Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/ytt6NDRPw01MpgKIPHZI-KhTqFM.roa
File:                     ytt6NDRPw01MpgKIPHZI-KhTqFM.roa (raw, json)
Hash identifier:          Qz/7LnFWYN8eKNmOmwVT183VYftTGjaTvg3yJfBkJTg=
Subject key identifier:   CA:DB:7A:34:34:4F:C3:4D:4C:A6:02:88:3C:76:48:F8:A8:53:A8:53
Certificate issuer:       /CN=0701b929fd9edbabae35dd44adc161d7d470b1fa
Certificate serial:       019427B5A73DDA7E24E73FCC585D5213F510
Authority key identifier: 07:01:B9:29:FD:9E:DB:AB:AE:35:DD:44:AD:C1:61:D7:D4:70:B1:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/ytt6NDRPw01MpgKIPHZI-KhTqFM.roa
Signing time:             Thu 02 Jan 2025 15:50:03 +0000
ROA not before:           Thu 02 Jan 2025 15:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        185.31.36.0/22 maxlen: 22
                          2a04:4d40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:a7:3d:da:7e:24:e7:3f:cc:58:5d:52:13:f5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0701b929fd9edbabae35dd44adc161d7d470b1fa
        Validity
            Not Before: Jan  2 15:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cadb7a34344fc34d4ca602883c7648f8a853a853
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:74:bd:52:ba:50:3c:f6:ef:70:c3:db:c5:82:
                    9b:8b:f7:85:27:be:35:fb:4d:15:1e:9e:1e:69:4f:
                    96:ce:cc:9b:99:47:c6:c1:e1:69:50:8a:be:d9:ab:
                    86:1f:33:f2:05:97:18:75:8e:f5:b4:b5:67:f3:2a:
                    d8:7d:7a:41:a9:ec:06:cc:38:f0:39:93:5d:e4:be:
                    c5:dd:7e:79:53:9b:06:8a:b8:a7:c7:2c:3f:36:da:
                    5a:d1:49:75:f9:ec:01:dd:b5:5b:f1:74:c1:04:48:
                    c6:86:9d:f1:a1:f2:0a:e0:af:08:95:dc:9d:45:03:
                    65:2f:a0:b9:7f:11:4c:2d:13:81:cf:d6:67:56:4b:
                    b8:91:6a:ca:18:cc:f1:48:b8:00:2a:54:ba:03:5f:
                    67:56:92:a0:6f:07:1d:73:c2:d4:9a:de:76:54:22:
                    1d:02:e3:f0:b1:d0:28:46:4c:ea:8d:22:ad:c5:69:
                    04:25:56:87:e7:43:a9:2a:4d:94:6d:51:ff:7e:6a:
                    dc:b3:be:e9:77:db:bc:d8:ae:b6:61:38:9c:71:dd:
                    b4:aa:a4:41:d1:05:af:aa:06:06:6e:a6:10:a9:31:
                    56:9d:1d:86:d3:6b:cd:7a:96:8b:93:95:18:fe:83:
                    d8:75:4d:1a:e3:f4:c6:91:29:09:0b:c3:c8:c4:70:
                    ff:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DB:7A:34:34:4F:C3:4D:4C:A6:02:88:3C:76:48:F8:A8:53:A8:53
            X509v3 Authority Key Identifier:
                keyid:07:01:B9:29:FD:9E:DB:AB:AE:35:DD:44:AD:C1:61:D7:D4:70:B1:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/ytt6NDRPw01MpgKIPHZI-KhTqFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.36.0/22
