Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/O0VEzp-OH_xjiLZy3Uqgd8JheUQ.roa
File:                     O0VEzp-OH_xjiLZy3Uqgd8JheUQ.roa (raw, json)
Hash identifier:          bRkZXZhDlUd4TGWoN3UvYTMqPRoPQQ3RohAzYIARoRY=
Subject key identifier:   3B:45:44:CE:9F:8E:1F:FC:63:88:B6:72:DD:4A:A0:77:C2:61:79:44
Certificate issuer:       /CN=e1e8b7cab521e88e8022a36424544185538a7b33
Certificate serial:       019423D74361191B2DB8C1F5F13F1806BB09
Authority key identifier: E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/O0VEzp-OH_xjiLZy3Uqgd8JheUQ.roa
Signing time:             Wed 01 Jan 2025 21:48:17 +0000
ROA not before:           Wed 01 Jan 2025 21:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52209
IP address blocks:        185.154.190.0/24 maxlen: 24
                          2a13:1640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:43:61:19:1b:2d:b8:c1:f5:f1:3f:18:06:bb:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8b7cab521e88e8022a36424544185538a7b33
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b4544ce9f8e1ffc6388b672dd4aa077c2617944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:82:fc:0d:8e:be:a9:2b:b9:c1:4a:d5:37:b2:
                    ff:c1:5c:c0:f6:f5:e0:f6:33:c0:eb:06:a7:5d:ed:
                    86:48:1a:b5:89:64:b7:bd:23:91:0d:e8:f1:d5:d6:
                    f7:45:47:44:f3:f6:44:06:6b:09:df:a4:d5:a2:f6:
                    89:e1:cb:4c:30:4e:81:68:ec:2e:9f:2e:16:75:b0:
                    3f:1c:ec:e4:c3:a6:aa:e4:c6:de:32:e1:d0:b6:4a:
                    84:1d:bf:c3:05:cf:6b:d2:30:bb:fa:1d:b6:d3:b9:
                    18:81:83:31:8b:33:2f:66:43:ff:b9:63:77:b2:47:
                    75:0b:4a:62:99:c3:2a:b0:b3:a4:48:83:66:67:3d:
                    86:3f:ef:7c:dc:c9:5d:f0:db:b9:c4:e7:c6:42:c2:
                    06:29:86:67:d2:59:fb:c3:23:44:ef:ab:81:24:3e:
                    15:18:26:b4:84:f9:67:69:fe:6f:73:73:92:d8:33:
                    30:92:a7:54:f7:b6:48:21:bf:6d:8e:ea:bf:bd:76:
                    ca:fa:ae:41:e7:29:37:a8:d1:64:8a:b3:fa:75:87:
                    8d:56:7f:28:c7:4f:81:1a:c9:ed:2c:54:df:2a:ba:
                    06:11:48:df:2e:04:e4:18:ec:2f:03:3a:87:bc:60:
                    58:03:d3:70:b5:2f:06:92:44:29:ca:a9:f6:a2:ec:
                    79:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:45:44:CE:9F:8E:1F:FC:63:88:B6:72:DD:4A:A0:77:C2:61:79:44
            X509v3 Authority Key Identifier:
                keyid:E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/O0VEzp-OH_xjiLZy3Uqgd8JheUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.190.0/24
                IPv6:
                  2a13:1640::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:ad:77:44:89:10:86:a9:69:cf:32:9a:21:ee:e3:95:ac:dc:
         ec:1b:0e:77:ee:8a:eb:8e:ae:4f:e7:59:44:b6:90:59:b3:ac:
         45:17:4f:2b:d9:2c:ed:5c:08:4a:dd:1b:58:27:50:c6:38:4c:
         13:e8:53:ce:32:e6:62:33:b0:a4:56:a5:58:71:b7:64:43:c5:
         03:ef:c9:b5:cf:7c:a4:e6:25:41:26:74:6a:65:23:2d:c4:4b:
         9c:c2:3b:7a:1b:f6:b8:f3:3d:27:8c:b2:73:8d:53:88:b3:77:
         c1:47:86:09:c2:e9:b3:94:88:00:bc:95:fa:f8:d7:74:79:da:
         d0:02:dc:c6:1b:d9:af:bd:11:17:da:b4:a0:ff:f2:21:23:4a:
         03:bb:d7:c4:9c:f9:ea:96:1b:68:28:a3:72:04:43:a3:7f:65:
         e7:fb:ac:86:c9:a0:26:d2:db:4e:20:15:0e:8c:8a:6b:81:b3:
         21:ee:f9:90:f3:1c:05:f6:39:27:08:84:80:9d:4c:63:ec:38:
         15:ab:de:ec:fb:4c:2e:10:ee:e5:01:b5:fd:ab:55:dc:6c:b9:
         1c:3d:78:e5:9f:cb:24:35:49:40:b9:43:d3:f8:14:f1:35:6e:
         e3:85:52:7e:2d:fe:26:91:63:a0:bf:ab:08:91:63:0d:cf:34:
         fa:61:5d:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj10NhGRstuMH18T8YBrsJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThiN2NhYjUyMWU4OGU4MDIyYTM2NDI0NTQ0MTg1NTM4
YTdiMzMwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQ1NDRjZTlmOGUxZmZjNjM4OGI2NzJkZDRhYTA3N2MyNjE3OTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54L8DY6+qSu5wUrVN7L/wVzA9vXg
9jPA6wanXe2GSBq1iWS3vSORDejx1db3RUdE8/ZEBmsJ36TVovaJ4ctMME6BaOwu
ny4WdbA/HOzkw6aq5MbeMuHQtkqEHb/DBc9r0jC7+h2207kYgYMxizMvZkP/uWN3
skd1C0pimcMqsLOkSINmZz2GP+983Mld8Nu5xOfGQsIGKYZn0ln7wyNE76uBJD4V
GCa0hPlnaf5vc3OS2DMwkqdU97ZIIb9tjuq/vXbK+q5B5yk3qNFkirP6dYeNVn8o
x0+BGsntLFTfKroGEUjfLgTkGOwvAzqHvGBYA9NwtS8GkkQpyqn2oux5PQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDtFRM6fjh/8Y4i2ct1KoHfCYXlEMB8GA1UdIwQY
MBaAFOHot8q1IeiOgCKjZCRUQYVTinszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYt
MjFjNTg0NzBiOGQyLzEvTzBWRXpwLU9IX3hqaUxaeTNVcWdkOEpoZVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYtMjFjNTg0NzBiOGQy
LzEvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZq+MA0E
AgACMAcDBQMqExZAMA0GCSqGSIb3DQEBCwUAA4IBAQBErXdEiRCGqWnPMpoh7uOV
rNzsGw537orrjq5P51lEtpBZs6xFF08r2SztXAhK3RtYJ1DGOEwT6FPOMuZiM7Ck
VqVYcbdkQ8UD78m1z3yk5iVBJnRqZSMtxEucwjt6G/a48z0njLJzjVOIs3fBR4YJ
wumzlIgAvJX6+Nd0edrQAtzGG9mvvREX2rSg//IhI0oDu9fEnPnqlhtoKKNyBEOj
f2Xn+6yGyaAm0ttOIBUOjIprgbMh7vmQ8xwF9jknCISAnUxj7DgVq97s+0wuEO7l
AbX9q1XcbLkcPXjln8skNUlAuUPT+BTxNW7jhVJ+Lf4mkWOgv6sIkWMNzzT6YV2G
-----END CERTIFICATE-----