Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/EbZtq2coMU270JnZ4a-zaYQT_0Q.roa
File:                     EbZtq2coMU270JnZ4a-zaYQT_0Q.roa (raw, json)
Hash identifier:          yU3RaYJSG7d5Cg9VqCAtXvTzjDsa0Gi9QQwBd19SnQo=
Subject key identifier:   11:B6:6D:AB:67:28:31:4D:BB:D0:99:D9:E1:AF:B3:69:84:13:FF:44
Certificate issuer:       /CN=380dd9e7355c72c751fff4f175dace7daa7b9cbf
Certificate serial:       0197B185C175EB160161FB04FDBE1066102F
Authority key identifier: 38:0D:D9:E7:35:5C:72:C7:51:FF:F4:F1:75:DA:CE:7D:AA:7B:9C:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OA3Z5zVccsdR__TxddrOfap7nL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/EbZtq2coMU270JnZ4a-zaYQT_0Q.roa
Signing time:             Fri 27 Jun 2025 13:13:42 +0000
ROA not before:           Fri 27 Jun 2025 13:13:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64249
IP address blocks:        185.67.164.0/22 maxlen: 22
                          185.67.164.0/24 maxlen: 24
                          185.67.165.0/24 maxlen: 24
                          185.67.166.0/24 maxlen: 24
                          185.67.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/OA3Z5zVccsdR__TxddrOfap7nL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/OA3Z5zVccsdR__TxddrOfap7nL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OA3Z5zVccsdR__TxddrOfap7nL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:85:c1:75:eb:16:01:61:fb:04:fd:be:10:66:10:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380dd9e7355c72c751fff4f175dace7daa7b9cbf
        Validity
            Not Before: Jun 27 13:13:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b66dab6728314dbbd099d9e1afb3698413ff44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:32:03:10:6b:de:36:c6:9b:4d:be:65:43:f6:
                    13:04:a3:5d:c5:28:4d:06:a5:c1:4e:05:4f:56:c0:
                    59:73:cf:81:34:1f:1a:10:dd:03:35:d1:80:c8:fd:
                    89:4d:51:af:a3:87:61:41:5c:88:26:d3:fd:7b:d9:
                    f4:6c:65:0b:8e:0b:2a:0c:50:62:fd:75:5a:32:c5:
                    f2:f2:cc:5c:bd:a1:04:52:8e:b9:9e:aa:87:9b:3c:
                    cb:c5:e2:df:23:67:92:cb:e0:b0:b4:c5:0b:b1:44:
                    53:20:20:76:43:e3:97:a8:bf:be:cb:82:89:67:13:
                    72:ce:e5:84:97:43:1f:47:e2:5f:0e:f0:ac:c4:fe:
                    49:b2:5c:5c:a1:e1:06:72:ef:82:37:ad:1e:cc:0b:
                    76:32:9c:28:05:9b:ec:2b:ea:ee:43:83:a5:92:88:
                    a9:84:a6:0d:27:4d:df:db:6f:dd:d0:37:c7:a1:7d:
                    17:ea:0f:4a:6e:f4:87:84:f7:93:e9:c8:47:23:c8:
                    82:c3:80:8d:0f:46:e4:fc:55:a5:00:fe:a8:46:42:
                    55:23:6c:fb:f3:32:31:fb:7f:b2:ab:f2:90:28:fc:
                    50:b9:d3:62:be:88:b5:20:f4:05:f1:3d:9f:e6:b7:
                    b8:dd:17:8e:32:7f:91:38:f0:f4:a7:44:63:c0:10:
                    71:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B6:6D:AB:67:28:31:4D:BB:D0:99:D9:E1:AF:B3:69:84:13:FF:44
