Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/7dhCE4YFHCUjlqkpkZY7lO72jeU.roa
File:                     7dhCE4YFHCUjlqkpkZY7lO72jeU.roa (raw, json)
Hash identifier:          U8fxbXZIOaigGsLrKkx21Oe8R/4CGL6VvmyMHjpBRGE=
Subject key identifier:   ED:D8:42:13:86:05:1C:25:23:96:A9:29:91:96:3B:94:EE:F6:8D:E5
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C67AA9C2794D3AAE1D7CAF606C57FEE
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/7dhCE4YFHCUjlqkpkZY7lO72jeU.roa
Signing time:             Mon 28 Apr 2025 12:38:10 +0000
ROA not before:           Mon 28 Apr 2025 12:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213024
IP address blocks:        185.179.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:67:aa:9c:27:94:d3:aa:e1:d7:ca:f6:06:c5:7f:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edd8421386051c252396a92991963b94eef68de5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:75:fa:fa:c6:0f:e6:d1:fe:ed:9e:2d:a8:9c:
                    b9:df:9b:8f:64:8e:d2:89:61:76:9e:44:53:c0:f8:
                    cd:8e:5b:39:a7:93:68:49:b3:7d:5f:d5:09:f8:60:
                    4f:b3:23:94:a5:ac:25:15:f0:af:b5:9f:53:b3:99:
                    82:0e:47:2d:89:d8:0c:7f:20:f3:20:b1:01:89:b1:
                    dc:66:71:f9:f8:28:42:84:e1:a8:08:5d:75:fb:68:
                    37:c2:fc:08:ae:ae:7c:a4:72:d8:c2:74:f3:b4:ea:
                    16:2e:69:61:1d:24:75:38:86:5e:a4:1e:5d:f4:67:
                    fa:b1:7d:18:ee:5e:ad:5f:db:55:d2:42:f9:51:d2:
                    48:a7:94:18:1c:f7:7f:8d:77:95:aa:5f:ea:eb:ab:
                    7b:07:f1:e2:e4:7e:96:83:ae:56:c1:ba:39:f7:a0:
                    1b:4b:58:31:57:cb:b2:b7:fa:90:2a:c7:49:31:e7:
                    a7:4b:7c:4e:1d:5b:b3:5a:84:8a:6a:6a:34:54:c5:
                    8c:10:d8:1f:bd:6a:98:1e:e7:e0:60:0b:d9:4e:73:
                    57:01:61:cd:4b:8c:6b:e3:df:8d:ff:ba:35:60:41:
                    ae:69:a3:aa:65:e1:67:77:83:d9:9d:48:35:40:01:
                    15:ec:45:32:6b:cd:3e:84:c9:b6:bb:8a:44:99:c0:
                    ba:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D8:42:13:86:05:1C:25:23:96:A9:29:91:96:3B:94:EE:F6:8D:E5
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/7dhCE4YFHCUjlqkpkZY7lO72jeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:15:2f:6e:54:cc:5f:fd:f4:2a:ee:a8:ac:88:43:2d:29:e2:
         31:e5:a5:f8:b9:d0:5d:10:89:1b:f2:bc:76:ca:e9:91:95:50:
         c2:a6:e9:6a:80:27:87:36:4b:f7:c2:b4:dd:8c:b0:7e:d7:ca:
         ba:20:ba:9e:e1:ca:48:8e:fa:0c:21:7f:70:01:d2:8b:f5:ce:
         5f:47:b0:b9:64:43:55:aa:6f:7c:92:2d:49:fa:59:be:68:68:
         3d:5f:35:07:b5:f4:d9:16:53:44:6d:d4:61:c4:44:ab:99:73:
         69:b5:cf:e6:17:71:bb:09:83:76:58:89:84:00:61:98:d8:b5:
         c5:90:2a:23:db:8a:a2:b9:1d:91:1b:a6:3f:61:a9:2c:90:16:
         f3:bf:58:84:ba:ad:39:83:f0:3c:92:8e:4f:58:6d:2e:8b:2d:
         00:b5:70:ae:c2:d1:13:06:8e:06:b6:0f:8f:d6:a7:f4:ff:7c:
         33:5e:20:82:d6:58:29:3f:c8:34:c9:9d:23:12:cb:df:01:d2:
         a2:50:9e:98:bc:e8:96:1a:79:41:79:85:54:bc:99:92:54:87:
         19:49:20:48:ff:a3:06:ba:d4:8d:19:a0:de:68:3c:5d:ed:9a:
         68:db:c3:8d:c5:04:b5:70:2e:cd:0e:c1:cd:55:e6:7a:26:95:
         2f:eb:19:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8Z6qcJ5TTquHXyvYGxX/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTIzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQ4NDIxMzg2MDUxYzI1MjM5NmE5Mjk5MTk2M2I5NGVlZjY4ZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3X6+sYP5tH+7Z4tqJy535uPZI7S
iWF2nkRTwPjNjls5p5NoSbN9X9UJ+GBPsyOUpawlFfCvtZ9Ts5mCDkctidgMfyDz
ILEBibHcZnH5+ChChOGoCF11+2g3wvwIrq58pHLYwnTztOoWLmlhHSR1OIZepB5d
9Gf6sX0Y7l6tX9tV0kL5UdJIp5QYHPd/jXeVql/q66t7B/Hi5H6Wg65Wwbo596Ab
S1gxV8uyt/qQKsdJMeenS3xOHVuzWoSKamo0VMWMENgfvWqYHufgYAvZTnNXAWHN
S4xr49+N/7o1YEGuaaOqZeFnd4PZnUg1QAEV7EUya80+hMm2u4pEmcC6WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3YQhOGBRwlI5apKZGWO5Tu9o3lMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvN2RoQ0U0WUZIQ1VqbHFrcGtaWTdsTzcyamVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPXMA0G
CSqGSIb3DQEBCwUAA4IBAQCjFS9uVMxf/fQq7qisiEMtKeIx5aX4udBdEIkb8rx2
yumRlVDCpulqgCeHNkv3wrTdjLB+18q6ILqe4cpIjvoMIX9wAdKL9c5fR7C5ZENV
qm98ki1J+lm+aGg9XzUHtfTZFlNEbdRhxESrmXNptc/mF3G7CYN2WImEAGGY2LXF
kCoj24qiuR2RG6Y/YakskBbzv1iEuq05g/A8ko5PWG0uiy0AtXCuwtETBo4Gtg+P
1qf0/3wzXiCC1lgpP8g0yZ0jEsvfAdKiUJ6YvOiWGnlBeYVUvJmSVIcZSSBI/6MG
utSNGaDeaDxd7Zpo28ONxQS1cC7NDsHNVeZ6JpUv6xln
-----END CERTIFICATE-----