Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a8V7ebFEeLwFoSdHq8p0TKDMec8.roa
File:                     a8V7ebFEeLwFoSdHq8p0TKDMec8.roa (raw, json)
Hash identifier:          dTWbz0Iy7LFyWeRydXuTmQggouIblDORZnQw5w0rXE0=
Subject key identifier:   6B:C5:7B:79:B1:44:78:BC:05:A1:27:47:AB:CA:74:4C:A0:CC:79:CF
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       0196A4CBA149FF771010BBA367DB3D8BCB82
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a8V7ebFEeLwFoSdHq8p0TKDMec8.roa
Signing time:             Tue 06 May 2025 08:52:10 +0000
ROA not before:           Tue 06 May 2025 08:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        217.60.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:cb:a1:49:ff:77:10:10:bb:a3:67:db:3d:8b:cb:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: May  6 08:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bc57b79b14478bc05a12747abca744ca0cc79cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d2:5a:0c:0b:ac:0f:31:20:6c:38:7b:d6:4c:
                    ec:4b:88:23:e7:db:5b:af:97:7c:bd:32:60:4c:f1:
                    db:77:1d:1d:5b:ec:2a:82:5d:2b:f6:64:47:4e:16:
                    df:ae:c8:1e:06:dd:7d:40:19:8e:78:df:a5:84:b3:
                    1e:d6:69:b5:f7:d1:d0:cd:6b:18:07:b5:60:c0:84:
                    22:ef:b0:50:a5:45:be:88:5f:32:c2:39:76:75:bf:
                    29:1d:55:1f:62:d3:c7:66:96:11:05:88:5c:eb:0e:
                    86:5a:31:50:98:a9:7c:62:ad:39:9f:3d:15:cf:7c:
                    11:7e:45:8c:55:a6:2b:6c:ff:37:9b:7b:cc:58:f0:
                    ea:4c:78:27:f0:91:60:0c:c7:c1:1e:f1:6a:f8:43:
                    fa:ae:d7:17:9b:f0:2a:bb:1d:c7:75:35:40:10:de:
                    10:df:91:a7:d4:76:48:5d:3b:1b:5e:2a:fb:70:e6:
                    f4:6f:0a:46:8c:37:82:61:7c:40:7d:f0:a6:1a:b0:
                    41:d4:ef:05:74:d3:01:c0:28:c5:a1:4c:e6:f2:0e:
                    25:51:95:8c:fb:1e:af:a7:0b:d2:86:d9:3d:71:1e:
                    7d:a8:9f:e3:65:05:41:e2:12:1a:4c:3f:d6:45:6a:
                    50:d4:7e:25:5b:e4:c6:4c:75:fd:bb:b4:c3:88:e9:
                    65:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:C5:7B:79:B1:44:78:BC:05:A1:27:47:AB:CA:74:4C:A0:CC:79:CF
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/a8V7ebFEeLwFoSdHq8p0TKDMec8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.60.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:bb:59:f9:bf:7d:1f:a4:92:8e:5f:7f:50:cb:75:32:c9:d0:
         b7:f2:ef:ad:ae:59:cf:10:41:d4:65:b2:a1:a0:ee:fc:8f:a5:
         39:77:7d:86:cd:c6:66:c7:24:1f:4d:76:9d:f1:30:0e:f4:19:
         12:71:41:a0:28:90:30:38:55:e8:96:89:eb:c3:36:a2:6d:21:
         13:52:6b:d8:2e:df:ca:1c:01:a5:ab:55:ee:08:75:b6:87:a1:
         87:50:e1:85:b6:f7:52:27:27:97:c3:fc:60:76:cf:7a:44:79:
         cd:a4:d5:8b:3a:67:32:35:56:05:af:af:6b:30:3a:66:a7:c7:
         17:35:87:00:2f:93:55:7d:04:d6:b2:9e:3d:de:d4:59:a3:cf:
         84:e3:cd:97:71:fe:35:9b:c7:af:1e:a7:cc:07:e2:d1:93:35:
         88:c7:66:c9:ae:e1:1a:d6:b0:e0:4f:05:07:b4:08:59:97:60:
         fd:b3:8a:61:bf:cf:f6:78:4d:45:7b:96:81:82:ef:ec:95:39:
         c2:8e:c1:8b:14:15:cb:5e:80:4f:2f:e2:54:18:12:14:da:c6:
         82:71:67:0e:73:4a:b8:c5:fb:b7:5c:93:73:68:22:2f:61:b5:
         82:6a:8d:e3:cc:11:3d:a5:f1:41:54:f4:e1:97:9a:d4:74:7a:
         3b:71:c8:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaky6FJ/3cQELujZ9s9i8uCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA2MDg1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmM1N2I3OWIxNDQ3OGJjMDVhMTI3NDdhYmNhNzQ0Y2EwY2M3OWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9JaDAusDzEgbDh71kzsS4gj59tb
r5d8vTJgTPHbdx0dW+wqgl0r9mRHThbfrsgeBt19QBmOeN+lhLMe1mm199HQzWsY
B7VgwIQi77BQpUW+iF8ywjl2db8pHVUfYtPHZpYRBYhc6w6GWjFQmKl8Yq05nz0V
z3wRfkWMVaYrbP83m3vMWPDqTHgn8JFgDMfBHvFq+EP6rtcXm/Aqux3HdTVAEN4Q
35Gn1HZIXTsbXir7cOb0bwpGjDeCYXxAffCmGrBB1O8FdNMBwCjFoUzm8g4lUZWM
+x6vpwvShtk9cR59qJ/jZQVB4hIaTD/WRWpQ1H4lW+TGTHX9u7TDiOllBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvFe3mxRHi8BaEnR6vKdEygzHnPMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvYThWN2ViRkVlTHdGb1NkSHE4cDBUS0RNZWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2TwgMA0G
CSqGSIb3DQEBCwUAA4IBAQBxu1n5v30fpJKOX39Qy3UyydC38u+trlnPEEHUZbKh
oO78j6U5d32GzcZmxyQfTXad8TAO9BkScUGgKJAwOFXolonrwzaibSETUmvYLt/K
HAGlq1XuCHW2h6GHUOGFtvdSJyeXw/xgds96RHnNpNWLOmcyNVYFr69rMDpmp8cX
NYcAL5NVfQTWsp493tRZo8+E482Xcf41m8evHqfMB+LRkzWIx2bJruEa1rDgTwUH
tAhZl2D9s4phv8/2eE1Fe5aBgu/slTnCjsGLFBXLXoBPL+JUGBIU2saCcWcOc0q4
xfu3XJNzaCIvYbWCao3jzBE9pfFBVPThl5rUdHo7cchK
-----END CERTIFICATE-----