Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/72IhoqfKMWs__tk9lggqc2sFR4U.roa
File:                     72IhoqfKMWs__tk9lggqc2sFR4U.roa (raw, json)
Hash identifier:          eMehaSUOm9BBJyj7L7R9dv/bex90R7Xi7clbO4Oakm4=
Subject key identifier:   EF:62:21:A2:A7:CA:31:6B:3F:FE:D9:3D:96:08:2A:73:6B:05:47:85
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A560B1A2E6F607DAB7FE736135FFF
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/72IhoqfKMWs__tk9lggqc2sFR4U.roa
Signing time:             Wed 01 Jan 2025 19:49:18 +0000
ROA not before:           Wed 01 Jan 2025 19:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212351
IP address blocks:        185.120.34.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:56:0b:1a:2e:6f:60:7d:ab:7f:e7:36:13:5f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef6221a2a7ca316b3ffed93d96082a736b054785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:1e:1f:2e:f1:35:3d:c1:d2:98:99:72:6f:
                    ac:e7:2f:8e:4d:e5:c6:50:9c:3d:1b:d3:e0:38:a9:
                    a4:42:5b:0f:96:97:76:cb:b6:49:2a:19:22:59:4c:
                    2b:9c:5d:a5:9f:f2:37:62:4b:e8:4c:f9:2a:b8:a3:
                    91:52:a5:ba:f8:31:ab:d9:34:f5:1c:bc:f0:a2:64:
                    c9:b4:48:d5:2a:4b:73:18:36:20:da:e6:7f:02:e4:
                    01:db:be:df:47:c2:6f:62:62:e7:ca:9a:7a:3b:1f:
                    92:d2:7d:f9:01:f3:ac:85:0f:2c:7f:28:a3:6a:c9:
                    dc:91:65:f5:21:c2:f5:ca:14:60:da:c4:4a:34:3f:
                    8f:e1:e5:fa:51:71:38:18:65:d1:17:8c:f3:d3:b6:
                    7b:fe:17:95:e4:ec:70:80:ff:d6:bc:df:1f:c7:9a:
                    f9:a9:cb:ef:a5:ec:1d:83:5c:33:16:c0:f1:23:88:
                    bd:39:be:a2:9c:5a:ec:ed:da:ec:fe:a9:83:f1:43:
                    9c:53:a2:b4:d9:79:42:e4:da:d3:e2:52:56:6c:ac:
                    19:f4:ff:8f:a4:f6:83:f8:d5:5b:30:32:a6:02:e9:
                    d9:6f:0c:71:71:29:cb:ad:a3:4e:5b:20:01:11:19:
                    39:00:83:e6:6a:07:15:3e:b0:1f:14:c4:66:63:5c:
                    88:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:62:21:A2:A7:CA:31:6B:3F:FE:D9:3D:96:08:2A:73:6B:05:47:85
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/72IhoqfKMWs__tk9lggqc2sFR4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:ea:fd:9f:64:e5:8f:89:24:86:f1:fc:c3:30:bf:4f:c6:cf:
         93:bd:4a:1d:8a:70:90:7c:79:13:07:1a:86:0b:12:09:5d:36:
         01:ce:1b:ff:75:22:0e:e9:bc:e8:49:1a:08:3b:d1:91:5e:d9:
         6b:14:1f:1e:88:18:30:2f:f5:5d:91:88:38:89:48:11:d9:9e:
         fc:b3:1e:c4:13:db:32:24:fa:c9:0f:20:d2:54:9b:2d:ec:97:
         0c:11:70:2f:b3:53:fc:4c:35:e5:d0:57:78:f0:84:35:ab:d6:
         64:43:5f:d6:27:d7:67:cc:83:9b:fc:f7:a7:a4:56:d2:00:4a:
         88:50:4f:ff:13:25:f5:c8:3f:a0:f5:b4:b1:98:2b:b8:97:ab:
         86:5a:1a:25:aa:9f:d7:bb:bb:21:b0:ff:e3:45:5d:04:ff:9f:
         6c:4f:d1:76:9c:00:96:6f:3a:50:18:40:25:6c:e9:c2:b5:3e:
         bd:24:7f:b2:a7:b8:6b:6d:63:3b:69:c0:65:71:53:ca:f2:9f:
         e0:f7:84:5d:d6:11:ee:ad:04:1c:99:5b:f4:26:30:e0:06:27:
         81:cb:0f:72:fd:78:89:00:53:16:b1:7e:53:5a:c8:9a:63:f8:
         b2:a5:ef:e7:28:a1:78:50:76:38:b4:b2:bc:1b:5d:19:6d:74:
         ef:4e:5b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalYLGi5vYH2rf+c2E1//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjYyMjFhMmE3Y2EzMTZiM2ZmZWQ5M2Q5NjA4MmE3MzZiMDU0Nzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+geHy7xNT3B0piZcm+s5y+OTeXG
UJw9G9PgOKmkQlsPlpd2y7ZJKhkiWUwrnF2ln/I3YkvoTPkquKORUqW6+DGr2TT1
HLzwomTJtEjVKktzGDYg2uZ/AuQB277fR8JvYmLnypp6Ox+S0n35AfOshQ8sfyij
asnckWX1IcL1yhRg2sRKND+P4eX6UXE4GGXRF4zz07Z7/heV5OxwgP/WvN8fx5r5
qcvvpewdg1wzFsDxI4i9Ob6inFrs7drs/qmD8UOcU6K02XlC5NrT4lJWbKwZ9P+P
pPaD+NVbMDKmAunZbwxxcSnLraNOWyABERk5AIPmagcVPrAfFMRmY1yItQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9iIaKnyjFrP/7ZPZYIKnNrBUeFMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvNzJJaG9xZktNV3NfX3RrOWxnZ3FjMnNGUjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXgiMA0G
CSqGSIb3DQEBCwUAA4IBAQDN6v2fZOWPiSSG8fzDML9Pxs+TvUodinCQfHkTBxqG
CxIJXTYBzhv/dSIO6bzoSRoIO9GRXtlrFB8eiBgwL/VdkYg4iUgR2Z78sx7EE9sy
JPrJDyDSVJst7JcMEXAvs1P8TDXl0Fd48IQ1q9ZkQ1/WJ9dnzIOb/PenpFbSAEqI
UE//EyX1yD+g9bSxmCu4l6uGWholqp/Xu7shsP/jRV0E/59sT9F2nACWbzpQGEAl
bOnCtT69JH+yp7hrbWM7acBlcVPK8p/g94Rd1hHurQQcmVv0JjDgBieByw9y/XiJ
AFMWsX5TWsiaY/iype/nKKF4UHY4tLK8G10ZbXTvTltg
-----END CERTIFICATE-----