Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/1-ytL3MQL4QkgTO5M87Ngx4l0rX4.roa
File:                     1-ytL3MQL4QkgTO5M87Ngx4l0rX4.roa (raw, json)
Hash identifier:          cV/JZjXqlK0Ai67oOxA83/8y7fRmowTguIDArz2zLJQ=
Subject key identifier:   FB:2B:4B:DC:C4:0B:E1:09:20:4C:EE:4C:F3:B3:60:C7:89:74:AD:7E
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       0195B8416B605C183FE02B825BF0DE7B9F22
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/1-ytL3MQL4QkgTO5M87Ngx4l0rX4.roa
Signing time:             Fri 21 Mar 2025 10:30:49 +0000
ROA not before:           Fri 21 Mar 2025 10:30:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        194.150.73.0/24 maxlen: 24
                          194.150.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b8:41:6b:60:5c:18:3f:e0:2b:82:5b:f0:de:7b:9f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Mar 21 10:30:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb2b4bdcc40be109204cee4cf3b360c78974ad7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1f:32:2e:e3:03:1e:00:5a:ad:c7:01:4d:0b:
                    a7:93:99:d6:64:a7:11:6e:44:81:19:9b:4d:8f:57:
                    dd:b3:49:ed:87:40:dc:1b:f3:2a:1c:71:d8:6b:c1:
                    7a:82:65:2f:b3:dd:1a:86:70:41:4f:31:ef:a4:68:
                    26:80:85:69:80:d3:31:28:b6:90:c0:1c:3b:74:12:
                    04:f1:b2:7f:4f:18:5a:19:36:6f:00:fc:88:e8:1e:
                    6b:07:3d:16:e2:37:f4:45:f4:9c:5a:43:f4:d8:52:
                    04:d5:bd:68:e2:06:28:1c:7d:fb:08:55:0c:2c:b6:
                    74:65:73:2f:fa:c8:ea:10:27:ac:d1:5f:7b:2b:a8:
                    34:ce:48:1a:85:54:5f:23:cf:56:ae:78:a2:54:5d:
                    b3:03:d8:20:bf:78:79:68:02:6f:58:69:3f:d2:48:
                    94:17:5a:dd:87:f1:ff:41:be:d7:78:6b:1d:ab:1c:
                    db:cc:11:da:a9:dd:a4:c2:f1:ee:e9:b7:31:a4:db:
                    d7:6d:5c:d2:4b:bc:1a:87:c5:4b:38:e4:cc:a3:a9:
                    5a:42:2f:b5:09:17:1a:0a:7c:58:93:0a:22:bc:41:
                    ef:98:9f:cf:3e:23:7c:d1:b7:81:9b:a5:66:34:f2:
                    f7:92:3b:1a:11:b8:28:3f:1e:db:f2:04:db:f6:42:
                    ab:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2B:4B:DC:C4:0B:E1:09:20:4C:EE:4C:F3:B3:60:C7:89:74:AD:7E
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/1-ytL3MQL4QkgTO5M87Ngx4l0rX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.73.0/24
                  194.150.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:ed:38:3b:8c:bd:3c:88:78:4a:7c:ec:b1:1c:bb:5e:b3:d8:
         10:85:8b:9c:61:cb:7d:d6:59:81:41:ef:2d:a7:28:32:f4:ee:
         82:95:d7:4c:09:2c:8e:e8:73:73:63:f4:32:68:99:5b:15:63:
         ad:57:6d:cf:1a:24:b7:b3:7c:9c:69:45:f2:33:b2:59:5a:6e:
         b1:6e:62:2c:76:c0:6c:19:27:50:7a:00:c0:52:3c:a7:28:b3:
         b6:79:37:1c:5d:3b:27:7a:6d:93:ef:85:5f:7f:0b:fc:78:88:
         81:34:c4:01:45:93:8c:39:55:7a:e8:d3:55:df:d0:d6:32:98:
         71:9a:74:92:07:69:f3:15:31:4d:7b:d0:eb:88:f4:8a:76:ac:
         6b:13:8b:c2:08:e2:d3:b6:f0:e5:7e:cf:19:b2:0d:af:a0:5c:
         dc:88:02:8e:cf:cf:f5:90:04:c2:f7:bc:53:31:1e:3a:f8:f5:
         17:5e:e2:e5:86:23:f2:4d:33:f7:6a:c4:3d:a5:f6:ca:82:a2:
         98:97:c4:bf:1e:eb:32:cd:fb:fa:64:e4:cf:2a:22:a1:b3:00:
         09:fd:3d:78:82:df:5b:93:96:b7:cd:29:d9:87:ee:48:21:e1:
         d7:06:5e:a4:e8:c8:c4:4e:5f:18:ea:db:3e:19:f1:f5:a0:c2:
         8c:bb:57:01
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZW4QWtgXBg/4CuCW/Dee58iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwMzIxMTAzMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJiNGJkY2M0MGJlMTA5MjA0Y2VlNGNmM2IzNjBjNzg5NzRhZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwh8yLuMDHgBarccBTQunk5nWZKcR
bkSBGZtNj1fds0nth0DcG/MqHHHYa8F6gmUvs90ahnBBTzHvpGgmgIVpgNMxKLaQ
wBw7dBIE8bJ/TxhaGTZvAPyI6B5rBz0W4jf0RfScWkP02FIE1b1o4gYoHH37CFUM
LLZ0ZXMv+sjqECes0V97K6g0zkgahVRfI89WrniiVF2zA9ggv3h5aAJvWGk/0kiU
F1rdh/H/Qb7XeGsdqxzbzBHaqd2kwvHu6bcxpNvXbVzSS7wah8VLOOTMo6laQi+1
CRcaCnxYkwoivEHvmJ/PPiN80beBm6VmNPL3kjsaEbgoPx7b8gTb9kKrJQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPsrS9zEC+EJIEzuTPOzYMeJdK1+MB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvMS15dEwzTVFMNFFrZ1RPNU04N05neDRsMHJYNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvMzNlY2NmLTBhZTMtNGM3ZS1hNDQxLTA4ZThmMGNiYjg0
MC8xL2ltQWtzc0o2WjlfMXRsVHZvR3YzdjhFaUppVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMKWSQME
AMKWSzANBgkqhkiG9w0BAQsFAAOCAQEArO04O4y9PIh4SnzssRy7XrPYEIWLnGHL
fdZZgUHvLacoMvTugpXXTAksjuhzc2P0MmiZWxVjrVdtzxokt7N8nGlF8jOyWVpu
sW5iLHbAbBknUHoAwFI8pyiztnk3HF07J3ptk++FX38L/HiIgTTEAUWTjDlVeujT
Vd/Q1jKYcZp0kgdp8xUxTXvQ64j0inasaxOLwgji07bw5X7PGbINr6Bc3IgCjs/P
9ZAEwve8UzEeOvj1F17i5YYj8k0z92rEPaX2yoKimJfEvx7rMs37+mTkzyoiobMA
Cf09eILfW5OWt80p2YfuSCHh1wZepOjIxE5fGOrbPhnx9aDCjLtXAQ==
-----END CERTIFICATE-----