Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/it7IHvJCQfR1gZTQymCzS9Ta2cI.roa
File:                     it7IHvJCQfR1gZTQymCzS9Ta2cI.roa (raw, json)
Hash identifier:          /axHPc2cp+I2aoPIZLPk+zOh5Faet3AVlxLqRnIEWb4=
Subject key identifier:   8A:DE:C8:1E:F2:42:41:F4:75:81:94:D0:CA:60:B3:4B:D4:DA:D9:C2
Certificate issuer:       /CN=08fe040242651353d556b8c4240082190f271d13
Certificate serial:       0195905AE189C229534A98FE451B423DFAB8
Authority key identifier: 08:FE:04:02:42:65:13:53:D5:56:B8:C4:24:00:82:19:0F:27:1D:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/it7IHvJCQfR1gZTQymCzS9Ta2cI.roa
Signing time:             Thu 13 Mar 2025 16:33:49 +0000
ROA not before:           Thu 13 Mar 2025 16:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.22.168.0/24 maxlen: 24
                          185.22.170.0/24 maxlen: 24
                          185.22.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:90:5a:e1:89:c2:29:53:4a:98:fe:45:1b:42:3d:fa:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fe040242651353d556b8c4240082190f271d13
        Validity
            Not Before: Mar 13 16:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8adec81ef24241f4758194d0ca60b34bd4dad9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:84:82:87:73:da:98:9b:81:b8:4a:43:7d:ec:
                    6e:29:2f:3d:34:27:56:51:7a:de:f8:24:b8:f4:1e:
                    0c:4b:2c:b2:e9:dd:32:8e:0b:76:53:68:62:f6:87:
                    47:af:52:99:7c:20:44:5d:06:f7:90:1d:23:2b:03:
                    a5:07:4c:80:52:d6:01:8e:b4:09:8b:b2:d6:cd:24:
                    02:b0:43:f4:a9:54:ca:6b:5d:c4:ac:f6:47:d6:9c:
                    95:77:03:b3:1d:08:93:17:bc:48:33:d8:50:be:0c:
                    4c:84:d7:43:f6:21:4a:14:03:b9:d3:bb:2b:a2:a7:
                    36:26:30:54:7d:0c:91:6e:4f:42:6f:4c:6b:5c:3c:
                    9f:9b:28:c0:d3:4a:70:c0:0b:7d:04:a9:3a:1f:5f:
                    3c:16:6a:a1:af:c8:e7:af:92:32:12:ec:61:e6:4d:
                    40:be:fe:42:75:8e:54:fb:47:89:6c:50:2d:82:55:
                    4c:61:b0:0f:9a:12:78:c0:6a:45:39:65:4b:64:19:
                    33:eb:30:a3:eb:fe:4d:73:36:f3:5d:e0:ef:3e:bb:
                    56:fd:8b:36:05:1d:d5:b0:95:5a:c9:59:33:a7:32:
                    ad:8c:49:12:e1:f6:43:3c:fd:34:87:da:95:19:54:
                    2e:99:19:a4:50:04:19:cd:96:bf:fb:61:0a:3c:c7:
                    d0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:DE:C8:1E:F2:42:41:F4:75:81:94:D0:CA:60:B3:4B:D4:DA:D9:C2
            X509v3 Authority Key Identifier:
                keyid:08:FE:04:02:42:65:13:53:D5:56:B8:C4:24:00:82:19:0F:27:1D:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/it7IHvJCQfR1gZTQymCzS9Ta2cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.168.0/24
