Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/ynJSD2xc-CykfYa79BP9jQj40kM.roa
File:                     ynJSD2xc-CykfYa79BP9jQj40kM.roa (raw, json)
Hash identifier:          fMb/laTqYN39Vwte4hGLXjRHIufJPIqxfdcZimxGcGk=
Subject key identifier:   CA:72:52:0F:6C:5C:F8:2C:A4:7D:86:BB:F4:13:FD:8D:08:F8:D2:43
Certificate issuer:       /CN=e7739f08442e22446621b89a57639b3542ba34dc
Certificate serial:       0194252155761921F6334CE4FC7160C200D1
Authority key identifier: E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/53OfCEQuIkRmIbiaV2ObNUK6NNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/ynJSD2xc-CykfYa79BP9jQj40kM.roa
Signing time:             Thu 02 Jan 2025 03:48:49 +0000
ROA not before:           Thu 02 Jan 2025 03:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47447
IP address blocks:        194.5.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/53OfCEQuIkRmIbiaV2ObNUK6NNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:55:76:19:21:f6:33:4c:e4:fc:71:60:c2:00:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7739f08442e22446621b89a57639b3542ba34dc
        Validity
            Not Before: Jan  2 03:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca72520f6c5cf82ca47d86bbf413fd8d08f8d243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:71:a6:24:79:21:6d:ee:84:c8:a1:42:5f:d5:
                    75:26:64:c4:1f:eb:37:80:47:cb:60:d1:d6:b6:da:
                    40:ba:fa:97:93:28:e3:ad:64:01:f8:89:ee:31:a0:
                    7b:17:b9:f2:57:17:9f:bf:c1:86:8d:e4:a9:2c:e3:
                    40:6d:de:c6:79:4e:f1:3c:78:40:bc:3d:1d:83:5d:
                    c4:fe:30:9b:ea:af:32:ce:91:ba:cc:5a:4d:42:bb:
                    68:12:5d:48:ec:88:ad:49:f3:16:f4:72:86:41:c4:
                    2b:a9:a4:f8:dc:ed:86:8f:f2:e6:63:92:bb:fa:57:
                    cb:e8:25:d0:ae:a8:9e:29:80:bb:b0:77:10:9b:91:
                    74:ad:87:b2:81:30:fa:f8:f7:e5:bc:a6:e5:d6:90:
                    71:93:0d:4f:3b:96:00:b8:f2:51:4a:76:c2:d8:87:
                    f5:03:d2:85:b3:8d:bf:0c:bd:1a:50:52:7b:e4:d3:
                    4e:92:60:34:e5:49:79:50:de:fd:e8:f4:d3:ac:21:
                    94:87:26:c8:7c:5f:33:6e:7c:d8:4f:00:87:b1:e6:
                    e1:31:8b:28:c6:ba:3c:cd:01:67:bb:00:c6:12:c7:
                    26:c9:6b:7f:aa:14:6c:18:98:84:38:0a:74:5c:de:
                    c8:7e:9b:a9:8f:5c:78:8c:ee:17:b4:7c:d5:5f:c5:
                    02:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:72:52:0F:6C:5C:F8:2C:A4:7D:86:BB:F4:13:FD:8D:08:F8:D2:43
            X509v3 Authority Key Identifier:
