Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/dXyGBX3mrcTpXMaGiqcXeVf8XnQ.roa
File:                     dXyGBX3mrcTpXMaGiqcXeVf8XnQ.roa (raw, json)
Hash identifier:          d8QiTfzu03DuCut3Jg4KCED9lxPkDuht3lU67gLMMfo=
Subject key identifier:   75:7C:86:05:7D:E6:AD:C4:E9:5C:C6:86:8A:A7:17:79:57:FC:5E:74
Certificate issuer:       /CN=65d7f0fd622afd6bd4a2d6ce0f1cbcc07a9c41f1
Certificate serial:       0194266C06CBA5484199E5A93180DC3583E4
Authority key identifier: 65:D7:F0:FD:62:2A:FD:6B:D4:A2:D6:CE:0F:1C:BC:C0:7A:9C:41:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/dXyGBX3mrcTpXMaGiqcXeVf8XnQ.roa
Signing time:             Thu 02 Jan 2025 09:50:01 +0000
ROA not before:           Thu 02 Jan 2025 09:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        194.59.96.0/19 maxlen: 19
                          194.59.121.0/24 maxlen: 24
                          2001:67c:67c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:06:cb:a5:48:41:99:e5:a9:31:80:dc:35:83:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65d7f0fd622afd6bd4a2d6ce0f1cbcc07a9c41f1
        Validity
            Not Before: Jan  2 09:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=757c86057de6adc4e95cc6868aa7177957fc5e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7a:99:ba:c9:3a:01:b6:cd:ef:b2:9b:6a:a9:
                    c9:88:7d:67:f3:01:40:54:a6:c2:59:d6:7e:3f:8a:
                    58:10:18:fe:c1:42:3d:ce:b0:ea:ae:02:f1:c7:76:
                    08:7a:6d:6f:d7:c8:6c:e0:fc:80:ea:db:fc:0f:bd:
                    e0:e8:dd:e6:27:ed:d9:d3:a8:ef:ab:7f:e6:7b:5a:
                    67:8b:40:79:76:2a:60:c9:37:f1:47:63:b3:20:c4:
                    a4:e3:27:36:88:fb:da:85:8d:bd:10:43:85:bb:98:
                    cb:bd:3f:7c:5c:de:6b:21:2a:2d:03:13:88:5b:16:
                    fa:c9:20:73:79:ec:90:ac:b8:df:fa:18:e9:77:b9:
                    c2:9b:4e:56:89:c3:a0:58:fb:f8:f5:98:02:ef:c5:
                    77:24:4d:79:0a:b6:0c:73:9c:66:07:2d:00:ff:b6:
                    66:f3:7c:04:7d:6e:48:1b:e3:e2:5e:34:ab:53:dd:
                    c9:a3:a7:e5:d9:11:7b:ba:cb:ff:bc:c8:b3:3b:b6:
                    ce:b1:0f:b7:ee:8a:a8:47:17:27:ca:99:29:bc:6f:
                    0c:b3:68:57:54:49:91:ed:b7:36:d8:d0:cc:04:8c:
                    03:63:7e:ae:c5:f5:4d:9a:45:2e:6b:96:40:74:07:
                    67:36:45:c4:e3:5c:3a:52:69:f9:5a:5c:7a:50:b3:
                    90:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7C:86:05:7D:E6:AD:C4:E9:5C:C6:86:8A:A7:17:79:57:FC:5E:74
            X509v3 Authority Key Identifier:
                keyid:65:D7:F0:FD:62:2A:FD:6B:D4:A2:D6:CE:0F:1C:BC:C0:7A:9C:41:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/dXyGBX3mrcTpXMaGiqcXeVf8XnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.96.0/19
