Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/XyJzr7K8kDR7Crh0eGA64cNXh5o.roa
File:                     XyJzr7K8kDR7Crh0eGA64cNXh5o.roa (raw, json)
Hash identifier:          O/tUpYLyJqFNhTOL8oVDzZYICuybOlG7LlJD8DubnZc=
Subject key identifier:   5F:22:73:AF:B2:BC:90:34:7B:0A:B8:74:78:60:3A:E1:C3:57:87:9A
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC3219F9274C3CEEC193D6B6E40E14
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/XyJzr7K8kDR7Crh0eGA64cNXh5o.roa
Signing time:             Wed 01 Jan 2025 17:49:00 +0000
ROA not before:           Wed 01 Jan 2025 17:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        81.31.244.0/24 maxlen: 24
                          81.31.245.0/24 maxlen: 24
                          81.31.246.0/24 maxlen: 24
                          185.84.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:32:19:f9:27:4c:3c:ee:c1:93:d6:b6:e4:0e:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f2273afb2bc90347b0ab87478603ae1c357879a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:54:88:73:5b:19:b0:0d:bf:ed:57:25:bd:75:
                    24:94:72:63:45:8e:22:83:45:e4:74:30:1e:29:81:
                    f2:7e:1a:aa:ad:6a:eb:eb:6d:f1:87:a9:f5:14:f4:
                    b1:13:33:bb:a0:3b:ff:08:63:33:95:ea:ec:55:ab:
                    75:81:af:de:35:b6:0c:3c:d0:85:0f:58:a7:fc:8b:
                    67:1a:e1:c9:37:d7:cf:62:26:72:10:2a:7e:3d:32:
                    66:51:f8:a7:b9:77:0f:08:0e:9d:e1:a2:d6:cd:58:
                    0f:bf:44:64:9d:7d:be:ae:15:84:48:19:99:24:09:
                    eb:6a:38:dd:de:ed:a5:72:c0:3b:16:b8:c7:be:10:
                    34:70:7b:34:96:3a:e6:df:73:88:b5:eb:59:03:24:
                    c9:09:d9:ac:f0:4f:45:ce:11:80:e1:17:af:b2:33:
                    67:8a:a6:b6:74:a4:be:3c:f5:ae:b2:f0:5e:86:a5:
                    5d:79:92:04:43:bf:c3:0e:85:4c:a3:e5:db:b3:8a:
                    5c:fb:9b:23:c7:7c:84:a1:c8:69:40:9c:0b:93:86:
                    c8:71:62:d2:98:a4:2d:fc:5d:ae:de:55:30:76:93:
                    75:0c:dd:88:b1:dc:01:24:b9:29:e3:ad:2c:a2:84:
                    a9:43:01:b2:53:a7:b2:9c:98:40:9c:9c:03:ca:54:
                    4a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:22:73:AF:B2:BC:90:34:7B:0A:B8:74:78:60:3A:E1:C3:57:87:9A
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/XyJzr7K8kDR7Crh0eGA64cNXh5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.244.0-81.31.246.255
                  185.84.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:0a:c7:dd:93:03:a6:45:22:5c:89:bb:fe:56:5e:ba:1e:a5:
         32:13:64:71:71:1e:c1:47:bd:0a:2e:31:16:eb:fc:0f:b1:14:
         67:c5:42:01:a5:36:58:ec:55:c1:b4:71:0c:4d:65:b4:77:54:
         c5:4f:05:25:39:ce:01:13:cc:8e:fb:f1:8f:a9:6b:d7:a2:ef:
         ea:55:fd:0b:99:96:8c:8a:9c:fc:55:37:04:11:34:e3:ac:58:
         52:33:0d:8a:18:99:44:df:9a:86:3f:ab:6b:3e:6a:83:6c:e0:
         0f:09:a7:51:9c:64:05:3f:72:d7:1b:7c:25:07:ac:9a:dc:dc:
         18:7f:df:ae:20:e6:84:ac:76:ab:a2:90:79:0d:05:85:0e:74:
         3b:15:65:ab:ba:a4:00:ac:e3:d4:b1:43:38:37:85:40:98:eb:
         4f:a9:6a:5d:8b:1e:85:25:db:73:3b:22:d2:12:dc:d1:4a:aa:
         b6:0e:8b:b4:fc:eb:fd:00:c0:93:d5:9f:1a:cf:03:ca:19:25:
         9d:93:8d:92:a0:04:9e:08:27:cf:c2:e2:f6:19:6c:52:56:47:
         ae:72:08:a2:fb:34:c6:a3:63:f7:3e:fd:32:2a:31:41:02:7d:
         d5:70:85:ca:a9:20:60:f2:ae:60:b6:3f:3d:3f:c3:b8:46:91:
         b6:69:7a:45
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQi/DIZ+SdMPO7Bk9a25A4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjIyNzNhZmIyYmM5MDM0N2IwYWI4NzQ3ODYwM2FlMWMzNTc4NzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFSIc1sZsA2/7VclvXUklHJjRY4i
g0XkdDAeKYHyfhqqrWrr623xh6n1FPSxEzO7oDv/CGMzlersVat1ga/eNbYMPNCF
D1in/ItnGuHJN9fPYiZyECp+PTJmUfinuXcPCA6d4aLWzVgPv0RknX2+rhWESBmZ
JAnrajjd3u2lcsA7FrjHvhA0cHs0ljrm33OItetZAyTJCdms8E9FzhGA4RevsjNn
iqa2dKS+PPWusvBehqVdeZIEQ7/DDoVMo+Xbs4pc+5sjx3yEochpQJwLk4bIcWLS
mKQt/F2u3lUwdpN1DN2IsdwBJLkp460sooSpQwGyU6eynJhAnJwDylRK/wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFF8ic6+yvJA0ewq4dHhgOuHDV4eaMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvWHlKenI3SzhrRFI3Q3JoMGVHQTY0Y05YaDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJRH/QD
BABRH/YDBAC5VKIwDQYJKoZIhvcNAQELBQADggEBAKEKx92TA6ZFIlyJu/5WXroe
pTITZHFxHsFHvQouMRbr/A+xFGfFQgGlNljsVcG0cQxNZbR3VMVPBSU5zgETzI77
8Y+pa9ei7+pV/QuZloyKnPxVNwQRNOOsWFIzDYoYmUTfmoY/q2s+aoNs4A8Jp1Gc
ZAU/ctcbfCUHrJrc3Bh/364g5oSsdquikHkNBYUOdDsVZau6pACs49SxQzg3hUCY
60+pal2LHoUl23M7ItIS3NFKqrYOi7T86/0AwJPVnxrPA8oZJZ2TjZKgBJ4IJ8/C
4vYZbFJWR65yCKL7NMajY/c+/TIqMUECfdVwhcqpIGDyrmC2Pz0/w7hGkbZpekU=
-----END CERTIFICATE-----