Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lIlK4j9OBPCWZNcTLaIdheOVNW0.roa
File:                     lIlK4j9OBPCWZNcTLaIdheOVNW0.roa (raw, json)
Hash identifier:          K4TPkkc1TKF/pgiM9NEtlPAY+e7KRgqJBAIcr3jfV8I=
Subject key identifier:   94:89:4A:E2:3F:4E:04:F0:96:64:D7:13:2D:A2:1D:85:E3:95:35:6D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195D6F27ACB24813E3D07D3ED7A519C26A8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lIlK4j9OBPCWZNcTLaIdheOVNW0.roa
Signing time:             Thu 27 Mar 2025 09:32:50 +0000
ROA not before:           Thu 27 Mar 2025 09:32:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4515
IP address blocks:        185.246.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:f2:7a:cb:24:81:3e:3d:07:d3:ed:7a:51:9c:26:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 27 09:32:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94894ae23f4e04f09664d7132da21d85e395356d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:bb:72:54:0a:01:dd:90:4a:d3:87:51:36:
                    b8:53:c2:4b:73:58:2a:a3:1c:05:6a:cf:83:5f:0a:
                    25:35:bd:bb:a3:b1:18:67:41:09:43:74:fc:2d:ca:
                    25:3b:50:64:08:79:e4:85:9a:7e:9b:90:a8:bf:8f:
                    0d:66:f8:33:c9:9e:3d:fe:fd:98:99:51:e1:c1:e4:
                    e3:e5:8e:ec:23:96:a8:9c:db:01:35:06:1b:74:07:
                    bc:fe:a2:96:bb:27:da:63:bc:52:33:64:55:30:3c:
                    fb:00:b8:91:af:b7:bb:3b:93:6d:93:50:df:1c:53:
                    2c:81:e7:4a:6c:82:3e:f9:9c:4a:9c:4c:2f:65:57:
                    6b:de:07:78:a7:a1:86:72:d9:a6:4d:83:52:42:79:
                    37:5e:68:c6:8f:43:97:df:f5:07:f2:e4:76:4a:ba:
                    9b:38:43:86:f6:a9:1a:f2:ba:b2:d6:88:08:bd:3d:
                    a7:8d:dd:5f:5a:26:04:bb:06:af:53:98:17:20:19:
                    03:5f:69:f6:0c:77:73:68:cf:2d:71:c7:48:10:d7:
                    8a:4e:e9:47:b8:95:db:4d:15:0d:24:93:65:9e:7a:
                    fa:71:bc:1b:2e:aa:92:1a:6d:36:81:4e:63:b2:0f:
                    ef:f5:b8:88:a6:61:56:72:43:3a:46:e4:ca:49:3c:
                    ca:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:89:4A:E2:3F:4E:04:F0:96:64:D7:13:2D:A2:1D:85:E3:95:35:6D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/lIlK4j9OBPCWZNcTLaIdheOVNW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:fb:d2:4b:49:0f:e4:84:fe:7a:6b:c1:30:1e:5c:a5:16:9e:
         82:ad:72:a9:4d:1b:f2:01:1b:6d:de:ba:6e:7d:66:29:ba:85:
         9a:12:25:4d:6a:33:2d:51:16:45:f7:be:aa:df:38:d0:2f:8e:
         ce:a0:0e:03:db:f9:c7:78:e6:49:f0:51:67:dd:0b:f7:39:1e:
         f8:79:dd:e5:e8:57:fc:48:96:0b:8e:a6:ba:39:58:8f:24:96:
         50:33:db:48:53:40:20:27:a5:2b:65:b2:4c:3b:e6:1f:e3:08:
         98:f0:19:b9:51:31:17:df:0c:7d:63:dc:dd:d5:76:8a:3c:2a:
         44:cc:bd:30:ba:11:f9:53:1c:eb:9f:36:e5:f8:14:22:9c:e6:
         25:fc:e1:73:98:f4:3e:35:cd:48:f2:e6:b3:61:92:b2:5a:9c:
         b1:a7:24:95:4d:b9:11:2c:59:19:a6:f3:c4:76:b8:8a:13:e1:
         41:a9:76:89:3d:f0:86:ff:59:cc:bc:34:cd:6e:a6:a3:fa:a5:
         14:05:b5:65:9b:42:10:e1:b9:9a:0d:12:02:f4:50:0b:be:94:
         90:27:fa:8f:bc:f9:46:b8:13:9e:5f:fd:bd:2d:a9:56:ce:2b:
         dd:5a:58:ed:08:1d:a3:54:0b:65:a7:44:8d:01:14:93:22:2d:
         21:bf:1b:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXW8nrLJIE+PQfT7XpRnCaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMzI3MDkzMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDg5NGFlMjNmNGUwNGYwOTY2NGQ3MTMyZGEyMWQ4NWUzOTUzNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujG7clQKAd2QStOHUTa4U8JLc1gq
oxwFas+DXwolNb27o7EYZ0EJQ3T8LcolO1BkCHnkhZp+m5Cov48NZvgzyZ49/v2Y
mVHhweTj5Y7sI5aonNsBNQYbdAe8/qKWuyfaY7xSM2RVMDz7ALiRr7e7O5Ntk1Df
HFMsgedKbII++ZxKnEwvZVdr3gd4p6GGctmmTYNSQnk3XmjGj0OX3/UH8uR2Srqb
OEOG9qka8rqy1ogIvT2njd1fWiYEuwavU5gXIBkDX2n2DHdzaM8tccdIENeKTulH
uJXbTRUNJJNlnnr6cbwbLqqSGm02gU5jsg/v9biIpmFWckM6RuTKSTzKqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSJSuI/TgTwlmTXEy2iHYXjlTVtMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbElsSzRqOU9CUENXWk5jVExhSWRoZU9WTlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufZwMA0G
CSqGSIb3DQEBCwUAA4IBAQB6+9JLSQ/khP56a8EwHlylFp6CrXKpTRvyARtt3rpu
fWYpuoWaEiVNajMtURZF976q3zjQL47OoA4D2/nHeOZJ8FFn3Qv3OR74ed3l6Ff8
SJYLjqa6OViPJJZQM9tIU0AgJ6UrZbJMO+Yf4wiY8Bm5UTEX3wx9Y9zd1XaKPCpE
zL0wuhH5Uxzrnzbl+BQinOYl/OFzmPQ+Nc1I8uazYZKyWpyxpySVTbkRLFkZpvPE
driKE+FBqXaJPfCG/1nMvDTNbqaj+qUUBbVlm0IQ4bmaDRIC9FALvpSQJ/qPvPlG
uBOeX/29LalWzivdWljtCB2jVAtlp0SNARSTIi0hvxsn
-----END CERTIFICATE-----