZXt+uK+OXOlXN97OyykIyiVZ4zDOaqVOB
Wte/ZpeAKdKSqN6qwxWwQjItwqKLpqC18OxCrLquALPmC08tCod6OeqV61frxfmV
KNTM6NsLZtQmKaVO0vbxAYg2Ses/UfpHtDOizlrgT8AOOSqMCbP/c8AG0ozRUttt
EXKq+9/9afejvraThPHSH0LPp+tRo7hDz8NJsHbl8ep8c/46piJs4IaLukFs2tuM
OwymE7+yA6oivIZvFAkTsikq2nmB2W+NQfLsKta4m3Mz7Co/uVokwNVshiYxU5m9
e0Nl+oDOSFIYYblcby6BNKFIZVOrD04qUfx3AGLu7D44
-----END CERTIFICATE-----