Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/1-15VXX8nVt-lY3LiGzv1Jr6OcwM.roa
File:                     1-15VXX8nVt-lY3LiGzv1Jr6OcwM.roa (raw, json)
Hash identifier:          SlkmWz0jcL6xUXUhTFQpLdotJEVgcyVB/xztx7GovmM=
Subject key identifier:   FB:5E:55:5D:7F:27:56:DF:A5:63:72:E2:1B:3B:F5:26:BE:8E:73:03
Certificate issuer:       /CN=7b385e86167d5ccc22fd85892560ae760b5f2898
Certificate serial:       01953DC78D60F45585C358ED85AB850D7983
Authority key identifier: 7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/1-15VXX8nVt-lY3LiGzv1Jr6OcwM.roa
Signing time:             Tue 25 Feb 2025 15:44:02 +0000
ROA not before:           Tue 25 Feb 2025 15:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204589
IP address blocks:        185.226.138.0/24 maxlen: 24
                          185.226.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:c7:8d:60:f4:55:85:c3:58:ed:85:ab:85:0d:79:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b385e86167d5ccc22fd85892560ae760b5f2898
        Validity
            Not Before: Feb 25 15:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb5e555d7f2756dfa56372e21b3bf526be8e7303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:09:c6:97:63:6b:07:8b:de:85:7d:a1:cb:f7:
                    c3:39:56:6f:f4:f0:3b:25:50:7b:ce:8f:4e:33:ae:
                    fb:73:d9:5d:05:7e:af:0d:d4:3f:c8:a7:18:b5:a0:
                    07:4d:3e:31:b9:35:0f:a7:6f:1f:b4:4c:21:db:3b:
                    d7:7c:90:7b:61:bc:d8:99:ad:ad:9c:fb:40:e3:00:
                    df:ca:62:b1:e4:cc:87:18:85:92:61:64:fb:ee:3d:
                    21:ce:d2:52:7b:07:94:65:df:6f:fd:76:ef:ac:2f:
                    0a:18:ba:98:21:fc:ed:25:bb:84:26:b0:75:f9:c4:
                    aa:9d:56:6d:56:dc:14:a7:42:f6:6c:22:3a:42:0c:
                    f3:2e:33:bf:16:f0:b9:e5:8e:c2:6e:d2:67:e3:21:
                    0c:ff:80:d6:d9:63:e2:99:ed:ec:ca:3f:fa:dc:4c:
                    aa:00:c3:27:45:37:1a:58:97:c9:50:13:a2:79:86:
                    52:a1:20:de:29:4e:04:74:c2:b3:40:74:97:fb:83:
                    ca:b9:33:10:02:f2:59:2d:50:17:36:68:bd:bf:57:
                    56:1f:31:bc:95:de:77:45:84:84:2c:54:56:cb:7d:
                    23:c4:75:72:fd:34:cf:04:5d:85:1f:9b:52:98:fe:
                    a5:b5:55:0d:72:36:97:c4:e3:7d:87:16:14:76:1f:
                    e7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5E:55:5D:7F:27:56:DF:A5:63:72:E2:1B:3B:F5:26:BE:8E:73:03
            X509v3 Authority Key Identifier:
                keyid:7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/1-15VXX8nVt-lY3LiGzv1Jr6OcwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ce:c9:27:75:38:61:cf:40:1d:02:a5:de:a2:25:38:67:83:93:
         c4:de:a8:c2:05:40:7e:3d:03:9c:a2:b9:8e:5a:87:5a:d6:20:
         72:0e:00:5a:9f:d2:49:db:11:b8:36:57:4b:4c:29:70:2d:bb:
         ce:e2:01:71:7e:32:b0:22:7e:a0:ed:15:e1:e8:3b:8c:bf:f4:
         2b:8b:7f:26:8a:e8:c4:4c:d8:de:bb:70:44:55:26:f9:ad:8a:
         78:1e:99:4a:64:e6:f0:2c:ea:bd:e5:d3:57:28:92:c8:13:32:
         f2:b6:c5:f9:d3:12:f2:a5:2b:26:b3:67:ef:48:2d:23:7c:37:
         c7:84:0e:06:97:72:05:63:5c:94:05:88:67:1e:39:a9:1c:ef:
         6a:d5:88:2e:91:44:d6:9f:4e:43:9d:af:95:ee:a6:be:1a:ff:
         42:9d:a7:ef:7e:b9:af:a2:bf:1f:0d:a8:f5:f1:48:f6:ff:0e:
         b7:e2:9e:5e:c2:01:07:b2:d7:3f:91:b9:51:c9:91:bd:b5:5d:
         8a:92:f5:8c:b6:4f:46:52:c2:83:e0:06:28:48:a1:c0:d4:4f:
         f3:79:76:a6:d4:a8:41:84:66:d7:89:4b:95:2c:42:05:18:c6:
         b4:27:d5:d6:3b:72:85:aa:4d:3d:88:5f:1d:7d:bc:34:a5:12:
         59:bc:ff:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZU9x41g9FWFw1jthauFDXmDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMzg1ZTg2MTY3ZDVjY2MyMmZkODU4OTI1NjBhZTc2MGI1
ZjI4OTgwHhcNMjUwMjI1MTU0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVlNTU1ZDdmMjc1NmRmYTU2MzcyZTIxYjNiZjUyNmJlOGU3MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAnGl2NrB4vehX2hy/fDOVZv9PA7
JVB7zo9OM677c9ldBX6vDdQ/yKcYtaAHTT4xuTUPp28ftEwh2zvXfJB7YbzYma2t
nPtA4wDfymKx5MyHGIWSYWT77j0hztJSeweUZd9v/XbvrC8KGLqYIfztJbuEJrB1
+cSqnVZtVtwUp0L2bCI6QgzzLjO/FvC55Y7CbtJn4yEM/4DW2WPime3syj/63Eyq
AMMnRTcaWJfJUBOieYZSoSDeKU4EdMKzQHSX+4PKuTMQAvJZLVAXNmi9v1dWHzG8
ld53RYSELFRWy30jxHVy/TTPBF2FH5tSmP6ltVUNcjaXxON9hxYUdh/n/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPteVV1/J1bfpWNy4hs79Sa+jnMDMB8GA1UdIwQY
MBaAFHs4XoYWfVzMIv2FiSVgrnYLXyiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmIt
ZWE3ODhhZDMyOTZhLzEvMS0xNVZYWDhuVnQtbFkzTGlHenYxSnI2T2N3TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDgvYjQ1OWYxLTY0OTktNGUxNC1hY2ZiLWVhNzg4YWQzMjk2
YS8xL2V6aGVoaFo5WE13aV9ZV0pKV0N1ZGd0ZktKZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbniijAN
BgkqhkiG9w0BAQsFAAOCAQEAzskndThhz0AdAqXeoiU4Z4OTxN6owgVAfj0DnKK5
jlqHWtYgcg4AWp/SSdsRuDZXS0wpcC27zuIBcX4ysCJ+oO0V4eg7jL/0K4t/Joro
xEzY3rtwRFUm+a2KeB6ZSmTm8CzqveXTVyiSyBMy8rbF+dMS8qUrJrNn70gtI3w3
x4QOBpdyBWNclAWIZx45qRzvatWILpFE1p9OQ52vle6mvhr/Qp2n7365r6K/Hw2o
9fFI9v8Ot+KeXsIBB7LXP5G5UcmRvbVdipL1jLZPRlLCg+AGKEihwNRP83l2ptSo
QYRm14lLlSxCBRjGtCfV1jtyhapNPYhfHX28NKUSWbz/bg==
-----END CERTIFICATE-----