Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/ETzMLJ9E8ekQKvTuSVRndgg_ftE.roa
File:                     ETzMLJ9E8ekQKvTuSVRndgg_ftE.roa (raw, json)
Hash identifier:          zxZL9sGsfFQCpFwlHr+nLeuc9weJmZjmaUU+udBc04c=
Subject key identifier:   11:3C:CC:2C:9F:44:F1:E9:10:2A:F4:EE:49:54:67:76:08:3F:7E:D1
Certificate issuer:       /CN=3b94a1d881dd4beb2fd31b76fa0d5d585a9b238f
Certificate serial:       019647F91D0FF14F120F929ACAD4227C5FC2
Authority key identifier: 3B:94:A1:D8:81:DD:4B:EB:2F:D3:1B:76:FA:0D:5D:58:5A:9B:23:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/ETzMLJ9E8ekQKvTuSVRndgg_ftE.roa
Signing time:             Fri 18 Apr 2025 08:17:10 +0000
ROA not before:           Fri 18 Apr 2025 08:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39479
IP address blocks:        185.91.160.0/22 maxlen: 24
                          2a05:eb80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 23:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:47:f9:1d:0f:f1:4f:12:0f:92:9a:ca:d4:22:7c:5f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b94a1d881dd4beb2fd31b76fa0d5d585a9b238f
        Validity
            Not Before: Apr 18 08:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=113ccc2c9f44f1e9102af4ee49546776083f7ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e7:a5:e6:48:9a:94:9e:cc:b6:e0:e2:54:d6:
                    8c:bd:0f:58:df:33:90:82:87:11:5e:a5:2a:3d:d4:
                    b1:66:2d:45:dc:6a:50:86:cd:20:80:f3:4a:c7:be:
                    18:33:2d:3c:98:a4:3c:89:bc:d0:a4:db:ca:d7:59:
                    f2:be:36:5d:bd:d2:00:6a:7d:b0:0c:f5:58:ee:88:
                    0d:3d:1f:bc:0a:07:7e:79:e1:62:04:31:b4:15:a5:
                    c4:74:b6:63:37:51:e5:77:ea:a5:e3:4e:16:76:1a:
                    26:c5:b2:fc:c6:10:fe:9d:f6:f1:40:ca:de:47:8d:
                    42:41:3a:45:ad:30:9a:c8:08:14:10:f4:0a:c6:1f:
                    03:b6:78:44:25:e7:bb:4b:b0:b2:73:f6:49:1e:da:
                    68:f8:b3:68:0c:8e:fc:24:fa:ab:ae:70:36:d1:51:
                    ed:a9:a2:2d:67:a2:24:4c:ab:90:fd:a5:b5:7a:26:
                    02:52:72:ed:fd:d6:3b:7e:5e:94:0d:c9:9c:3a:95:
                    33:ac:d0:29:c3:3b:53:f5:7b:9e:c9:28:32:d2:2d:
                    60:46:4e:3e:dd:9e:46:d8:5e:c5:42:f1:3d:77:5f:
                    e6:1d:01:fc:af:46:7e:0c:9d:80:2c:72:3d:74:fb:
                    50:6c:eb:be:de:84:03:c2:32:db:4f:47:40:be:5b:
                    9c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:CC:2C:9F:44:F1:E9:10:2A:F4:EE:49:54:67:76:08:3F:7E:D1
            X509v3 Authority Key Identifier:
                keyid:3B:94:A1:D8:81:DD:4B:EB:2F:D3:1B:76:FA:0D:5D:58:5A:9B:23:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5Sh2IHdS-sv0xt2-g1dWFqbI48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/ETzMLJ9E8ekQKvTuSVRndgg_ftE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/7c6b2d-ac42-487e-9c19-1618776bdaae/1/O5Sh2IHdS-sv0xt2-g1dWFqbI48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.160.0/22
