Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/_8kwQM-X6Z8iQPUFtkn5eqJVuxI.roa
File:                     _8kwQM-X6Z8iQPUFtkn5eqJVuxI.roa (raw, json)
Hash identifier:          euBW9IpgTvtCum/UZd3emtTuwK2uZ78wnCtDCEVJf2A=
Subject key identifier:   FF:C9:30:40:CF:97:E9:9F:22:40:F5:05:B6:49:F9:7A:A2:55:BB:12
Certificate issuer:       /CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
Certificate serial:       019649A2D70AD15B119F6763DE438742EF45
Authority key identifier: 4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/_8kwQM-X6Z8iQPUFtkn5eqJVuxI.roa
Signing time:             Fri 18 Apr 2025 16:02:10 +0000
ROA not before:           Fri 18 Apr 2025 16:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199937
IP address blocks:        185.42.68.0/23 maxlen: 23
                          2a04:8e80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:49:a2:d7:0a:d1:5b:11:9f:67:63:de:43:87:42:ef:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
        Validity
            Not Before: Apr 18 16:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffc93040cf97e99f2240f505b649f97aa255bb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d4:40:41:a5:39:d0:5c:f7:24:38:a2:fd:79:
                    d3:c9:c7:c1:ae:9f:6a:12:6b:07:88:22:de:0a:5f:
                    e3:a5:fa:62:00:3b:df:f7:c4:97:cb:4e:4f:cb:23:
                    1e:69:79:bc:20:93:62:48:27:82:69:48:8d:96:26:
                    26:af:67:24:63:5e:bf:cc:3a:35:68:7c:fd:3d:ab:
                    70:4f:b4:7f:3e:c3:70:0c:5a:2c:23:35:71:33:30:
                    ad:02:16:25:c6:30:66:9e:61:7a:9e:55:56:ef:66:
                    a1:c2:a8:76:1f:56:77:33:0d:ce:9f:cd:35:2f:37:
                    f3:09:73:95:7a:c4:92:b1:e6:60:68:39:68:57:be:
                    a0:1d:37:10:81:b5:8d:eb:7b:e7:72:bf:1a:4c:de:
                    47:64:c6:77:25:5a:19:74:43:40:a8:77:b1:43:08:
                    39:75:d6:26:aa:75:d1:e7:98:a1:52:b9:7c:7d:5b:
                    2a:fe:fb:c3:66:3d:17:7e:b8:ca:e8:10:8c:ad:16:
                    d8:af:17:09:e4:ae:c1:4a:f9:16:98:3e:84:75:aa:
                    23:aa:f0:7d:8f:02:d6:4f:94:60:e4:91:ee:f4:d5:
                    ce:7c:ef:d8:89:6e:8a:b4:45:55:99:17:bb:d2:50:
                    93:3d:ac:72:f2:d0:40:74:c5:d3:80:43:31:7a:ba:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C9:30:40:CF:97:E9:9F:22:40:F5:05:B6:49:F9:7A:A2:55:BB:12
            X509v3 Authority Key Identifier:
                keyid:4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/_8kwQM-X6Z8iQPUFtkn5eqJVuxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.68.0/23
                IPv6:
                  2a04:8e80::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:be:86:71:29:d9:75:29:37:c3:db:07:13:b6:e9:83:3d:aa:
         e6:9f:12:f9:8a:e1:97:1f:e2:cf:75:88:e4:29:e5:5f:8d:de:
         90:3a:1b:01:81:21:a4:3e:41:02:98:47:b5:01:a4:e3:90:17:
         ae:51:17:46:93:d9:71:5c:51:e1:3f:14:7b:20:e8:08:46:52:
         e6:d5:8f:e3:38:52:4a:a8:67:0f:fd:f9:46:aa:00:de:4a:4f:
         2b:8f:60:16:ae:0d:f8:93:e2:45:72:54:e8:bc:60:95:0c:99:
         ca:b8:ff:f4:28:ff:16:43:53:5d:92:6e:16:5e:16:8f:7e:c7:
         5d:1c:42:f1:e2:65:b5:0b:43:69:50:76:e1:60:b3:96:41:9d:
         61:5b:95:7e:6a:a1:e4:7e:42:41:c5:37:0c:b9:35:2a:ce:35:
         3b:5b:db:0b:c5:8b:94:fb:9d:46:21:21:15:9f:7c:30:62:59:
         9a:60:18:72:c8:ae:5c:70:fb:66:bc:56:2e:d7:09:a5:fa:6c:
         72:db:54:46:35:34:ea:eb:1f:f2:b7:9b:b9:34:e3:ca:c9:4a:
         31:50:76:e4:3e:f1:b9:b8:0a:69:05:2c:7f:02:aa:ad:aa:bc:
         97:70:52:8e:b1:ba:22:74:5b:75:8e:e5:ce:7a:62:e8:f9:76:
         8a:7b:87:f7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZJotcK0VsRn2dj3kOHQu9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzk2ZjBiMzA1MWI1YmM4MTRiMmU4OWNiNDcwYTM4MjZi
MmJmMDAwHhcNMjUwNDE4MTYwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmM5MzA0MGNmOTdlOTlmMjI0MGY1MDViNjQ5Zjk3YWEyNTViYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptRAQaU50Fz3JDii/XnTycfBrp9q
EmsHiCLeCl/jpfpiADvf98SXy05PyyMeaXm8IJNiSCeCaUiNliYmr2ckY16/zDo1
aHz9PatwT7R/PsNwDFosIzVxMzCtAhYlxjBmnmF6nlVW72ahwqh2H1Z3Mw3On801
LzfzCXOVesSSseZgaDloV76gHTcQgbWN63vncr8aTN5HZMZ3JVoZdENAqHexQwg5
ddYmqnXR55ihUrl8fVsq/vvDZj0XfrjK6BCMrRbYrxcJ5K7BSvkWmD6EdaojqvB9
jwLWT5Rg5JHu9NXOfO/YiW6KtEVVmRe70lCTPaxy8tBAdMXTgEMxeroSTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP/JMEDPl+mfIkD1BbZJ+XqiVbsSMB8GA1UdIwQY
MBaAFEt5bwswUbW8gUsuictHCjgmsr8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAt
ZmJkY2IxYTQxNDY3LzEvXzhrd1FNLVg2WjhpUVBVRnRrbjVlcUpWdXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAtZmJkY2IxYTQxNDY3
LzEvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuSpEMA8E
AgACMAkDBwAqBI6AAAAwDQYJKoZIhvcNAQELBQADggEBABu+hnEp2XUpN8PbBxO2
6YM9quafEvmK4Zcf4s91iOQp5V+N3pA6GwGBIaQ+QQKYR7UBpOOQF65RF0aT2XFc
UeE/FHsg6AhGUubVj+M4UkqoZw/9+UaqAN5KTyuPYBauDfiT4kVyVOi8YJUMmcq4
//Qo/xZDU12SbhZeFo9+x10cQvHiZbULQ2lQduFgs5ZBnWFblX5qoeR+QkHFNwy5
NSrONTtb2wvFi5T7nUYhIRWffDBiWZpgGHLIrlxw+2a8Vi7XCaX6bHLbVEY1NOrr
H/K3m7k048rJSjFQduQ+8bm4CmkFLH8Cqq2qvJdwUo6xuiJ0W3WO5c56Yuj5dop7
h/c=
-----END CERTIFICATE-----