            X509v3 Authority Key Identifier:
                keyid:38:0D:D9:E7:35:5C:72:C7:51:FF:F4:F1:75:DA:CE:7D:AA:7B:9C:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OA3Z5zVccsdR__TxddrOfap7nL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/EbZtq2coMU270JnZ4a-zaYQT_0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/b7fea2-a32d-4a5e-9982-54b4ca50d248/1/OA3Z5zVccsdR__TxddrOfap7nL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:7e:14:a2:2d:9f:d7:38:ae:f5:60:47:f0:05:fb:68:eb:69:
         1b:22:4b:f1:17:70:e2:47:4b:df:6b:ed:c3:ec:ef:04:82:b1:
         37:88:fc:c8:f9:e7:2d:1e:f8:cd:13:c0:bb:61:d9:2c:ba:0d:
         43:fa:47:1f:ef:95:e0:3c:94:f7:a8:1f:f7:0e:97:f2:46:13:
         13:c1:d6:4b:a8:5e:cd:04:90:4f:26:81:76:f6:8b:a0:f0:84:
         33:71:d9:c4:c3:6d:2f:f7:27:08:81:e5:45:61:91:7c:70:a3:
         c2:d7:70:0b:be:4b:b3:40:7a:ef:11:59:5a:4f:f9:73:5e:10:
         5d:25:b8:1b:0d:af:14:71:69:11:d3:f7:6b:de:17:0f:c2:75:
         74:f9:f4:9b:7a:b9:8c:5a:24:d5:c6:06:0f:00:c6:16:a1:87:
         be:ee:c4:de:cc:eb:ef:87:7d:02:82:4b:af:6c:4e:21:c3:7e:
         62:fb:fa:08:a2:79:74:36:48:44:16:10:e0:3b:cf:64:cf:c8:
         b2:64:f3:ff:a3:12:e1:f5:4d:eb:bc:d6:43:0d:db:44:fe:07:
         2f:36:59:b8:70:97:29:fb:de:04:e1:c2:74:10:5c:e6:18:cc:
         54:57:35:b7:51:09:38:de:b0:7d:4f:3e:76:e6:e1:39:4a:e3:
         23:28:d7:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZexhcF16xYBYfsE/b4QZhAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGRkOWU3MzU1YzcyYzc1MWZmZjRmMTc1ZGFjZTdkYWE3
YjljYmYwHhcNMjUwNjI3MTMxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI2NmRhYjY3MjgzMTRkYmJkMDk5ZDllMWFmYjM2OTg0MTNmZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjIDEGveNsabTb5lQ/YTBKNdxShN
BqXBTgVPVsBZc8+BNB8aEN0DNdGAyP2JTVGvo4dhQVyIJtP9e9n0bGULjgsqDFBi
/XVaMsXy8sxcvaEEUo65nqqHmzzLxeLfI2eSy+CwtMULsURTICB2Q+OXqL++y4KJ
ZxNyzuWEl0MfR+JfDvCsxP5JslxcoeEGcu+CN60ezAt2MpwoBZvsK+ruQ4Olkoip
hKYNJ03f22/d0DfHoX0X6g9KbvSHhPeT6chHI8iCw4CND0bk/FWlAP6oRkJVI2z7
8zIx+3+yq/KQKPxQudNivoi1IPQF8T2f5re43ReOMn+ROPD0p0RjwBBxQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG2batnKDFNu9CZ2eGvs2mEE/9EMB8GA1UdIwQY
MBaAFDgN2ec1XHLHUf/08XXazn2qe5y/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0EzWjV6VmNjc2RSX19UeGRkck9mYXA3bkw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iN2ZlYTItYTMyZC00YTVlLTk5ODIt
NTRiNGNhNTBkMjQ4LzEvRWJadHEyY29NVTI3MEpuWjRhLXphWVFUXzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iN2ZlYTItYTMyZC00YTVlLTk5ODItNTRiNGNhNTBkMjQ4
LzEvT0EzWjV6VmNjc2RSX19UeGRkck9mYXA3bkw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUOkMA0G
CSqGSIb3DQEBCwUAA4IBAQAHfhSiLZ/XOK71YEfwBfto62kbIkvxF3DiR0vfa+3D
7O8EgrE3iPzI+ectHvjNE8C7Ydksug1D+kcf75XgPJT3qB/3DpfyRhMTwdZLqF7N
BJBPJoF29oug8IQzcdnEw20v9ycIgeVFYZF8cKPC13ALvkuzQHrvEVlaT/lzXhBd
JbgbDa8UcWkR0/dr3hcPwnV0+fSbermMWiTVxgYPAMYWoYe+7sTezOvvh30Cgkuv
bE4hw35i+/oIonl0NkhEFhDgO89kz8iyZPP/oxLh9U3rvNZDDdtE/gcvNlm4cJcp
+94E4cJ0EFzmGMxUVzW3UQk43rB9Tz525uE5SuMjKNde
-----END CERTIFICATE-----