Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/V-ziE9ps9Cl1x9ik1a79A00SdKk.roa
File:                     V-ziE9ps9Cl1x9ik1a79A00SdKk.roa (raw, json)
Hash identifier:          vAv5TpbiymJ0TO2JtzeVr/xllon/oJLZTZGZk+qEl8o=
Subject key identifier:   57:EC:E2:13:DA:6C:F4:29:75:C7:D8:A4:D5:AE:FD:03:4D:12:74:A9
Certificate issuer:       /CN=6f31c64c3e5a7de1040f40da8fedc47c38fe59fa
Certificate serial:       019425FDDE3FCB5342DB1FF1843D03A9EC53
Authority key identifier: 6F:31:C6:4C:3E:5A:7D:E1:04:0F:40:DA:8F:ED:C4:7C:38:FE:59:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/V-ziE9ps9Cl1x9ik1a79A00SdKk.roa
Signing time:             Thu 02 Jan 2025 07:49:41 +0000
ROA not before:           Thu 02 Jan 2025 07:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34113
IP address blocks:        185.97.104.0/24 maxlen: 24
                          185.97.105.0/24 maxlen: 24
                          185.97.106.0/24 maxlen: 24
                          185.97.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:de:3f:cb:53:42:db:1f:f1:84:3d:03:a9:ec:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f31c64c3e5a7de1040f40da8fedc47c38fe59fa
        Validity
            Not Before: Jan  2 07:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57ece213da6cf42975c7d8a4d5aefd034d1274a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d0:69:70:d6:08:5b:57:db:d3:c8:be:5d:0e:
                    70:81:f8:d0:84:fe:b5:49:6b:fa:a4:cd:8f:55:9f:
                    c3:ff:22:fb:a7:f5:20:f7:ef:2d:e0:5c:90:97:1e:
                    13:c8:5b:f5:33:ad:45:8e:f4:e2:4a:fc:8c:c4:25:
                    39:41:32:8a:80:c1:9e:6d:49:d9:c0:64:9c:4e:15:
                    af:e1:dd:52:c1:47:b1:75:ec:b0:04:9d:62:3e:d9:
                    12:4f:3a:12:f4:73:49:af:77:13:23:e9:8b:f2:b1:
                    50:dc:d5:50:90:66:f3:76:9c:9e:05:dc:2f:2c:44:
                    e1:11:e4:e1:24:9b:b9:3e:7d:aa:db:b1:cb:b6:cb:
                    c1:a6:21:32:76:f2:6e:b8:11:f8:c6:93:64:aa:d1:
                    44:89:18:a6:15:1d:68:d9:a8:f5:2d:58:83:65:dd:
                    45:c8:20:64:05:87:e5:33:7e:de:9f:fe:e8:68:71:
                    3a:6d:2d:90:8d:ec:3e:95:a2:4e:b5:e4:26:f2:2f:
                    d5:0a:ed:f4:c6:40:3a:66:44:12:ae:c7:45:20:11:
                    45:de:b8:d0:ef:b1:dc:e2:c9:de:47:9f:f8:48:c9:
                    88:47:bd:f6:5f:8e:39:12:3a:86:99:95:f3:ab:32:
                    0f:8e:4d:69:54:fb:55:ef:fe:05:35:39:54:e8:5f:
                    2b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EC:E2:13:DA:6C:F4:29:75:C7:D8:A4:D5:AE:FD:03:4D:12:74:A9
            X509v3 Authority Key Identifier:
