Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_03YY1Sj2Mw8TbRIg27y8NVs5gc.roa
File:                     _03YY1Sj2Mw8TbRIg27y8NVs5gc.roa (raw, json)
Hash identifier:          8hmyw8PyKYN4X/jeEdZ5Etu4V01gYWZ543O86aZNZY4=
Subject key identifier:   FF:4D:D8:63:54:A3:D8:CC:3C:4D:B4:48:83:6E:F2:F0:D5:6C:E6:07
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019427B69661C770E3FF8CE4CC4103931B72
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_03YY1Sj2Mw8TbRIg27y8NVs5gc.roa
Signing time:             Thu 02 Jan 2025 15:51:05 +0000
ROA not before:           Thu 02 Jan 2025 15:51:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215415
IP address blocks:        185.39.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:96:61:c7:70:e3:ff:8c:e4:cc:41:03:93:1b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 15:51:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff4dd86354a3d8cc3c4db448836ef2f0d56ce607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f9:75:45:71:de:cf:1e:c4:a9:9f:4b:43:4f:
                    2f:36:3b:27:26:01:d6:a4:b8:f2:c8:d2:57:1f:0d:
                    c7:e2:44:b3:84:09:5a:91:91:7f:74:b0:9b:f5:c8:
                    97:a0:6e:67:ea:d3:46:92:19:6f:5e:53:3c:da:2a:
                    e6:e2:d9:08:0b:50:b3:52:7d:ee:24:03:28:8e:5a:
                    17:e4:ec:35:ee:1a:1f:d2:3d:85:53:0f:ac:10:d4:
                    1b:de:c8:04:0a:3f:c0:67:e5:51:e3:92:85:d4:65:
                    3a:f1:05:0d:e5:cf:54:b8:dc:c5:48:99:11:ed:42:
                    38:65:4b:ce:7b:4d:ec:f8:fd:f0:27:3e:a6:7d:28:
                    ba:0f:ce:1b:ba:51:d0:39:01:90:b9:69:c6:03:cd:
                    ce:5a:c8:99:b5:1a:94:96:0f:c9:4f:89:cf:11:95:
                    29:92:21:7d:f3:27:55:ba:72:fe:a4:9d:5f:c7:94:
                    a3:24:88:42:1f:75:01:a5:c6:2c:49:2f:b9:0d:7b:
                    c6:b1:ba:2f:ea:24:19:20:51:dd:53:e5:fa:1d:12:
                    ef:89:9c:c3:77:ee:b0:ef:e2:6b:7c:85:49:03:20:
                    e7:1f:28:77:89:75:08:ba:24:f7:61:8b:b4:8f:7e:
                    ea:e5:d0:db:7b:d4:91:fe:77:f3:51:2e:2e:3c:ac:
                    38:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4D:D8:63:54:A3:D8:CC:3C:4D:B4:48:83:6E:F2:F0:D5:6C:E6:07
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_03YY1Sj2Mw8TbRIg27y8NVs5gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ee:3b:25:96:62:c4:fa:01:ff:b6:8b:bd:18:2c:e1:73:b3:
         9e:b5:ff:ed:85:e8:aa:23:aa:2d:c4:df:2a:a3:d8:97:03:3a:
         b4:a7:67:91:05:2e:bc:73:62:7c:50:71:85:67:6f:17:f3:a4:
         e7:5c:4c:ec:4a:29:0c:d0:f4:c2:41:83:02:da:4c:bd:c5:35:
         db:19:9b:bf:60:6f:22:e6:eb:41:34:7c:a7:7a:42:44:79:e2:
         05:0d:b7:ca:2c:a7:45:81:08:74:1b:07:92:b8:0d:1e:fa:d2:
         ce:84:97:57:58:6c:d4:c9:dd:c8:26:9b:bb:f2:96:1f:08:e0:
         0b:12:3b:df:30:d7:a4:58:ba:e8:f7:2b:1b:a4:c9:dd:9b:6f:
         20:07:12:66:a3:39:ed:bd:e6:b2:d0:39:e7:73:f6:c6:10:6a:
         95:d5:46:cd:7b:14:09:4e:9b:c5:1a:61:34:ae:f7:49:97:6e:
         fc:2c:63:fa:dc:a4:25:bd:fd:37:e1:16:e1:9b:7c:17:93:3e:
         79:e1:9a:93:ad:5b:28:bb:ba:21:f8:bc:2a:9d:53:35:51:96:
         58:37:72:a7:71:c8:e3:82:a5:5e:7a:66:08:39:ba:d3:fe:05:
         3e:1e:b5:ff:c4:78:9b:03:05:b0:4a:e2:dc:93:77:25:dd:96:
         e6:37:13:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntpZhx3Dj/4zkzEEDkxtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwMTAyMTU1MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjRkZDg2MzU0YTNkOGNjM2M0ZGI0NDg4MzZlZjJmMGQ1NmNlNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvl1RXHezx7EqZ9LQ08vNjsnJgHW
pLjyyNJXHw3H4kSzhAlakZF/dLCb9ciXoG5n6tNGkhlvXlM82irm4tkIC1CzUn3u
JAMojloX5Ow17hof0j2FUw+sENQb3sgECj/AZ+VR45KF1GU68QUN5c9UuNzFSJkR
7UI4ZUvOe03s+P3wJz6mfSi6D84bulHQOQGQuWnGA83OWsiZtRqUlg/JT4nPEZUp
kiF98ydVunL+pJ1fx5SjJIhCH3UBpcYsSS+5DXvGsbov6iQZIFHdU+X6HRLviZzD
d+6w7+JrfIVJAyDnHyh3iXUIuiT3YYu0j37q5dDbe9SR/nfzUS4uPKw4iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9N2GNUo9jMPE20SINu8vDVbOYHMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvXzAzWVkxU2oyTXc4VGJSSWcyN3k4TlZzNWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuScyMA0G
CSqGSIb3DQEBCwUAA4IBAQAF7jsllmLE+gH/tou9GCzhc7Oetf/theiqI6otxN8q
o9iXAzq0p2eRBS68c2J8UHGFZ28X86TnXEzsSikM0PTCQYMC2ky9xTXbGZu/YG8i
5utBNHynekJEeeIFDbfKLKdFgQh0GweSuA0e+tLOhJdXWGzUyd3IJpu78pYfCOAL
EjvfMNekWLro9ysbpMndm28gBxJmozntveay0Dnnc/bGEGqV1UbNexQJTpvFGmE0
rvdJl278LGP63KQlvf034Rbhm3wXkz554ZqTrVsou7oh+LwqnVM1UZZYN3Knccjj
gqVeemYIObrT/gU+HrX/xHibAwWwSuLck3cl3ZbmNxNi
-----END CERTIFICATE-----