Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9yaKTMRm2MTr8kYdwRtz_sk6L9s.roa
File:                     9yaKTMRm2MTr8kYdwRtz_sk6L9s.roa (raw, json)
Hash identifier:          m9i77ulZ69MPRrXSQzZ6gDEkrtZ9pz/P6PEa3paIME0=
Subject key identifier:   F7:26:8A:4C:C4:66:D8:C4:EB:F2:46:1D:C1:1B:73:FE:C9:3A:2F:DB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942825193C0DD76A61BAFA3B3268CF2E2C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9yaKTMRm2MTr8kYdwRtz_sk6L9s.roa
Signing time:             Thu 02 Jan 2025 17:51:47 +0000
ROA not before:           Thu 02 Jan 2025 17:51:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        195.133.38.0/24 maxlen: 24
                          195.133.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 12:30:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:19:3c:0d:d7:6a:61:ba:fa:3b:32:68:cf:2e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7268a4cc466d8c4ebf2461dc11b73fec93a2fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:89:94:af:57:b3:a3:28:99:e7:eb:8d:a2:b8:
                    dc:4b:98:7e:67:f2:6e:4d:69:54:fe:fa:45:f0:7e:
                    f2:c9:64:2c:de:d9:a4:93:bc:e4:31:37:e1:83:15:
                    a3:10:03:35:c1:07:8b:8b:6b:c5:34:35:af:24:1e:
                    6d:cc:5c:99:a5:b8:8f:e9:c4:17:67:66:79:f1:b7:
                    4f:55:48:f1:7a:50:61:d6:27:29:c3:c5:2d:c2:9e:
                    bb:0d:ee:9f:2e:e2:59:6d:5c:1e:c2:36:fe:59:f0:
                    57:69:1b:7a:8a:da:ed:7f:32:7d:99:e1:b2:d5:29:
                    26:e0:64:ee:67:01:e8:5c:8a:e7:29:2e:d6:af:f0:
                    78:75:4e:6d:3f:36:ea:1e:cb:1b:99:8d:0a:20:86:
                    da:16:82:f3:c9:65:51:1c:9a:e7:17:0d:ea:c9:1f:
                    13:76:cf:05:4e:24:98:34:82:de:65:4c:49:c9:09:
                    ef:5b:20:91:e8:f5:8c:55:19:7a:b8:83:a1:cb:82:
                    1c:a7:80:7f:72:ce:f2:e1:72:3c:4e:cb:1a:50:4b:
                    b8:bd:13:b2:33:28:07:40:31:c8:b2:04:11:b6:b7:
                    d6:3e:15:ea:c2:49:f2:17:04:21:b1:35:1b:c6:ed:
                    b5:ab:3e:04:b2:1c:54:03:a5:50:68:a0:77:1c:a3:
                    2d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:26:8A:4C:C4:66:D8:C4:EB:F2:46:1D:C1:1B:73:FE:C9:3A:2F:DB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9yaKTMRm2MTr8kYdwRtz_sk6L9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.38.0/24
                  195.133.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:3e:d6:30:e2:c4:9b:95:89:ea:f0:b9:58:a2:57:95:ee:2a:
         9b:25:60:10:54:03:c1:91:c9:d4:e3:00:bd:6e:10:b5:22:10:
         53:03:ce:5c:19:5e:6a:f9:56:8d:f1:f6:84:a0:28:8c:d6:b1:
         80:86:93:35:c5:eb:2d:58:d9:60:4e:80:12:db:fc:e6:c8:b0:
         ec:5d:66:b3:9e:bc:20:cb:40:ba:32:b7:1e:f5:00:12:dd:22:
         0e:03:95:96:33:9c:4a:6e:ee:08:d8:bb:69:ec:92:09:79:c4:
         22:2d:c7:76:1d:e8:8f:40:62:86:52:57:c7:c4:eb:5e:71:a2:
         c6:a8:0c:3a:d5:22:f6:a4:d7:f1:6d:88:49:3b:5d:f9:84:83:
         7a:4d:76:66:e0:04:2f:df:3f:3e:d8:96:01:43:24:6a:df:0d:
         3f:c7:d0:26:bf:1e:e0:76:ed:8f:54:32:0a:8c:13:9f:a0:8f:
         a6:e9:b5:85:c7:d5:cd:49:5f:68:95:6f:58:31:76:5d:3e:64:
         ed:a9:65:e1:5c:58:d3:d5:be:eb:94:be:48:da:50:65:1a:90:
         b9:a9:bd:f4:6e:2d:03:aa:10:dc:e4:75:ad:bc:36:12:a4:4a:
         d9:a7:10:3a:33:2f:45:7e:72:71:03:75:22:46:4a:a6:92:eb:
         bc:47:03:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJRk8DddqYbr6OzJozy4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI2OGE0Y2M0NjZkOGM0ZWJmMjQ2MWRjMTFiNzNmZWM5M2EyZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84mUr1ezoyiZ5+uNorjcS5h+Z/Ju
TWlU/vpF8H7yyWQs3tmkk7zkMTfhgxWjEAM1wQeLi2vFNDWvJB5tzFyZpbiP6cQX
Z2Z58bdPVUjxelBh1icpw8Utwp67De6fLuJZbVwewjb+WfBXaRt6itrtfzJ9meGy
1Skm4GTuZwHoXIrnKS7Wr/B4dU5tPzbqHssbmY0KIIbaFoLzyWVRHJrnFw3qyR8T
ds8FTiSYNILeZUxJyQnvWyCR6PWMVRl6uIOhy4Icp4B/cs7y4XI8TssaUEu4vROy
MygHQDHIsgQRtrfWPhXqwknyFwQhsTUbxu21qz4EshxUA6VQaKB3HKMtQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPcmikzEZtjE6/JGHcEbc/7JOi/bMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOXlhS1RNUm0yTVRyOGtZZHdSdHpfc2s2TDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4UmAwQA
w4VPMA0GCSqGSIb3DQEBCwUAA4IBAQB/PtYw4sSblYnq8LlYoleV7iqbJWAQVAPB
kcnU4wC9bhC1IhBTA85cGV5q+VaN8faEoCiM1rGAhpM1xestWNlgToAS2/zmyLDs
XWaznrwgy0C6Mrce9QAS3SIOA5WWM5xKbu4I2Ltp7JIJecQiLcd2HeiPQGKGUlfH
xOtecaLGqAw61SL2pNfxbYhJO135hIN6TXZm4AQv3z8+2JYBQyRq3w0/x9Amvx7g
du2PVDIKjBOfoI+m6bWFx9XNSV9olW9YMXZdPmTtqWXhXFjT1b7rlL5I2lBlGpC5
qb30bi0DqhDc5HWtvDYSpErZpxA6My9FfnJxA3UiRkqmkuu8RwMw
-----END CERTIFICATE-----