                  185.22.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:15:d7:66:ab:9a:1f:26:05:07:89:0c:11:32:85:64:af:07:
         96:b2:87:93:0b:87:63:74:62:cb:78:bc:c5:35:97:02:6f:41:
         6c:ff:d0:95:ec:13:a8:bc:db:08:ba:90:88:6f:33:58:27:a3:
         cf:82:fe:a1:e5:e7:29:27:89:43:be:cf:6b:dd:1e:36:3e:f8:
         d6:03:bc:81:b9:0a:d1:7c:46:49:5a:26:a4:c0:e8:fb:97:a2:
         c9:62:76:40:bc:ea:62:f2:6b:03:84:76:7e:f2:8a:e5:d0:53:
         af:74:31:b5:cb:71:cb:80:e4:80:67:6a:9d:a1:6f:2b:5a:e2:
         6d:48:15:ad:be:53:ce:56:58:ca:ff:b6:00:4d:d7:85:4a:8e:
         97:50:77:8c:08:ba:2a:58:6f:5d:37:88:77:a2:95:7c:8f:05:
         d9:b9:10:6f:99:da:c8:59:a2:e1:bd:18:41:8b:29:bc:81:a3:
         d0:76:85:a9:39:c5:22:c3:80:6c:de:77:4d:01:69:46:d2:94:
         04:23:7b:32:02:d7:6b:44:48:81:ff:ef:09:fc:ad:ba:6e:a0:
         da:b7:35:e7:0f:7d:75:01:9f:26:ba:12:ab:d5:a2:a9:c8:37:
         7c:e6:3d:2c:58:0d:cb:29:44:b8:85:3e:73:5f:11:e4:2d:d7:
         1d:0d:e5:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWQWuGJwilTSpj+RRtCPfq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmUwNDAyNDI2NTEzNTNkNTU2YjhjNDI0MDA4MjE5MGYy
NzFkMTMwHhcNMjUwMzEzMTYzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWRlYzgxZWYyNDI0MWY0NzU4MTk0ZDBjYTYwYjM0YmQ0ZGFkOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtISCh3PamJuBuEpDfexuKS89NCdW
UXre+CS49B4MSyyy6d0yjgt2U2hi9odHr1KZfCBEXQb3kB0jKwOlB0yAUtYBjrQJ
i7LWzSQCsEP0qVTKa13ErPZH1pyVdwOzHQiTF7xIM9hQvgxMhNdD9iFKFAO507sr
oqc2JjBUfQyRbk9Cb0xrXDyfmyjA00pwwAt9BKk6H188Fmqhr8jnr5IyEuxh5k1A
vv5CdY5U+0eJbFAtglVMYbAPmhJ4wGpFOWVLZBkz6zCj6/5NczbzXeDvPrtW/Ys2
BR3VsJVayVkzpzKtjEkS4fZDPP00h9qVGVQumRmkUAQZzZa/+2EKPMfQ/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIreyB7yQkH0dYGU0Mpgs0vU2tnCMB8GA1UdIwQY
MBaAFAj+BAJCZRNT1Va4xCQAghkPJx0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1A0RUFrSmxFMVBWVnJqRUpBQ0NHUThuSFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80ZWJjMzMtZWU1NC00MzdjLThhMWIt
ZGVjNDgwN2NkN2U2LzEvaXQ3SUh2SkNRZlIxZ1pUUXltQ3pTOVRhMmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80ZWJjMzMtZWU1NC00MzdjLThhMWItZGVjNDgwN2NkN2U2
LzEvQ1A0RUFrSmxFMVBWVnJqRUpBQ0NHUThuSFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRaoAwQB
uRaqMA0GCSqGSIb3DQEBCwUAA4IBAQAJFddmq5ofJgUHiQwRMoVkrweWsoeTC4dj
dGLLeLzFNZcCb0Fs/9CV7BOovNsIupCIbzNYJ6PPgv6h5ecpJ4lDvs9r3R42PvjW
A7yBuQrRfEZJWiakwOj7l6LJYnZAvOpi8msDhHZ+8orl0FOvdDG1y3HLgOSAZ2qd
oW8rWuJtSBWtvlPOVljK/7YATdeFSo6XUHeMCLoqWG9dN4h3opV8jwXZuRBvmdrI
WaLhvRhBiym8gaPQdoWpOcUiw4Bs3ndNAWlG0pQEI3syAtdrREiB/+8J/K26bqDa
tzXnD311AZ8muhKr1aKpyDd85j0sWA3LKUS4hT5zXxHkLdcdDeVt
-----END CERTIFICATE-----