Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/yizlH9bVBZ4r4iRvvbJ2VP3ozzg.roa
File:                     yizlH9bVBZ4r4iRvvbJ2VP3ozzg.roa (raw, json)
Hash identifier:          r5Y34WQoYI5TwsCESbJ739CvzI3jr7yM4zMajr00BD4=
Subject key identifier:   CA:2C:E5:1F:D6:D5:05:9E:2B:E2:24:6F:BD:B2:76:54:FD:E8:CF:38
Certificate issuer:       /CN=6c1a761795f0f66bff2478b468cde0d851ed1887
Certificate serial:       0194F1E6C5CE5AE9EA8AFC3A5CDC76C823B5
Authority key identifier: 6C:1A:76:17:95:F0:F6:6B:FF:24:78:B4:68:CD:E0:D8:51:ED:18:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/yizlH9bVBZ4r4iRvvbJ2VP3ozzg.roa
Signing time:             Mon 10 Feb 2025 22:07:00 +0000
ROA not before:           Mon 10 Feb 2025 22:07:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5503
IP address blocks:        46.60.128.0/17 maxlen: 24
                          185.224.12.0/22 maxlen: 24
                          2a03:c500::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f1:e6:c5:ce:5a:e9:ea:8a:fc:3a:5c:dc:76:c8:23:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1a761795f0f66bff2478b468cde0d851ed1887
        Validity
            Not Before: Feb 10 22:07:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca2ce51fd6d5059e2be2246fbdb27654fde8cf38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0d:a8:6c:fd:54:ca:42:78:63:0a:4b:c7:f1:
                    6a:c4:55:3d:99:15:8f:7f:67:7f:37:fa:16:e2:f3:
                    b0:77:b2:f1:68:ab:6f:4f:88:fc:62:b8:ea:cc:ff:
                    ca:b1:ed:0d:07:ef:70:96:23:a5:8d:97:ee:82:eb:
                    75:88:e9:e4:fe:b3:3e:e2:0c:1c:9d:72:3f:dd:7f:
                    b6:67:76:fb:81:93:ec:49:23:f7:fe:7d:6e:90:e6:
                    43:7e:45:29:9c:9e:3c:3c:12:14:5a:03:0c:64:7a:
                    b3:be:ca:02:a0:8f:4c:3c:9c:82:30:7b:1a:64:4b:
                    5f:31:cb:cd:9f:ad:58:8b:44:b1:c8:6e:81:14:58:
                    86:7b:7f:5f:ed:e4:54:7c:e9:10:c4:b9:be:68:03:
                    01:c1:6e:79:52:14:cd:2a:3b:1c:8c:aa:e4:48:13:
                    00:06:1b:67:a5:c5:4a:42:94:4b:c7:f8:a2:90:46:
                    fe:49:d6:fa:21:6b:9c:f5:21:7b:21:c1:82:c6:0f:
                    77:1a:a9:97:95:ae:0e:8a:29:05:cf:96:83:72:0b:
                    98:b0:7a:4c:a8:c1:da:f4:47:af:f5:29:1b:fe:92:
                    06:db:d2:e5:ef:47:bc:f5:3b:e8:6d:d7:78:50:5c:
                    e5:d7:78:c5:91:7e:f3:40:33:db:57:2c:b2:f3:8b:
                    a9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2C:E5:1F:D6:D5:05:9E:2B:E2:24:6F:BD:B2:76:54:FD:E8:CF:38
            X509v3 Authority Key Identifier:
                keyid:6C:1A:76:17:95:F0:F6:6B:FF:24:78:B4:68:CD:E0:D8:51:ED:18:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/yizlH9bVBZ4r4iRvvbJ2VP3ozzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.60.128.0/17
