Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IZB5fE3vCYPzm412fZZk7uYbwgE.roa
File:                     IZB5fE3vCYPzm412fZZk7uYbwgE.roa (raw, json)
Hash identifier:          cWCrnSM11F8k4l8vziWTFuB3S6ERgGRGnqCvZnuNDXk=
Subject key identifier:   21:90:79:7C:4D:EF:09:83:F3:9B:8D:76:7D:96:64:EE:E6:1B:C2:01
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       019630876AEA6AF5DAF4878C2ECAED893B04
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IZB5fE3vCYPzm412fZZk7uYbwgE.roa
Signing time:             Sun 13 Apr 2025 19:01:43 +0000
ROA not before:           Sun 13 Apr 2025 19:01:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        93.185.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:30:87:6a:ea:6a:f5:da:f4:87:8c:2e:ca:ed:89:3b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Apr 13 19:01:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2190797c4def0983f39b8d767d9664eee61bc201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d4:0a:10:a0:3e:89:bb:87:8d:2f:f7:69:37:
                    17:eb:43:e8:5c:00:1c:f4:30:44:7c:b2:28:de:75:
                    9b:43:25:70:8b:b3:01:f3:5c:c8:f7:be:4c:78:26:
                    b7:4f:c6:5a:af:db:77:bd:20:16:32:96:eb:a6:5e:
                    ce:07:ed:79:78:db:53:0c:46:7e:24:24:61:34:ff:
                    e2:a7:e9:92:f7:81:bf:de:35:06:e9:04:c3:9f:fe:
                    17:79:ea:f2:9e:86:ac:7f:55:da:25:47:44:17:e0:
                    35:13:92:11:63:cc:c3:f0:ee:28:f3:91:5a:51:dd:
                    c6:bb:39:eb:ee:6d:a4:13:32:62:cc:79:52:ab:e7:
                    6d:ae:ae:56:e9:31:05:f4:bb:24:2c:f1:67:bb:ab:
                    53:db:1f:f9:db:5d:88:64:52:88:92:3e:d7:16:0d:
                    8f:cc:9f:f4:a2:c5:f1:0b:25:b9:55:22:db:64:22:
                    91:ee:fc:b2:07:5d:4f:58:20:b7:ee:e8:47:f7:63:
                    e4:40:7c:58:6a:2a:a9:94:98:3d:b0:e8:85:fb:24:
                    a6:4f:8a:8b:46:f9:7c:22:ff:32:64:11:37:b6:6b:
                    82:36:aa:32:84:29:96:bf:99:d5:2f:7e:c5:13:46:
                    6f:1f:b4:1d:42:7c:eb:93:2f:a4:6d:9d:6a:9b:c8:
                    79:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:90:79:7C:4D:EF:09:83:F3:9B:8D:76:7D:96:64:EE:E6:1B:C2:01
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/IZB5fE3vCYPzm412fZZk7uYbwgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d2:ce:d5:5f:1f:d1:4f:55:8b:48:8c:8f:8d:94:e4:21:05:
         3d:e6:cb:e5:22:5e:c8:a7:a3:f7:51:d4:98:2e:be:3c:55:c5:
         15:4a:31:60:75:4e:8a:49:e9:2f:22:3d:56:e5:61:f6:66:2c:
         29:80:5e:6a:1b:6f:9a:2a:2e:b5:18:e4:af:b8:c0:04:4f:c7:
         7c:68:f4:1f:7c:2d:69:59:73:7c:5e:10:95:dd:bd:7a:a8:b6:
         ed:e2:55:76:0d:a1:eb:f5:f3:82:7e:7e:24:86:99:b2:2d:d9:
         91:ae:3b:d9:78:4e:7d:39:5d:53:4a:c5:06:e8:5c:c8:69:85:
         33:c4:aa:ee:0e:20:d2:87:e0:a0:e8:c5:84:93:57:ad:53:55:
         e7:29:eb:0e:ee:68:52:90:0d:ae:67:c6:fc:d1:90:d9:36:09:
         e3:d1:f5:a7:68:ac:88:b7:ec:69:80:6a:c5:92:12:89:51:40:
         20:90:0a:18:72:52:a6:f6:01:d6:2a:40:0d:19:d8:ec:62:03:
         6a:22:d0:36:07:bb:94:cf:4e:7d:0b:87:d5:dd:9e:74:2f:8d:
         ed:49:21:39:61:cb:26:e6:c7:78:a3:77:d5:80:23:e5:0b:a9:
         93:18:58:b7:34:79:63:4b:f6:af:8f:cc:bf:4b:5c:ab:12:eb:
         ef:24:9d:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYwh2rqavXa9IeMLsrtiTsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwNDEzMTkwMTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTkwNzk3YzRkZWYwOTgzZjM5YjhkNzY3ZDk2NjRlZWU2MWJjMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltQKEKA+ibuHjS/3aTcX60PoXAAc
9DBEfLIo3nWbQyVwi7MB81zI975MeCa3T8Zar9t3vSAWMpbrpl7OB+15eNtTDEZ+
JCRhNP/ip+mS94G/3jUG6QTDn/4Xeerynoasf1XaJUdEF+A1E5IRY8zD8O4o85Fa
Ud3Guznr7m2kEzJizHlSq+dtrq5W6TEF9LskLPFnu6tT2x/5212IZFKIkj7XFg2P
zJ/0osXxCyW5VSLbZCKR7vyyB11PWCC37uhH92PkQHxYaiqplJg9sOiF+ySmT4qL
Rvl8Iv8yZBE3tmuCNqoyhCmWv5nVL37FE0ZvH7QdQnzrky+kbZ1qm8h51QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGQeXxN7wmD85uNdn2WZO7mG8IBMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvSVpCNWZFM3ZDWVB6bTQxMmZaWms3dVlid2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmeMA0G
CSqGSIb3DQEBCwUAA4IBAQAw0s7VXx/RT1WLSIyPjZTkIQU95svlIl7Ip6P3UdSY
Lr48VcUVSjFgdU6KSekvIj1W5WH2ZiwpgF5qG2+aKi61GOSvuMAET8d8aPQffC1p
WXN8XhCV3b16qLbt4lV2DaHr9fOCfn4khpmyLdmRrjvZeE59OV1TSsUG6FzIaYUz
xKruDiDSh+Cg6MWEk1etU1XnKesO7mhSkA2uZ8b80ZDZNgnj0fWnaKyIt+xpgGrF
khKJUUAgkAoYclKm9gHWKkANGdjsYgNqItA2B7uUz059C4fV3Z50L43tSSE5Ycsm
5sd4o3fVgCPlC6mTGFi3NHljS/avj8y/S1yrEuvvJJ0o
-----END CERTIFICATE-----