Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/ik_n3d34B4WKWLhhwqx1Hs4Gq10.roa
File:                     ik_n3d34B4WKWLhhwqx1Hs4Gq10.roa (raw, json)
Hash identifier:          SF4FNJqkU5gIwE/u+5gu4fhisTugNMrqP4zHCgZbpN4=
Subject key identifier:   8A:4F:E7:DD:DD:F8:07:85:8A:58:B8:61:C2:AC:75:1E:CE:06:AB:5D
Certificate issuer:       /CN=e7334ad9b3fc521030be99a5157211b663216c94
Certificate serial:       01966CC065B439D966714C8F045CEF8E80B5
Authority key identifier: E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/ik_n3d34B4WKWLhhwqx1Hs4Gq10.roa
Signing time:             Fri 25 Apr 2025 11:41:10 +0000
ROA not before:           Fri 25 Apr 2025 11:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208649
IP address blocks:        185.75.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 13:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:c0:65:b4:39:d9:66:71:4c:8f:04:5c:ef:8e:80:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7334ad9b3fc521030be99a5157211b663216c94
        Validity
            Not Before: Apr 25 11:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a4fe7ddddf807858a58b861c2ac751ece06ab5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:21:d6:0f:ca:27:de:79:4f:89:0a:bf:1a:5c:
                    e9:78:6a:d9:27:b4:75:fe:87:2b:78:b4:08:80:69:
                    3a:d0:a1:71:e0:8d:79:28:fc:2c:80:ca:f6:09:86:
                    79:98:6e:5b:0a:5e:5a:c5:d8:f3:cb:b5:4c:b5:2a:
                    00:ed:a0:e0:d9:5e:33:c9:60:6d:d8:8e:f9:ad:b3:
                    34:86:4e:1d:f2:0f:b1:ed:b3:b9:5d:5a:cc:82:0e:
                    42:4c:0c:02:e9:cf:34:bd:0c:cd:91:c5:8c:67:45:
                    71:98:5a:0b:d5:8b:d2:bd:73:8e:f5:6c:0a:02:1d:
                    31:ad:ab:26:36:64:3a:6e:11:eb:e2:7d:ca:8f:ad:
                    d4:f1:34:36:58:3a:35:6a:44:c8:07:ca:d1:85:70:
                    9e:e8:cc:27:c5:4e:05:d7:4a:9c:29:3c:c9:54:15:
                    27:2c:dc:6a:24:c9:e3:87:4e:75:7a:d1:52:30:9d:
                    b3:f3:c8:37:bf:a1:96:48:64:66:6b:73:fe:45:63:
                    ee:0f:b2:d0:4b:14:a4:5f:21:ce:5b:d2:c7:ce:7d:
                    e6:4a:b9:cd:60:65:6b:85:37:d6:ef:54:87:f0:48:
                    87:37:8f:3c:3e:90:72:03:11:4f:1f:a8:fe:70:06:
                    11:ef:8e:dc:50:cd:33:7d:3e:97:4b:9e:41:2d:ae:
                    0c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4F:E7:DD:DD:F8:07:85:8A:58:B8:61:C2:AC:75:1E:CE:06:AB:5D
            X509v3 Authority Key Identifier:
                keyid:E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/ik_n3d34B4WKWLhhwqx1Hs4Gq10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:9d:77:fe:29:49:7b:9e:4e:b5:13:2b:51:98:f8:a2:15:99:
         3d:d0:a3:21:f7:6c:9a:d5:03:93:0d:60:ee:08:47:4c:ef:6b:
         8b:19:cd:f1:7f:ae:21:f4:b3:42:61:31:81:26:4c:95:ce:e9:
         59:3e:67:6d:61:03:40:8a:05:72:4f:70:12:1a:f1:67:6a:3a:
         c4:a1:09:3f:5f:bb:fa:eb:13:66:38:22:89:c3:79:e2:b8:3e:
         1d:78:03:b1:ce:e1:bb:53:d4:b5:90:c7:85:5e:bf:1a:f4:30:
         6c:f3:2b:31:cc:5e:94:d8:6b:12:3c:2b:c4:27:4d:30:1c:50:
         72:e8:6b:b9:2b:22:12:49:9a:e2:be:4e:6d:c6:e6:da:1a:c9:
         cd:96:bd:7d:54:ba:a2:b0:e4:d3:90:8f:0b:27:8f:e6:c9:09:
         7c:a7:33:2c:c8:95:d9:74:ff:f8:23:69:72:80:fc:d2:2c:f5:
         c1:4c:ab:d7:53:d4:15:ac:f3:45:0b:6e:b9:3d:48:c8:f8:a1:
         f4:b5:f0:75:73:03:a8:cd:1a:c2:7d:79:18:ef:fc:2e:af:8d:
         82:0d:5f:9b:fa:25:d9:f5:0e:aa:e2:cc:5c:09:23:b6:3f:29:
         68:a9:e7:91:6d:58:36:58:6d:03:92:ce:34:38:e7:54:28:13:
         bd:11:52:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZswGW0OdlmcUyPBFzvjoC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzM0YWQ5YjNmYzUyMTAzMGJlOTlhNTE1NzIxMWI2NjMy
MTZjOTQwHhcNMjUwNDI1MTE0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTRmZTdkZGRkZjgwNzg1OGE1OGI4NjFjMmFjNzUxZWNlMDZhYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iHWD8on3nlPiQq/GlzpeGrZJ7R1
/ocreLQIgGk60KFx4I15KPwsgMr2CYZ5mG5bCl5axdjzy7VMtSoA7aDg2V4zyWBt
2I75rbM0hk4d8g+x7bO5XVrMgg5CTAwC6c80vQzNkcWMZ0VxmFoL1YvSvXOO9WwK
Ah0xrasmNmQ6bhHr4n3Kj63U8TQ2WDo1akTIB8rRhXCe6MwnxU4F10qcKTzJVBUn
LNxqJMnjh051etFSMJ2z88g3v6GWSGRma3P+RWPuD7LQSxSkXyHOW9LHzn3mSrnN
YGVrhTfW71SH8EiHN488PpByAxFPH6j+cAYR747cUM0zfT6XS55BLa4M7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpP593d+AeFili4YcKsdR7OBqtdMB8GA1UdIwQY
MBaAFOczStmz/FIQML6ZpRVyEbZjIWyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEt
MzcyMmRmMDczNjAzLzEvaWtfbjNkMzRCNFdLV0xoaHdxeDFIczRHcTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEtMzcyMmRmMDczNjAz
LzEvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUvdMA0G
CSqGSIb3DQEBCwUAA4IBAQClnXf+KUl7nk61EytRmPiiFZk90KMh92ya1QOTDWDu
CEdM72uLGc3xf64h9LNCYTGBJkyVzulZPmdtYQNAigVyT3ASGvFnajrEoQk/X7v6
6xNmOCKJw3niuD4deAOxzuG7U9S1kMeFXr8a9DBs8ysxzF6U2GsSPCvEJ00wHFBy
6Gu5KyISSZrivk5txubaGsnNlr19VLqisOTTkI8LJ4/myQl8pzMsyJXZdP/4I2ly
gPzSLPXBTKvXU9QVrPNFC265PUjI+KH0tfB1cwOozRrCfXkY7/wur42CDV+b+iXZ
9Q6q4sxcCSO2PyloqeeRbVg2WG0Dks40OOdUKBO9EVLP
-----END CERTIFICATE-----