Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/cYvxi7xV5fqCitPQ_WwQHBPwDXE.roa
File:                     cYvxi7xV5fqCitPQ_WwQHBPwDXE.roa (raw, json)
Hash identifier:          Gq0wR4j7Ol8IdxTrvJ6E6hDp/JbrTAcp5TRysGKEzyk=
Subject key identifier:   71:8B:F1:8B:BC:55:E5:FA:82:8A:D3:D0:FD:6C:10:1C:13:F0:0D:71
Certificate issuer:       /CN=3b389f9b567e745c9521bb1c1541a3459ae0e8a5
Certificate serial:       0194221FB1D9D5B9738EACD0626F6C76F676
Authority key identifier: 3B:38:9F:9B:56:7E:74:5C:95:21:BB:1C:15:41:A3:45:9A:E0:E8:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ozifm1Z-dFyVIbscFUGjRZrg6KU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/cYvxi7xV5fqCitPQ_WwQHBPwDXE.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214895
IP address blocks:        193.242.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/Ozifm1Z-dFyVIbscFUGjRZrg6KU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/Ozifm1Z-dFyVIbscFUGjRZrg6KU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ozifm1Z-dFyVIbscFUGjRZrg6KU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b1:d9:d5:b9:73:8e:ac:d0:62:6f:6c:76:f6:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b389f9b567e745c9521bb1c1541a3459ae0e8a5
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=718bf18bbc55e5fa828ad3d0fd6c101c13f00d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:34:0c:49:44:c1:44:74:f6:9a:8b:e0:22:c4:
                    5c:a0:d5:55:a0:9e:d0:a1:96:99:87:3c:b3:77:eb:
                    0b:63:d2:bf:7e:86:06:17:be:9f:65:f2:35:1c:71:
                    43:00:64:ce:b3:3f:0e:ac:43:00:8e:d5:5a:b2:91:
                    00:1e:52:7f:72:92:5b:6d:10:c4:aa:ad:c4:a2:ec:
                    f9:4b:d1:e3:f0:9f:c8:c7:b9:bf:53:4e:52:84:cf:
                    c1:4c:99:8f:10:b4:94:9c:79:97:d8:f2:79:0f:08:
                    9c:55:e1:8b:d7:ad:08:db:5d:ae:66:ba:97:42:ff:
                    0f:39:22:04:94:69:ed:61:d7:41:e1:33:a3:71:a1:
                    4f:34:4e:dd:6e:40:68:ba:e0:12:0b:ac:6c:0d:28:
                    95:f7:96:c0:be:9a:e5:94:d7:2f:4a:aa:68:b1:d4:
                    fe:dc:55:b4:aa:dc:2b:38:3f:fe:06:c5:80:7c:c0:
                    fe:00:34:36:a0:0b:3d:a3:c0:91:af:a7:a7:c9:d3:
                    bc:17:0c:4a:3c:6b:a2:e7:ed:fe:26:07:25:07:be:
                    78:ea:c3:59:66:2c:ec:a6:60:0d:88:f1:51:7d:27:
                    f6:75:ce:da:b1:43:35:23:02:af:bf:64:ca:a6:51:
                    06:7a:c0:26:96:83:af:76:08:c0:8f:e4:93:72:fb:
                    10:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8B:F1:8B:BC:55:E5:FA:82:8A:D3:D0:FD:6C:10:1C:13:F0:0D:71
            X509v3 Authority Key Identifier:
