Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hFyZQJl9hpSR8MJm5zkkVJyeSKs.roa
File:                     hFyZQJl9hpSR8MJm5zkkVJyeSKs.roa (raw, json)
Hash identifier:          dBm/3kMdhPMhsMOkCigtCWUETZQaJ96SgQ6JbE9wZAg=
Subject key identifier:   84:5C:99:40:99:7D:86:94:91:F0:C2:66:E7:39:24:54:9C:9E:48:AB
Certificate issuer:       /CN=f8caa797b900fc355fc2412467751eeb2c1c64be
Certificate serial:       019423D6F80D369221D4027ACBD46AC82046
Authority key identifier: F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hFyZQJl9hpSR8MJm5zkkVJyeSKs.roa
Signing time:             Wed 01 Jan 2025 21:47:58 +0000
ROA not before:           Wed 01 Jan 2025 21:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211467
IP address blocks:        185.98.219.0/24 maxlen: 24
                          193.34.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f8:0d:36:92:21:d4:02:7a:cb:d4:6a:c8:20:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8caa797b900fc355fc2412467751eeb2c1c64be
        Validity
            Not Before: Jan  1 21:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=845c9940997d869491f0c266e73924549c9e48ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d4:4d:e2:28:29:48:3f:b0:3b:32:80:af:94:
                    a5:bb:19:0c:67:1b:4f:e6:43:76:9f:cd:ae:fe:48:
                    27:d1:bc:21:8c:85:f1:ad:f0:e3:d1:2f:40:38:57:
                    83:f8:2b:9c:51:92:ae:a6:ba:3c:53:30:f9:8f:f7:
                    3c:22:73:bf:17:20:7b:c3:15:2d:3f:56:67:be:e0:
                    8b:9f:6b:5f:a7:b3:57:90:c7:b9:1b:73:a5:b9:c5:
                    f2:49:ad:58:4a:47:41:c6:2f:18:23:28:de:35:41:
                    38:30:b3:f9:a9:d6:7a:47:e1:eb:3b:dd:a6:e2:3c:
                    4e:a9:cb:87:c8:1e:ef:8b:8a:dd:51:3b:14:c1:da:
                    ac:31:13:d5:0e:bf:13:c9:ff:75:c7:3a:01:dc:92:
                    97:4a:7d:e9:23:6e:08:1c:09:00:3f:8c:da:ee:5a:
                    53:43:65:3e:a6:48:73:24:16:34:85:88:52:21:e4:
                    30:dd:d8:44:82:46:94:1b:e4:40:83:46:1d:3f:fd:
                    f0:b8:70:f6:ce:aa:c2:bc:e8:22:cf:08:78:9a:03:
                    fd:67:c1:f8:7e:0b:1a:51:c1:05:85:55:98:29:73:
                    af:e5:ec:9a:7b:6b:b3:6b:0a:24:ed:1d:ee:09:a3:
                    a5:df:49:10:a9:4f:93:bb:04:33:58:9f:f6:db:8b:
                    10:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:5C:99:40:99:7D:86:94:91:F0:C2:66:E7:39:24:54:9C:9E:48:AB
            X509v3 Authority Key Identifier:
                keyid:F8:CA:A7:97:B9:00:FC:35:5F:C2:41:24:67:75:1E:EB:2C:1C:64:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/hFyZQJl9hpSR8MJm5zkkVJyeSKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b55cf-be94-49ad-9eb8-9db3d44c6d2f/1/1-Mqnl7kA_DVfwkEkZ3Ue6ywcZL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.219.0/24
