Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/n9wbgcYA2gFozQl-awLgvubO0Jw.roa
File:                     n9wbgcYA2gFozQl-awLgvubO0Jw.roa (raw, json)
Hash identifier:          I7/eXt/2fdY6ma/4TQO3Dibom5bD15oMz/+pqihDXpI=
Subject key identifier:   9F:DC:1B:81:C6:00:DA:01:68:CD:09:7E:6B:02:E0:BE:E6:CE:D0:9C
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       0194252141D09424705C6A67A2B57EF3B5EF
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/n9wbgcYA2gFozQl-awLgvubO0Jw.roa
Signing time:             Thu 02 Jan 2025 03:48:43 +0000
ROA not before:           Thu 02 Jan 2025 03:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39351
IP address blocks:        85.208.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:41:d0:94:24:70:5c:6a:67:a2:b5:7e:f3:b5:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Jan  2 03:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fdc1b81c600da0168cd097e6b02e0bee6ced09c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b0:1e:fa:e8:ad:2c:a0:14:9a:90:df:94:fa:
                    f1:4f:1d:a8:a6:64:4b:95:f4:4c:ca:a2:93:a2:35:
                    cf:77:2a:13:61:03:f6:a6:6a:fa:19:e3:ba:38:4f:
                    a8:a4:9b:08:b4:d5:57:f4:65:b3:88:c8:01:c0:c3:
                    16:c1:61:0b:43:10:55:ea:02:4e:95:54:ed:e9:f3:
                    80:32:c4:61:32:b8:62:b7:74:17:18:3d:d2:85:68:
                    ca:2b:4c:1b:80:d3:4f:cf:da:f1:24:3e:50:f3:4c:
                    49:61:81:d7:06:82:83:ac:ae:70:3b:95:cf:d9:f9:
                    cd:6a:41:02:14:0a:89:6a:15:7e:d7:d7:0a:7c:59:
                    2d:5d:43:1f:14:a8:23:fd:b8:bf:71:01:5a:fd:90:
                    df:12:d4:ba:71:10:50:80:92:d9:ee:7d:90:83:bf:
                    69:e3:46:80:aa:ad:a6:b1:60:45:c1:60:42:e2:db:
                    2a:d2:c4:de:23:0b:f9:b0:f6:3c:c0:0f:94:ed:8d:
                    70:3c:e4:98:bf:5d:53:44:e2:1b:30:fa:c9:6e:09:
                    47:b7:1b:05:b5:cb:8f:ca:78:42:af:a9:be:4e:be:
                    1e:dc:7d:0c:30:ed:22:ee:88:a3:74:e7:5d:5d:c6:
                    f7:2e:ab:12:65:d8:3d:ba:34:85:a3:63:62:51:b4:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DC:1B:81:C6:00:DA:01:68:CD:09:7E:6B:02:E0:BE:E6:CE:D0:9C
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/n9wbgcYA2gFozQl-awLgvubO0Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b9:1f:ee:c1:82:a4:8c:90:7e:45:af:f5:1b:42:2e:14:e8:
         60:ea:45:8e:76:1a:4c:dd:90:ad:48:4b:52:31:ca:e2:fc:0d:
         d7:31:d6:0d:0d:41:a0:2d:27:50:1f:5b:62:c4:20:61:66:62:
         0f:b2:3e:1a:92:07:ce:97:84:d5:e6:7b:36:73:9e:af:ee:4a:
         36:31:d4:55:56:d5:15:2b:dd:e0:aa:cc:37:4d:f8:f6:b7:4f:
         86:a0:be:75:e7:b9:76:13:ce:c7:16:62:6b:2b:c0:66:dd:79:
         86:c8:71:55:7a:e8:42:e3:39:9e:0d:c3:54:ae:5c:17:38:52:
         34:88:5f:89:35:16:c9:e3:e0:c2:ca:4e:f7:02:90:70:37:fe:
         59:49:18:18:4f:f0:3a:51:ea:76:a5:02:ee:38:dc:75:95:18:
         9d:49:ee:53:a8:c4:17:c6:58:43:bc:98:63:7c:57:73:a3:3c:
         99:2a:12:37:68:ea:bc:64:d3:1e:a6:64:96:24:91:94:21:08:
         2b:5e:08:7f:cb:04:fa:26:e5:d4:a8:8d:d9:50:4b:fc:cb:b6:
         8c:fa:a3:15:53:37:79:30:99:93:bf:94:0f:a9:11:72:9a:f8:
         5a:48:21:9e:63:a7:99:cc:2b:60:14:1d:77:9b:d5:42:5d:70:
         a0:28:cf:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUHQlCRwXGpnorV+87XvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjUwMTAyMDM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRjMWI4MWM2MDBkYTAxNjhjZDA5N2U2YjAyZTBiZWU2Y2VkMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rAe+uitLKAUmpDflPrxTx2opmRL
lfRMyqKTojXPdyoTYQP2pmr6GeO6OE+opJsItNVX9GWziMgBwMMWwWELQxBV6gJO
lVTt6fOAMsRhMrhit3QXGD3ShWjKK0wbgNNPz9rxJD5Q80xJYYHXBoKDrK5wO5XP
2fnNakECFAqJahV+19cKfFktXUMfFKgj/bi/cQFa/ZDfEtS6cRBQgJLZ7n2Qg79p
40aAqq2msWBFwWBC4tsq0sTeIwv5sPY8wA+U7Y1wPOSYv11TROIbMPrJbglHtxsF
tcuPynhCr6m+Tr4e3H0MMO0i7oijdOddXcb3LqsSZdg9ujSFo2NiUbSOvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/cG4HGANoBaM0JfmsC4L7mztCcMB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvbjl3YmdjWUEyZ0ZvelFsLWF3TGd2dWJPMEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCkMA0G
CSqGSIb3DQEBCwUAA4IBAQBZuR/uwYKkjJB+Ra/1G0IuFOhg6kWOdhpM3ZCtSEtS
Mcri/A3XMdYNDUGgLSdQH1tixCBhZmIPsj4akgfOl4TV5ns2c56v7ko2MdRVVtUV
K93gqsw3Tfj2t0+GoL5157l2E87HFmJrK8Bm3XmGyHFVeuhC4zmeDcNUrlwXOFI0
iF+JNRbJ4+DCyk73ApBwN/5ZSRgYT/A6Uep2pQLuONx1lRidSe5TqMQXxlhDvJhj
fFdzozyZKhI3aOq8ZNMepmSWJJGUIQgrXgh/ywT6JuXUqI3ZUEv8y7aM+qMVUzd5
MJmTv5QPqRFymvhaSCGeY6eZzCtgFB13m9VCXXCgKM8f
-----END CERTIFICATE-----