Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ILWOt7E0VcSN53t_NxyVxlZk5U8.roa
File:                     ILWOt7E0VcSN53t_NxyVxlZk5U8.roa (raw, json)
Hash identifier:          fDXYQZD5ADS6uBj8cli9WDuucKNjqNS/JRawIUfAzxE=
Subject key identifier:   20:B5:8E:B7:B1:34:55:C4:8D:E7:7B:7F:37:1C:95:C6:56:64:E5:4F
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       0194266B5D4058B6057225C2E78388734697
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ILWOt7E0VcSN53t_NxyVxlZk5U8.roa
Signing time:             Thu 02 Jan 2025 09:49:17 +0000
ROA not before:           Thu 02 Jan 2025 09:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50013
IP address blocks:        109.160.48.0/24 maxlen: 24
                          109.160.49.0/24 maxlen: 24
                          109.160.50.0/24 maxlen: 24
                          109.160.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:5d:40:58:b6:05:72:25:c2:e7:83:88:73:46:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  2 09:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20b58eb7b13455c48de77b7f371c95c65664e54f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e9:9c:37:91:f3:20:ee:67:5f:01:e4:1e:52:
                    e3:31:f7:7f:a8:e3:b1:f2:71:0d:d0:bf:78:64:c4:
                    bc:f8:a8:11:c7:3c:59:ee:3b:f1:1d:a0:6a:e0:e7:
                    23:95:cf:cc:25:66:e9:55:7a:5c:ec:33:ab:82:8c:
                    c1:62:7d:5d:0f:34:ff:59:ea:f0:d1:af:8b:a7:ef:
                    5f:d8:a3:83:db:60:8f:88:97:00:1b:49:6d:9b:a2:
                    38:31:1b:17:ae:42:ba:71:75:7c:e4:de:37:e5:b5:
                    07:40:f1:f8:24:b7:0d:38:39:b4:1c:b8:6f:80:57:
                    11:ad:50:b8:b2:77:3f:3a:6f:91:26:cf:82:cb:c0:
                    d5:e7:75:ae:2d:3f:50:4d:f7:da:82:f6:99:60:df:
                    10:44:04:18:ef:54:c8:a2:ca:03:47:03:06:7a:ac:
                    5c:15:c4:42:cb:1b:a4:27:0c:07:02:9b:fa:ba:7f:
                    e4:6d:da:8e:13:ff:3f:0e:a2:b6:68:02:78:23:b6:
                    b1:24:1a:dd:7b:a5:1f:92:ca:be:cd:38:7b:c9:33:
                    d7:50:4e:40:31:e4:86:ea:e7:9a:76:bf:bb:62:37:
                    73:bc:a2:67:46:40:4f:3d:d5:21:8f:21:ff:52:8a:
                    55:d0:e9:72:0e:1c:ac:2d:b9:cd:ce:3c:e8:65:6f:
                    46:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B5:8E:B7:B1:34:55:C4:8D:E7:7B:7F:37:1C:95:C6:56:64:E5:4F
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ILWOt7E0VcSN53t_NxyVxlZk5U8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:5b:ca:30:97:38:a7:bb:f0:3a:fb:80:02:5f:d4:8e:48:c1:
         fe:d7:db:48:9d:9f:28:62:14:22:df:fa:51:fb:63:50:c6:5f:
         86:5f:16:98:7e:c6:09:64:09:7e:eb:ec:25:1c:07:e0:b1:29:
         9e:1e:e5:1e:13:8e:42:55:6b:89:a8:c3:d3:3a:b7:3f:14:2f:
         a7:6c:8d:51:e8:b4:4d:6a:9b:77:72:17:85:8a:3e:01:1d:6d:
         4a:0d:c6:76:88:4c:4d:9b:82:cc:72:19:bb:4a:1b:95:88:90:
         2a:0c:40:14:ff:da:c1:fd:f6:af:e4:fe:ad:04:cd:e6:7f:ce:
         67:c5:24:99:e2:9d:81:18:95:7d:01:57:b8:a5:d9:1a:d0:e3:
         c0:fe:a9:38:5e:5c:1d:ed:d5:9e:ff:bd:1b:26:2c:b9:9c:59:
         af:c5:a7:44:3f:ec:13:61:14:44:a4:55:47:7c:48:dd:ca:cd:
         e4:ae:dc:92:a4:5d:ba:18:3c:01:7b:28:83:55:56:25:94:7b:
         5b:ef:b8:94:70:ba:37:2a:18:e6:60:74:22:81:1e:29:60:2c:
         c7:b2:14:19:f2:20:6c:da:68:e4:37:93:8e:32:e8:1b:6a:64:
         42:01:03:94:73:b3:2c:27:73:9d:b3:41:a3:70:7b:9e:79:65:
         cc:ab:d1:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma11AWLYFciXC54OIc0aXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjUwMTAyMDk0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGI1OGViN2IxMzQ1NWM0OGRlNzdiN2YzNzFjOTVjNjU2NjRlNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOmcN5HzIO5nXwHkHlLjMfd/qOOx
8nEN0L94ZMS8+KgRxzxZ7jvxHaBq4Ocjlc/MJWbpVXpc7DOrgozBYn1dDzT/Werw
0a+Lp+9f2KOD22CPiJcAG0ltm6I4MRsXrkK6cXV85N435bUHQPH4JLcNODm0HLhv
gFcRrVC4snc/Om+RJs+Cy8DV53WuLT9QTffagvaZYN8QRAQY71TIosoDRwMGeqxc
FcRCyxukJwwHApv6un/kbdqOE/8/DqK2aAJ4I7axJBrde6Ufksq+zTh7yTPXUE5A
MeSG6ueadr+7YjdzvKJnRkBPPdUhjyH/UopV0OlyDhysLbnNzjzoZW9GFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC1jrexNFXEjed7fzcclcZWZOVPMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvSUxXT3Q3RTBWY1NONTN0X054eVZ4bFprNVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbaAwMA0G
CSqGSIb3DQEBCwUAA4IBAQAJW8owlzinu/A6+4ACX9SOSMH+19tInZ8oYhQi3/pR
+2NQxl+GXxaYfsYJZAl+6+wlHAfgsSmeHuUeE45CVWuJqMPTOrc/FC+nbI1R6LRN
apt3cheFij4BHW1KDcZ2iExNm4LMchm7ShuViJAqDEAU/9rB/fav5P6tBM3mf85n
xSSZ4p2BGJV9AVe4pdka0OPA/qk4Xlwd7dWe/70bJiy5nFmvxadEP+wTYRREpFVH
fEjdys3krtySpF26GDwBeyiDVVYllHtb77iUcLo3KhjmYHQigR4pYCzHshQZ8iBs
2mjkN5OOMugbamRCAQOUc7MsJ3Ods0GjcHueeWXMq9ET
-----END CERTIFICATE-----