Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/RIPl0ZcnNzCRnoJoRMQdo7FatJo.roa
File:                     RIPl0ZcnNzCRnoJoRMQdo7FatJo.roa (raw, json)
Hash identifier:          V51bdAbDUbCCdG4ap1IngeKOzNBFdbTp51TPAvBkqrE=
Subject key identifier:   44:83:E5:D1:97:27:37:30:91:9E:82:68:44:C4:1D:A3:B1:5A:B4:9A
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       019423D6E826CC554EF0955309122EBBB595
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/RIPl0ZcnNzCRnoJoRMQdo7FatJo.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20940
IP address blocks:        185.225.250.0/24 maxlen: 24
                          185.225.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e8:26:cc:55:4e:f0:95:53:09:12:2e:bb:b5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4483e5d197273730919e826844c41da3b15ab49a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:7c:cc:e3:d7:f4:9f:e1:02:5c:46:72:c5:34:
                    c6:ac:fa:f6:11:a0:c1:1e:61:9b:45:12:83:d7:06:
                    6a:71:a7:84:d5:17:0b:67:0b:8e:2e:d1:99:5a:f9:
                    95:56:93:0e:fd:7f:1f:77:d0:2d:60:00:23:f1:41:
                    b0:83:ba:3a:f7:23:ac:30:8a:97:e1:60:71:1e:0b:
                    6b:f2:b5:2f:84:c4:c4:45:fc:bf:b6:19:bc:cc:6a:
                    20:2a:f7:c9:fd:07:dd:37:b5:ef:e0:3e:04:ca:60:
                    ea:98:18:2b:24:f4:7a:87:a6:1f:92:c0:bc:41:af:
                    92:2a:ec:99:8a:da:39:35:25:e1:d9:2c:ab:63:8e:
                    7a:50:6f:3f:08:d5:dc:78:fa:c8:43:60:9e:11:03:
                    c9:83:b9:24:55:f7:66:a8:8d:e1:b5:55:19:52:7e:
                    17:ef:2f:6f:b3:21:87:72:e8:56:18:22:48:a0:3a:
                    34:18:f5:d7:97:85:24:5f:96:c4:c2:b4:82:6e:00:
                    56:30:cb:e8:23:14:7b:ed:e0:dc:0a:49:b8:f0:7c:
                    d4:ed:71:b3:05:dd:7d:bf:a0:45:11:db:49:7a:e9:
                    9b:90:c7:4d:75:08:4d:c3:b8:29:4d:1c:3b:4a:d9:
                    e2:67:a2:60:36:ff:83:a0:39:9f:88:c5:8a:a6:f5:
                    20:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:83:E5:D1:97:27:37:30:91:9E:82:68:44:C4:1D:A3:B1:5A:B4:9A
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/RIPl0ZcnNzCRnoJoRMQdo7FatJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:b8:8f:59:5e:5c:1d:4c:90:eb:74:dc:23:f7:c7:c8:71:be:
         53:53:78:e5:1e:af:99:19:0c:95:53:22:70:a8:c6:5b:5d:3e:
         4e:12:7d:c7:d8:fd:b8:4b:61:ac:cf:d4:46:e8:8c:e0:7b:b4:
         f6:f3:1c:ca:ec:fc:b4:0e:6a:17:c5:17:a4:05:9e:1f:17:73:
         95:9f:47:b1:15:fa:04:bb:cc:dc:5a:35:62:70:49:71:a1:fb:
         0e:ad:5e:59:e7:82:35:b0:70:2f:56:04:fb:b8:61:65:9a:ba:
         6a:39:20:c7:b2:e6:dc:49:9f:45:b1:fa:b6:23:74:2f:1a:c2:
         df:1d:14:e8:76:8d:60:8b:0f:36:91:7b:fe:84:00:fd:88:f1:
         7e:96:89:9c:7f:c4:b5:05:2d:d8:4b:69:6d:9d:a4:a0:b4:bc:
         51:70:61:69:bf:0a:87:e1:ae:a6:cb:35:73:47:6a:b6:94:16:
         03:ac:f5:23:22:d8:6f:ac:9b:8d:34:c3:a5:c9:a3:48:e6:c3:
         f2:d5:85:72:c6:1a:ba:5e:3d:e8:6c:19:cb:3c:b1:a2:6f:f7:
         b6:8a:20:43:a2:2a:ab:88:15:2f:58:9e:aa:35:6f:b4:78:cf:
         34:7c:f3:d3:f2:2a:71:8b:e5:6c:b2:be:a5:ab:68:fc:ce:a7:
         45:23:99:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1ugmzFVO8JVTCRIuu7WVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDgzZTVkMTk3MjczNzMwOTE5ZTgyNjg0NGM0MWRhM2IxNWFiNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nzM49f0n+ECXEZyxTTGrPr2EaDB
HmGbRRKD1wZqcaeE1RcLZwuOLtGZWvmVVpMO/X8fd9AtYAAj8UGwg7o69yOsMIqX
4WBxHgtr8rUvhMTERfy/thm8zGogKvfJ/QfdN7Xv4D4EymDqmBgrJPR6h6YfksC8
Qa+SKuyZito5NSXh2SyrY456UG8/CNXcePrIQ2CeEQPJg7kkVfdmqI3htVUZUn4X
7y9vsyGHcuhWGCJIoDo0GPXXl4UkX5bEwrSCbgBWMMvoIxR77eDcCkm48HzU7XGz
Bd19v6BFEdtJeumbkMdNdQhNw7gpTRw7StniZ6JgNv+DoDmfiMWKpvUgUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESD5dGXJzcwkZ6CaETEHaOxWrSaMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvUklQbDBaY25OekNSbm9Kb1JNUWRvN0ZhdEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueH6MA0G
CSqGSIb3DQEBCwUAA4IBAQA6uI9ZXlwdTJDrdNwj98fIcb5TU3jlHq+ZGQyVUyJw
qMZbXT5OEn3H2P24S2Gsz9RG6Izge7T28xzK7Py0DmoXxRekBZ4fF3OVn0exFfoE
u8zcWjVicElxofsOrV5Z54I1sHAvVgT7uGFlmrpqOSDHsubcSZ9Fsfq2I3QvGsLf
HRTodo1giw82kXv+hAD9iPF+lomcf8S1BS3YS2ltnaSgtLxRcGFpvwqH4a6myzVz
R2q2lBYDrPUjIthvrJuNNMOlyaNI5sPy1YVyxhq6Xj3obBnLPLGib/e2iiBDoiqr
iBUvWJ6qNW+0eM80fPPT8ipxi+Vssr6lq2j8zqdFI5nJ
-----END CERTIFICATE-----