Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/rskHkUFkX_O48BSko3Gfim1HaXo.roa
File:                     rskHkUFkX_O48BSko3Gfim1HaXo.roa (raw, json)
Hash identifier:          We6jCxDZgW3oUj7xCVPUCK7y2C7d3rboO/5pXyLAzz4=
Subject key identifier:   AE:C9:07:91:41:64:5F:F3:B8:F0:14:A4:A3:71:9F:8A:6D:47:69:7A
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       0196B92F0C68A05FB1458B247E0F69794954
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/rskHkUFkX_O48BSko3Gfim1HaXo.roa
Signing time:             Sat 10 May 2025 07:53:10 +0000
ROA not before:           Sat 10 May 2025 07:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207518
IP address blocks:        85.158.187.0/24 maxlen: 24
                          2a09:d2c1:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 13:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b9:2f:0c:68:a0:5f:b1:45:8b:24:7e:0f:69:79:49:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: May 10 07:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aec9079141645ff3b8f014a4a3719f8a6d47697a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bc:4f:23:5e:a8:27:06:7b:0d:7f:51:da:be:
                    1b:b1:bf:0f:c5:d4:c9:e1:24:d0:80:6b:3a:84:55:
                    0c:c2:7b:4f:7f:fe:cf:ba:35:a2:7c:09:11:e6:03:
                    49:7c:8c:40:1d:94:bb:a5:cd:aa:d8:99:fb:a9:a1:
                    02:d9:6d:58:bf:58:64:f8:f2:91:f1:90:97:f1:42:
                    96:63:92:4e:84:98:e7:8a:18:dd:55:f3:f6:78:af:
                    7d:72:ca:a1:01:16:e9:15:5e:db:39:ba:de:a2:4c:
                    b0:b0:05:7d:83:04:34:18:db:99:cb:a7:72:91:f7:
                    6c:6d:cc:af:1b:99:67:0e:bf:58:cf:b3:6b:a2:85:
                    71:08:18:8d:18:82:29:42:db:dc:13:6e:ef:6d:41:
                    39:ad:27:f7:21:2b:47:a9:5b:52:d8:09:f4:9e:c5:
                    ed:e9:e8:c7:c4:d1:f9:a6:28:6e:25:be:05:be:bf:
                    6e:1e:3c:49:a3:fc:e0:9b:d6:16:1f:e1:21:ad:4f:
                    42:15:73:d5:ee:ac:28:13:b1:a1:27:39:ff:b6:d7:
                    18:b9:ba:25:7f:a8:24:f0:6b:54:99:a2:3e:b0:f9:
                    d2:48:f1:37:2d:cb:db:79:e4:f6:ba:b3:76:af:79:
                    2e:fc:9f:0c:dd:a7:d5:c1:62:41:d1:45:d1:d0:ef:
                    7e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C9:07:91:41:64:5F:F3:B8:F0:14:A4:A3:71:9F:8A:6D:47:69:7A
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/rskHkUFkX_O48BSko3Gfim1HaXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.187.0/24
                IPv6:
                  2a09:d2c1:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:3a:a3:ee:94:13:8e:05:6b:64:df:17:db:e9:d9:0a:5e:84:
         fc:43:1e:de:7b:52:8d:af:e7:ce:0c:ad:ad:7f:80:55:a4:79:
         da:da:bb:c6:83:e9:52:e1:31:82:f5:4b:61:a9:89:d0:ca:14:
         df:6d:2e:98:db:bf:23:78:ab:8e:39:99:48:d1:be:f1:2a:23:
         7a:4c:54:53:0f:09:0e:28:0d:70:43:fc:38:14:e1:a7:bf:f6:
         d5:a7:4c:dc:79:07:23:d4:18:44:54:82:36:30:3e:eb:c2:47:
         25:3a:73:95:e1:81:97:ae:13:e7:d1:71:90:5b:91:b6:b7:ee:
         59:e5:ed:df:3c:e2:02:54:7d:7a:5f:95:24:a3:b7:fd:77:d9:
         9b:9c:68:10:2a:bc:9a:4e:98:85:e3:52:8d:c5:ed:5c:61:c7:
         f1:ef:06:b4:d2:d7:17:61:0b:f8:98:88:8b:ab:b6:f2:9d:30:
         f5:e5:bc:72:4f:e9:01:76:34:3b:df:4d:2f:8b:ca:26:64:6e:
         f3:2b:89:07:e4:7d:6e:1b:b4:f5:e8:ca:36:e7:a6:80:4b:9e:
         03:45:d8:3b:e5:2e:36:4e:ab:c3:13:75:b4:eb:38:a4:bd:3b:
         2f:8c:b2:ad:4a:a2:91:14:d7:f9:a0:ff:a3:b6:a4:18:72:7f:
         4a:33:f1:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZa5LwxooF+xRYskfg9peUlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjUwNTEwMDc1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWM5MDc5MTQxNjQ1ZmYzYjhmMDE0YTRhMzcxOWY4YTZkNDc2OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrxPI16oJwZ7DX9R2r4bsb8PxdTJ
4STQgGs6hFUMwntPf/7PujWifAkR5gNJfIxAHZS7pc2q2Jn7qaEC2W1Yv1hk+PKR
8ZCX8UKWY5JOhJjnihjdVfP2eK99csqhARbpFV7bObreokywsAV9gwQ0GNuZy6dy
kfdsbcyvG5lnDr9Yz7NrooVxCBiNGIIpQtvcE27vbUE5rSf3IStHqVtS2An0nsXt
6ejHxNH5pihuJb4Fvr9uHjxJo/zgm9YWH+EhrU9CFXPV7qwoE7GhJzn/ttcYubol
f6gk8GtUmaI+sPnSSPE3LcvbeeT2urN2r3ku/J8M3afVwWJB0UXR0O9+1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK7JB5FBZF/zuPAUpKNxn4ptR2l6MB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvcnNrSGtVRmtYX080OEJTa28zR2ZpbTFIYVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVZ67MA8E
AgACMAkDBwAqCdLBAAQwDQYJKoZIhvcNAQELBQADggEBAGo6o+6UE44Fa2TfF9vp
2QpehPxDHt57Uo2v584Mra1/gFWkedrau8aD6VLhMYL1S2GpidDKFN9tLpjbvyN4
q445mUjRvvEqI3pMVFMPCQ4oDXBD/DgU4ae/9tWnTNx5ByPUGERUgjYwPuvCRyU6
c5XhgZeuE+fRcZBbkba37lnl7d884gJUfXpflSSjt/132ZucaBAqvJpOmIXjUo3F
7Vxhx/HvBrTS1xdhC/iYiIurtvKdMPXlvHJP6QF2NDvfTS+LyiZkbvMriQfkfW4b
tPXoyjbnpoBLngNF2DvlLjZOq8MTdbTrOKS9Oy+Msq1KopEU1/mg/6O2pBhyf0oz
8Yg=
-----END CERTIFICATE-----