                IPv6:
                  2a04:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:06:04:97:b0:d6:07:21:85:89:e2:53:f5:1e:80:07:09:21:
         bf:b9:60:97:18:a8:af:79:a1:7f:6d:fe:79:5a:f3:b7:53:ef:
         dc:54:cd:09:e2:cc:05:bf:68:45:6c:7f:59:98:93:c8:bf:44:
         e7:d7:bc:56:2c:61:2b:40:81:82:17:66:a4:5e:0a:35:01:73:
         40:24:c7:18:03:04:35:d1:94:d2:5c:5a:33:98:fa:65:0c:ed:
         bb:4e:65:ae:59:6d:33:25:b8:8f:d0:18:9a:8d:6f:6b:8b:5a:
         f7:60:12:56:c6:d2:30:d6:c7:92:05:f9:61:69:7c:9a:37:b5:
         a2:25:cb:15:23:81:67:ee:51:b0:f9:db:8f:c5:6e:d9:44:13:
         2f:84:cd:7e:c3:83:62:1b:1d:9f:31:e4:48:a2:28:13:a2:1d:
         f4:a9:54:e5:f3:05:a1:52:63:21:f2:bd:8f:a1:b3:aa:6c:e7:
         84:46:df:dd:1b:b5:79:e7:f8:59:67:d4:db:ca:25:1b:39:ef:
         26:fb:fe:3c:78:f0:f8:54:31:60:d0:fd:cd:56:a8:d2:20:1c:
         a3:56:90:6b:52:6e:60:a6:a5:db:73:30:27:93:09:fd:72:a4:
         87:67:09:c6:d7:4f:74:34:66:0c:b9:51:65:44:60:33:42:f8:
         db:91:6d:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntac92n4k5z/MWF1SE/UQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDFiOTI5ZmQ5ZWRiYWJhZTM1ZGQ0NGFkYzE2MWQ3ZDQ3
MGIxZmEwHhcNMjUwMTAyMTU1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRiN2EzNDM0NGZjMzRkNGNhNjAyODgzYzc2NDhmOGE4NTNhODUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonS9UrpQPPbvcMPbxYKbi/eFJ741
+00VHp4eaU+WzsybmUfGweFpUIq+2auGHzPyBZcYdY71tLVn8yrYfXpBqewGzDjw
OZNd5L7F3X55U5sGirinxyw/Ntpa0Ul1+ewB3bVb8XTBBEjGhp3xofIK4K8Ildyd
RQNlL6C5fxFMLROBz9ZnVku4kWrKGMzxSLgAKlS6A19nVpKgbwcdc8LUmt52VCId
AuPwsdAoRkzqjSKtxWkEJVaH50OpKk2UbVH/fmrcs77pd9u82K62YTiccd20qqRB
0QWvqgYGbqYQqTFWnR2G02vNepaLk5UY/oPYdU0a4/TGkSkJC8PIxHD/iwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMrbejQ0T8NNTKYCiDx2SPioU6hTMB8GA1UdIwQY
MBaAFAcBuSn9nturrjXdRK3BYdfUcLH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndHNUtmMmUyNnV1TmQxRXJjRmgxOVJ3c2ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8yYjQyZmMtNDliYy00ZjgxLTk4N2It
ODU0OTMwNDZlYzQ2LzEveXR0Nk5EUlB3MDFNcGdLSVBIWkktS2hUcUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8yYjQyZmMtNDliYy00ZjgxLTk4N2ItODU0OTMwNDZlYzQ2
LzEvQndHNUtmMmUyNnV1TmQxRXJjRmgxOVJ3c2ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR8kMA0E
AgACMAcDBQMqBE1AMA0GCSqGSIb3DQEBCwUAA4IBAQAjBgSXsNYHIYWJ4lP1HoAH
CSG/uWCXGKiveaF/bf55WvO3U+/cVM0J4swFv2hFbH9ZmJPIv0Tn17xWLGErQIGC
F2akXgo1AXNAJMcYAwQ10ZTSXFozmPplDO27TmWuWW0zJbiP0BiajW9ri1r3YBJW
xtIw1seSBflhaXyaN7WiJcsVI4Fn7lGw+duPxW7ZRBMvhM1+w4NiGx2fMeRIoigT
oh30qVTl8wWhUmMh8r2PobOqbOeERt/dG7V55/hZZ9TbyiUbOe8m+/48ePD4VDFg
0P3NVqjSIByjVpBrUm5gpqXbczAnkwn9cqSHZwnG1090NGYMuVFlRGAzQvjbkW1p
-----END CERTIFICATE-----