                keyid:E7:73:9F:08:44:2E:22:44:66:21:B8:9A:57:63:9B:35:42:BA:34:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/53OfCEQuIkRmIbiaV2ObNUK6NNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/ynJSD2xc-CykfYa79BP9jQj40kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e20d59-4454-4ec8-9677-5f2bf22e189d/1/53OfCEQuIkRmIbiaV2ObNUK6NNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:d2:85:1e:93:d5:eb:dc:d8:11:05:3a:73:bf:c2:9c:ff:8a:
         b6:42:a6:67:6b:b3:c3:1d:b9:20:eb:d9:b3:af:e7:b1:a9:65:
         f7:d7:bb:65:13:bb:90:dc:09:eb:18:6f:b3:9e:7e:29:24:e5:
         11:6e:2a:c8:e7:13:8a:a0:a8:4f:b2:95:e8:a5:cb:ff:c5:41:
         ee:61:5c:41:f4:62:da:fc:fd:a2:76:f1:3b:5c:8d:3f:48:b1:
         ca:94:bc:2d:28:2e:66:a9:2d:99:ba:e9:4e:c6:31:b0:71:e4:
         a8:e1:14:89:17:4c:78:c5:9b:3d:e0:1f:ed:74:44:39:c5:03:
         c9:aa:b0:8f:4a:a2:ad:96:0d:c1:03:eb:60:65:1c:84:3f:7f:
         03:af:f2:94:2d:90:4a:66:e9:6a:84:94:24:b1:ad:a8:4f:87:
         9a:8f:4b:70:c5:58:dd:12:52:fb:ec:e1:9e:11:53:8a:38:af:
         ad:79:72:f8:11:8a:8e:a7:b4:9d:70:d3:aa:43:91:c3:a6:0f:
         dd:03:aa:e8:bb:d4:8f:c8:f7:a8:b9:95:49:31:57:d3:01:4b:
         81:70:37:aa:28:42:92:53:e0:4e:db:15:0a:3b:13:b8:a5:48:
         86:a7:ca:9d:c9:31:08:22:db:2e:c4:6c:aa:74:a9:f2:2a:fa:
         a8:7e:4c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVV2GSH2M0zk/HFgwgDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NzM5ZjA4NDQyZTIyNDQ2NjIxYjg5YTU3NjM5YjM1NDJi
YTM0ZGMwHhcNMjUwMTAyMDM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcyNTIwZjZjNWNmODJjYTQ3ZDg2YmJmNDEzZmQ4ZDA4ZjhkMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XGmJHkhbe6EyKFCX9V1JmTEH+s3
gEfLYNHWttpAuvqXkyjjrWQB+InuMaB7F7nyVxefv8GGjeSpLONAbd7GeU7xPHhA
vD0dg13E/jCb6q8yzpG6zFpNQrtoEl1I7IitSfMW9HKGQcQrqaT43O2Gj/LmY5K7
+lfL6CXQrqieKYC7sHcQm5F0rYeygTD6+PflvKbl1pBxkw1PO5YAuPJRSnbC2If1
A9KFs42/DL0aUFJ75NNOkmA05Ul5UN796PTTrCGUhybIfF8zbnzYTwCHsebhMYso
xro8zQFnuwDGEscmyWt/qhRsGJiEOAp0XN7Ifpupj1x4jO4XtHzVX8UCjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpyUg9sXPgspH2Gu/QT/Y0I+NJDMB8GA1UdIwQY
MBaAFOdznwhELiJEZiG4mldjmzVCujTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTNPZkNFUXVJa1JtSWJpYVYyT2JOVUs2Tk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lMjBkNTktNDQ1NC00ZWM4LTk2Nzct
NWYyYmYyMmUxODlkLzEveW5KU0QyeGMtQ3lrZllhNzlCUDlqUWo0MGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9lMjBkNTktNDQ1NC00ZWM4LTk2NzctNWYyYmYyMmUxODlk
LzEvNTNPZkNFUXVJa1JtSWJpYVYyT2JOVUs2Tk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgU+MA0G
CSqGSIb3DQEBCwUAA4IBAQCf0oUek9Xr3NgRBTpzv8Kc/4q2QqZna7PDHbkg69mz
r+exqWX317tlE7uQ3AnrGG+znn4pJOURbirI5xOKoKhPspXopcv/xUHuYVxB9GLa
/P2idvE7XI0/SLHKlLwtKC5mqS2ZuulOxjGwceSo4RSJF0x4xZs94B/tdEQ5xQPJ
qrCPSqKtlg3BA+tgZRyEP38Dr/KULZBKZulqhJQksa2oT4eaj0twxVjdElL77OGe
EVOKOK+teXL4EYqOp7SdcNOqQ5HDpg/dA6rou9SPyPeouZVJMVfTAUuBcDeqKEKS
U+BO2xUKOxO4pUiGp8qdyTEIItsuxGyqdKnyKvqofkyY
-----END CERTIFICATE-----