Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/aylMUknIAgzWUwdfoKDrS3q9XrM.roa
File:                     aylMUknIAgzWUwdfoKDrS3q9XrM.roa (raw, json)
Hash identifier:          fwXMAzVsLQEf6fDKp/MHYDQI+kBz/nHbfcVvipwvIQY=
Subject key identifier:   6B:29:4C:52:49:C8:02:0C:D6:53:07:5F:A0:A0:EB:4B:7A:BD:5E:B3
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       01918F101968EB6B58636833F38CC0396873
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/aylMUknIAgzWUwdfoKDrS3q9XrM.roa
Signing time:             Mon 26 Aug 2024 14:21:22 +0000
ROA not before:           Mon 26 Aug 2024 14:21:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201133
IP address blocks:        95.169.196.0/24 maxlen: 24
                          185.7.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8f:10:19:68:eb:6b:58:63:68:33:f3:8c:c0:39:68:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Aug 26 14:21:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b294c5249c8020cd653075fa0a0eb4b7abd5eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:43:e5:c9:80:70:30:12:d4:4f:5a:5f:47:
                    00:a5:96:d5:42:07:17:4e:a6:42:fc:09:75:48:65:
                    c5:49:52:62:91:2b:a6:af:3f:cd:db:d8:0c:45:71:
                    ce:cd:8e:0c:4d:30:01:48:88:11:a3:80:af:e4:78:
                    5e:97:df:77:cf:9a:8c:62:0c:a1:76:71:14:26:92:
                    3c:68:18:50:ad:1a:00:ef:01:0d:f1:4d:bf:1d:56:
                    91:a7:11:21:ce:ca:a4:4d:14:1b:6c:cc:49:fb:07:
                    b6:fc:af:ff:94:50:6e:84:1b:42:bc:be:d3:de:a6:
                    24:8f:0a:98:c2:81:e8:e4:d7:94:e4:39:4f:71:43:
                    63:3b:86:e9:65:cd:43:97:0f:ca:76:41:a2:ce:97:
                    0d:84:36:53:06:fc:a4:68:95:b7:1b:1f:13:3c:7e:
                    0d:d4:05:15:e6:37:3c:c7:67:89:1d:5d:df:52:9a:
                    aa:52:81:da:3a:b8:fe:a5:82:e8:93:d6:75:82:fc:
                    4c:e8:43:fc:27:96:f7:44:f0:22:a8:cc:01:12:c9:
                    15:15:d7:82:44:7a:b8:b8:50:b0:4d:24:55:4c:fa:
                    a0:21:6d:91:38:51:48:ca:17:49:a4:b9:c9:57:a9:
                    e6:d0:20:d8:26:9e:5e:0a:30:51:ef:64:fa:65:42:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:29:4C:52:49:C8:02:0C:D6:53:07:5F:A0:A0:EB:4B:7A:BD:5E:B3
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/aylMUknIAgzWUwdfoKDrS3q9XrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.196.0/24
                  185.7.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c9:09:43:77:27:29:ed:82:23:13:70:78:b8:69:61:a4:d1:
         d3:9a:a1:c1:e7:78:23:ec:33:5d:c7:e4:00:d0:94:79:16:ac:
         26:3b:f5:8e:70:69:a5:b3:2a:49:dd:17:e2:35:1d:86:32:91:
         53:81:cc:9b:ee:ff:06:be:09:69:17:19:c9:03:82:0d:f7:58:
         c0:7e:8c:fe:10:90:e3:34:9e:be:18:69:10:43:8e:3b:e2:20:
         02:16:13:df:30:b1:95:8b:91:93:5d:2e:4e:8e:38:00:9b:f5:
         b4:f6:59:b0:df:ab:be:45:b0:e0:0d:1a:4f:7d:f0:56:51:16:
         8d:6f:b3:8b:5c:ce:20:65:9a:bb:13:02:ab:10:de:d4:89:4a:
         71:0e:dc:a9:b8:be:80:4e:7f:92:a6:1c:07:b9:ca:cc:4d:0f:
         ec:97:54:20:3d:d4:b0:e4:74:97:9d:c6:bd:4a:0e:5f:24:64:
         99:4a:35:b3:2a:96:fb:73:ef:5a:96:4a:d7:e7:71:5d:2e:9b:
         f9:81:d1:9b:c5:ef:32:7c:5a:64:91:9b:7a:b1:9c:50:f8:7a:
         8a:cf:83:57:8d:76:ad:b2:ed:71:e1:f9:41:d8:c1:72:5f:0a:
         87:b2:01:0e:22:66:88:70:af:b4:1e:a0:fb:69:ad:4f:33:09:
         8c:e7:69:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGPEBlo62tYY2gz84zAOWhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwODI2MTQyMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI5NGM1MjQ5YzgwMjBjZDY1MzA3NWZhMGEwZWI0YjdhYmQ1ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2tD5cmAcDAS1E9aX0cApZbVQgcX
TqZC/Al1SGXFSVJikSumrz/N29gMRXHOzY4MTTABSIgRo4Cv5Hhel993z5qMYgyh
dnEUJpI8aBhQrRoA7wEN8U2/HVaRpxEhzsqkTRQbbMxJ+we2/K//lFBuhBtCvL7T
3qYkjwqYwoHo5NeU5DlPcUNjO4bpZc1Dlw/KdkGizpcNhDZTBvykaJW3Gx8TPH4N
1AUV5jc8x2eJHV3fUpqqUoHaOrj+pYLok9Z1gvxM6EP8J5b3RPAiqMwBEskVFdeC
RHq4uFCwTSRVTPqgIW2ROFFIyhdJpLnJV6nm0CDYJp5eCjBR72T6ZUISNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGspTFJJyAIM1lMHX6Cg60t6vV6zMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvYXlsTVVrbklBZ3pXVXdkZm9LRHJTM3E5WHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6nEAwQA
uQfbMA0GCSqGSIb3DQEBCwUAA4IBAQBLyQlDdycp7YIjE3B4uGlhpNHTmqHB53gj
7DNdx+QA0JR5FqwmO/WOcGmlsypJ3RfiNR2GMpFTgcyb7v8GvglpFxnJA4IN91jA
foz+EJDjNJ6+GGkQQ4474iACFhPfMLGVi5GTXS5OjjgAm/W09lmw36u+RbDgDRpP
ffBWURaNb7OLXM4gZZq7EwKrEN7UiUpxDtypuL6ATn+SphwHucrMTQ/sl1QgPdSw
5HSXnca9Sg5fJGSZSjWzKpb7c+9alkrX53FdLpv5gdGbxe8yfFpkkZt6sZxQ+HqK
z4NXjXatsu1x4flB2MFyXwqHsgEOImaIcK+0HqD7aa1PMwmM52mN
-----END CERTIFICATE-----