Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/XsLpmpu2xvBP4JjcplMw-4A56mY.roa
File:                     XsLpmpu2xvBP4JjcplMw-4A56mY.roa (raw, json)
Hash identifier:          zDQ4NxbIV24C02r59jK+8GO4r9TIoUq4yC6lv1rRxf0=
Subject key identifier:   5E:C2:E9:9A:9B:B6:C6:F0:4F:E0:98:DC:A6:53:30:FB:80:39:EA:66
Certificate issuer:       /CN=626d24d6bf353963fe5afa25b0a59667152a86d0
Certificate serial:       019426D958A58CFDAC3B7E18F8A51A8A2701
Authority key identifier: 62:6D:24:D6:BF:35:39:63:FE:5A:FA:25:B0:A5:96:67:15:2A:86:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ym0k1r81OWP-WvolsKWWZxUqhtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/XsLpmpu2xvBP4JjcplMw-4A56mY.roa
Signing time:             Thu 02 Jan 2025 11:49:25 +0000
ROA not before:           Thu 02 Jan 2025 11:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5518
IP address blocks:        195.10.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/Ym0k1r81OWP-WvolsKWWZxUqhtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/Ym0k1r81OWP-WvolsKWWZxUqhtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ym0k1r81OWP-WvolsKWWZxUqhtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:58:a5:8c:fd:ac:3b:7e:18:f8:a5:1a:8a:27:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626d24d6bf353963fe5afa25b0a59667152a86d0
        Validity
            Not Before: Jan  2 11:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ec2e99a9bb6c6f04fe098dca65330fb8039ea66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:05:7f:76:31:a5:e1:b6:08:cb:2f:c1:1f:22:
                    29:31:9a:20:5b:49:7e:04:4a:ea:0b:97:1f:b8:9e:
                    14:dd:ae:5c:72:da:59:31:a3:bb:a8:ff:20:7b:99:
                    7b:0a:33:ff:bb:f8:60:10:42:fb:9e:4a:35:ca:7b:
                    c4:ac:22:f1:37:c2:97:81:bb:84:06:e3:e3:d8:64:
                    a3:3f:59:e8:00:8e:74:6d:62:80:3a:97:63:7b:7b:
                    5e:9e:35:8a:57:74:9f:ff:54:d3:7a:f4:3c:5a:57:
                    8c:69:ce:62:e2:32:ae:28:92:8a:3a:97:96:18:ef:
                    fd:cf:c1:1b:9f:24:42:57:fc:c3:8c:7e:d0:bd:10:
                    65:2d:2b:a4:5a:d4:79:76:06:af:ab:de:2d:d4:70:
                    5e:2a:74:d6:6d:06:db:a1:a3:3d:ae:f6:ab:e8:24:
                    e7:20:cc:be:f9:c9:3c:99:05:4c:45:c2:9e:9a:13:
                    4f:f6:dd:50:28:d1:1d:0d:1a:0e:cd:77:75:01:24:
                    71:6c:ad:fd:55:d4:12:db:08:e7:d8:6c:b6:72:6d:
                    15:f3:da:2b:29:d5:60:34:38:93:eb:21:d0:63:9c:
                    c3:50:21:ce:8f:a9:74:84:81:22:4a:19:44:4f:f8:
                    20:b1:b5:2e:39:3d:bc:44:f5:31:52:f5:c8:39:89:
                    61:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C2:E9:9A:9B:B6:C6:F0:4F:E0:98:DC:A6:53:30:FB:80:39:EA:66
            X509v3 Authority Key Identifier:
                keyid:62:6D:24:D6:BF:35:39:63:FE:5A:FA:25:B0:A5:96:67:15:2A:86:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ym0k1r81OWP-WvolsKWWZxUqhtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/XsLpmpu2xvBP4JjcplMw-4A56mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/63432a-e5d9-46e2-9c01-ac809bbae737/1/Ym0k1r81OWP-WvolsKWWZxUqhtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:68:b6:02:86:54:4c:2a:46:8d:f6:c6:00:bd:20:d0:75:25:
         b5:cb:e3:a3:71:ad:7a:4d:90:1c:55:38:e9:38:7a:4d:01:82:
         f4:1e:5c:ac:25:f3:d4:a7:4d:10:4c:f4:14:1f:45:ca:2b:00:
         76:30:6e:d7:e6:fb:b1:19:e7:d9:7d:04:59:11:34:c7:b5:9c:
         05:aa:91:fe:93:4e:b8:21:4f:41:c2:10:4f:16:dc:d9:cd:7b:
         39:4a:9e:bc:e3:e1:0a:7f:4a:35:77:3b:76:68:f0:89:56:84:
         9a:31:19:88:55:62:77:51:0e:1f:d4:ef:5f:c8:b9:83:5d:3c:
         64:33:33:b5:d0:92:c5:e0:39:41:69:18:dd:16:07:8d:06:64:
         b6:78:a9:3d:5e:92:42:fc:3b:a9:b8:df:7f:34:4c:56:20:9a:
         a9:60:7f:92:69:b5:05:be:c0:56:d9:6b:9d:1b:a4:4d:f0:18:
         54:2a:db:22:b4:44:5e:39:6f:a0:e7:db:d4:4e:7a:b6:a3:af:
         6f:05:38:c3:a8:98:62:e1:36:0b:a7:7a:ea:56:bb:99:e6:e4:
         2f:1d:27:28:03:29:dc:cf:ba:52:eb:32:75:d8:45:d5:25:fb:
         47:46:32:78:a9:e0:db:8d:45:17:fe:40:27:23:0b:26:c3:c1:
         93:37:74:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ViljP2sO34Y+KUaiicBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmQyNGQ2YmYzNTM5NjNmZTVhZmEyNWIwYTU5NjY3MTUy
YTg2ZDAwHhcNMjUwMTAyMTE0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMyZTk5YTliYjZjNmYwNGZlMDk4ZGNhNjUzMzBmYjgwMzllYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AV/djGl4bYIyy/BHyIpMZogW0l+
BErqC5cfuJ4U3a5cctpZMaO7qP8ge5l7CjP/u/hgEEL7nko1ynvErCLxN8KXgbuE
BuPj2GSjP1noAI50bWKAOpdje3tenjWKV3Sf/1TTevQ8WleMac5i4jKuKJKKOpeW
GO/9z8EbnyRCV/zDjH7QvRBlLSukWtR5dgavq94t1HBeKnTWbQbboaM9rvar6CTn
IMy++ck8mQVMRcKemhNP9t1QKNEdDRoOzXd1ASRxbK39VdQS2wjn2Gy2cm0V89or
KdVgNDiT6yHQY5zDUCHOj6l0hIEiShlET/ggsbUuOT28RPUxUvXIOYlhGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7C6ZqbtsbwT+CY3KZTMPuAOepmMB8GA1UdIwQY
MBaAFGJtJNa/NTlj/lr6JbCllmcVKobQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW0wazFyODFPV1AtV3ZvbHNLV1daeFVxaHRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC82MzQzMmEtZTVkOS00NmUyLTljMDEt
YWM4MDliYmFlNzM3LzEvWHNMcG1wdTJ4dkJQNEpqY3BsTXctNEE1Nm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC82MzQzMmEtZTVkOS00NmUyLTljMDEtYWM4MDliYmFlNzM3
LzEvWW0wazFyODFPV1AtV3ZvbHNLV1daeFVxaHRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrYMA0G
CSqGSIb3DQEBCwUAA4IBAQAOaLYChlRMKkaN9sYAvSDQdSW1y+Ojca16TZAcVTjp
OHpNAYL0HlysJfPUp00QTPQUH0XKKwB2MG7X5vuxGefZfQRZETTHtZwFqpH+k064
IU9BwhBPFtzZzXs5Sp684+EKf0o1dzt2aPCJVoSaMRmIVWJ3UQ4f1O9fyLmDXTxk
MzO10JLF4DlBaRjdFgeNBmS2eKk9XpJC/DupuN9/NExWIJqpYH+SabUFvsBW2Wud
G6RN8BhUKtsitEReOW+g59vUTnq2o69vBTjDqJhi4TYLp3rqVruZ5uQvHScoAync
z7pS6zJ12EXVJftHRjJ4qeDbjUUX/kAnIwsmw8GTN3RA
-----END CERTIFICATE-----