Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/fyItLKzWB2M2DcciXcjMC9ehbVo.roa
File:                     fyItLKzWB2M2DcciXcjMC9ehbVo.roa (raw, json)
Hash identifier:          3hotdI7UkUaU/+3bTtSUK7y3DutUUFvTPfXcX54WRXY=
Subject key identifier:   7F:22:2D:2C:AC:D6:07:63:36:0D:C7:22:5D:C8:CC:0B:D7:A1:6D:5A
Certificate issuer:       /CN=64dfe26d403141be9059ab2144325b402d4cab7d
Certificate serial:       0195473F71F22436FA40535FBEEB35C07D24
Authority key identifier: 64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/fyItLKzWB2M2DcciXcjMC9ehbVo.roa
Signing time:             Thu 27 Feb 2025 11:51:35 +0000
ROA not before:           Thu 27 Feb 2025 11:51:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49760
IP address blocks:        176.241.94.0/24 maxlen: 24
                          185.54.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:3f:71:f2:24:36:fa:40:53:5f:be:eb:35:c0:7d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64dfe26d403141be9059ab2144325b402d4cab7d
        Validity
            Not Before: Feb 27 11:51:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f222d2cacd60763360dc7225dc8cc0bd7a16d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c3:ea:83:0c:d1:41:42:43:4e:0a:d8:6e:02:
                    be:88:f4:f0:4d:22:ad:4e:15:7f:5a:b2:ed:af:c4:
                    6e:32:e7:eb:43:67:02:97:65:8b:3b:9c:67:d1:9f:
                    62:fb:e4:e6:97:a8:7d:8b:9b:3b:7d:1f:28:9a:38:
                    a7:62:f6:c6:38:75:4f:94:ee:36:b5:66:0b:65:bc:
                    94:06:5a:3f:84:90:b2:9d:04:16:f0:3b:a3:13:f7:
                    8d:ba:c6:23:d5:17:ee:8f:26:44:a4:cc:b4:9d:7a:
                    b0:c4:34:0c:0c:cb:41:8a:e4:3a:0c:32:b1:9f:97:
                    88:e1:b1:f5:cb:63:7f:76:13:7f:ef:c7:79:c4:de:
                    07:03:ea:07:03:19:b9:db:99:a9:d7:65:aa:c0:88:
                    11:79:a6:9a:36:5c:1a:77:85:c7:5a:05:50:f1:36:
                    db:2d:0e:a0:eb:84:8a:e4:94:3c:a8:a0:d1:37:ce:
                    7d:83:05:bc:9e:a3:3d:8a:60:4d:cc:2b:7f:8b:21:
                    f5:f6:fa:41:1c:61:8a:93:7a:82:1c:f7:93:f6:31:
                    1b:70:cf:97:ac:fb:97:c3:6f:3e:4b:58:fa:e2:e4:
                    c4:23:6c:5b:d2:e4:34:6b:b9:4f:f2:59:d1:17:03:
                    f8:5a:38:05:ab:01:c3:8d:0f:26:d2:d5:7d:da:73:
                    37:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:22:2D:2C:AC:D6:07:63:36:0D:C7:22:5D:C8:CC:0B:D7:A1:6D:5A
            X509v3 Authority Key Identifier:
                keyid:64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/fyItLKzWB2M2DcciXcjMC9ehbVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.241.94.0/24
                  185.54.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:87:8d:d0:f3:c4:3b:d1:f4:77:50:8e:cd:f0:40:7c:0a:67:
         f1:e3:17:91:2e:97:34:b0:b0:ce:da:95:a2:98:6a:14:63:ee:
         9d:39:3a:b3:e2:72:81:af:98:d3:33:5a:c6:81:2e:dd:d5:ce:
         0a:ab:54:d1:5f:b6:d4:69:a2:32:1f:fb:ba:d3:0b:e3:c5:b1:
         6e:a9:f2:08:58:42:01:0c:1d:1d:ce:8c:65:51:31:b9:31:71:
         09:ff:ff:1b:71:bb:63:7c:b4:ee:c5:bd:e7:43:e5:3d:90:e5:
         73:bd:0e:de:92:0e:35:2f:34:a2:df:56:67:ed:b3:d2:28:0a:
         82:bd:c2:c0:cd:ff:4f:a8:12:c0:a8:24:b6:7f:19:3d:fe:c4:
         d9:af:fc:2f:f5:7d:b5:3a:e4:b6:5b:3e:3a:f5:54:39:4b:27:
         f1:7e:34:fe:2e:a0:35:9a:0a:7c:53:41:b4:d8:86:d8:28:77:
         89:d5:ec:f1:92:cc:4b:98:35:c4:8a:90:7d:bb:d4:f2:13:f1:
         74:8b:85:4b:c2:c4:71:3f:d0:11:4f:eb:6c:86:73:8e:59:2c:
         92:a5:a5:03:d7:f9:5e:50:3a:ec:b3:b2:74:ba:ce:65:53:d8:
         fe:80:56:52:05:18:fb:9b:f8:78:95:09:6a:5a:70:92:2d:26:
         57:98:4d:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVHP3HyJDb6QFNfvus1wH0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGZlMjZkNDAzMTQxYmU5MDU5YWIyMTQ0MzI1YjQwMmQ0
Y2FiN2QwHhcNMjUwMjI3MTE1MTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjIyMmQyY2FjZDYwNzYzMzYwZGM3MjI1ZGM4Y2MwYmQ3YTE2ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsPqgwzRQUJDTgrYbgK+iPTwTSKt
ThV/WrLtr8RuMufrQ2cCl2WLO5xn0Z9i++Tml6h9i5s7fR8omjinYvbGOHVPlO42
tWYLZbyUBlo/hJCynQQW8DujE/eNusYj1RfujyZEpMy0nXqwxDQMDMtBiuQ6DDKx
n5eI4bH1y2N/dhN/78d5xN4HA+oHAxm525mp12WqwIgReaaaNlwad4XHWgVQ8Tbb
LQ6g64SK5JQ8qKDRN859gwW8nqM9imBNzCt/iyH19vpBHGGKk3qCHPeT9jEbcM+X
rPuXw28+S1j64uTEI2xb0uQ0a7lP8lnRFwP4WjgFqwHDjQ8m0tV92nM3awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH8iLSys1gdjNg3HIl3IzAvXoW1aMB8GA1UdIwQY
MBaAFGTf4m1AMUG+kFmrIUQyW0AtTKt9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDct
ZjY1NzUxOWQwMjMzLzEvZnlJdExLeldCMk0yRGNjaVhjak1DOWVoYlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDctZjY1NzUxOWQwMjMz
LzEvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsPFeAwQA
uTaeMA0GCSqGSIb3DQEBCwUAA4IBAQCRh43Q88Q70fR3UI7N8EB8Cmfx4xeRLpc0
sLDO2pWimGoUY+6dOTqz4nKBr5jTM1rGgS7d1c4Kq1TRX7bUaaIyH/u60wvjxbFu
qfIIWEIBDB0dzoxlUTG5MXEJ//8bcbtjfLTuxb3nQ+U9kOVzvQ7ekg41LzSi31Zn
7bPSKAqCvcLAzf9PqBLAqCS2fxk9/sTZr/wv9X21OuS2Wz469VQ5SyfxfjT+LqA1
mgp8U0G02IbYKHeJ1ezxksxLmDXEipB9u9TyE/F0i4VLwsRxP9ART+tshnOOWSyS
paUD1/leUDrss7J0us5lU9j+gFZSBRj7m/h4lQlqWnCSLSZXmE3n
-----END CERTIFICATE-----