Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/0Abj6PSR4FyJUqM6LoN6KFa-26E.roa
File:                     0Abj6PSR4FyJUqM6LoN6KFa-26E.roa (raw, json)
Hash identifier:          3N4/akmiC/u7gL1HF+D/mYuikLJRGoPmYVruDqzajtA=
Subject key identifier:   D0:06:E3:E8:F4:91:E0:5C:89:52:A3:3A:2E:83:7A:28:56:BE:DB:A1
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019425FC56A6B20B61F127DB9375B63237BB
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/0Abj6PSR4FyJUqM6LoN6KFa-26E.roa
Signing time:             Thu 02 Jan 2025 07:48:01 +0000
ROA not before:           Thu 02 Jan 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49681
IP address blocks:        185.117.80.0/24 maxlen: 24
                          2a05:5e40:f00f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:56:a6:b2:0b:61:f1:27:db:93:75:b6:32:37:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d006e3e8f491e05c8952a33a2e837a2856bedba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8e:e3:3f:cb:46:8b:ea:94:44:d9:7a:65:4c:
                    b8:19:ed:1a:54:01:35:47:7c:ba:59:92:5d:79:cf:
                    2d:c1:0c:68:f6:02:d0:4f:e7:09:c0:8d:a1:fd:e1:
                    ca:21:e0:d1:3a:64:d4:30:96:ec:da:b1:e9:d3:f1:
                    9c:6d:ea:f5:61:97:a9:c7:30:b2:2b:60:94:21:05:
                    0e:ae:1c:44:1d:c0:4e:4f:8a:91:be:c5:50:31:66:
                    cd:16:74:ff:ec:02:0f:23:1c:e7:62:f6:2e:9c:88:
                    de:b8:9d:8d:df:a3:d3:4a:7a:f1:31:1d:8c:de:73:
                    ba:91:0c:93:19:12:85:03:f0:20:81:47:4c:f6:62:
                    34:52:37:c2:18:b8:cf:4f:d3:e9:b0:30:4e:62:b0:
                    8c:13:4f:f9:76:95:88:51:7a:99:b6:ad:a5:1e:25:
                    49:4d:da:5c:dd:32:79:36:a3:80:c8:e8:41:ce:15:
                    a5:91:77:3b:d6:99:db:71:6c:bc:da:74:1e:d4:15:
                    e2:d3:3e:ac:8a:41:38:2e:43:5e:5a:c7:13:37:5a:
                    44:46:94:55:f9:c4:d6:f9:d8:55:6f:1f:e4:24:d4:
                    09:ec:4f:25:96:28:6a:a3:25:9f:da:e5:0d:42:a5:
                    4e:b5:3d:ee:b7:b3:9c:f5:f5:f4:69:e2:4f:d3:bd:
                    53:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:06:E3:E8:F4:91:E0:5C:89:52:A3:3A:2E:83:7A:28:56:BE:DB:A1
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/0Abj6PSR4FyJUqM6LoN6KFa-26E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.80.0/24
                IPv6:
                  2a05:5e40:f00f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:3e:d9:ac:a6:1a:ea:2f:d5:3a:1f:5f:9c:ee:40:11:0d:01:
         00:8c:33:74:84:8e:b1:29:fb:50:d4:cd:f6:af:bd:b9:1c:30:
         e2:ea:0e:82:25:ee:6b:16:61:40:f1:b2:e7:c0:ee:e9:e3:03:
         1d:91:30:5b:f2:d1:22:34:d3:04:cf:f5:57:f1:3f:0e:ba:44:
         eb:39:6a:4c:1c:2c:ea:67:6e:11:47:c8:27:96:98:74:22:75:
         16:c1:fb:aa:85:75:b9:41:5f:de:37:97:3a:23:2f:07:dd:34:
         74:dd:cd:e2:f2:88:29:3d:02:55:e2:cd:05:69:8e:e7:4b:8f:
         1a:88:ee:e6:e5:3c:17:7d:d3:a8:9c:f3:1e:bf:89:de:47:3b:
         f7:92:5d:e5:1f:01:a3:e9:89:d9:62:96:30:7d:be:62:dd:00:
         19:60:8b:ae:e3:b6:31:ae:ea:91:5a:05:9e:78:ca:6c:4c:4b:
         ab:23:28:c7:cc:a8:6b:60:6e:c7:bf:2d:74:86:d3:5d:fd:65:
         ee:79:aa:d4:24:12:54:e0:d8:eb:fd:a3:54:a2:d2:c1:64:7f:
         a0:3a:0f:a8:9b:00:85:da:56:91:98:2f:3f:0f:d5:74:f2:dc:
         ba:a9:f1:e1:c4:cd:89:4d:85:a0:94:3d:f7:09:7d:02:26:46:
         12:e0:1d:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/Famsgth8Sfbk3W2Mje7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMTAyMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDA2ZTNlOGY0OTFlMDVjODk1MmEzM2EyZTgzN2EyODU2YmVkYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo7jP8tGi+qURNl6ZUy4Ge0aVAE1
R3y6WZJdec8twQxo9gLQT+cJwI2h/eHKIeDROmTUMJbs2rHp0/Gcber1YZepxzCy
K2CUIQUOrhxEHcBOT4qRvsVQMWbNFnT/7AIPIxznYvYunIjeuJ2N36PTSnrxMR2M
3nO6kQyTGRKFA/AggUdM9mI0UjfCGLjPT9PpsDBOYrCME0/5dpWIUXqZtq2lHiVJ
Tdpc3TJ5NqOAyOhBzhWlkXc71pnbcWy82nQe1BXi0z6sikE4LkNeWscTN1pERpRV
+cTW+dhVbx/kJNQJ7E8llihqoyWf2uUNQqVOtT3ut7Oc9fX0aeJP071TSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNAG4+j0keBciVKjOi6DeihWvtuhMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvMEFiajZQU1I0RnlKVXFNNkxvTjZLRmEtMjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXVQMA8E
AgACMAkDBwAqBV5A8A8wDQYJKoZIhvcNAQELBQADggEBAEs+2aymGuov1TofX5zu
QBENAQCMM3SEjrEp+1DUzfavvbkcMOLqDoIl7msWYUDxsufA7unjAx2RMFvy0SI0
0wTP9VfxPw66ROs5akwcLOpnbhFHyCeWmHQidRbB+6qFdblBX943lzojLwfdNHTd
zeLyiCk9AlXizQVpjudLjxqI7ublPBd906ic8x6/id5HO/eSXeUfAaPpidliljB9
vmLdABlgi67jtjGu6pFaBZ54ymxMS6sjKMfMqGtgbse/LXSG0139Ze55qtQkElTg
2Ov9o1Si0sFkf6A6D6ibAIXaVpGYLz8P1XTy3Lqp8eHEzYlNhaCUPfcJfQImRhLg
HV0=
-----END CERTIFICATE-----