                IPv6:
                  2001:67c:67c::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:55:6e:62:5b:f8:fa:cc:26:fb:bf:93:29:6c:af:7c:41:fb:
         35:ae:d3:5a:66:61:16:0b:ee:2e:3b:f7:9d:9a:aa:d3:fc:52:
         e7:10:1d:4e:ea:2e:d5:a5:3b:6c:52:ad:88:af:ed:44:92:ec:
         31:09:f5:28:61:81:61:ed:81:91:7d:dc:9c:29:4d:69:f4:aa:
         44:cf:a2:8c:f4:54:ce:ff:7d:d7:51:e6:95:1c:62:75:5e:a3:
         98:ce:15:95:19:f3:05:94:76:3b:76:65:c4:47:d7:b1:7e:fb:
         73:89:d2:cd:7f:7e:f7:5a:58:4e:4d:d2:c2:6a:36:84:df:91:
         2b:87:10:2a:60:7d:39:cb:ec:0c:66:0d:98:95:ae:6d:3f:a1:
         df:d9:98:d9:73:8f:04:06:b0:4c:a0:e3:57:8e:16:20:73:ae:
         15:9c:32:e1:cd:fb:92:4c:88:ac:ba:1b:e2:06:70:45:9c:f8:
         69:88:1f:8a:1c:4d:e2:cd:6a:5d:83:4f:14:0d:9a:ef:01:a6:
         51:40:c6:09:1e:c9:b1:63:1b:8b:f9:fa:cd:24:89:76:db:23:
         0a:27:69:c0:33:fa:0d:9e:b1:75:b4:ba:e3:2b:c8:52:1b:1b:
         ee:d5:1f:fa:40:02:6a:fa:d1:0b:ea:68:b3:48:ed:ff:92:3a:
         75:01:5c:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmbAbLpUhBmeWpMYDcNYPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZDdmMGZkNjIyYWZkNmJkNGEyZDZjZTBmMWNiY2MwN2E5
YzQxZjEwHhcNMjUwMTAyMDk1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdjODYwNTdkZTZhZGM0ZTk1Y2M2ODY4YWE3MTc3OTU3ZmM1ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HqZusk6AbbN77KbaqnJiH1n8wFA
VKbCWdZ+P4pYEBj+wUI9zrDqrgLxx3YIem1v18hs4PyA6tv8D73g6N3mJ+3Z06jv
q3/me1pni0B5dipgyTfxR2OzIMSk4yc2iPvahY29EEOFu5jLvT98XN5rISotAxOI
Wxb6ySBzeeyQrLjf+hjpd7nCm05WicOgWPv49ZgC78V3JE15CrYMc5xmBy0A/7Zm
83wEfW5IG+PiXjSrU93Jo6fl2RF7usv/vMizO7bOsQ+37oqoRxcnypkpvG8Ms2hX
VEmR7bc22NDMBIwDY36uxfVNmkUua5ZAdAdnNkXE41w6Umn5Wlx6ULOQdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHV8hgV95q3E6VzGhoqnF3lX/F50MB8GA1UdIwQY
MBaAFGXX8P1iKv1r1KLWzg8cvMB6nEHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmRmd19XSXFfV3ZVb3RiT0R4eTh3SHFjUWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83M2YzNmMtZjRmNy00MDY1LTlkNDYt
OGJlNGFkNTc3NzNiLzEvZFh5R0JYM21yY1RwWE1hR2lxY1hlVmY4WG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83M2YzNmMtZjRmNy00MDY1LTlkNDYtOGJlNGFkNTc3NzNi
LzEvWmRmd19XSXFfV3ZVb3RiT0R4eTh3SHFjUWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQFwjtgMA8E
AgACMAkDBwAgAQZ8BnwwDQYJKoZIhvcNAQELBQADggEBAINVbmJb+PrMJvu/kyls
r3xB+zWu01pmYRYL7i47952aqtP8UucQHU7qLtWlO2xSrYiv7USS7DEJ9ShhgWHt
gZF93JwpTWn0qkTPooz0VM7/fddR5pUcYnVeo5jOFZUZ8wWUdjt2ZcRH17F++3OJ
0s1/fvdaWE5N0sJqNoTfkSuHECpgfTnL7AxmDZiVrm0/od/ZmNlzjwQGsEyg41eO
FiBzrhWcMuHN+5JMiKy6G+IGcEWc+GmIH4ocTeLNal2DTxQNmu8BplFAxgkeybFj
G4v5+s0kiXbbIwonacAz+g2esXW0uuMryFIbG+7VH/pAAmr60QvqaLNI7f+SOnUB
XEg=
-----END CERTIFICATE-----