Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/gVZpy_aU2P0Pr-2EJHA1HwKJhRU.roa
File:                     gVZpy_aU2P0Pr-2EJHA1HwKJhRU.roa (raw, json)
Hash identifier:          P5u1LpZGGtQaGv/FeFmSXhXnEGgm7B33JQ+aoyUNOOk=
Subject key identifier:   81:56:69:CB:F6:94:D8:FD:0F:AF:ED:84:24:70:35:1F:02:89:85:15
Certificate issuer:       /CN=30628d9238e23d6bf4c735995c9e2dea0050f00c
Certificate serial:       019425FDE216967FDDBC5D19400EF0970F4A
Authority key identifier: 30:62:8D:92:38:E2:3D:6B:F4:C7:35:99:5C:9E:2D:EA:00:50:F0:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/gVZpy_aU2P0Pr-2EJHA1HwKJhRU.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50000
IP address blocks:        185.135.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e2:16:96:7f:dd:bc:5d:19:40:0e:f0:97:0f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30628d9238e23d6bf4c735995c9e2dea0050f00c
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=815669cbf694d8fd0fafed842470351f02898515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7a:04:3b:6e:d1:be:a2:bd:c3:c8:88:a9:44:
                    1a:61:20:8f:1a:cb:12:df:a0:22:e9:26:73:aa:4b:
                    0e:46:60:b5:b6:9c:66:9e:1b:32:65:29:db:c5:d4:
                    bc:c6:01:4b:9e:d8:e9:b9:7e:f8:9c:33:15:83:5b:
                    c2:b6:06:60:b4:96:3f:cb:31:0c:42:e2:83:3c:25:
                    d4:be:ab:84:35:f4:02:50:69:7d:32:f3:25:34:a8:
                    85:fe:f2:02:c7:21:1a:28:ab:5c:b4:ed:66:ea:4a:
                    19:93:8e:a6:b7:ed:ac:56:1b:4a:e8:46:c0:65:28:
                    1e:7b:8f:4e:83:21:bb:1c:06:9c:24:6a:f5:32:6a:
                    80:08:5e:33:d1:e3:c3:04:6e:e0:c4:ec:a5:df:a4:
                    e0:09:72:e1:2c:bf:1f:28:35:28:96:21:1c:36:af:
                    c0:b6:38:7d:0b:ff:f6:e8:a2:bd:f7:c2:5b:8c:1b:
                    3b:31:f3:65:ec:d2:eb:48:90:9a:3c:cd:f0:a7:8d:
                    11:00:ba:6b:15:94:b2:b9:c1:d5:22:38:0f:df:2b:
                    65:6d:9c:40:41:a4:ae:aa:8d:ab:c1:05:09:42:e0:
                    11:71:d8:c3:bf:80:a0:5f:9e:b8:2e:b5:5b:ba:8e:
                    9a:75:4b:60:4e:03:3d:a7:45:5c:c6:f3:e9:33:cd:
                    f3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:56:69:CB:F6:94:D8:FD:0F:AF:ED:84:24:70:35:1F:02:89:85:15
            X509v3 Authority Key Identifier:
                keyid:30:62:8D:92:38:E2:3D:6B:F4:C7:35:99:5C:9E:2D:EA:00:50:F0:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/gVZpy_aU2P0Pr-2EJHA1HwKJhRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/40e57e-c627-4b9b-9577-596fa8c0a57a/1/MGKNkjjiPWv0xzWZXJ4t6gBQ8Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:90:5c:b5:62:cf:2c:48:d6:f4:79:b0:3e:68:78:09:fc:d9:
         01:ef:e1:cb:11:2b:e0:94:7a:10:4e:88:31:ee:3e:7e:30:36:
         c1:92:aa:d2:b0:18:21:72:79:06:10:cb:4d:8a:2e:b2:de:89:
         be:14:75:6e:d0:58:89:60:ed:17:e1:fa:e9:c6:be:55:40:12:
         d2:93:a9:0b:66:62:bd:61:68:8b:58:79:4d:ff:45:72:3b:60:
         14:7d:f6:2b:0f:d7:b9:6b:f3:a1:99:ee:c6:52:6a:c2:4b:3b:
         9a:d6:2f:a3:8b:ce:82:24:78:d3:40:55:d9:48:a9:96:cf:e8:
         98:72:ac:5d:0c:3f:c6:ca:0b:bd:1b:9e:cb:a6:d7:dc:89:69:
         b1:5e:44:51:8e:ad:66:ef:75:2b:18:21:91:0f:b0:3c:08:c6:
         e0:2a:d1:e7:e2:bb:cf:ba:ae:73:25:bc:cb:bf:f3:c6:ac:e5:
         bd:58:11:1e:69:08:08:2b:d6:83:cf:e3:fd:6e:74:26:3e:33:
         73:ec:73:e5:60:6d:e0:8b:bf:68:5a:3f:86:08:c0:85:58:47:
         df:7d:87:64:5f:f5:0a:5f:a7:8f:b0:50:f9:ac:a9:45:dd:b3:
         b2:9f:b8:5b:9b:a8:c8:1a:64:e6:f1:6b:a5:d6:dd:f1:21:f3:
         38:8f:d2:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eIWln/dvF0ZQA7wlw9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjI4ZDkyMzhlMjNkNmJmNGM3MzU5OTVjOWUyZGVhMDA1
MGYwMGMwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTU2NjljYmY2OTRkOGZkMGZhZmVkODQyNDcwMzUxZjAyODk4NTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunoEO27RvqK9w8iIqUQaYSCPGssS
36Ai6SZzqksORmC1tpxmnhsyZSnbxdS8xgFLntjpuX74nDMVg1vCtgZgtJY/yzEM
QuKDPCXUvquENfQCUGl9MvMlNKiF/vICxyEaKKtctO1m6koZk46mt+2sVhtK6EbA
ZSgee49OgyG7HAacJGr1MmqACF4z0ePDBG7gxOyl36TgCXLhLL8fKDUoliEcNq/A
tjh9C//26KK998JbjBs7MfNl7NLrSJCaPM3wp40RALprFZSyucHVIjgP3ytlbZxA
QaSuqo2rwQUJQuARcdjDv4CgX564LrVbuo6adUtgTgM9p0VcxvPpM83z4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFWacv2lNj9D6/thCRwNR8CiYUVMB8GA1UdIwQY
MBaAFDBijZI44j1r9Mc1mVyeLeoAUPAMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdLTmtqamlQV3YweHpXWlhKNHQ2Z0JROEF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80MGU1N2UtYzYyNy00YjliLTk1Nzct
NTk2ZmE4YzBhNTdhLzEvZ1ZacHlfYVUyUDBQci0yRUpIQTFId0tKaFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80MGU1N2UtYzYyNy00YjliLTk1NzctNTk2ZmE4YzBhNTdh
LzEvTUdLTmtqamlQV3YweHpXWlhKNHQ2Z0JROEF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYcuMA0G
CSqGSIb3DQEBCwUAA4IBAQChkFy1Ys8sSNb0ebA+aHgJ/NkB7+HLESvglHoQTogx
7j5+MDbBkqrSsBghcnkGEMtNii6y3om+FHVu0FiJYO0X4frpxr5VQBLSk6kLZmK9
YWiLWHlN/0VyO2AUffYrD9e5a/Ohme7GUmrCSzua1i+ji86CJHjTQFXZSKmWz+iY
cqxdDD/Gygu9G57LptfciWmxXkRRjq1m73UrGCGRD7A8CMbgKtHn4rvPuq5zJbzL
v/PGrOW9WBEeaQgIK9aDz+P9bnQmPjNz7HPlYG3gi79oWj+GCMCFWEfffYdkX/UK
X6ePsFD5rKlF3bOyn7hbm6jIGmTm8Wul1t3xIfM4j9Jh
-----END CERTIFICATE-----