Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/1-ZSGsCHMEIt-zdJlJw6apZX2Wrw.roa
File:                     1-ZSGsCHMEIt-zdJlJw6apZX2Wrw.roa (raw, json)
Hash identifier:          jSCF0+9de5r9THp7fXr99R1xtgUUcEM1y8WA8CvHwCI=
Subject key identifier:   F9:94:86:B0:21:CC:10:8B:7E:CD:D2:65:27:0E:9A:A5:95:F6:5A:BC
Certificate issuer:       /CN=13fe9bcebae228b36c883c27ea5518e704c10991
Certificate serial:       01963E5A582454972B1CF17C9D200A6A884B
Authority key identifier: 13:FE:9B:CE:BA:E2:28:B3:6C:88:3C:27:EA:55:18:E7:04:C1:09:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_6bzrriKLNsiDwn6lUY5wTBCZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/1-ZSGsCHMEIt-zdJlJw6apZX2Wrw.roa
Signing time:             Wed 16 Apr 2025 11:27:10 +0000
ROA not before:           Wed 16 Apr 2025 11:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215826
IP address blocks:        94.141.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/E_6bzrriKLNsiDwn6lUY5wTBCZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/E_6bzrriKLNsiDwn6lUY5wTBCZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_6bzrriKLNsiDwn6lUY5wTBCZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:5a:58:24:54:97:2b:1c:f1:7c:9d:20:0a:6a:88:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13fe9bcebae228b36c883c27ea5518e704c10991
        Validity
            Not Before: Apr 16 11:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f99486b021cc108b7ecdd265270e9aa595f65abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:46:77:0f:eb:1c:9f:ad:48:29:44:4b:79:a2:
                    71:92:d1:66:33:9f:67:98:3d:12:3b:89:3c:86:70:
                    47:b9:d9:bb:1c:4f:76:6d:58:35:5e:9c:74:05:d7:
                    ac:ef:94:6e:d6:ad:96:30:68:44:b3:d9:ca:0f:03:
                    9c:36:b7:d9:bf:24:36:d7:65:c4:28:e7:bb:a9:87:
                    e6:de:79:51:41:25:8a:74:ab:aa:19:60:5f:ec:8f:
                    f8:6e:ba:13:c7:81:54:9c:d3:a7:1d:5c:72:ae:2d:
                    ef:52:3e:3a:62:98:ba:fd:fa:9e:f3:25:84:5e:cb:
                    33:7d:6e:0f:1d:47:c4:c4:71:cc:c9:6c:92:5b:59:
                    36:90:2a:ac:c7:ce:09:03:2e:76:bf:c9:8a:fb:6a:
                    af:5a:b4:dc:23:3d:a4:7a:69:e6:2c:9c:09:d2:7e:
                    3a:62:fd:6d:d7:d9:9b:7b:02:b5:c0:be:25:35:4b:
                    e4:5c:10:93:88:35:90:89:87:a1:4b:0a:e0:1c:e5:
                    ff:b3:ee:7d:5b:2d:99:4e:2a:97:9b:d7:13:c2:db:
                    93:cb:d5:b5:66:58:08:08:15:72:c3:d7:5a:f1:3a:
                    22:59:ad:94:04:e2:a2:75:2a:d2:b8:14:ce:3a:19:
                    1b:43:56:76:1c:9c:53:ef:93:e0:3d:90:81:f6:52:
                    21:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:94:86:B0:21:CC:10:8B:7E:CD:D2:65:27:0E:9A:A5:95:F6:5A:BC
            X509v3 Authority Key Identifier:
