Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/xhSFftcSHe4vMiLLxv0i7laBOgA.roa
File:                     xhSFftcSHe4vMiLLxv0i7laBOgA.roa (raw, json)
Hash identifier:          zpNOzm+oNtSw/P+tV0FVybfaNaCxifuqh3XesCNdYM8=
Subject key identifier:   C6:14:85:7E:D7:12:1D:EE:2F:32:22:CB:C6:FD:22:EE:56:81:3A:00
Certificate issuer:       /CN=31ebbb9fc09f37d3dd0141bcb0a67ec83b78081f
Certificate serial:       019424B27CB24BC6898D0B79141EBC04486B
Authority key identifier: 31:EB:BB:9F:C0:9F:37:D3:DD:01:41:BC:B0:A6:7E:C8:3B:78:08:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/xhSFftcSHe4vMiLLxv0i7laBOgA.roa
Signing time:             Thu 02 Jan 2025 01:47:44 +0000
ROA not before:           Thu 02 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207112
IP address blocks:        185.165.104.0/24 maxlen: 24
                          185.165.105.0/24 maxlen: 24
                          185.165.106.0/24 maxlen: 24
                          185.165.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:7c:b2:4b:c6:89:8d:0b:79:14:1e:bc:04:48:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31ebbb9fc09f37d3dd0141bcb0a67ec83b78081f
        Validity
            Not Before: Jan  2 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c614857ed7121dee2f3222cbc6fd22ee56813a00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:42:c4:03:bc:a9:f2:c3:c5:4e:13:bb:cb:b0:
                    3a:32:72:25:00:3b:33:47:26:54:7b:fc:8e:74:25:
                    a7:67:70:f0:69:a8:e4:51:9d:e9:89:d7:fe:32:00:
                    64:2d:e1:38:9e:11:cd:63:31:22:bf:f5:c7:64:45:
                    63:b4:73:15:fd:8b:e9:03:d4:bc:16:84:11:2b:ad:
                    91:71:20:c3:e9:44:af:8f:f9:1f:23:4e:3b:19:07:
                    20:55:28:fc:8e:40:b8:cd:9b:c9:77:c6:1f:70:a7:
                    4d:11:1d:50:f3:a2:6e:ce:56:7c:da:e5:93:a1:7c:
                    9b:da:81:58:e3:bb:c2:96:07:ee:50:4b:dc:42:4d:
                    0f:dd:8e:fd:20:71:c6:fa:23:98:2d:8c:0f:01:59:
                    12:61:69:ce:06:7c:3d:6b:ca:ff:2a:3d:de:96:0f:
                    e3:f4:d4:d1:b1:d8:b3:d6:3c:11:32:25:73:ee:9e:
                    24:1d:bb:6c:67:2f:41:20:3e:78:c7:3f:ac:d0:89:
                    ab:23:0f:97:fa:aa:f5:46:b0:86:68:f3:be:34:ab:
                    13:e2:8c:8d:3c:ab:40:47:25:c2:8d:fe:34:87:69:
                    e4:f0:a6:a0:94:24:bb:ee:9b:73:e6:b7:bc:80:d1:
                    6d:d0:10:c6:77:f5:6e:dc:66:d1:0e:e6:80:83:95:
                    58:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:14:85:7E:D7:12:1D:EE:2F:32:22:CB:C6:FD:22:EE:56:81:3A:00
            X509v3 Authority Key Identifier:
