Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/_YcVUBg4pBpfDLeQd5mPM0GEYXY.roa
File:                     _YcVUBg4pBpfDLeQd5mPM0GEYXY.roa (raw, json)
Hash identifier:          TyordHwYJ+m11Vugk833ssnB80M13ALr7nNUHskLV34=
Subject key identifier:   FD:87:15:50:18:38:A4:1A:5F:0C:B7:90:77:99:8F:33:41:84:61:76
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       0194266BE22B73175F2FD9984E75D7E53F94
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/_YcVUBg4pBpfDLeQd5mPM0GEYXY.roa
Signing time:             Thu 02 Jan 2025 09:49:51 +0000
ROA not before:           Thu 02 Jan 2025 09:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198881
IP address blocks:        194.99.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e2:2b:73:17:5f:2f:d9:98:4e:75:d7:e5:3f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  2 09:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd8715501838a41a5f0cb79077998f3341846176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bf:af:96:da:59:b7:e7:89:a6:b6:16:f7:82:
                    c5:4f:fc:32:2a:95:da:f8:cb:1a:d8:89:3b:10:13:
                    3a:3c:d4:bf:4b:aa:c9:5f:b8:6d:15:70:3d:81:7a:
                    50:9c:61:7b:65:73:7d:5a:03:22:bc:c7:ba:b5:04:
                    08:ec:1d:5d:67:df:b3:0d:c1:1b:ef:4b:2f:e5:2f:
                    5c:dd:04:c8:9c:a2:24:91:08:30:dd:4c:75:6a:48:
                    83:6e:31:08:01:3a:ee:f0:c1:ab:0e:de:bb:07:51:
                    32:1f:13:67:39:7c:65:d3:26:a7:1d:16:7c:cd:43:
                    07:ca:cc:7b:26:f0:d4:4e:d3:2e:7d:ac:a3:e5:3f:
                    c0:76:ea:a4:97:03:66:b1:ab:c4:cc:a9:eb:6c:88:
                    7a:5d:74:6f:88:c3:1d:21:71:ce:ee:a2:7e:01:aa:
                    80:c8:f2:bf:b5:d7:af:6d:82:a8:ee:33:18:47:ac:
                    d9:42:18:e2:99:c3:5c:47:4e:5f:6b:c4:8b:02:15:
                    00:a0:7f:9b:a6:d1:ab:33:01:a6:aa:ca:59:45:42:
                    04:3a:61:75:55:ab:c6:84:13:cf:a8:6c:bc:29:cd:
                    21:fe:99:f8:33:79:d9:e8:ce:4b:70:3d:bb:23:df:
                    12:a1:14:c7:0b:21:1d:ca:27:0e:1c:04:99:65:88:
                    be:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:87:15:50:18:38:A4:1A:5F:0C:B7:90:77:99:8F:33:41:84:61:76
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/_YcVUBg4pBpfDLeQd5mPM0GEYXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:a9:66:49:e7:e4:a9:89:b8:88:2e:3f:53:4f:1a:b7:e1:c7:
         a3:82:28:55:85:a4:94:c9:3f:01:3c:7e:07:00:fc:09:e4:1e:
         bf:42:e8:10:81:30:81:e3:da:2d:43:8e:d1:c2:f4:57:30:9d:
         97:6f:af:06:d9:e8:1b:78:cd:e5:30:33:2f:23:c7:c4:d8:dc:
         63:7b:c5:3b:21:64:46:e7:d7:bd:30:36:ea:36:65:aa:26:f8:
         31:72:ee:83:0a:bf:9a:f1:9d:8c:f5:c6:07:29:bd:7f:0a:19:
         c2:b5:9f:d2:39:44:cf:f8:1f:ce:38:25:0e:67:f3:ff:b5:59:
         12:5e:e3:a6:32:80:f5:7f:b8:4e:da:da:79:c0:b9:86:65:01:
         6d:25:cb:31:a6:e6:ce:a7:5a:d6:40:75:1d:e2:ea:46:3c:c8:
         10:cf:de:36:50:b0:52:cd:34:a4:2c:5b:90:d3:c3:70:e4:e6:
         0d:66:e8:dd:36:52:de:e1:95:e3:51:3d:45:79:bf:d3:0e:67:
         66:0a:9f:f3:f1:d4:b6:56:c9:b4:fa:39:a3:b6:10:54:10:c2:
         87:f1:47:18:ff:4a:29:d7:79:e6:97:68:4f:4b:28:53:bd:a4:
         eb:0e:e9:65:88:8e:d6:a7:07:6b:8f:51:10:b1:f0:32:27:91:
         9a:83:ca:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+IrcxdfL9mYTnXX5T+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGNlM2YzYzVlNWEyZjlkOGI4YTRjNzdhODM2MWY4YTIx
NmYzYWQwHhcNMjUwMTAyMDk0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDg3MTU1MDE4MzhhNDFhNWYwY2I3OTA3Nzk5OGYzMzQxODQ2MTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb+vltpZt+eJprYW94LFT/wyKpXa
+Msa2Ik7EBM6PNS/S6rJX7htFXA9gXpQnGF7ZXN9WgMivMe6tQQI7B1dZ9+zDcEb
70sv5S9c3QTInKIkkQgw3Ux1akiDbjEIATru8MGrDt67B1EyHxNnOXxl0yanHRZ8
zUMHysx7JvDUTtMufayj5T/AduqklwNmsavEzKnrbIh6XXRviMMdIXHO7qJ+AaqA
yPK/tdevbYKo7jMYR6zZQhjimcNcR05fa8SLAhUAoH+bptGrMwGmqspZRUIEOmF1
VavGhBPPqGy8Kc0h/pn4M3nZ6M5LcD27I98SoRTHCyEdyicOHASZZYi+nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2HFVAYOKQaXwy3kHeZjzNBhGF2MB8GA1UdIwQY
MBaAFLdM4/PF5aL52Likx3qDYfiiFvOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAt
NWViZGQ5ZTI4ODdjLzEvX1ljVlVCZzRwQnBmRExlUWQ1bVBNMEdFWVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAtNWViZGQ5ZTI4ODdj
LzEvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNgMA0G
CSqGSIb3DQEBCwUAA4IBAQCyqWZJ5+SpibiILj9TTxq34cejgihVhaSUyT8BPH4H
APwJ5B6/QugQgTCB49otQ47RwvRXMJ2Xb68G2egbeM3lMDMvI8fE2Nxje8U7IWRG
59e9MDbqNmWqJvgxcu6DCr+a8Z2M9cYHKb1/ChnCtZ/SOUTP+B/OOCUOZ/P/tVkS
XuOmMoD1f7hO2tp5wLmGZQFtJcsxpubOp1rWQHUd4upGPMgQz942ULBSzTSkLFuQ
08Nw5OYNZujdNlLe4ZXjUT1Feb/TDmdmCp/z8dS2Vsm0+jmjthBUEMKH8UcY/0op
13nml2hPSyhTvaTrDulliI7Wpwdrj1EQsfAyJ5Gag8oW
-----END CERTIFICATE-----