Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/CwytAeoAPMBULxHYDp6qDplt6X0.roa
File:                     CwytAeoAPMBULxHYDp6qDplt6X0.roa (raw, json)
Hash identifier:          viFg7rwxnBmLUeqhjN2NYQSZQQF6tsyU789xfVsXk2A=
Subject key identifier:   0B:0C:AD:01:EA:00:3C:C0:54:2F:11:D8:0E:9E:AA:0E:99:6D:E9:7D
Certificate issuer:       /CN=22c94cfd31a1a809cbf6c02a74a57bddc7ff1f78
Certificate serial:       01941F8C8848D41C839E64B563372D4A73D7
Authority key identifier: 22:C9:4C:FD:31:A1:A8:09:CB:F6:C0:2A:74:A5:7B:DD:C7:FF:1F:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IslM_TGhqAnL9sAqdKV73cf_H3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/CwytAeoAPMBULxHYDp6qDplt6X0.roa
Signing time:             Wed 01 Jan 2025 01:48:11 +0000
ROA not before:           Wed 01 Jan 2025 01:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216092
IP address blocks:        195.95.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/IslM_TGhqAnL9sAqdKV73cf_H3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/IslM_TGhqAnL9sAqdKV73cf_H3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IslM_TGhqAnL9sAqdKV73cf_H3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:88:48:d4:1c:83:9e:64:b5:63:37:2d:4a:73:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c94cfd31a1a809cbf6c02a74a57bddc7ff1f78
        Validity
            Not Before: Jan  1 01:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b0cad01ea003cc0542f11d80e9eaa0e996de97d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:75:82:d1:ec:98:15:79:77:05:cb:0c:f0:26:
                    78:b4:24:23:98:72:8c:71:b7:ae:98:cd:16:5d:01:
                    05:25:45:82:6f:c0:e0:69:be:3f:64:01:30:bb:a1:
                    76:d5:a2:f1:65:e6:25:65:86:a0:2e:72:38:2b:e1:
                    46:9e:4b:4d:b7:0d:c1:e8:98:62:cc:8d:88:38:c3:
                    e1:28:47:77:a6:b1:32:c9:75:94:55:b1:d8:a9:c4:
                    a9:f1:65:f1:91:56:a5:d4:dc:27:57:90:2c:1b:dc:
                    a7:76:2e:84:ea:b3:94:50:f0:c9:cc:66:81:0c:5d:
                    b5:b6:9a:19:9b:89:96:19:c2:e2:38:3f:ce:0d:4b:
                    79:82:73:39:5b:1b:ee:42:f5:50:41:0b:f2:1d:98:
                    59:c1:90:df:bf:af:1d:ea:3e:51:a6:82:9e:fe:f9:
                    fb:7a:2b:ad:08:0f:ad:70:7b:6d:7e:4e:76:f9:ba:
                    5a:96:45:b6:bf:12:37:29:fb:f8:b2:e7:44:9c:d3:
                    af:04:8a:e5:85:3d:29:87:34:da:3b:42:80:7f:49:
                    b1:11:6f:a8:84:0e:b3:a1:54:80:15:95:b9:74:47:
                    2e:55:76:9c:d3:17:4b:9f:83:d8:ad:89:43:10:d3:
                    58:d7:91:9d:d2:6d:f7:51:95:3e:bd:c4:b5:6b:fe:
                    5f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0C:AD:01:EA:00:3C:C0:54:2F:11:D8:0E:9E:AA:0E:99:6D:E9:7D
            X509v3 Authority Key Identifier:
                keyid:22:C9:4C:FD:31:A1:A8:09:CB:F6:C0:2A:74:A5:7B:DD:C7:FF:1F:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IslM_TGhqAnL9sAqdKV73cf_H3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/CwytAeoAPMBULxHYDp6qDplt6X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/007dd8-b1e2-4a88-9018-ffd0df6bba22/1/IslM_TGhqAnL9sAqdKV73cf_H3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b0:82:0e:2a:06:7a:e6:77:a6:90:45:86:30:5c:87:82:34:
         77:55:ee:50:ea:a9:cf:5e:33:03:d1:37:7d:67:0d:83:98:2d:
         82:df:57:69:d8:09:1c:aa:12:d9:c2:a9:6e:8a:ed:b3:bf:04:
         0a:77:36:4e:a2:a9:48:30:4f:02:f1:c7:df:0c:27:98:99:e1:
         11:89:72:2a:5d:ca:44:f8:78:66:f7:bd:48:ac:15:6b:e3:a2:
         9d:56:48:b9:b2:ed:ec:01:28:6a:9f:f6:da:84:c9:e8:b4:df:
         08:43:7c:e3:ee:56:9d:50:dd:ce:0a:b0:96:76:f6:06:f1:28:
         f2:43:fd:63:74:40:3e:e3:30:a8:01:ab:99:02:3c:76:f3:6f:
         cf:6f:ed:16:26:3b:19:76:c2:7a:30:80:d8:34:cc:9b:a6:0e:
         11:cd:8e:1e:5f:c1:3b:7e:17:8e:be:58:62:22:ba:51:01:f8:
         de:5f:f0:b4:ec:10:85:5e:e2:da:04:d0:b7:57:e5:0a:2b:60:
         58:4c:d8:b4:3a:61:7e:49:a8:0f:a4:a8:e7:30:4e:b1:70:67:
         51:22:2d:38:20:04:5f:2c:9a:d5:eb:e2:9f:78:e1:2c:8c:cf:
         e9:f5:62:47:a3:f7:32:5e:c3:19:4d:b9:23:fa:1f:fe:ef:96:
         d4:ca:2c:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIhI1ByDnmS1YzctSnPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzk0Y2ZkMzFhMWE4MDljYmY2YzAyYTc0YTU3YmRkYzdm
ZjFmNzgwHhcNMjUwMTAxMDE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjBjYWQwMWVhMDAzY2MwNTQyZjExZDgwZTllYWEwZTk5NmRlOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXWC0eyYFXl3BcsM8CZ4tCQjmHKM
cbeumM0WXQEFJUWCb8Dgab4/ZAEwu6F21aLxZeYlZYagLnI4K+FGnktNtw3B6Jhi
zI2IOMPhKEd3prEyyXWUVbHYqcSp8WXxkVal1NwnV5AsG9yndi6E6rOUUPDJzGaB
DF21tpoZm4mWGcLiOD/ODUt5gnM5WxvuQvVQQQvyHZhZwZDfv68d6j5RpoKe/vn7
eiutCA+tcHttfk52+bpalkW2vxI3Kfv4sudEnNOvBIrlhT0phzTaO0KAf0mxEW+o
hA6zoVSAFZW5dEcuVXac0xdLn4PYrYlDENNY15Gd0m33UZU+vcS1a/5f9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsMrQHqADzAVC8R2A6eqg6Zbel9MB8GA1UdIwQY
MBaAFCLJTP0xoagJy/bAKnSle93H/x94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNsTV9UR2hxQW5MOXNBcWRLVjczY2ZfSDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wMDdkZDgtYjFlMi00YTg4LTkwMTgt
ZmZkMGRmNmJiYTIyLzEvQ3d5dEFlb0FQTUJVTHhIWURwNnFEcGx0NlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wMDdkZDgtYjFlMi00YTg4LTkwMTgtZmZkMGRmNmJiYTIy
LzEvSXNsTV9UR2hxQW5MOXNBcWRLVjczY2ZfSDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+WMA0G
CSqGSIb3DQEBCwUAA4IBAQCBsIIOKgZ65nemkEWGMFyHgjR3Ve5Q6qnPXjMD0Td9
Zw2DmC2C31dp2AkcqhLZwqluiu2zvwQKdzZOoqlIME8C8cffDCeYmeERiXIqXcpE
+Hhm971IrBVr46KdVki5su3sAShqn/bahMnotN8IQ3zj7ladUN3OCrCWdvYG8Sjy
Q/1jdEA+4zCoAauZAjx282/Pb+0WJjsZdsJ6MIDYNMybpg4RzY4eX8E7fheOvlhi
IrpRAfjeX/C07BCFXuLaBNC3V+UKK2BYTNi0OmF+SagPpKjnME6xcGdRIi04IARf
LJrV6+KfeOEsjM/p9WJHo/cyXsMZTbkj+h/+75bUyiw7
-----END CERTIFICATE-----