                keyid:13:FE:9B:CE:BA:E2:28:B3:6C:88:3C:27:EA:55:18:E7:04:C1:09:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_6bzrriKLNsiDwn6lUY5wTBCZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/1-ZSGsCHMEIt-zdJlJw6apZX2Wrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/50a7da-162b-4bde-b0c4-5e2d6070ef83/1/E_6bzrriKLNsiDwn6lUY5wTBCZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.141.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:28:25:4a:96:63:f6:70:e1:ce:49:0d:60:92:d0:01:8d:53:
         5b:3d:77:44:fe:00:0b:6c:80:cf:d2:33:25:af:24:69:a6:27:
         5c:ab:a2:3a:9a:30:7d:7a:02:e7:3e:a5:ee:c4:f3:c0:5c:83:
         2d:ba:7d:ef:bb:fc:6b:d8:19:98:b2:4f:b3:93:84:96:31:6c:
         24:7e:31:64:dd:79:e0:e5:09:44:02:b2:db:0e:d4:cc:f3:18:
         18:c3:11:6e:d6:18:cf:83:aa:2e:bf:15:96:41:55:ac:7f:54:
         2d:fa:85:ff:6a:34:91:82:df:88:9a:89:ee:ba:ba:10:e2:63:
         b8:4f:bd:77:2e:b0:af:3e:2f:28:f4:b1:24:ee:a7:4c:1c:a5:
         47:20:79:49:c4:6a:b0:9c:93:51:cf:d9:16:92:a6:9c:f9:c8:
         b6:72:a1:6c:c3:30:56:3c:de:24:1f:4d:ba:3c:ae:80:05:b4:
         b5:76:62:26:66:1e:5f:41:02:8f:5d:c5:fe:dd:03:bd:cc:d9:
         da:a2:86:31:81:f7:c9:76:32:a0:91:bc:e1:3e:a6:0f:b3:d5:
         93:dd:f2:f7:ad:b2:3c:41:c9:5b:64:07:24:44:73:4d:d4:e2:
         ca:25:4e:a2:e0:aa:59:f5:8c:fc:65:74:ae:09:9c:da:28:42:
         3e:18:ce:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZY+WlgkVJcrHPF8nSAKaohLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZmU5YmNlYmFlMjI4YjM2Yzg4M2MyN2VhNTUxOGU3MDRj
MTA5OTEwHhcNMjUwNDE2MTEyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTk0ODZiMDIxY2MxMDhiN2VjZGQyNjUyNzBlOWFhNTk1ZjY1YWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEZ3D+scn61IKURLeaJxktFmM59n
mD0SO4k8hnBHudm7HE92bVg1Xpx0Bdes75Ru1q2WMGhEs9nKDwOcNrfZvyQ212XE
KOe7qYfm3nlRQSWKdKuqGWBf7I/4broTx4FUnNOnHVxyri3vUj46Ypi6/fqe8yWE
XsszfW4PHUfExHHMyWySW1k2kCqsx84JAy52v8mK+2qvWrTcIz2kemnmLJwJ0n46
Yv1t19mbewK1wL4lNUvkXBCTiDWQiYehSwrgHOX/s+59Wy2ZTiqXm9cTwtuTy9W1
ZlgICBVyw9da8ToiWa2UBOKidSrSuBTOOhkbQ1Z2HJxT75PgPZCB9lIh2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmUhrAhzBCLfs3SZScOmqWV9lq8MB8GA1UdIwQY
MBaAFBP+m8664iizbIg8J+pVGOcEwQmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV82YnpycmlLTE5zaUR3bjZsVVk1d1RCQ1pFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS81MGE3ZGEtMTYyYi00YmRlLWIwYzQt
NWUyZDYwNzBlZjgzLzEvMS1aU0dzQ0hNRUl0LXpkSmxKdzZhcFpYMldydy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTUvNTBhN2RhLTE2MmItNGJkZS1iMGM0LTVlMmQ2MDcwZWY4
My8xL0VfNmJ6cnJpS0xOc2lEd242bFVZNXdUQkNaRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAV6NejAN
BgkqhkiG9w0BAQsFAAOCAQEAOCglSpZj9nDhzkkNYJLQAY1TWz13RP4AC2yAz9Iz
Ja8kaaYnXKuiOpowfXoC5z6l7sTzwFyDLbp977v8a9gZmLJPs5OEljFsJH4xZN15
4OUJRAKy2w7UzPMYGMMRbtYYz4OqLr8VlkFVrH9ULfqF/2o0kYLfiJqJ7rq6EOJj
uE+9dy6wrz4vKPSxJO6nTBylRyB5ScRqsJyTUc/ZFpKmnPnItnKhbMMwVjzeJB9N
ujyugAW0tXZiJmYeX0ECj13F/t0DvczZ2qKGMYH3yXYyoJG84T6mD7PVk93y962y
PEHJW2QHJERzTdTiyiVOouCqWfWM/GV0rgmc2ihCPhjO4A==
-----END CERTIFICATE-----