                keyid:31:EB:BB:9F:C0:9F:37:D3:DD:01:41:BC:B0:A6:7E:C8:3B:78:08:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/xhSFftcSHe4vMiLLxv0i7laBOgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/43f26f-1b4e-4426-bf50-c4ba61e5a210/1/Meu7n8CfN9PdAUG8sKZ-yDt4CB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:61:20:7f:a8:95:03:9e:45:58:14:9e:43:7a:c3:4a:7e:90:
         84:82:8a:f8:a0:db:12:b4:6a:30:f7:ab:68:00:58:68:23:d1:
         99:cb:a8:b5:4d:36:c0:84:87:0e:06:1f:3d:ea:2f:a7:a7:70:
         c6:57:6d:6f:90:9e:79:e2:4f:d0:8b:65:78:ed:8e:50:38:04:
         01:98:4d:16:dc:27:d0:8a:b5:12:d1:2a:20:e4:cc:f0:d4:bd:
         a5:30:a7:5e:b1:c2:e2:7a:db:6a:fa:31:2f:ce:e3:8a:3f:de:
         dd:31:2c:27:95:f6:0d:e9:ee:a0:cc:27:b5:03:87:b4:96:5c:
         b8:00:9c:72:b4:46:6a:a7:23:a0:ad:43:ae:3b:bb:6d:a1:19:
         ca:6c:c4:ba:9f:ac:e9:5b:30:1e:15:84:e6:11:44:ff:10:5e:
         80:f4:05:30:a0:49:0e:ad:57:43:e4:91:cc:62:60:c7:7e:31:
         fb:f3:9a:b5:b7:74:87:d6:11:ba:8a:d5:db:17:18:1d:05:03:
         61:a7:d4:cf:b7:dd:1c:ea:68:a2:d5:71:a8:40:29:34:e2:7f:
         d5:15:54:9f:94:22:43:1d:02:84:09:3e:f3:99:60:87:d8:78:
         75:f1:77:fd:82:cb:4e:ed:1f:da:30:11:cc:47:f7:8e:46:aa:
         4a:dd:99:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksnyyS8aJjQt5FB68BEhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZWJiYjlmYzA5ZjM3ZDNkZDAxNDFiY2IwYTY3ZWM4M2I3
ODA4MWYwHhcNMjUwMTAyMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE0ODU3ZWQ3MTIxZGVlMmYzMjIyY2JjNmZkMjJlZTU2ODEzYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjULEA7yp8sPFThO7y7A6MnIlADsz
RyZUe/yOdCWnZ3DwaajkUZ3pidf+MgBkLeE4nhHNYzEiv/XHZEVjtHMV/YvpA9S8
FoQRK62RcSDD6USvj/kfI047GQcgVSj8jkC4zZvJd8YfcKdNER1Q86JuzlZ82uWT
oXyb2oFY47vClgfuUEvcQk0P3Y79IHHG+iOYLYwPAVkSYWnOBnw9a8r/Kj3elg/j
9NTRsdiz1jwRMiVz7p4kHbtsZy9BID54xz+s0ImrIw+X+qr1RrCGaPO+NKsT4oyN
PKtARyXCjf40h2nk8KaglCS77ptz5re8gNFt0BDGd/Vu3GbRDuaAg5VY0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYUhX7XEh3uLzIiy8b9Iu5WgToAMB8GA1UdIwQY
MBaAFDHru5/AnzfT3QFBvLCmfsg7eAgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWV1N244Q2ZOOVBkQVVHOHNLWi15RHQ0Q0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80M2YyNmYtMWI0ZS00NDI2LWJmNTAt
YzRiYTYxZTVhMjEwLzEveGhTRmZ0Y1NIZTR2TWlMTHh2MGk3bGFCT2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80M2YyNmYtMWI0ZS00NDI2LWJmNTAtYzRiYTYxZTVhMjEw
LzEvTWV1N244Q2ZOOVBkQVVHOHNLWi15RHQ0Q0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaVoMA0G
CSqGSIb3DQEBCwUAA4IBAQA3YSB/qJUDnkVYFJ5DesNKfpCEgor4oNsStGow96to
AFhoI9GZy6i1TTbAhIcOBh896i+np3DGV21vkJ554k/Qi2V47Y5QOAQBmE0W3CfQ
irUS0Sog5Mzw1L2lMKdescLiettq+jEvzuOKP97dMSwnlfYN6e6gzCe1A4e0lly4
AJxytEZqpyOgrUOuO7ttoRnKbMS6n6zpWzAeFYTmEUT/EF6A9AUwoEkOrVdD5JHM
YmDHfjH785q1t3SH1hG6itXbFxgdBQNhp9TPt90c6mii1XGoQCk04n/VFVSflCJD
HQKECT7zmWCH2Hh18Xf9gstO7R/aMBHMR/eORqpK3ZlR
-----END CERTIFICATE-----