Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZauLM_pRIDMjf3pq2t-LmauHyHY.roa
File:                     ZauLM_pRIDMjf3pq2t-LmauHyHY.roa (raw, json)
Hash identifier:          ab8WoT6FpxplqdtMKlAf9FmIr9CwvwFmKqLIK0nj5TM=
Subject key identifier:   65:AB:8B:33:FA:51:20:33:23:7F:7A:6A:DA:DF:8B:99:AB:87:C8:76
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195280AFA900F4ED7CA8EBF45FA6E0AF7C7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZauLM_pRIDMjf3pq2t-LmauHyHY.roa
Signing time:             Fri 21 Feb 2025 10:26:02 +0000
ROA not before:           Fri 21 Feb 2025 10:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57974
IP address blocks:        185.108.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:28:0a:fa:90:0f:4e:d7:ca:8e:bf:45:fa:6e:0a:f7:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 21 10:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65ab8b33fa512033237f7a6adadf8b99ab87c876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9d:ef:4e:46:85:5b:89:40:5e:21:93:0e:e0:
                    75:17:58:93:49:56:64:34:21:0d:2b:f0:66:a5:3c:
                    3c:4b:eb:fd:d9:6a:d9:23:25:f0:b7:96:ad:15:ae:
                    e0:8c:7f:35:69:1b:ff:3f:24:a1:ec:e0:05:7b:b0:
                    52:52:a0:84:da:0d:69:3b:6f:38:9f:4b:c9:fa:e1:
                    2d:30:fd:49:61:b6:0b:7e:28:a8:cc:6e:48:ec:ce:
                    74:b8:3b:0e:54:27:dc:bb:f7:25:de:3f:d7:56:fc:
                    13:6c:4b:2f:e9:77:2d:d6:e5:7a:82:de:41:72:03:
                    98:36:7b:dc:9d:86:d5:bb:be:24:d7:2f:aa:94:58:
                    ba:96:f3:a5:9c:ba:5d:20:b5:7c:7a:c5:1b:6c:ed:
                    77:19:9e:bc:ed:44:89:8f:bd:27:95:43:63:8d:e1:
                    3f:3e:ac:7f:4d:7c:38:a7:76:9e:c8:cb:6d:ba:63:
                    a1:e8:15:90:98:a8:62:ca:e0:a4:64:7b:2d:c7:c5:
                    b1:6b:3a:15:fe:2b:d8:31:1a:9f:99:fb:c7:98:48:
                    02:bc:dd:cd:28:b2:0d:49:75:f7:26:cb:33:4f:3c:
                    32:7f:cb:c6:bc:41:42:ed:92:79:fe:89:d9:d8:85:
                    fe:ba:41:d4:ba:70:1d:82:77:b8:6c:5f:78:ee:2b:
                    fa:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:AB:8B:33:FA:51:20:33:23:7F:7A:6A:DA:DF:8B:99:AB:87:C8:76
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZauLM_pRIDMjf3pq2t-LmauHyHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f5:f2:57:d9:59:53:01:e8:2f:a5:f5:18:4c:30:9c:33:9b:
         43:b4:bc:b9:0b:ce:0f:26:d6:2f:e1:68:56:76:f4:17:c9:9c:
         92:8f:61:13:65:e3:90:ef:99:14:69:c3:5f:6f:f6:76:27:fc:
         72:18:97:ac:b2:da:4b:43:58:3c:12:6b:76:aa:39:d5:61:e5:
         1c:5f:7e:6a:3a:7b:6b:be:a7:16:c8:27:25:3e:ce:fb:8c:da:
         fa:30:4f:f8:68:05:2e:19:0f:1b:13:83:89:2d:da:40:da:ce:
         a7:fc:1e:9e:89:75:28:f2:a0:58:bd:83:7d:19:95:a3:74:3a:
         9a:3b:00:6c:ed:23:19:91:ac:f5:5a:9f:2b:2d:79:68:37:97:
         31:8a:e9:fd:19:35:a0:e7:b3:6c:85:a8:61:de:1f:d4:27:e6:
         53:d5:11:33:41:21:77:01:85:2a:7a:6d:03:a4:4f:13:1c:07:
         49:8e:86:7f:78:26:6d:23:c5:b5:50:1b:5e:5a:8a:23:aa:05:
         3e:fa:1e:36:2f:11:64:86:51:ad:0b:53:c9:ed:f9:0c:1b:d4:
         8f:65:59:7e:34:3b:f4:0e:ef:69:fa:c4:c9:63:9b:fe:6b:97:
         4e:80:2c:21:9d:ae:59:8f:e6:8f:8a:94:7b:56:c4:a7:81:f7:
         ca:10:8b:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUoCvqQD07Xyo6/RfpuCvfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMjIxMTAyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWFiOGIzM2ZhNTEyMDMzMjM3ZjdhNmFkYWRmOGI5OWFiODdjODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs53vTkaFW4lAXiGTDuB1F1iTSVZk
NCENK/BmpTw8S+v92WrZIyXwt5atFa7gjH81aRv/PySh7OAFe7BSUqCE2g1pO284
n0vJ+uEtMP1JYbYLfiiozG5I7M50uDsOVCfcu/cl3j/XVvwTbEsv6Xct1uV6gt5B
cgOYNnvcnYbVu74k1y+qlFi6lvOlnLpdILV8esUbbO13GZ687USJj70nlUNjjeE/
Pqx/TXw4p3aeyMttumOh6BWQmKhiyuCkZHstx8WxazoV/ivYMRqfmfvHmEgCvN3N
KLINSXX3JsszTzwyf8vGvEFC7ZJ5/onZ2IX+ukHUunAdgne4bF947iv6NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWrizP6USAzI396atrfi5mrh8h2MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWmF1TE1fcFJJRE1qZjNwcTJ0LUxtYXVIeUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWzNMA0G
CSqGSIb3DQEBCwUAA4IBAQAk9fJX2VlTAegvpfUYTDCcM5tDtLy5C84PJtYv4WhW
dvQXyZySj2ETZeOQ75kUacNfb/Z2J/xyGJesstpLQ1g8Emt2qjnVYeUcX35qOntr
vqcWyCclPs77jNr6ME/4aAUuGQ8bE4OJLdpA2s6n/B6eiXUo8qBYvYN9GZWjdDqa
OwBs7SMZkaz1Wp8rLXloN5cxiun9GTWg57Nshahh3h/UJ+ZT1REzQSF3AYUqem0D
pE8THAdJjoZ/eCZtI8W1UBteWoojqgU++h42LxFkhlGtC1PJ7fkMG9SPZVl+NDv0
Du9p+sTJY5v+a5dOgCwhna5Zj+aPipR7VsSngffKEIv7
-----END CERTIFICATE-----