                IPv6:
                  2a05:eb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:10:c9:d2:ea:5f:2c:81:9d:9b:b0:20:5b:c8:e0:17:ed:3f:
         9e:d7:12:ba:61:06:f4:38:ea:0d:b3:1e:bc:d4:85:0d:be:f7:
         b0:75:8d:de:44:b2:4b:44:a3:f1:44:60:eb:18:42:77:db:cb:
         a0:d0:f9:7e:73:52:b5:22:f1:36:9e:f3:68:c5:90:a5:f0:b9:
         30:8e:96:1a:e9:82:6e:f5:75:1a:7a:f3:4e:ba:a8:ab:5b:9a:
         97:34:85:ad:9a:8e:17:3a:c2:33:0d:15:89:ff:0b:cc:6a:fb:
         c1:f7:f9:87:71:25:3c:91:aa:cb:a4:85:af:50:11:96:08:9e:
         af:eb:81:5a:8a:66:4e:f7:51:9f:61:c1:5b:b6:6f:d2:74:39:
         27:eb:ec:ed:27:65:01:62:e0:ec:f4:59:e6:fd:5f:bb:4c:c7:
         62:4b:df:8b:28:40:d9:88:4e:1b:95:46:8b:95:bd:c7:f3:25:
         1b:ed:f1:37:db:ef:60:ce:bf:96:fd:89:b1:da:2b:6a:8f:9d:
         b1:fb:fc:63:55:f6:df:45:11:d4:f9:9c:2f:d3:fd:a5:55:84:
         e7:bd:bc:2c:09:66:a7:43:0d:a0:73:bb:ec:db:f9:05:bc:8a:
         96:d5:76:19:81:af:e1:42:7d:47:e5:99:ea:6a:55:3f:b8:25:
         b5:80:b5:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZH+R0P8U8SD5KaytQifF/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTRhMWQ4ODFkZDRiZWIyZmQzMWI3NmZhMGQ1ZDU4NWE5
YjIzOGYwHhcNMjUwNDE4MDgxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNjY2MyYzlmNDRmMWU5MTAyYWY0ZWU0OTU0Njc3NjA4M2Y3ZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOel5kialJ7MtuDiVNaMvQ9Y3zOQ
gocRXqUqPdSxZi1F3GpQhs0ggPNKx74YMy08mKQ8ibzQpNvK11nyvjZdvdIAan2w
DPVY7ogNPR+8Cgd+eeFiBDG0FaXEdLZjN1Hld+ql404WdhomxbL8xhD+nfbxQMre
R41CQTpFrTCayAgUEPQKxh8DtnhEJee7S7Cyc/ZJHtpo+LNoDI78JPqrrnA20VHt
qaItZ6IkTKuQ/aW1eiYCUnLt/dY7fl6UDcmcOpUzrNApwztT9XueySgy0i1gRk4+
3Z5G2F7FQvE9d1/mHQH8r0Z+DJ2ALHI9dPtQbOu+3oQDwjLbT0dAvluc7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBE8zCyfRPHpECr07klUZ3YIP37RMB8GA1UdIwQY
MBaAFDuUodiB3UvrL9MbdvoNXVhamyOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVTaDJJSGRTLXN2MHh0Mi1nMWRXRnFiSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS83YzZiMmQtYWM0Mi00ODdlLTljMTkt
MTYxODc3NmJkYWFlLzEvRVR6TUxKOUU4ZWtRS3ZUdVNWUm5kZ2dfZnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS83YzZiMmQtYWM0Mi00ODdlLTljMTktMTYxODc3NmJkYWFl
LzEvTzVTaDJJSGRTLXN2MHh0Mi1nMWRXRnFiSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVugMA0E
AgACMAcDBQMqBeuAMA0GCSqGSIb3DQEBCwUAA4IBAQCGEMnS6l8sgZ2bsCBbyOAX
7T+e1xK6YQb0OOoNsx681IUNvvewdY3eRLJLRKPxRGDrGEJ328ug0Pl+c1K1IvE2
nvNoxZCl8LkwjpYa6YJu9XUaevNOuqirW5qXNIWtmo4XOsIzDRWJ/wvMavvB9/mH
cSU8karLpIWvUBGWCJ6v64FaimZO91GfYcFbtm/SdDkn6+ztJ2UBYuDs9Fnm/V+7
TMdiS9+LKEDZiE4blUaLlb3H8yUb7fE32+9gzr+W/Ymx2itqj52x+/xjVfbfRRHU
+Zwv0/2lVYTnvbwsCWanQw2gc7vs2/kFvIqW1XYZga/hQn1H5ZnqalU/uCW1gLUf
-----END CERTIFICATE-----