Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/XfoYu50NheNzs0VtCSRCooYU-SU.roa
File:                     XfoYu50NheNzs0VtCSRCooYU-SU.roa (raw, json)
Hash identifier:          jh91aUsS01TW33r2YJfBHj2Cr7ZQFr1/RMMxWf8OtR0=
Subject key identifier:   5D:FA:18:BB:9D:0D:85:E3:73:B3:45:6D:09:24:42:A2:86:14:F9:25
Certificate issuer:       /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial:       019702483027CE1E74CA08832DD9A428600B
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/XfoYu50NheNzs0VtCSRCooYU-SU.roa
Signing time:             Sat 24 May 2025 12:32:54 +0000
ROA not before:           Sat 24 May 2025 12:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35575
IP address blocks:        185.190.46.0/24 maxlen: 24
                          185.190.47.0/24 maxlen: 24
                          193.238.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:02:48:30:27:ce:1e:74:ca:08:83:2d:d9:a4:28:60:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
        Validity
            Not Before: May 24 12:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dfa18bb9d0d85e373b3456d092442a28614f925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a9:94:b5:93:ac:f7:16:d5:7a:c4:b2:dd:b8:
                    d3:53:37:06:e3:73:8e:ed:f1:1a:0e:ad:7e:aa:11:
                    10:a1:84:cb:99:d8:4e:5f:ba:39:d8:e3:27:d1:17:
                    d7:9a:a3:65:08:d5:c3:0f:8e:2f:b5:33:c7:2a:a0:
                    10:98:ad:aa:1d:47:35:2e:db:ea:16:bb:57:45:5a:
                    3b:e3:23:4f:ec:34:5b:fd:96:c2:ad:28:ce:dd:b5:
                    11:7b:51:0b:0b:ab:3d:d7:c9:f0:36:d3:cb:af:12:
                    02:9f:ea:9e:6d:92:45:2c:60:ed:20:70:6e:c8:c4:
                    34:bd:42:a5:36:24:90:d9:1e:bf:eb:3d:cf:b5:07:
                    d5:5a:95:8d:00:f6:b4:86:4b:74:2b:99:66:2c:1f:
                    a6:f5:97:49:47:6b:7d:28:91:4d:e7:9d:ff:dd:90:
                    62:14:24:ae:bc:bb:33:2a:d2:66:98:66:ce:3c:31:
                    86:ba:d3:ce:95:b5:5c:a2:6e:1a:fa:b1:50:10:44:
                    1a:b5:af:56:5e:11:61:6c:63:1b:94:7c:13:e6:85:
                    f7:f5:0b:dd:eb:d4:a4:06:41:7d:ec:78:0b:b8:07:
                    7a:be:06:c9:d7:69:fa:24:85:33:af:d6:38:6b:12:
                    77:dc:67:d4:98:60:de:de:95:7f:03:d6:58:0d:e4:
                    3b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:FA:18:BB:9D:0D:85:E3:73:B3:45:6D:09:24:42:A2:86:14:F9:25
            X509v3 Authority Key Identifier:
                keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/XfoYu50NheNzs0VtCSRCooYU-SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.46.0/23
                  193.238.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d1:aa:7b:62:a8:8c:9d:67:4f:f7:1a:75:db:e1:ea:8c:aa:18:
         54:f2:a2:27:21:c3:6e:3f:ba:48:45:45:fa:bc:9d:3b:32:3c:
         5e:ba:f1:c5:10:33:47:ab:7f:15:d0:91:95:73:d3:9b:44:d9:
         12:63:30:7e:31:23:09:31:ad:2c:dd:8f:bd:0b:5e:ed:46:c6:
         55:2b:d0:87:63:06:52:00:ff:94:5c:fa:ef:1c:9a:52:7c:75:
         ac:d8:2b:f2:dd:35:a1:61:b5:ae:95:db:e0:87:04:2e:8e:9d:
         46:dd:b8:d7:08:44:bb:cb:52:6c:84:eb:63:ec:b1:bf:c7:55:
         89:79:18:05:3f:91:b9:5e:b2:9c:5b:7f:32:48:fc:fa:cb:e0:
         93:0a:b6:a4:07:fc:79:67:cc:a6:6c:b4:e8:1a:b6:04:7e:9d:
         d1:20:22:28:5a:f2:b0:09:fc:1c:85:ce:55:60:97:a9:8d:aa:
         a6:30:0c:f8:6a:17:4a:c2:85:d5:b1:a1:d5:58:d9:ac:9a:ce:
         ba:c8:6a:6e:a3:7b:25:9c:67:c2:67:68:2f:17:88:ee:e5:8b:
         76:49:c2:09:fc:ac:56:47:85:38:89:9e:da:15:7d:0b:36:67:
         ca:55:66:8c:ad:75:3c:e6:8f:e4:d1:54:e7:1d:04:a9:a8:2b:
         4e:cd:a7:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcCSDAnzh50ygiDLdmkKGALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjUwNTI0MTIzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGZhMThiYjlkMGQ4NWUzNzNiMzQ1NmQwOTI0NDJhMjg2MTRmOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqmUtZOs9xbVesSy3bjTUzcG43OO
7fEaDq1+qhEQoYTLmdhOX7o52OMn0RfXmqNlCNXDD44vtTPHKqAQmK2qHUc1Ltvq
FrtXRVo74yNP7DRb/ZbCrSjO3bURe1ELC6s918nwNtPLrxICn+qebZJFLGDtIHBu
yMQ0vUKlNiSQ2R6/6z3PtQfVWpWNAPa0hkt0K5lmLB+m9ZdJR2t9KJFN553/3ZBi
FCSuvLszKtJmmGbOPDGGutPOlbVcom4a+rFQEEQata9WXhFhbGMblHwT5oX39Qvd
69SkBkF97HgLuAd6vgbJ12n6JIUzr9Y4axJ33GfUmGDe3pV/A9ZYDeQ7DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF36GLudDYXjc7NFbQkkQqKGFPklMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvWGZvWXU1ME5oZU56czBWdENTUkNvb1lVLVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBub4uAwQC
we5EMA0GCSqGSIb3DQEBCwUAA4IBAQDRqntiqIydZ0/3GnXb4eqMqhhU8qInIcNu
P7pIRUX6vJ07MjxeuvHFEDNHq38V0JGVc9ObRNkSYzB+MSMJMa0s3Y+9C17tRsZV
K9CHYwZSAP+UXPrvHJpSfHWs2Cvy3TWhYbWuldvghwQujp1G3bjXCES7y1JshOtj
7LG/x1WJeRgFP5G5XrKcW38ySPz6y+CTCrakB/x5Z8ymbLToGrYEfp3RICIoWvKw
Cfwchc5VYJepjaqmMAz4ahdKwoXVsaHVWNmsms66yGpuo3slnGfCZ2gvF4ju5Yt2
ScIJ/KxWR4U4iZ7aFX0LNmfKVWaMrXU85o/k0VTnHQSpqCtOzacO
-----END CERTIFICATE-----