Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vjwY8rW09yNTE_ukfykPYun2a0U.roa
File:                     vjwY8rW09yNTE_ukfykPYun2a0U.roa (raw, json)
Hash identifier:          l6dnBrz/cTtV5r5IG4YB68sIb0S5RYqCqT/V9tXzyCw=
Subject key identifier:   BE:3C:18:F2:B5:B4:F7:23:53:13:FB:A4:7F:29:0F:62:E9:F6:6B:45
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01981D3A7011DF0716AD1A3E447EE7B629E9
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vjwY8rW09yNTE_ukfykPYun2a0U.roa
Signing time:             Fri 18 Jul 2025 11:10:25 +0000
ROA not before:           Fri 18 Jul 2025 11:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        193.8.112.0/24 maxlen: 24
                          194.76.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:3a:70:11:df:07:16:ad:1a:3e:44:7e:e7:b6:29:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 18 11:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be3c18f2b5b4f7235313fba47f290f62e9f66b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:40:f8:ef:15:f2:17:1e:96:c0:36:73:dd:46:
                    43:61:c5:c3:a0:b8:56:2f:25:20:e0:3c:3e:d1:9d:
                    bc:7a:c4:bc:8f:5a:ed:0e:5b:75:51:6b:df:f4:59:
                    a7:81:80:54:e3:cb:eb:1c:80:7f:06:08:99:f0:5d:
                    e6:4d:95:d9:20:bf:d7:f5:95:06:46:3c:06:ff:bf:
                    85:fe:66:62:f3:3d:32:f8:ee:22:91:be:0f:fb:81:
                    2c:f5:68:c3:96:2b:5c:ae:17:b6:d1:67:21:33:5f:
                    51:58:31:39:dd:96:ba:ba:08:c0:5a:41:6b:4e:6f:
                    71:22:4b:07:78:23:90:22:93:8f:67:ed:a6:68:35:
                    48:8c:e8:1b:79:f0:6d:aa:3d:f2:5b:ab:54:31:4a:
                    46:12:b1:e6:b9:4b:ac:18:d7:e1:1b:f3:3d:70:2b:
                    d5:79:15:6b:bc:4a:8b:f7:18:44:8e:6f:7f:b3:8e:
                    aa:eb:fb:ad:75:5e:d0:22:ed:55:1d:ea:ff:7c:db:
                    56:61:ed:c4:a4:ef:4d:1d:1c:b9:3d:50:6c:04:ff:
                    4f:63:88:da:49:ba:c2:3d:eb:c1:4f:8d:e3:37:59:
                    b5:db:f9:a3:5a:1a:b9:43:20:4c:4f:59:13:52:e4:
                    95:b8:0a:fa:29:18:ca:3e:b9:1f:c0:5c:1c:d7:94:
                    f0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:3C:18:F2:B5:B4:F7:23:53:13:FB:A4:7F:29:0F:62:E9:F6:6B:45
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vjwY8rW09yNTE_ukfykPYun2a0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.112.0/24
                  194.76.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:20:46:56:1b:2c:e5:b0:00:eb:ac:4a:60:49:e6:60:40:92:
         e8:90:f6:ce:b8:b3:a0:63:2c:1c:d4:1a:01:d1:79:20:7a:88:
         81:48:61:85:8d:f1:a7:d8:9a:82:6e:9f:9f:04:bd:b5:9f:3f:
         df:cc:8d:03:b9:7f:1d:2c:6e:7a:a9:df:bc:72:d0:94:b2:b6:
         15:79:c4:48:99:6a:8e:bf:91:61:62:5d:3a:84:d6:aa:3d:e4:
         3b:82:6d:28:8e:ac:80:d3:cb:c2:7a:e8:db:9a:cb:6a:02:bc:
         47:33:02:36:8c:e4:aa:be:24:b0:44:cb:b3:93:0c:37:11:6d:
         90:ee:e0:8b:ed:c2:42:44:b3:99:2e:85:78:4b:33:b2:f3:e3:
         88:6b:63:97:83:18:d1:86:e5:21:34:d9:37:dd:62:97:d8:05:
         b3:e7:4f:45:94:49:32:02:b2:67:31:88:bf:cb:d9:37:a5:fe:
         f6:d0:9c:8a:96:03:d7:85:ac:d9:03:7c:69:7a:1a:23:01:de:
         ab:a5:61:ab:33:f5:1d:39:7c:24:eb:4f:10:4f:2f:cb:44:d8:
         46:3c:76:cc:93:34:06:52:82:24:6a:f0:a2:2b:f5:24:58:05:
         a2:5d:fb:90:2b:8d:03:eb:ec:44:3f:55:ad:d3:4b:2b:3f:14:
         a2:0d:33:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgdOnAR3wcWrRo+RH7ntinpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzE4MTExMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTNjMThmMmI1YjRmNzIzNTMxM2ZiYTQ3ZjI5MGY2MmU5ZjY2YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuED47xXyFx6WwDZz3UZDYcXDoLhW
LyUg4Dw+0Z28esS8j1rtDlt1UWvf9FmngYBU48vrHIB/BgiZ8F3mTZXZIL/X9ZUG
RjwG/7+F/mZi8z0y+O4ikb4P+4Es9WjDlitcrhe20WchM19RWDE53Za6ugjAWkFr
Tm9xIksHeCOQIpOPZ+2maDVIjOgbefBtqj3yW6tUMUpGErHmuUusGNfhG/M9cCvV
eRVrvEqL9xhEjm9/s46q6/utdV7QIu1VHer/fNtWYe3EpO9NHRy5PVBsBP9PY4ja
SbrCPevBT43jN1m12/mjWhq5QyBMT1kTUuSVuAr6KRjKPrkfwFwc15TwSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL48GPK1tPcjUxP7pH8pD2Lp9mtFMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdmp3WThyVzA5eU5URV91a2Z5a1BZdW4yYTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQhwAwQA
wkytMA0GCSqGSIb3DQEBCwUAA4IBAQAHIEZWGyzlsADrrEpgSeZgQJLokPbOuLOg
Yywc1BoB0XkgeoiBSGGFjfGn2JqCbp+fBL21nz/fzI0DuX8dLG56qd+8ctCUsrYV
ecRImWqOv5FhYl06hNaqPeQ7gm0ojqyA08vCeujbmstqArxHMwI2jOSqviSwRMuz
kww3EW2Q7uCL7cJCRLOZLoV4SzOy8+OIa2OXgxjRhuUhNNk33WKX2AWz509FlEky
ArJnMYi/y9k3pf720JyKlgPXhazZA3xpehojAd6rpWGrM/UdOXwk608QTy/LRNhG
PHbMkzQGUoIkavCiK/UkWAWiXfuQK40D6+xEP1Wt00srPxSiDTOT
-----END CERTIFICATE-----