Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/evNnHKfdE81fV-2dA-Pl5eqaGHo.roa
File:                     evNnHKfdE81fV-2dA-Pl5eqaGHo.roa (raw, json)
Hash identifier:          ywmWM1qUYAMtn//4pTN8Jv+BIv75cg5QrP0+2AUgN78=
Subject key identifier:   7A:F3:67:1C:A7:DD:13:CD:5F:57:ED:9D:03:E3:E5:E5:EA:9A:18:7A
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0196A6269D1E8B72C4336E3C2BD3BD49DC5F
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/evNnHKfdE81fV-2dA-Pl5eqaGHo.roa
Signing time:             Tue 06 May 2025 15:11:10 +0000
ROA not before:           Tue 06 May 2025 15:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34918
IP address blocks:        185.212.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:26:9d:1e:8b:72:c4:33:6e:3c:2b:d3:bd:49:dc:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May  6 15:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7af3671ca7dd13cd5f57ed9d03e3e5e5ea9a187a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:12:ef:e7:8b:e1:06:a7:0d:08:aa:cd:5b:7a:
                    26:76:26:1d:8d:63:3d:c3:ab:5d:ff:4b:e8:05:ea:
                    7d:e2:92:a5:44:55:f7:d9:df:06:29:03:91:c1:d3:
                    94:ed:ef:0d:f3:98:31:2d:10:a2:ae:4a:95:bb:3f:
                    ac:ce:aa:63:3a:92:94:f0:b0:ed:4e:16:de:e9:25:
                    a8:20:d9:9a:d6:e1:70:a1:20:d0:d6:05:89:bf:39:
                    33:38:ea:fd:cb:d6:50:b3:c9:ad:7a:43:d0:f4:3e:
                    04:10:02:ef:41:1a:38:35:cd:40:e1:6f:95:e7:b6:
                    47:31:3e:0e:d2:28:67:2d:cb:d4:4c:da:a0:e8:2b:
                    12:95:4b:2e:76:83:8b:ba:12:7c:18:aa:d6:5a:d2:
                    f3:1a:72:93:04:be:1f:bb:da:fe:96:8f:c5:07:6c:
                    c2:b7:1c:3f:68:e8:86:a8:79:ab:9f:00:7f:fc:8c:
                    94:2f:a0:b1:3b:75:89:a9:52:10:10:8c:35:fe:07:
                    41:79:0f:56:dc:00:32:06:db:6e:a3:b3:0c:39:6c:
                    0f:67:ab:ba:05:6d:18:0f:64:41:de:d6:60:99:be:
                    ca:fb:2d:f1:a1:79:35:d3:44:ae:e6:2b:21:36:7b:
                    48:42:bf:c4:04:c7:17:49:b0:17:90:60:e3:49:64:
                    31:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:F3:67:1C:A7:DD:13:CD:5F:57:ED:9D:03:E3:E5:E5:EA:9A:18:7A
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/evNnHKfdE81fV-2dA-Pl5eqaGHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:a6:8b:99:e7:ed:89:86:73:0d:cb:24:34:d5:c2:23:64:3d:
         5e:01:6f:e6:af:7f:44:06:98:4f:5c:df:96:ff:94:c6:ae:eb:
         fc:26:0b:99:35:4c:c0:35:33:9d:ec:ad:d8:c0:7d:a9:f2:c0:
         95:6e:ef:6e:21:46:e0:60:20:79:65:e4:33:ed:4f:c6:c2:3c:
         34:e6:dc:18:d1:21:8d:11:ad:51:c5:2e:e9:e3:d8:7d:60:04:
         61:61:42:ad:11:f0:6a:d9:a5:94:9f:e0:91:a1:ec:9a:c6:ea:
         c7:69:4e:d9:aa:bf:af:3e:1c:85:2b:18:ee:87:b1:dd:74:59:
         cb:2d:6f:73:cc:95:c1:51:c6:88:ef:40:6b:d0:52:e0:2f:72:
         4a:44:cc:3e:da:66:dc:4d:b9:62:d7:16:33:5a:c5:16:79:7f:
         cd:1b:78:f6:b5:7a:5e:7a:35:04:6d:0e:cb:18:02:2b:d1:a1:
         85:d5:18:84:8c:c0:28:9f:0f:8b:43:17:d0:b4:3c:c2:52:29:
         25:49:24:74:d2:a8:13:dd:68:a1:e8:cb:31:c3:9e:5a:20:92:
         86:4e:e3:b8:36:9d:e9:87:59:1b:63:62:86:8f:d3:ba:94:6b:
         91:2e:cc:0d:d4:3d:24:4e:3a:c7:4a:6c:aa:b9:99:6c:63:6e:
         96:e9:ef:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZamJp0ei3LEM248K9O9SdxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNTA2MTUxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWYzNjcxY2E3ZGQxM2NkNWY1N2VkOWQwM2UzZTVlNWVhOWExODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBLv54vhBqcNCKrNW3omdiYdjWM9
w6td/0voBep94pKlRFX32d8GKQORwdOU7e8N85gxLRCirkqVuz+szqpjOpKU8LDt
Thbe6SWoINma1uFwoSDQ1gWJvzkzOOr9y9ZQs8mtekPQ9D4EEALvQRo4Nc1A4W+V
57ZHMT4O0ihnLcvUTNqg6CsSlUsudoOLuhJ8GKrWWtLzGnKTBL4fu9r+lo/FB2zC
txw/aOiGqHmrnwB//IyUL6CxO3WJqVIQEIw1/gdBeQ9W3AAyBttuo7MMOWwPZ6u6
BW0YD2RB3tZgmb7K+y3xoXk100Su5ishNntIQr/EBMcXSbAXkGDjSWQxJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrzZxyn3RPNX1ftnQPj5eXqmhh6MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvZXZObkhLZmRFODFmVi0yZEEtUGw1ZXFhR0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQyMA0G
CSqGSIb3DQEBCwUAA4IBAQA/pouZ5+2JhnMNyyQ01cIjZD1eAW/mr39EBphPXN+W
/5TGruv8JguZNUzANTOd7K3YwH2p8sCVbu9uIUbgYCB5ZeQz7U/Gwjw05twY0SGN
Ea1RxS7p49h9YARhYUKtEfBq2aWUn+CRoeyaxurHaU7Zqr+vPhyFKxjuh7HddFnL
LW9zzJXBUcaI70Br0FLgL3JKRMw+2mbcTbli1xYzWsUWeX/NG3j2tXpeejUEbQ7L
GAIr0aGF1RiEjMAonw+LQxfQtDzCUiklSSR00qgT3Wih6Msxw55aIJKGTuO4Np3p
h1kbY2KGj9O6lGuRLswN1D0kTjrHSmyquZlsY26W6e9D
-----END CERTIFICATE-----