                keyid:3B:38:9F:9B:56:7E:74:5C:95:21:BB:1C:15:41:A3:45:9A:E0:E8:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ozifm1Z-dFyVIbscFUGjRZrg6KU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/cYvxi7xV5fqCitPQ_WwQHBPwDXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/5e118e-110a-4ebb-847c-bf351c0f0ebc/1/Ozifm1Z-dFyVIbscFUGjRZrg6KU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:61:4b:6f:05:55:ef:aa:48:65:bc:7a:16:58:43:33:5a:75:
         8f:4e:3e:68:3c:14:35:9f:b6:8b:af:18:b3:68:5a:9b:94:44:
         f4:f8:33:a2:2d:ee:3f:03:7a:5d:b5:7e:27:f2:d0:14:13:f4:
         6f:e3:8d:94:35:70:a4:50:83:f9:02:90:10:97:8d:d3:bd:8e:
         bf:5d:b2:03:06:1f:c4:25:0b:a7:f7:ae:21:54:86:6e:82:39:
         a7:fa:23:63:ea:e8:8a:0a:fc:89:c6:b8:8c:63:a2:6f:99:22:
         29:9f:f6:7a:42:57:dc:96:ef:50:db:ac:40:66:ac:47:dc:85:
         f0:f3:54:93:3c:f9:25:6a:28:ec:34:4b:63:c4:45:d1:20:48:
         85:ff:0e:94:3f:fb:1e:ea:d3:88:d8:e7:20:9d:a2:68:75:22:
         ab:64:e7:69:bf:9c:e4:d4:7e:0a:b4:55:8b:f9:4f:f8:17:7d:
         d6:25:e6:fd:ad:c7:44:22:aa:cd:77:2e:4a:12:fa:32:63:9d:
         b2:08:a7:22:62:a9:43:ce:2f:fd:c1:66:2c:77:2e:16:a2:41:
         38:8a:f0:56:b2:40:3b:92:24:9a:bb:99:c4:33:ee:7f:ed:54:
         ef:21:6a:2a:af:28:dc:5e:85:1e:87:1c:6d:9b:14:b8:a3:45:
         02:15:10:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7HZ1blzjqzQYm9sdvZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzg5ZjliNTY3ZTc0NWM5NTIxYmIxYzE1NDFhMzQ1OWFl
MGU4YTUwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MThiZjE4YmJjNTVlNWZhODI4YWQzZDBmZDZjMTAxYzEzZjAwZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzQMSUTBRHT2movgIsRcoNVVoJ7Q
oZaZhzyzd+sLY9K/foYGF76fZfI1HHFDAGTOsz8OrEMAjtVaspEAHlJ/cpJbbRDE
qq3Eouz5S9Hj8J/Ix7m/U05ShM/BTJmPELSUnHmX2PJ5DwicVeGL160I212uZrqX
Qv8POSIElGntYddB4TOjcaFPNE7dbkBouuASC6xsDSiV95bAvprllNcvSqposdT+
3FW0qtwrOD/+BsWAfMD+ADQ2oAs9o8CRr6enydO8FwxKPGui5+3+JgclB7546sNZ
ZizspmANiPFRfSf2dc7asUM1IwKvv2TKplEGesAmloOvdgjAj+STcvsQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGL8Yu8VeX6gorT0P1sEBwT8A1xMB8GA1UdIwQY
MBaAFDs4n5tWfnRclSG7HBVBo0Wa4OilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ppZm0xWi1kRnlWSWJzY0ZVR2pSWnJnNktVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81ZTExOGUtMTEwYS00ZWJiLTg0N2Mt
YmYzNTFjMGYwZWJjLzEvY1l2eGk3eFY1ZnFDaXRQUV9Xd1FIQlB3RFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81ZTExOGUtMTEwYS00ZWJiLTg0N2MtYmYzNTFjMGYwZWJj
LzEvT3ppZm0xWi1kRnlWSWJzY0ZVR2pSWnJnNktVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfLfMA0G
CSqGSIb3DQEBCwUAA4IBAQCQYUtvBVXvqkhlvHoWWEMzWnWPTj5oPBQ1n7aLrxiz
aFqblET0+DOiLe4/A3pdtX4n8tAUE/Rv442UNXCkUIP5ApAQl43TvY6/XbIDBh/E
JQun964hVIZugjmn+iNj6uiKCvyJxriMY6JvmSIpn/Z6Qlfclu9Q26xAZqxH3IXw
81STPPklaijsNEtjxEXRIEiF/w6UP/se6tOI2OcgnaJodSKrZOdpv5zk1H4KtFWL
+U/4F33WJeb9rcdEIqrNdy5KEvoyY52yCKciYqlDzi/9wWYsdy4WokE4ivBWskA7
kiSau5nEM+5/7VTvIWoqryjcXoUehxxtmxS4o0UCFRA8
-----END CERTIFICATE-----