                  193.34.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:83:0f:0d:77:50:39:ce:1b:09:d1:9b:1d:a5:d9:15:44:f7:
         5b:b4:9e:e0:72:17:77:8a:27:29:b6:4f:0d:42:06:c2:57:22:
         b1:f0:21:5c:d5:1b:1f:97:90:e8:77:75:b9:ef:ed:3d:4e:08:
         6e:24:c8:3d:fb:35:00:c2:cf:37:9a:17:25:5e:ad:84:b0:3a:
         63:45:70:e4:d8:26:22:80:c9:7c:0c:38:59:6e:38:1f:54:e7:
         79:3e:85:74:d9:22:75:31:4b:be:98:21:4d:92:8b:2f:d4:24:
         ef:d7:37:bd:2b:42:89:11:32:51:16:c0:b8:16:46:ea:dd:66:
         92:d7:dd:26:4d:ce:b3:42:92:b3:7b:82:ab:84:b7:fd:ee:f0:
         b9:0a:b1:ae:2c:d4:1a:ac:52:2c:d3:9d:99:22:1b:bf:8e:4d:
         64:ce:8e:84:0f:ec:5e:47:f2:f3:bb:7e:37:b3:64:00:cf:6f:
         9e:8a:2d:1d:ce:20:36:f7:67:79:83:31:48:fc:6f:ac:aa:cc:
         59:d5:87:81:a2:46:cd:68:8f:72:00:e2:f4:df:78:de:2a:d4:
         a8:f7:66:c5:a4:66:db:3a:86:09:46:72:26:29:22:4d:0e:59:
         18:71:a4:87:0f:fa:4e:b5:15:b0:5a:0f:0d:0f:9e:6c:72:bc:
         0b:29:32:c0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQj1vgNNpIh1AJ6y9RqyCBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2FhNzk3YjkwMGZjMzU1ZmMyNDEyNDY3NzUxZWViMmMx
YzY0YmUwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDVjOTk0MDk5N2Q4Njk0OTFmMGMyNjZlNzM5MjQ1NDljOWU0OGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotRN4igpSD+wOzKAr5SluxkMZxtP
5kN2n82u/kgn0bwhjIXxrfDj0S9AOFeD+CucUZKupro8UzD5j/c8InO/FyB7wxUt
P1ZnvuCLn2tfp7NXkMe5G3OlucXySa1YSkdBxi8YIyjeNUE4MLP5qdZ6R+HrO92m
4jxOqcuHyB7vi4rdUTsUwdqsMRPVDr8Tyf91xzoB3JKXSn3pI24IHAkAP4za7lpT
Q2U+pkhzJBY0hYhSIeQw3dhEgkaUG+RAg0YdP/3wuHD2zqrCvOgizwh4mgP9Z8H4
fgsaUcEFhVWYKXOv5eyae2uzawok7R3uCaOl30kQqU+TuwQzWJ/224sQsQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIRcmUCZfYaUkfDCZuc5JFScnkirMB8GA1UdIwQY
MBaAFPjKp5e5APw1X8JBJGd1HussHGS+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NcW5sN2tBX0RWZndrRWtaM1VlNnl3Y1pMNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4
LTlkYjNkNDRjNmQyZi8xL2hGeVpRSmw5aHBTUjhNSm01emtrVkp5ZVNLcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvMWI1NWNmLWJlOTQtNDlhZC05ZWI4LTlkYjNkNDRjNmQy
Zi8xLzEtTXFubDdrQV9EVmZ3a0VrWjNVZTZ5d2NaTDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC5YtsD
BADBIlMwDQYJKoZIhvcNAQELBQADggEBAKuDDw13UDnOGwnRmx2l2RVE91u0nuBy
F3eKJym2Tw1CBsJXIrHwIVzVGx+XkOh3dbnv7T1OCG4kyD37NQDCzzeaFyVerYSw
OmNFcOTYJiKAyXwMOFluOB9U53k+hXTZInUxS76YIU2Siy/UJO/XN70rQokRMlEW
wLgWRurdZpLX3SZNzrNCkrN7gquEt/3u8LkKsa4s1BqsUizTnZkiG7+OTWTOjoQP
7F5H8vO7fjezZADPb56KLR3OIDb3Z3mDMUj8b6yqzFnVh4GiRs1oj3IA4vTfeN4q
1Kj3ZsWkZts6hglGciYpIk0OWRhxpIcP+k61FbBaDw0PnmxyvAspMsA=
-----END CERTIFICATE-----