Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/dlzqaHBNCax7AH7cKOuLGUROmhc.roa
File:                     dlzqaHBNCax7AH7cKOuLGUROmhc.roa (raw, json)
Hash identifier:          V0WC0WTCXqpzuDi1+bDioL4WjgyLz03d8dARSLHOma8=
Subject key identifier:   76:5C:EA:68:70:4D:09:AC:7B:00:7E:DC:28:EB:8B:19:44:4E:9A:17
Certificate issuer:       /CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
Certificate serial:       019716B69879B6B38F927B44F2DD1969965C
Authority key identifier: C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/dlzqaHBNCax7AH7cKOuLGUROmhc.roa
Signing time:             Wed 28 May 2025 11:45:54 +0000
ROA not before:           Wed 28 May 2025 11:45:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        91.214.108.0/24 maxlen: 24
                          91.214.109.0/24 maxlen: 24
                          91.214.110.0/24 maxlen: 24
                          91.214.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:b6:98:79:b6:b3:8f:92:7b:44:f2:dd:19:69:96:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
        Validity
            Not Before: May 28 11:45:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=765cea68704d09ac7b007edc28eb8b19444e9a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ec:b0:b0:06:c7:bf:b3:20:ea:b1:bb:08:34:
                    98:04:fb:3e:76:2f:f6:42:47:b4:7e:19:5d:75:79:
                    e2:ad:90:83:5c:23:a4:57:0d:84:e1:9b:67:f0:ca:
                    46:01:c4:1e:13:14:b0:69:1d:c5:07:8d:bb:fc:a1:
                    35:57:80:51:b2:c3:03:78:b2:4f:e4:59:e6:ed:17:
                    85:52:0b:52:68:da:4c:cd:c3:9d:68:82:68:4e:87:
                    39:f7:68:12:50:51:43:f2:0e:ed:4c:13:85:8c:6c:
                    39:39:12:3d:e6:f8:c6:da:56:03:d4:22:cf:4a:00:
                    2c:a4:89:9f:7a:8a:29:d8:93:b5:db:0c:34:a5:9e:
                    b2:5a:6b:29:2e:fe:49:e4:f1:6e:4e:dd:2b:63:1d:
                    18:d8:cf:d0:5b:f6:29:68:9f:6e:25:81:6d:c7:43:
                    13:5d:9b:ab:19:02:b1:d8:de:60:cf:2f:09:97:b7:
                    05:5d:9f:28:4d:08:a8:fa:11:ed:ee:85:f0:ea:1b:
                    e7:7b:3c:7f:a3:5f:b7:08:6e:f6:85:05:20:e9:08:
                    27:38:d1:28:c8:05:89:08:20:b3:4d:52:36:92:3a:
                    f2:ab:44:2b:8a:a5:16:7b:f0:83:b4:9c:53:f0:a2:
                    16:a2:98:27:e5:56:90:a3:9f:40:bc:25:77:33:f3:
                    b9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5C:EA:68:70:4D:09:AC:7B:00:7E:DC:28:EB:8B:19:44:4E:9A:17
            X509v3 Authority Key Identifier:
                keyid:C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/dlzqaHBNCax7AH7cKOuLGUROmhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:ac:9d:4c:1d:e2:94:a9:1b:d5:1e:9c:47:24:8a:e5:e1:67:
         04:62:2f:47:18:16:de:d2:71:32:6b:24:4b:91:04:2a:77:55:
         35:4d:01:7f:c9:6c:53:4b:b2:c9:92:f5:b1:cb:79:0a:c5:6e:
         5f:9f:10:53:78:fc:54:d0:d2:d2:c6:3b:64:82:ba:cc:9b:a3:
         fb:90:8d:07:08:f5:7d:1f:dd:4c:91:b4:a7:be:87:2f:30:7a:
         0d:c1:ea:d6:49:e8:56:d3:3d:17:c1:c1:82:9e:b6:07:b0:d5:
         96:d5:9e:1d:55:a3:57:62:f0:2e:99:e1:60:a1:a2:f8:89:1e:
         4a:cb:54:7f:c3:4d:cf:d0:95:97:84:79:a2:3f:85:8d:88:3e:
         3e:6c:7f:16:a4:f3:44:b6:c6:a3:a2:16:f1:bf:e9:6e:b7:35:
         9d:f7:0d:a1:29:a0:17:8c:01:5c:87:58:51:0c:1a:0c:e8:51:
         34:3a:ce:69:43:d5:13:0d:02:ec:de:3d:de:01:b5:67:55:2c:
         2d:00:bb:c7:61:6d:92:f4:e0:d5:13:a1:2c:54:40:67:b2:c3:
         6a:e2:db:e1:92:28:c1:6f:9f:43:a4:13:ab:75:37:c0:e9:4b:
         16:db:d2:4d:52:12:42:05:eb:40:f8:63:68:03:fd:20:98:ae:
         8a:57:bc:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcWtph5trOPkntE8t0ZaZZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTNmYjc5ODhhNDJmMzk4MzhiMWM3ZjlmMDQwMDY5MmU5
Mjk1ZDcwHhcNMjUwNTI4MTE0NTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjVjZWE2ODcwNGQwOWFjN2IwMDdlZGMyOGViOGIxOTQ0NGU5YTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouywsAbHv7Mg6rG7CDSYBPs+di/2
Qke0fhlddXnirZCDXCOkVw2E4Ztn8MpGAcQeExSwaR3FB427/KE1V4BRssMDeLJP
5Fnm7ReFUgtSaNpMzcOdaIJoToc592gSUFFD8g7tTBOFjGw5ORI95vjG2lYD1CLP
SgAspImfeoop2JO12ww0pZ6yWmspLv5J5PFuTt0rYx0Y2M/QW/YpaJ9uJYFtx0MT
XZurGQKx2N5gzy8Jl7cFXZ8oTQio+hHt7oXw6hvnezx/o1+3CG72hQUg6QgnONEo
yAWJCCCzTVI2kjryq0QriqUWe/CDtJxT8KIWopgn5VaQo59AvCV3M/O5gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZc6mhwTQmsewB+3CjrixlETpoXMB8GA1UdIwQY
MBaAFMhT+3mIpC85g4scf58EAGkukpXXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODIt
MWU3YmRiN2YzMGY2LzEvZGx6cWFIQk5DYXg3QUg3Y0tPdUxHVVJPbWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODItMWU3YmRiN2YzMGY2
LzEveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9ZsMA0G
CSqGSIb3DQEBCwUAA4IBAQArrJ1MHeKUqRvVHpxHJIrl4WcEYi9HGBbe0nEyayRL
kQQqd1U1TQF/yWxTS7LJkvWxy3kKxW5fnxBTePxU0NLSxjtkgrrMm6P7kI0HCPV9
H91MkbSnvocvMHoNwerWSehW0z0XwcGCnrYHsNWW1Z4dVaNXYvAumeFgoaL4iR5K
y1R/w03P0JWXhHmiP4WNiD4+bH8WpPNEtsajohbxv+lutzWd9w2hKaAXjAFch1hR
DBoM6FE0Os5pQ9UTDQLs3j3eAbVnVSwtALvHYW2S9ODVE6EsVEBnssNq4tvhkijB
b59DpBOrdTfA6UsW29JNUhJCBetA+GNoA/0gmK6KV7xK
-----END CERTIFICATE-----