Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/VYxETRyMB_5brJe_4iKAuiQbEUI.roa
File:                     VYxETRyMB_5brJe_4iKAuiQbEUI.roa (raw, json)
Hash identifier:          dmcYzJ1f0soAolwfqw1exU9yBuWbBJ6h+v0u9bOPZQg=
Subject key identifier:   55:8C:44:4D:1C:8C:07:FE:5B:AC:97:BF:E2:22:80:BA:24:1B:11:42
Certificate issuer:       /CN=d0c3d358812e60b680e4e11632f139560bf525fb
Certificate serial:       018CC6B78C1E404E3EF24BE7AF55AEE12A0E
Authority key identifier: D0:C3:D3:58:81:2E:60:B6:80:E4:E1:16:32:F1:39:56:0B:F5:25:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/VYxETRyMB_5brJe_4iKAuiQbEUI.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        194.50.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8c:1e:40:4e:3e:f2:4b:e7:af:55:ae:e1:2a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0c3d358812e60b680e4e11632f139560bf525fb
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=558c444d1c8c07fe5bac97bfe22280ba241b1142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d5:b0:da:94:e6:5b:6e:36:22:e0:11:61:82:
                    ae:24:2a:9c:35:85:ea:29:8e:fc:ac:ff:d0:79:4e:
                    64:a1:ce:90:22:0c:b2:05:2c:23:58:c2:e2:98:25:
                    18:c4:a8:2e:42:de:21:76:cc:0b:4e:c1:12:28:9d:
                    cd:1b:43:38:54:83:92:10:52:3d:87:88:d8:6d:a7:
                    3b:cb:ba:f0:b7:a1:85:32:3e:d7:2a:3b:e5:ed:88:
                    13:12:18:e9:8b:2f:89:0c:99:f6:1c:13:e1:3e:aa:
                    93:1e:32:a6:5c:17:3a:88:ae:bf:5c:75:00:bd:60:
                    b7:83:63:95:39:7e:57:e7:62:52:7c:81:f4:7f:48:
                    dd:ac:56:02:4f:e2:a7:7b:eb:e8:cd:eb:e7:0b:ec:
                    71:2f:54:74:5c:cd:07:6f:01:ce:e3:99:d4:21:5a:
                    cc:53:9d:51:2e:78:e5:f1:3c:09:23:9c:ab:e4:23:
                    32:8c:be:1f:1f:8f:7a:c2:72:9d:b3:64:0a:e4:86:
                    2d:94:df:3d:9e:83:f3:2a:c6:e3:55:e9:68:a4:7e:
                    67:d4:c8:91:22:2e:ea:92:5d:5e:dc:20:d0:ad:37:
                    09:f2:46:19:fb:bb:49:dd:75:fa:fe:aa:61:7a:14:
                    71:00:86:bd:b4:bd:ad:2a:be:1f:06:e8:c1:43:ff:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:8C:44:4D:1C:8C:07:FE:5B:AC:97:BF:E2:22:80:BA:24:1B:11:42
            X509v3 Authority Key Identifier:
                keyid:D0:C3:D3:58:81:2E:60:B6:80:E4:E1:16:32:F1:39:56:0B:F5:25:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/VYxETRyMB_5brJe_4iKAuiQbEUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/da5e3b-ca0b-4fce-b1e2-5dd336f38060/1/0MPTWIEuYLaA5OEWMvE5Vgv1Jfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:e6:ba:b9:b4:07:89:13:b5:a9:7e:49:91:77:e7:a0:10:77:
         39:44:fc:80:7c:b9:27:a1:95:b1:f8:0b:00:1d:10:77:a3:03:
         2d:83:6f:fb:a7:88:ca:cd:1d:f2:60:70:c3:2c:6c:d1:b4:39:
         90:c2:6b:cb:86:5c:05:25:4a:6e:96:e8:3c:65:10:1e:a3:17:
         6c:be:9c:4d:56:3f:7e:87:a4:ed:91:fd:3f:29:49:c8:6e:ca:
         7a:b5:24:a2:51:f2:51:f0:67:e9:25:0f:13:77:4f:d6:56:d1:
         91:d3:a7:54:0f:3e:5b:57:42:15:a0:25:e6:12:2f:a2:50:2e:
         71:ae:be:9e:a5:05:fb:d3:f2:23:59:b8:e7:2c:41:88:f4:e0:
         9d:8b:29:32:19:f3:c5:8a:0c:59:25:74:2b:19:e9:16:5b:fb:
         60:f8:5a:bb:83:f3:db:4d:fb:ac:5b:a8:c4:ea:31:09:02:1a:
         18:f3:22:80:d7:50:ae:4d:cf:94:20:29:be:f3:13:98:7d:ac:
         a6:16:f8:89:ec:97:d2:be:08:e4:10:ac:ce:7f:b9:93:1a:d9:
         32:7c:0e:42:24:31:35:76:93:a1:41:bc:eb:55:a3:28:55:97:
         a4:ac:10:c6:02:1f:0e:c3:de:3e:30:f9:da:87:ac:04:5b:c4:
         32:bd:ed:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4weQE4+8kvnr1Wu4SoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYzNkMzU4ODEyZTYwYjY4MGU0ZTExNjMyZjEzOTU2MGJm
NTI1ZmIwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NThjNDQ0ZDFjOGMwN2ZlNWJhYzk3YmZlMjIyODBiYTI0MWIxMTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtWw2pTmW242IuARYYKuJCqcNYXq
KY78rP/QeU5koc6QIgyyBSwjWMLimCUYxKguQt4hdswLTsESKJ3NG0M4VIOSEFI9
h4jYbac7y7rwt6GFMj7XKjvl7YgTEhjpiy+JDJn2HBPhPqqTHjKmXBc6iK6/XHUA
vWC3g2OVOX5X52JSfIH0f0jdrFYCT+Kne+vozevnC+xxL1R0XM0HbwHO45nUIVrM
U51RLnjl8TwJI5yr5CMyjL4fH496wnKds2QK5IYtlN89noPzKsbjVelopH5n1MiR
Ii7qkl1e3CDQrTcJ8kYZ+7tJ3XX6/qphehRxAIa9tL2tKr4fBujBQ/+Z9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWMRE0cjAf+W6yXv+IigLokGxFCMB8GA1UdIwQY
MBaAFNDD01iBLmC2gOThFjLxOVYL9SX7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME1QVFdJRXVZTGFBNU9FV012RTVWZ3YxSmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kYTVlM2ItY2EwYi00ZmNlLWIxZTIt
NWRkMzM2ZjM4MDYwLzEvVll4RVRSeU1CXzVickplXzRpS0F1aVFiRVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kYTVlM2ItY2EwYi00ZmNlLWIxZTItNWRkMzM2ZjM4MDYw
LzEvME1QVFdJRXVZTGFBNU9FV012RTVWZ3YxSmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKZMA0G
CSqGSIb3DQEBCwUAA4IBAQBk5rq5tAeJE7WpfkmRd+egEHc5RPyAfLknoZWx+AsA
HRB3owMtg2/7p4jKzR3yYHDDLGzRtDmQwmvLhlwFJUpulug8ZRAeoxdsvpxNVj9+
h6Ttkf0/KUnIbsp6tSSiUfJR8GfpJQ8Td0/WVtGR06dUDz5bV0IVoCXmEi+iUC5x
rr6epQX70/IjWbjnLEGI9OCdiykyGfPFigxZJXQrGekWW/tg+Fq7g/PbTfusW6jE
6jEJAhoY8yKA11CuTc+UICm+8xOYfaymFviJ7JfSvgjkEKzOf7mTGtkyfA5CJDE1
dpOhQbzrVaMoVZekrBDGAh8Ow94+MPnah6wEW8Qyve01
-----END CERTIFICATE-----