Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/0zozhddFGxlaDU0eMcPGzCbmd6I.roa
File:                     0zozhddFGxlaDU0eMcPGzCbmd6I.roa (raw, json)
Hash identifier:          HhrjUsFCH402W4XdhuJKvzUEm96xMJ7A0tUrjiNFw6Y=
Subject key identifier:   D3:3A:33:85:D7:45:1B:19:5A:0D:4D:1E:31:C3:C6:CC:26:E6:77:A2
Certificate issuer:       /CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
Certificate serial:       019420682EED46EDC41AC485A7573F6F5CD8
Authority key identifier: 3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/0zozhddFGxlaDU0eMcPGzCbmd6I.roa
Signing time:             Wed 01 Jan 2025 05:48:06 +0000
ROA not before:           Wed 01 Jan 2025 05:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209522
IP address blocks:        130.180.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2e:ed:46:ed:c4:1a:c4:85:a7:57:3f:6f:5c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
        Validity
            Not Before: Jan  1 05:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d33a3385d7451b195a0d4d1e31c3c6cc26e677a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:79:3e:bf:b2:4f:8a:f3:48:70:df:e0:f8:77:
                    c3:21:7e:d1:8f:c6:60:3c:19:c6:b7:b3:d2:6e:5c:
                    4f:57:a1:ce:cf:70:d0:9a:45:12:e5:8a:46:90:17:
                    21:b9:6b:c2:5d:4b:f2:54:2d:07:dd:1f:85:8b:89:
                    cf:3d:79:66:f4:53:9a:2b:8c:82:9b:8d:d7:0d:8a:
                    30:82:01:e5:3f:3c:2a:47:af:c9:4d:67:3c:7e:4f:
                    06:fc:a5:4a:c3:12:d1:ef:66:b1:a3:55:55:51:7c:
                    40:c5:48:f6:c0:2a:95:ed:fb:92:ac:53:6a:2e:a2:
                    18:38:70:33:03:6f:99:de:f2:53:ce:03:b7:f9:5f:
                    ee:7e:42:44:c3:07:1a:a0:a9:a7:f7:6d:88:61:59:
                    a5:7e:21:e4:a3:15:60:03:f4:13:35:c1:7a:1a:24:
                    97:aa:c6:2e:bf:57:98:0b:e6:b8:d1:42:0f:6b:5c:
                    c1:df:d7:1c:f8:c2:d9:7d:8b:ff:bd:b2:4d:53:7a:
                    9d:a7:23:a0:29:80:9a:7a:93:af:76:81:db:e9:74:
                    cd:e7:41:bc:54:84:ed:ab:fa:66:58:ad:b1:ba:c4:
                    21:07:45:9a:31:6c:f6:e4:82:70:14:e2:e8:0f:f8:
                    9f:9e:3a:07:01:e6:7a:f3:f6:f7:aa:b8:cc:56:0a:
                    ab:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:3A:33:85:D7:45:1B:19:5A:0D:4D:1E:31:C3:C6:CC:26:E6:77:A2
            X509v3 Authority Key Identifier:
                keyid:3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/0zozhddFGxlaDU0eMcPGzCbmd6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.180.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:3d:a5:93:32:db:21:3d:9e:32:99:d4:6e:fa:55:e9:39:28:
         a9:e0:98:b3:d3:a7:69:9b:97:ff:fd:21:e3:71:69:f1:fd:60:
         71:a8:46:9b:d2:6f:de:7c:25:64:c3:17:54:26:6e:51:93:93:
         90:fe:ac:e4:bd:27:1b:82:85:70:ba:8b:6a:a1:14:19:b2:07:
         fb:2e:a4:76:ad:14:b1:2b:87:99:d6:2d:3c:25:9d:7d:f8:68:
         6d:85:5a:eb:7e:02:ba:5d:7b:76:26:ae:07:2a:aa:36:14:6f:
         4a:75:cd:c6:03:45:d9:7a:47:ad:8e:f2:a8:24:c0:3b:2f:3a:
         38:ba:94:45:93:37:6e:b1:a8:71:cd:fe:bb:3d:21:f0:ba:15:
         5b:1d:a8:92:12:01:c9:e4:a7:7e:ab:b4:8e:69:42:7f:70:1d:
         e7:fd:b0:85:ff:3d:30:eb:e6:48:57:a0:da:ea:01:4a:3f:7d:
         4c:57:f9:42:0c:1e:50:57:c7:e9:01:cb:5a:c8:fd:bd:2f:70:
         a4:c3:fa:f8:98:09:9f:02:0b:62:fe:37:42:c4:81:46:91:3c:
         a0:e7:c9:10:60:73:13:f3:c3:79:80:79:7f:82:af:5f:bc:50:
         c0:c5:97:7f:e9:9c:1a:27:7a:16:6b:84:05:b9:d7:54:6e:b4:
         79:f5:0c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC7tRu3EGsSFp1c/b1zYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkwMzI4NGExZDE1ZGMxNThhZDcxODJlYTBiY2U3ODZj
ZWIyYWQwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzNhMzM4NWQ3NDUxYjE5NWEwZDRkMWUzMWMzYzZjYzI2ZTY3N2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Hk+v7JPivNIcN/g+HfDIX7Rj8Zg
PBnGt7PSblxPV6HOz3DQmkUS5YpGkBchuWvCXUvyVC0H3R+Fi4nPPXlm9FOaK4yC
m43XDYowggHlPzwqR6/JTWc8fk8G/KVKwxLR72axo1VVUXxAxUj2wCqV7fuSrFNq
LqIYOHAzA2+Z3vJTzgO3+V/ufkJEwwcaoKmn922IYVmlfiHkoxVgA/QTNcF6GiSX
qsYuv1eYC+a40UIPa1zB39cc+MLZfYv/vbJNU3qdpyOgKYCaepOvdoHb6XTN50G8
VITtq/pmWK2xusQhB0WaMWz25IJwFOLoD/ifnjoHAeZ68/b3qrjMVgqruQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNM6M4XXRRsZWg1NHjHDxswm5neiMB8GA1UdIwQY
MBaAFD65AyhKHRXcFYrXGC6gvOeGzrKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMt
Yjc3ZGM4ZGMxYzdlLzEvMHpvemhkZEZHeGxhRFUwZU1jUEd6Q2JtZDZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMtYjc3ZGM4ZGMxYzdl
LzEvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrTHMA0G
CSqGSIb3DQEBCwUAA4IBAQBJPaWTMtshPZ4ymdRu+lXpOSip4Jiz06dpm5f//SHj
cWnx/WBxqEab0m/efCVkwxdUJm5Rk5OQ/qzkvScbgoVwuotqoRQZsgf7LqR2rRSx
K4eZ1i08JZ19+GhthVrrfgK6XXt2Jq4HKqo2FG9Kdc3GA0XZeketjvKoJMA7Lzo4
upRFkzdusahxzf67PSHwuhVbHaiSEgHJ5Kd+q7SOaUJ/cB3n/bCF/z0w6+ZIV6Da
6gFKP31MV/lCDB5QV8fpActayP29L3Ckw/r4mAmfAgti/jdCxIFGkTyg58kQYHMT
88N5gHl/gq9fvFDAxZd/6ZwaJ3oWa4QFuddUbrR59QxC
-----END CERTIFICATE-----