Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/PREVDyEb408mqa9BxzP0AsRzJeg.roa
File:                     PREVDyEb408mqa9BxzP0AsRzJeg.roa (raw, json)
Hash identifier:          aYqJv67l6Fq1t+h1omQ5wjXrKiL4xcndOuCQgkoKKGY=
Subject key identifier:   3D:11:15:0F:21:1B:E3:4F:26:A9:AF:41:C7:33:F4:02:C4:73:25:E8
Certificate issuer:       /CN=9135be8ef0dce9d1e67071ab7cb07cf50d53f617
Certificate serial:       019424B3C57F6451B2AAA3DDD27B94B93292
Authority key identifier: 91:35:BE:8E:F0:DC:E9:D1:E6:70:71:AB:7C:B0:7C:F5:0D:53:F6:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTW-jvDc6dHmcHGrfLB89Q1T9hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/PREVDyEb408mqa9BxzP0AsRzJeg.roa
Signing time:             Thu 02 Jan 2025 01:49:08 +0000
ROA not before:           Thu 02 Jan 2025 01:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        195.182.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/kTW-jvDc6dHmcHGrfLB89Q1T9hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/kTW-jvDc6dHmcHGrfLB89Q1T9hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTW-jvDc6dHmcHGrfLB89Q1T9hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c5:7f:64:51:b2:aa:a3:dd:d2:7b:94:b9:32:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9135be8ef0dce9d1e67071ab7cb07cf50d53f617
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d11150f211be34f26a9af41c733f402c47325e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1a:05:bc:db:d9:c6:42:a4:00:bf:8a:bc:6e:
                    6e:d8:d7:24:53:68:c9:10:f7:2e:3f:36:3d:e1:75:
                    00:d7:3c:68:29:47:f8:50:74:3f:44:e0:c8:33:6c:
                    04:29:f3:02:80:87:d1:0c:42:9f:fe:04:84:ee:40:
                    5e:14:af:88:a6:f1:0b:0f:82:44:f8:d0:c1:92:68:
                    b6:b7:03:c2:9c:7a:d1:f5:51:71:a7:8b:7b:24:61:
                    5b:ed:3d:d4:5a:03:42:48:e6:3b:a6:bb:89:4b:47:
                    3f:c8:c4:59:67:7e:a7:04:83:de:ab:4a:b0:38:ba:
                    52:58:d4:3a:5d:98:a4:e9:49:ee:be:4c:0b:2d:68:
                    f5:6f:d2:3f:a1:ca:7a:8d:2b:60:b6:15:12:bc:ff:
                    43:1b:8a:61:6f:bf:cf:68:0c:cb:46:ca:ae:f0:20:
                    8c:de:40:07:4e:c6:a5:a4:7b:4e:32:ee:eb:60:e3:
                    76:f2:43:e3:51:21:eb:d9:1c:ea:66:2c:b4:63:e1:
                    1a:24:52:b2:21:0b:ed:1d:e5:0d:d3:47:85:fc:8e:
                    83:95:c0:23:c3:a8:42:1e:93:ba:00:f4:2b:fb:63:
                    b3:52:71:83:74:22:53:fd:af:7f:7d:1d:d9:19:bd:
                    74:2c:37:95:86:0f:12:27:1c:24:94:65:d0:27:30:
                    c9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:11:15:0F:21:1B:E3:4F:26:A9:AF:41:C7:33:F4:02:C4:73:25:E8
            X509v3 Authority Key Identifier:
                keyid:91:35:BE:8E:F0:DC:E9:D1:E6:70:71:AB:7C:B0:7C:F5:0D:53:F6:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTW-jvDc6dHmcHGrfLB89Q1T9hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/PREVDyEb408mqa9BxzP0AsRzJeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/d21e02-54b7-49de-b15f-729298212f54/1/kTW-jvDc6dHmcHGrfLB89Q1T9hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:db:2a:27:48:29:57:e6:8f:30:65:21:a9:f8:75:7a:2e:fb:
         0b:55:3a:b9:63:fe:f3:62:4d:db:28:6e:8f:b4:93:2c:b2:00:
         16:ac:11:a4:4f:cc:e7:e3:56:d9:3f:01:25:7d:78:ba:8f:b6:
         5a:0d:08:9a:e0:9c:72:e2:02:15:3d:31:58:b1:52:f4:97:64:
         ec:7f:71:be:e1:67:d5:b5:c1:8e:c2:d5:a4:ba:eb:a1:75:ec:
         31:2e:e8:ce:f0:d4:a7:51:0e:2e:4d:83:ba:1e:f2:86:e3:a9:
         f6:9d:69:01:b5:c2:29:66:e6:92:a0:4a:d2:fc:56:39:9f:78:
         b5:39:c3:da:64:3c:52:91:2c:70:ad:49:12:d6:39:6b:dc:56:
         87:09:77:c7:21:20:a8:15:8e:9e:9b:d9:6f:d4:ed:e8:cd:07:
         c0:21:13:51:d6:84:65:ad:9c:4c:a4:e4:db:b1:26:22:57:1c:
         83:97:2b:cd:18:db:79:3c:67:a5:99:74:2f:64:76:ba:b0:b5:
         e9:da:aa:60:92:04:ee:f5:56:24:20:06:be:41:66:9d:eb:14:
         ff:ac:2d:94:e2:9f:0c:88:04:0f:23:f2:7a:7d:84:e6:d9:39:
         16:de:7f:82:09:0d:98:67:08:bb:2f:34:32:1c:97:0d:7f:be:
         40:c9:78:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8V/ZFGyqqPd0nuUuTKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzViZThlZjBkY2U5ZDFlNjcwNzFhYjdjYjA3Y2Y1MGQ1
M2Y2MTcwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDExMTUwZjIxMWJlMzRmMjZhOWFmNDFjNzMzZjQwMmM0NzMyNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRoFvNvZxkKkAL+KvG5u2NckU2jJ
EPcuPzY94XUA1zxoKUf4UHQ/RODIM2wEKfMCgIfRDEKf/gSE7kBeFK+IpvELD4JE
+NDBkmi2twPCnHrR9VFxp4t7JGFb7T3UWgNCSOY7pruJS0c/yMRZZ36nBIPeq0qw
OLpSWNQ6XZik6UnuvkwLLWj1b9I/ocp6jStgthUSvP9DG4phb7/PaAzLRsqu8CCM
3kAHTsalpHtOMu7rYON28kPjUSHr2RzqZiy0Y+EaJFKyIQvtHeUN00eF/I6DlcAj
w6hCHpO6APQr+2OzUnGDdCJT/a9/fR3ZGb10LDeVhg8SJxwklGXQJzDJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0RFQ8hG+NPJqmvQccz9ALEcyXoMB8GA1UdIwQY
MBaAFJE1vo7w3OnR5nBxq3ywfPUNU/YXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RXLWp2RGM2ZEhtY0hHcmZMQjg5UTFUOWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kMjFlMDItNTRiNy00OWRlLWIxNWYt
NzI5Mjk4MjEyZjU0LzEvUFJFVkR5RWI0MDhtcWE5Qnh6UDBBc1J6SmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kMjFlMDItNTRiNy00OWRlLWIxNWYtNzI5Mjk4MjEyZjU0
LzEva1RXLWp2RGM2ZEhtY0hHcmZMQjg5UTFUOWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7Y+MA0G
CSqGSIb3DQEBCwUAA4IBAQC32yonSClX5o8wZSGp+HV6LvsLVTq5Y/7zYk3bKG6P
tJMssgAWrBGkT8zn41bZPwElfXi6j7ZaDQia4Jxy4gIVPTFYsVL0l2Tsf3G+4WfV
tcGOwtWkuuuhdewxLujO8NSnUQ4uTYO6HvKG46n2nWkBtcIpZuaSoErS/FY5n3i1
OcPaZDxSkSxwrUkS1jlr3FaHCXfHISCoFY6em9lv1O3ozQfAIRNR1oRlrZxMpOTb
sSYiVxyDlyvNGNt5PGelmXQvZHa6sLXp2qpgkgTu9VYkIAa+QWad6xT/rC2U4p8M
iAQPI/J6fYTm2TkW3n+CCQ2YZwi7LzQyHJcNf75AyXg9
-----END CERTIFICATE-----