Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Iy-nn1ZUQ0C78ZDMwDiN9blDupk.roa
File:                     Iy-nn1ZUQ0C78ZDMwDiN9blDupk.roa (raw, json)
Hash identifier:          t7LtFzQXoRD77N3XUDNLxJuoFxvjVvUWPP3zPA5Y18M=
Subject key identifier:   23:2F:A7:9F:56:54:43:40:BB:F1:90:CC:C0:38:8D:F5:B9:43:BA:99
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220533E46D911715A02F15D74A34E4E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Iy-nn1ZUQ0C78ZDMwDiN9blDupk.roa
Signing time:             Wed 01 Jan 2025 13:48:51 +0000
ROA not before:           Wed 01 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214364
IP address blocks:        185.218.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:53:3e:46:d9:11:71:5a:02:f1:5d:74:a3:4e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=232fa79f56544340bbf190ccc0388df5b943ba99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:19:b6:60:53:c2:64:b5:ff:42:dc:bc:9d:bd:
                    9c:7b:36:30:5f:ed:0f:f7:cc:fe:03:9f:79:85:34:
                    fa:52:7f:f1:a7:78:d7:ce:f0:bf:e8:9a:f1:3a:cf:
                    d0:e5:18:47:a6:33:dd:30:ef:59:c0:28:d2:f9:17:
                    fb:0f:d6:0b:ba:b5:27:6a:20:9c:64:f3:e4:ce:2e:
                    b1:eb:04:71:64:a5:e3:89:26:4b:4b:70:44:0a:e2:
                    c1:e5:54:73:94:b1:7a:aa:ed:3e:46:ac:98:1a:13:
                    91:36:56:f2:af:2f:7b:c8:ec:2e:04:af:93:5d:6f:
                    be:e4:41:38:8d:7b:42:8f:33:3d:f5:d0:e0:ee:81:
                    17:48:25:36:3b:f7:c4:37:a3:57:b4:3e:21:be:29:
                    07:3f:d5:33:1c:08:c7:0f:41:18:b3:3d:97:2c:72:
                    02:05:e9:b9:e5:18:ef:95:a8:73:33:0a:a7:74:c4:
                    03:be:0a:3b:f4:23:7b:89:cd:78:88:18:d2:73:e1:
                    76:94:7c:3a:0e:5b:b2:b1:60:4c:3e:2f:63:3d:2b:
                    55:11:29:0f:ab:11:53:08:87:9e:2e:6b:6b:cf:6f:
                    18:f0:f3:15:fe:d7:4b:00:d5:bc:d9:22:3e:6a:6b:
                    e8:51:b7:d3:71:e1:9e:4e:ba:46:f0:43:32:3b:a5:
                    1b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2F:A7:9F:56:54:43:40:BB:F1:90:CC:C0:38:8D:F5:B9:43:BA:99
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Iy-nn1ZUQ0C78ZDMwDiN9blDupk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:7f:60:4f:f4:b3:f7:37:58:20:5a:14:26:ac:d2:87:97:e3:
         92:a9:7e:22:ee:1b:4b:b0:1b:81:03:08:18:16:b1:54:e8:02:
         32:0f:c8:f3:23:62:dc:1d:66:4b:00:43:30:a6:ca:04:35:e3:
         5b:5b:3a:3b:0b:fc:63:ea:d5:5b:42:28:66:63:2a:8a:4d:bf:
         e8:e8:1c:69:0f:fa:97:c3:0a:fe:08:2e:08:8f:60:e4:2d:21:
         69:24:9b:87:ae:d0:40:89:e9:34:a9:3d:a3:02:c8:42:9c:7e:
         b1:c6:ea:22:3c:ff:95:b5:30:95:04:d2:5f:cb:42:86:c1:14:
         fc:ba:64:cb:2d:6a:b7:0b:99:3c:1c:9a:b5:93:8d:c3:1a:75:
         ea:5e:43:04:39:e4:c7:25:10:b1:1f:71:2d:ce:be:2d:d3:ff:
         64:f5:91:6c:e8:45:1e:3c:43:a4:f0:ff:d4:57:79:16:48:e0:
         0d:55:0e:29:b1:40:21:7f:18:c0:cf:af:de:aa:90:1d:c1:50:
         c6:06:21:7c:df:a6:0c:f3:91:1e:ac:1e:2f:f5:1f:57:fd:0d:
         b2:3f:d1:e0:ab:67:83:f0:7d:b2:99:fd:61:fe:2d:f3:81:fb:
         fe:1e:03:16:9c:57:b0:74:5a:11:b4:eb:a2:77:0b:a5:99:23:
         13:73:a1:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFM+RtkRcVoC8V10o05OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJmYTc5ZjU2NTQ0MzQwYmJmMTkwY2NjMDM4OGRmNWI5NDNiYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRm2YFPCZLX/Qty8nb2cezYwX+0P
98z+A595hTT6Un/xp3jXzvC/6JrxOs/Q5RhHpjPdMO9ZwCjS+Rf7D9YLurUnaiCc
ZPPkzi6x6wRxZKXjiSZLS3BECuLB5VRzlLF6qu0+RqyYGhORNlbyry97yOwuBK+T
XW++5EE4jXtCjzM99dDg7oEXSCU2O/fEN6NXtD4hvikHP9UzHAjHD0EYsz2XLHIC
Bem55RjvlahzMwqndMQDvgo79CN7ic14iBjSc+F2lHw6DluysWBMPi9jPStVESkP
qxFTCIeeLmtrz28Y8PMV/tdLANW82SI+amvoUbfTceGeTrpG8EMyO6UbfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMvp59WVENAu/GQzMA4jfW5Q7qZMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvSXktbm4xWlVRMEM3OFpETXdEaU45YmxEdXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudplMA0G
CSqGSIb3DQEBCwUAA4IBAQC4f2BP9LP3N1ggWhQmrNKHl+OSqX4i7htLsBuBAwgY
FrFU6AIyD8jzI2LcHWZLAEMwpsoENeNbWzo7C/xj6tVbQihmYyqKTb/o6BxpD/qX
wwr+CC4Ij2DkLSFpJJuHrtBAiek0qT2jAshCnH6xxuoiPP+VtTCVBNJfy0KGwRT8
umTLLWq3C5k8HJq1k43DGnXqXkMEOeTHJRCxH3Etzr4t0/9k9ZFs6EUePEOk8P/U
V3kWSOANVQ4psUAhfxjAz6/eqpAdwVDGBiF836YM85EerB4v9R9X/Q2yP9Hgq2eD
8H2ymf1h/i3zgfv+HgMWnFewdFoRtOuidwulmSMTc6Hv
-----END CERTIFICATE-----