Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/gLxG9OBR-307s9i7CUzgsFayA0w.roa
File:                     gLxG9OBR-307s9i7CUzgsFayA0w.roa (raw, json)
Hash identifier:          U9Hk3a/+dmVqWlPybJkT20UlsNmTcI0F5wchliR1XTs=
Subject key identifier:   80:BC:46:F4:E0:51:FB:7D:3B:B3:D8:BB:09:4C:E0:B0:56:B2:03:4C
Certificate issuer:       /CN=1bebec6e548c1d2c68319c8d29a35fc06d05c5ca
Certificate serial:       019718B48B52C3B000DBFA204A703B1A075B
Authority key identifier: 1B:EB:EC:6E:54:8C:1D:2C:68:31:9C:8D:29:A3:5F:C0:6D:05:C5:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G-vsblSMHSxoMZyNKaNfwG0Fxco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/gLxG9OBR-307s9i7CUzgsFayA0w.roa
Signing time:             Wed 28 May 2025 21:02:54 +0000
ROA not before:           Wed 28 May 2025 21:02:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204065
IP address blocks:        185.254.244.0/22 maxlen: 22
                          2a0c:54c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/G-vsblSMHSxoMZyNKaNfwG0Fxco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/G-vsblSMHSxoMZyNKaNfwG0Fxco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-vsblSMHSxoMZyNKaNfwG0Fxco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:18:b4:8b:52:c3:b0:00:db:fa:20:4a:70:3b:1a:07:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bebec6e548c1d2c68319c8d29a35fc06d05c5ca
        Validity
            Not Before: May 28 21:02:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80bc46f4e051fb7d3bb3d8bb094ce0b056b2034c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4a:88:a6:8c:2f:49:e9:d4:d1:81:63:8d:e4:
                    de:a8:6f:18:3c:45:ba:5c:85:fb:62:30:0c:ce:43:
                    4b:5b:fe:83:56:64:32:ac:1b:64:b9:4f:14:81:15:
                    fa:18:e7:74:84:26:42:ba:5b:58:a7:55:af:6a:11:
                    c3:13:cf:da:83:64:95:bb:ea:e6:35:6e:40:18:b5:
                    d8:3a:9e:6e:2d:cd:5d:51:98:50:8b:c1:5b:af:5b:
                    9b:da:ba:1b:08:f2:21:2d:38:51:3a:91:2a:fd:bc:
                    da:74:9b:53:ec:57:98:08:46:3c:52:39:db:9b:2e:
                    2d:b1:b9:52:00:c4:96:b1:6c:97:4b:2b:a1:b0:27:
                    76:29:00:a1:0c:76:82:54:f0:93:7b:e4:13:b8:d5:
                    a1:e7:56:ea:25:42:c0:66:de:36:a0:f1:f1:54:6c:
                    84:dd:97:ce:f7:c8:ae:78:14:f3:47:80:3d:f7:3e:
                    43:4e:da:53:a3:be:ba:0a:7a:13:5f:d1:ef:ee:3e:
                    19:44:b5:fb:06:1f:ab:5d:e2:4d:68:04:98:aa:46:
                    35:4d:6a:cc:91:0c:38:21:87:f0:d1:65:56:84:29:
                    ef:b7:95:ac:bd:29:a7:42:75:51:bd:9d:80:b8:74:
                    c5:78:c0:08:77:58:e5:a7:f8:07:e1:fb:70:98:cb:
                    cc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BC:46:F4:E0:51:FB:7D:3B:B3:D8:BB:09:4C:E0:B0:56:B2:03:4C
            X509v3 Authority Key Identifier:
                keyid:1B:EB:EC:6E:54:8C:1D:2C:68:31:9C:8D:29:A3:5F:C0:6D:05:C5:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-vsblSMHSxoMZyNKaNfwG0Fxco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/gLxG9OBR-307s9i7CUzgsFayA0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f85a54-7f8d-4b2f-8cbc-2a2bbcc2103f/1/G-vsblSMHSxoMZyNKaNfwG0Fxco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.244.0/22
                IPv6:
                  2a0c:54c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:12:74:1c:05:a2:30:b4:ae:48:14:0e:ab:6a:67:16:28:19:
         2a:7c:75:e7:17:16:7e:0f:74:84:1d:71:9b:c4:fa:7c:a8:c7:
         8f:0b:fd:5d:43:23:4a:02:fd:a7:96:aa:dd:19:30:09:3b:f5:
         c3:72:b1:bc:dd:c7:84:fc:ba:05:1b:b5:fa:78:04:35:87:ab:
         b5:65:f3:a6:4a:74:10:9e:3e:cf:ae:f9:5f:a6:c5:c9:66:85:
         0f:47:f5:23:af:0f:a7:fc:04:4e:d6:82:bd:ac:2b:7b:49:93:
         49:3f:a9:92:1d:ff:30:3e:59:f8:dd:07:27:be:30:70:74:28:
         44:67:f2:95:1f:7f:55:c3:2e:b8:fb:9a:7f:41:c3:6d:7c:f2:
         e7:7d:1c:1a:3c:55:f1:db:34:65:07:1c:92:07:83:c1:e3:cd:
         8b:a2:a1:f2:26:6f:fc:f9:41:ba:26:88:8e:85:6b:72:a7:dc:
         93:6b:32:21:84:46:4a:7c:09:46:35:f1:22:1c:c0:39:ec:cd:
         2b:5f:38:1a:f1:e8:c8:81:8b:44:ff:73:54:fd:9b:5e:be:3d:
         a1:5f:f0:8d:a5:ea:bd:66:1a:39:a2:52:89:90:14:09:de:7f:
         19:f9:e8:e7:1a:ff:00:9d:5d:b3:68:08:d0:7f:f6:46:d5:08:
         1f:ca:f2:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcYtItSw7AA2/ogSnA7GgdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZWJlYzZlNTQ4YzFkMmM2ODMxOWM4ZDI5YTM1ZmMwNmQw
NWM1Y2EwHhcNMjUwNTI4MjEwMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJjNDZmNGUwNTFmYjdkM2JiM2Q4YmIwOTRjZTBiMDU2YjIwMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0qIpowvSenU0YFjjeTeqG8YPEW6
XIX7YjAMzkNLW/6DVmQyrBtkuU8UgRX6GOd0hCZCultYp1WvahHDE8/ag2SVu+rm
NW5AGLXYOp5uLc1dUZhQi8Fbr1ub2robCPIhLThROpEq/bzadJtT7FeYCEY8Ujnb
my4tsblSAMSWsWyXSyuhsCd2KQChDHaCVPCTe+QTuNWh51bqJULAZt42oPHxVGyE
3ZfO98iueBTzR4A99z5DTtpTo766CnoTX9Hv7j4ZRLX7Bh+rXeJNaASYqkY1TWrM
kQw4IYfw0WVWhCnvt5WsvSmnQnVRvZ2AuHTFeMAId1jlp/gH4ftwmMvMcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIC8RvTgUft9O7PYuwlM4LBWsgNMMB8GA1UdIwQY
MBaAFBvr7G5UjB0saDGcjSmjX8BtBcXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRy12c2JsU01IU3hvTVp5TkthTmZ3RzBGeGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mODVhNTQtN2Y4ZC00YjJmLThjYmMt
MmEyYmJjYzIxMDNmLzEvZ0x4RzlPQlItMzA3czlpN0NVemdzRmF5QTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mODVhNTQtN2Y4ZC00YjJmLThjYmMtMmEyYmJjYzIxMDNm
LzEvRy12c2JsU01IU3hvTVp5TkthTmZ3RzBGeGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf70MA0E
AgACMAcDBQAqDFTAMA0GCSqGSIb3DQEBCwUAA4IBAQBmEnQcBaIwtK5IFA6ramcW
KBkqfHXnFxZ+D3SEHXGbxPp8qMePC/1dQyNKAv2nlqrdGTAJO/XDcrG83ceE/LoF
G7X6eAQ1h6u1ZfOmSnQQnj7PrvlfpsXJZoUPR/Ujrw+n/ARO1oK9rCt7SZNJP6mS
Hf8wPln43QcnvjBwdChEZ/KVH39Vwy64+5p/QcNtfPLnfRwaPFXx2zRlBxySB4PB
482LoqHyJm/8+UG6JoiOhWtyp9yTazIhhEZKfAlGNfEiHMA57M0rXzga8ejIgYtE
/3NU/Ztevj2hX/CNpeq9Zho5olKJkBQJ3n8Z+ejnGv8AnV2zaAjQf/ZG1QgfyvJ9
-----END CERTIFICATE-----