Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/JW8AyJFJPkQ1ZGONgpNYjy_UapU.roa
File:                     JW8AyJFJPkQ1ZGONgpNYjy_UapU.roa (raw, json)
Hash identifier:          7j/1BSk7JznLZDNSRYDx/seCvE0WvECGanSxETBdFRU=
Subject key identifier:   25:6F:00:C8:91:49:3E:44:35:64:63:8D:82:93:58:8F:2F:D4:6A:95
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B55D8C3D3C5D0FF45A3D4E7A22BDBB
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/JW8AyJFJPkQ1ZGONgpNYjy_UapU.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212897
IP address blocks:        79.175.71.0/24 maxlen: 24
                          188.255.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5d:8c:3d:3c:5d:0f:f4:5a:3d:4e:7a:22:bd:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=256f00c891493e443564638d8293588f2fd46a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d1:1a:34:6e:ea:25:68:1b:15:63:e1:d9:1c:
                    4b:79:68:e8:b0:ac:6b:f9:e6:e5:25:b0:cd:23:28:
                    31:e3:6d:ae:aa:47:6a:29:28:ca:87:83:59:67:1e:
                    11:52:64:ff:65:6b:8b:0d:f1:64:1c:94:55:21:44:
                    3b:af:9d:65:69:2e:4c:e8:89:7a:21:2c:a6:22:91:
                    0f:68:7f:8f:4a:f5:e0:0c:fc:d7:54:ed:fc:83:b1:
                    d2:87:e6:67:82:f8:16:80:ad:ca:3a:8b:86:ca:99:
                    f1:59:5e:a4:f7:4e:87:20:18:91:20:63:00:a0:86:
                    6c:a1:83:0b:73:ca:94:9d:e3:4b:6a:1a:ec:fa:b8:
                    39:cb:3f:41:f8:3a:37:46:09:7b:4b:ee:06:e7:fe:
                    a5:af:db:f0:15:ad:7e:d0:4b:e8:fc:ee:73:05:69:
                    21:bd:df:94:47:9e:37:c0:d9:e5:4f:a2:87:70:44:
                    14:23:72:77:34:04:7c:6a:c5:89:b8:09:b6:fb:56:
                    d5:54:0e:39:6c:ef:08:61:73:55:92:83:8b:45:e2:
                    42:70:4c:7f:e8:f7:a1:84:cd:9a:23:94:2d:e0:57:
                    f5:d9:6a:6e:15:b7:15:e7:7f:81:68:ff:ca:28:0d:
                    23:a8:73:d1:a5:00:99:68:5d:75:35:54:38:71:fe:
                    53:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:6F:00:C8:91:49:3E:44:35:64:63:8D:82:93:58:8F:2F:D4:6A:95
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/JW8AyJFJPkQ1ZGONgpNYjy_UapU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.71.0/24
                  188.255.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a8:8f:b2:74:2e:a5:00:01:89:63:7c:27:e0:09:15:23:55:
         da:54:14:5d:0f:98:02:dc:5b:4a:9e:b9:06:ec:de:74:3c:a1:
         6d:40:7d:87:dc:47:f8:61:84:9c:0f:1e:fd:29:16:73:a6:f7:
         12:77:07:72:e0:0b:d6:59:96:6e:56:8e:39:4b:fe:7f:41:97:
         2e:5b:b7:9e:40:8a:62:f5:2b:82:7a:74:90:a0:3d:54:29:36:
         5b:ce:e4:bf:8f:d8:18:ee:04:4a:21:46:e1:ea:b0:15:c7:52:
         76:0a:d1:d3:40:85:41:3a:06:23:33:59:b0:6a:b5:ec:b4:ac:
         a8:f9:4f:ab:60:e7:bc:8c:b6:d3:56:3c:f3:0d:19:7e:d5:71:
         9d:8c:4a:04:28:e7:90:cd:fc:c0:d7:68:6b:79:b5:bc:02:43:
         7e:17:17:23:1b:45:58:32:92:9e:1c:41:f3:14:81:7b:14:f2:
         dd:9c:97:4a:31:27:6f:f5:a6:77:45:c8:09:23:10:79:74:80:
         6a:df:63:d0:59:47:c7:9e:3f:59:83:c1:b0:93:f0:ba:91:1d:
         e3:14:a2:f3:1a:d8:a4:1e:30:10:9a:13:7f:7b:d7:20:ec:ba:
         ff:eb:da:2b:ef:78:01:e2:ac:35:9e:87:12:e2:54:52:66:c0:
         d1:79:0a:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntV2MPTxdD/RaPU56Ir27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTZmMDBjODkxNDkzZTQ0MzU2NDYzOGQ4MjkzNTg4ZjJmZDQ2YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNEaNG7qJWgbFWPh2RxLeWjosKxr
+eblJbDNIygx422uqkdqKSjKh4NZZx4RUmT/ZWuLDfFkHJRVIUQ7r51laS5M6Il6
ISymIpEPaH+PSvXgDPzXVO38g7HSh+ZngvgWgK3KOouGypnxWV6k906HIBiRIGMA
oIZsoYMLc8qUneNLahrs+rg5yz9B+Do3Rgl7S+4G5/6lr9vwFa1+0Evo/O5zBWkh
vd+UR543wNnlT6KHcEQUI3J3NAR8asWJuAm2+1bVVA45bO8IYXNVkoOLReJCcEx/
6PehhM2aI5Qt4Ff12WpuFbcV53+BaP/KKA0jqHPRpQCZaF11NVQ4cf5TXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCVvAMiRST5ENWRjjYKTWI8v1GqVMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvSlc4QXlKRkpQa1ExWkdPTmdwTllqeV9VYXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT69HAwQA
vP/KMA0GCSqGSIb3DQEBCwUAA4IBAQA8qI+ydC6lAAGJY3wn4AkVI1XaVBRdD5gC
3FtKnrkG7N50PKFtQH2H3Ef4YYScDx79KRZzpvcSdwdy4AvWWZZuVo45S/5/QZcu
W7eeQIpi9SuCenSQoD1UKTZbzuS/j9gY7gRKIUbh6rAVx1J2CtHTQIVBOgYjM1mw
arXstKyo+U+rYOe8jLbTVjzzDRl+1XGdjEoEKOeQzfzA12hrebW8AkN+FxcjG0VY
MpKeHEHzFIF7FPLdnJdKMSdv9aZ3RcgJIxB5dIBq32PQWUfHnj9Zg8Gwk/C6kR3j
FKLzGtikHjAQmhN/e9cg7Lr/69or73gB4qw1nocS4lRSZsDReQrd
-----END CERTIFICATE-----