                  185.224.12.0/22
                IPv6:
                  2a03:c500::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:f1:f2:01:dd:fb:8e:05:c2:20:0a:93:17:67:ae:e3:b8:b9:
         6d:cc:57:b3:5c:98:be:8f:c5:d3:3b:eb:a0:c0:6a:10:c7:93:
         53:41:72:19:ff:60:c9:54:64:70:fb:ef:1d:25:66:9e:af:67:
         8e:b0:e3:1a:ff:a9:ff:2a:86:15:f5:77:3f:5e:66:34:d1:0e:
         fc:85:10:a7:e1:6f:e1:70:50:f7:d0:29:55:64:72:23:25:23:
         e5:67:df:cc:a9:c8:c2:d3:c8:42:b6:d5:52:d0:d2:2f:ed:cf:
         2b:71:c0:66:ba:69:95:6a:32:89:8b:2d:84:5b:97:71:78:59:
         da:f4:37:5f:a6:7e:73:46:57:e6:b8:fd:fe:b1:87:cc:ab:00:
         2d:53:4c:1a:24:53:49:1a:54:bb:d3:b7:51:bf:4a:db:43:75:
         2b:da:f7:4b:ea:a9:e0:d2:ff:50:dd:89:da:67:0f:a7:de:30:
         55:fc:52:43:bb:54:e5:62:60:a5:ee:1e:1e:bb:82:18:65:eb:
         97:a4:d9:1f:cb:63:c6:2c:3b:a8:6e:eb:1f:fe:eb:b7:2e:8e:
         2d:37:65:db:78:97:b6:8b:54:16:b6:3d:22:47:94:32:56:44:
         fb:a9:31:50:b7:e6:50:68:03:7a:80:27:10:36:2e:4e:cf:a2:
         80:5b:95:35
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZTx5sXOWunqivw6XNx2yCO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWE3NjE3OTVmMGY2NmJmZjI0NzhiNDY4Y2RlMGQ4NTFl
ZDE4ODcwHhcNMjUwMjEwMjIwNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJjZTUxZmQ2ZDUwNTllMmJlMjI0NmZiZGIyNzY1NGZkZThjZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApg2obP1UykJ4YwpLx/FqxFU9mRWP
f2d/N/oW4vOwd7LxaKtvT4j8YrjqzP/Kse0NB+9wliOljZfugut1iOnk/rM+4gwc
nXI/3X+2Z3b7gZPsSSP3/n1ukOZDfkUpnJ48PBIUWgMMZHqzvsoCoI9MPJyCMHsa
ZEtfMcvNn61Yi0SxyG6BFFiGe39f7eRUfOkQxLm+aAMBwW55UhTNKjscjKrkSBMA
BhtnpcVKQpRLx/iikEb+Sdb6IWuc9SF7IcGCxg93GqmXla4OiikFz5aDcguYsHpM
qMHa9Eev9Skb/pIG29Ll70e89Tvobdd4UFzl13jFkX7zQDPbVyyy84upYQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMos5R/W1QWeK+Ikb72ydlT96M84MB8GA1UdIwQY
MBaAFGwadheV8PZr/yR4tGjN4NhR7RiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJwMkY1WHc5bXZfSkhpMGFNM2cyRkh0R0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMmMzODYtZDVlOS00YWQ5LTkzOGEt
MGQxZDE3NGM0MzUxLzEveWl6bEg5YlZCWjRyNGlSdnZiSjJWUDNvenpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMmMzODYtZDVlOS00YWQ5LTkzOGEtMGQxZDE3NGM0MzUx
LzEvYkJwMkY1WHc5bXZfSkhpMGFNM2cyRkh0R0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHLjyAAwQC
ueAMMA0EAgACMAcDBQAqA8UAMA0GCSqGSIb3DQEBCwUAA4IBAQAP8fIB3fuOBcIg
CpMXZ67juLltzFezXJi+j8XTO+ugwGoQx5NTQXIZ/2DJVGRw++8dJWaer2eOsOMa
/6n/KoYV9Xc/XmY00Q78hRCn4W/hcFD30ClVZHIjJSPlZ9/MqcjC08hCttVS0NIv
7c8rccBmummVajKJiy2EW5dxeFna9Ddfpn5zRlfmuP3+sYfMqwAtU0waJFNJGlS7
07dRv0rbQ3Ur2vdL6qng0v9Q3YnaZw+n3jBV/FJDu1TlYmCl7h4eu4IYZeuXpNkf
y2PGLDuobusf/uu3Lo4tN2XbeJe2i1QWtj0iR5QyVkT7qTFQt+ZQaAN6gCcQNi5O
z6KAW5U1
-----END CERTIFICATE-----