Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/dCLBCLtRiEHKLnEsttcCW1iM_BE.roa
File:                     dCLBCLtRiEHKLnEsttcCW1iM_BE.roa (raw, json)
Hash identifier:          vfnxCa/UgYFBFIEv8mBtn7OLgChKNbNgT9iBOTqVg7E=
Subject key identifier:   74:22:C1:08:BB:51:88:41:CA:2E:71:2C:B6:D7:02:5B:58:8C:FC:11
Certificate issuer:       /CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
Certificate serial:       01967DC1BAC4836555FC0A1B7EC6188D1DB4
Authority key identifier: 8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/dCLBCLtRiEHKLnEsttcCW1iM_BE.roa
Signing time:             Mon 28 Apr 2025 18:56:10 +0000
ROA not before:           Mon 28 Apr 2025 18:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215655
IP address blocks:        194.150.165.0/24 maxlen: 24
                          2a14:1600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7d:c1:ba:c4:83:65:55:fc:0a:1b:7e:c6:18:8d:1d:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
        Validity
            Not Before: Apr 28 18:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7422c108bb518841ca2e712cb6d7025b588cfc11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:54:54:02:39:1e:df:0e:65:e4:de:5e:7c:0d:
                    75:7b:32:86:c0:bc:6f:59:60:f2:1b:74:05:46:f8:
                    b7:21:e6:66:51:99:b4:e3:f1:4f:8b:c1:e6:cf:e5:
                    82:30:cc:8d:8d:3f:53:a1:7c:7d:ce:46:72:6b:ed:
                    15:b9:2f:c0:bd:17:77:88:3e:f1:4d:1d:87:62:fa:
                    52:ce:d1:78:56:ed:9e:45:2c:db:bb:60:c6:a9:cb:
                    78:d2:3e:bf:55:d4:60:96:09:d2:c9:75:46:72:18:
                    17:8c:e5:96:ae:61:55:ad:33:5f:18:f0:1e:85:84:
                    7d:bb:44:0f:b3:31:24:e6:67:41:7d:35:e6:9b:80:
                    7a:d8:2f:34:d8:14:7c:2e:a6:e6:72:84:c9:5e:37:
                    54:bc:f6:94:7b:11:d0:f2:8e:df:38:01:3c:ba:a5:
                    1e:45:9c:b0:eb:4f:f3:cf:e1:6d:26:a4:6b:6c:4f:
                    98:0d:a3:86:c2:94:9c:98:21:a3:fb:95:6b:76:7e:
                    a8:2e:89:2d:79:42:19:0e:94:ca:a8:88:63:0f:94:
                    10:61:6f:a5:f4:e5:06:8e:a0:1d:c1:0b:16:0e:df:
                    b6:c7:f7:7c:ac:30:fa:6a:1a:fc:d0:b5:9e:2d:49:
                    bf:f2:c2:37:fa:05:c3:44:a8:43:d2:02:6a:19:b7:
                    c6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:22:C1:08:BB:51:88:41:CA:2E:71:2C:B6:D7:02:5B:58:8C:FC:11
            X509v3 Authority Key Identifier:
                keyid:8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/dCLBCLtRiEHKLnEsttcCW1iM_BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.165.0/24
                IPv6:
                  2a14:1600::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:92:60:71:f7:9f:bd:05:3c:57:44:6f:13:7a:58:3b:f1:9e:
         0a:e1:f7:1a:5a:3d:72:cb:36:6f:84:9a:b0:0b:7e:1a:5a:5d:
         0b:1c:6e:35:37:c0:c3:b0:ca:c9:48:bc:2e:f5:06:4c:4e:f1:
         10:2f:64:a0:cc:23:88:19:91:19:d8:02:ac:08:9c:fb:79:be:
         ce:dc:e7:52:47:bd:99:3b:10:05:43:43:fc:94:ac:0f:8d:f8:
         28:a1:87:e3:8c:2b:dc:1f:49:fa:a2:42:94:36:1d:06:3a:98:
         df:d9:29:59:f6:c6:cd:6f:67:fa:63:94:b9:8b:31:8e:27:71:
         d0:a4:e6:1b:10:cb:89:fc:e7:63:07:b8:4b:ac:59:6c:1c:29:
         d6:46:b8:4c:40:ed:48:00:d6:a2:0e:f3:5c:e2:cc:e6:5e:cb:
         12:9d:c1:da:8d:56:28:f1:9c:84:2f:f6:18:47:d3:04:5d:70:
         58:fb:b1:3f:74:f8:bf:c5:60:45:21:37:6e:30:68:86:89:e6:
         f8:b9:10:d0:64:2e:ff:b5:92:ff:2b:c7:a4:bd:6e:38:b7:93:
         23:5b:80:c0:5b:5b:38:f5:30:b7:a3:71:a5:5a:7a:1b:32:42:
         7b:fa:11:33:4b:27:85:8b:be:7a:b6:9e:e2:bb:b3:c0:25:bb:
         f8:f5:49:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZ9wbrEg2VV/AobfsYYjR20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYTI2YjQ1OGFkNDFkNDdkMjYxYTc2ZDhjNWRjMGZjOGQx
YTllMmMwHhcNMjUwNDI4MTg1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIyYzEwOGJiNTE4ODQxY2EyZTcxMmNiNmQ3MDI1YjU4OGNmYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVRUAjke3w5l5N5efA11ezKGwLxv
WWDyG3QFRvi3IeZmUZm04/FPi8Hmz+WCMMyNjT9ToXx9zkZya+0VuS/AvRd3iD7x
TR2HYvpSztF4Vu2eRSzbu2DGqct40j6/VdRglgnSyXVGchgXjOWWrmFVrTNfGPAe
hYR9u0QPszEk5mdBfTXmm4B62C802BR8LqbmcoTJXjdUvPaUexHQ8o7fOAE8uqUe
RZyw60/zz+FtJqRrbE+YDaOGwpScmCGj+5Vrdn6oLokteUIZDpTKqIhjD5QQYW+l
9OUGjqAdwQsWDt+2x/d8rDD6ahr80LWeLUm/8sI3+gXDRKhD0gJqGbfGXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHQiwQi7UYhByi5xLLbXAltYjPwRMB8GA1UdIwQY
MBaAFI6ia0WK1B1H0mGnbYxdwPyNGp4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYt
Mjg5MDA1NTkxNGM1LzEvZENMQkNMdFJpRUhLTG5Fc3R0Y0NXMWlNX0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYtMjg5MDA1NTkxNGM1
LzEvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwpalMA0E
AgACMAcDBQMqFBYAMA0GCSqGSIb3DQEBCwUAA4IBAQBGkmBx95+9BTxXRG8Telg7
8Z4K4fcaWj1yyzZvhJqwC34aWl0LHG41N8DDsMrJSLwu9QZMTvEQL2SgzCOIGZEZ
2AKsCJz7eb7O3OdSR72ZOxAFQ0P8lKwPjfgooYfjjCvcH0n6okKUNh0GOpjf2SlZ
9sbNb2f6Y5S5izGOJ3HQpOYbEMuJ/OdjB7hLrFlsHCnWRrhMQO1IANaiDvNc4szm
XssSncHajVYo8ZyEL/YYR9MEXXBY+7E/dPi/xWBFITduMGiGieb4uRDQZC7/tZL/
K8ekvW44t5MjW4DAW1s49TC3o3GlWnobMkJ7+hEzSyeFi756tp7iu7PAJbv49Uny
-----END CERTIFICATE-----