                keyid:6F:31:C6:4C:3E:5A:7D:E1:04:0F:40:DA:8F:ED:C4:7C:38:FE:59:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzHGTD5afeEED0Daj-3EfDj-Wfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/V-ziE9ps9Cl1x9ik1a79A00SdKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8ed382-3097-413e-b6a2-b080a3451c7f/1/bzHGTD5afeEED0Daj-3EfDj-Wfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:a0:04:ab:ca:83:76:23:09:f0:a9:2d:e2:4e:9a:c0:fd:2a:
         fc:8e:ef:1d:fa:78:75:8d:90:74:cb:db:72:d0:12:bc:28:1e:
         65:d6:68:5c:da:a4:4e:22:40:2e:58:d0:11:5e:03:d5:8b:b7:
         7a:d8:b6:50:15:23:56:2d:c4:b9:3d:1c:33:75:0a:89:ec:a2:
         a8:ef:ea:23:77:6e:06:8c:23:8a:29:90:7d:cb:d2:dd:71:4e:
         76:a4:51:23:0f:83:c5:05:7b:f2:02:cf:84:eb:34:22:7d:9d:
         03:fa:14:92:62:7c:d5:ba:9b:74:4c:df:da:bd:32:cf:d9:1d:
         95:28:37:0d:78:6f:51:f2:75:96:91:70:c4:3b:8f:1b:00:5f:
         9e:70:99:94:94:cb:07:a3:26:a8:bd:f0:ae:c9:b4:13:1e:a1:
         58:dd:f2:6e:cf:e2:29:28:4a:78:fb:fe:dd:56:ad:c1:ad:ef:
         07:03:6b:02:b4:ce:f7:3c:68:4c:75:66:82:07:53:85:ab:4c:
         14:a3:27:f7:af:bc:29:64:d6:f3:b8:94:a5:9d:dc:f0:16:40:
         91:9e:8c:e1:2a:5f:92:4b:d6:7a:e4:b1:d8:80:96:76:a7:79:
         7c:5b:e4:5c:d3:aa:0f:cb:b6:00:54:02:58:cf:73:51:01:04:
         a0:06:31:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/d4/y1NC2x/xhD0DqexTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzFjNjRjM2U1YTdkZTEwNDBmNDBkYThmZWRjNDdjMzhm
ZTU5ZmEwHhcNMjUwMTAyMDc0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VjZTIxM2RhNmNmNDI5NzVjN2Q4YTRkNWFlZmQwMzRkMTI3NGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NBpcNYIW1fb08i+XQ5wgfjQhP61
SWv6pM2PVZ/D/yL7p/Ug9+8t4FyQlx4TyFv1M61FjvTiSvyMxCU5QTKKgMGebUnZ
wGScThWv4d1SwUexdeywBJ1iPtkSTzoS9HNJr3cTI+mL8rFQ3NVQkGbzdpyeBdwv
LEThEeThJJu5Pn2q27HLtsvBpiEydvJuuBH4xpNkqtFEiRimFR1o2aj1LViDZd1F
yCBkBYflM37en/7oaHE6bS2Qjew+laJOteQm8i/VCu30xkA6ZkQSrsdFIBFF3rjQ
77Hc4sneR5/4SMmIR732X445EjqGmZXzqzIPjk1pVPtV7/4FNTlU6F8rLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfs4hPabPQpdcfYpNWu/QNNEnSpMB8GA1UdIwQY
MBaAFG8xxkw+Wn3hBA9A2o/txHw4/ln6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpIR1RENWFmZUVFRDBEYWotM0VmRGotV2ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi84ZWQzODItMzA5Ny00MTNlLWI2YTIt
YjA4MGEzNDUxYzdmLzEvVi16aUU5cHM5Q2wxeDlpazFhNzlBMDBTZEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi84ZWQzODItMzA5Ny00MTNlLWI2YTItYjA4MGEzNDUxYzdm
LzEvYnpIR1RENWFmZUVFRDBEYWotM0VmRGotV2ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWFoMA0G
CSqGSIb3DQEBCwUAA4IBAQCAoASryoN2IwnwqS3iTprA/Sr8ju8d+nh1jZB0y9ty
0BK8KB5l1mhc2qROIkAuWNARXgPVi7d62LZQFSNWLcS5PRwzdQqJ7KKo7+ojd24G
jCOKKZB9y9LdcU52pFEjD4PFBXvyAs+E6zQifZ0D+hSSYnzVupt0TN/avTLP2R2V
KDcNeG9R8nWWkXDEO48bAF+ecJmUlMsHoyaovfCuybQTHqFY3fJuz+IpKEp4+/7d
Vq3Bre8HA2sCtM73PGhMdWaCB1OFq0wUoyf3r7wpZNbzuJSlndzwFkCRnozhKl+S
S9Z65LHYgJZ2p3l8W+Rc06oPy7YAVAJYz3NRAQSgBjGL
-----END CERTIFICATE-----