Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/1-YME93lc1AWh4-bMqvVDZYenQg0.roa
File:                     1-YME93lc1AWh4-bMqvVDZYenQg0.roa (raw, json)
Hash identifier:          Euu0W5ctvY2bfvnvaMrD1zBWGCi2DVPvkYQ6p9zTjts=
Subject key identifier:   F9:83:04:F7:79:5C:D4:05:A1:E3:E6:CC:AA:F5:43:65:87:A7:42:0D
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019421B25A002FB25C1200C206D8FE21A68F
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/1-YME93lc1AWh4-bMqvVDZYenQg0.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152179
IP address blocks:        185.126.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5a:00:2f:b2:5c:12:00:c2:06:d8:fe:21:a6:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f98304f7795cd405a1e3e6ccaaf5436587a7420d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ec:dc:a7:8d:ef:5a:67:5f:45:86:66:cf:92:
                    24:17:f2:11:d6:c9:b7:4a:0c:5c:a7:aa:4a:4d:f6:
                    e1:6e:ce:0c:46:5f:4f:3d:75:95:83:cc:d6:79:cc:
                    92:20:8d:f2:28:6a:5c:40:eb:d1:eb:bf:c0:89:95:
                    81:e9:46:cb:65:a2:7a:4b:ed:b8:50:a8:e2:82:52:
                    0c:48:31:50:a1:50:c0:bc:a2:e1:79:3a:66:ad:95:
                    e0:92:ac:1a:14:e0:24:f5:f4:fd:bf:62:3f:0d:d1:
                    91:a6:71:6b:91:54:5a:0f:1a:6a:8f:39:d8:27:4b:
                    0b:a7:f5:1e:27:2b:47:9e:70:b6:65:91:ba:9b:d6:
                    ec:73:44:18:6a:ec:93:eb:2c:65:34:7b:68:8c:12:
                    66:f3:e0:59:96:e1:c7:63:7f:80:9e:16:84:96:87:
                    fb:f7:f3:27:8f:7f:9f:19:95:7a:7c:82:15:1c:9d:
                    07:dd:9d:08:dc:2e:9c:54:d9:44:72:12:3f:93:51:
                    66:43:9e:84:83:14:45:47:6f:ab:5d:d1:06:cf:55:
                    4c:4d:2a:09:2e:c1:ec:88:c2:94:5d:c1:ee:9a:eb:
                    d1:05:0e:70:d6:ac:8a:d3:68:23:b7:74:1a:f3:f9:
                    cd:a0:b5:39:ae:e3:9d:69:fb:a8:ce:27:3a:ba:f3:
                    97:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:83:04:F7:79:5C:D4:05:A1:E3:E6:CC:AA:F5:43:65:87:A7:42:0D
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/1-YME93lc1AWh4-bMqvVDZYenQg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:19:20:0d:93:58:e1:be:de:61:a6:a5:a4:0f:8c:f7:77:41:
         6a:29:89:0a:d6:65:fc:16:8c:36:5c:5e:91:35:de:1a:20:3e:
         20:78:31:60:04:d2:b8:5a:60:52:93:2b:5f:46:6f:8c:f3:ad:
         79:66:2d:86:ae:63:43:05:b1:d9:2c:58:d9:ea:1d:9f:4f:f2:
         bf:cc:ae:d4:95:a4:cc:ee:55:7d:4a:50:2d:38:a5:7a:9d:83:
         b6:85:1d:86:f5:1e:46:9f:a1:18:54:29:c5:ef:50:14:25:51:
         06:68:50:be:6b:28:58:d8:1b:25:78:ae:95:da:1a:85:a7:2d:
         8d:6d:64:ad:42:7b:8a:dc:27:64:0b:0d:92:6c:6b:2d:45:b9:
         f3:38:d9:50:fa:cc:5a:d7:85:4c:52:59:b8:9c:04:a6:2f:c8:
         b8:30:a3:86:eb:67:c8:1c:68:ce:d0:e3:e9:2e:76:7c:eb:b4:
         9e:64:cc:3a:9b:e5:0d:7d:9d:46:45:38:3d:82:6e:2f:5b:ec:
         44:df:0a:04:82:d8:1e:ba:18:5c:ee:48:57:f9:28:50:fb:34:
         94:ee:02:67:09:12:1a:eb:e6:da:d6:9a:82:3c:47:d2:a2:9a:
         56:7e:71:85:f7:3e:01:18:5d:47:85:3c:73:90:2d:83:55:53:
         b0:21:0f:45
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsloAL7JcEgDCBtj+IaaPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgzMDRmNzc5NWNkNDA1YTFlM2U2Y2NhYWY1NDM2NTg3YTc0MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+zcp43vWmdfRYZmz5IkF/IR1sm3
Sgxcp6pKTfbhbs4MRl9PPXWVg8zWecySII3yKGpcQOvR67/AiZWB6UbLZaJ6S+24
UKjiglIMSDFQoVDAvKLheTpmrZXgkqwaFOAk9fT9v2I/DdGRpnFrkVRaDxpqjznY
J0sLp/UeJytHnnC2ZZG6m9bsc0QYauyT6yxlNHtojBJm8+BZluHHY3+AnhaElof7
9/Mnj3+fGZV6fIIVHJ0H3Z0I3C6cVNlEchI/k1FmQ56EgxRFR2+rXdEGz1VMTSoJ
LsHsiMKUXcHumuvRBQ5w1qyK02gjt3Qa8/nNoLU5ruOdafuozic6uvOXcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmDBPd5XNQFoePmzKr1Q2WHp0INMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvMS1ZTUU5M2xjMUFXaDQtYk1xdlZEWlllblFnMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTcvZGI5YmYxLWUwMTktNDVhNC04NjYzLWE2Y2E0NTRkYjJk
Ny8xL1kyTzdaWWxmT2xTa3N5U2hESG1zbU9faW9jby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbl+hjAN
BgkqhkiG9w0BAQsFAAOCAQEARhkgDZNY4b7eYaalpA+M93dBaimJCtZl/BaMNlxe
kTXeGiA+IHgxYATSuFpgUpMrX0ZvjPOteWYthq5jQwWx2SxY2eodn0/yv8yu1JWk
zO5VfUpQLTilep2DtoUdhvUeRp+hGFQpxe9QFCVRBmhQvmsoWNgbJXiuldoahact
jW1krUJ7itwnZAsNkmxrLUW58zjZUPrMWteFTFJZuJwEpi/IuDCjhutnyBxoztDj
6S52fOu0nmTMOpvlDX2dRkU4PYJuL1vsRN8KBILYHroYXO5IV/koUPs0lO4CZwkS
Guvm2taagjxH0qKaVn5xhfc+ARhdR4U8c5Atg1VTsCEPRQ==
-----END CERTIFICATE-----