Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/Yn8A51JXhydA1w7EudMw20btWgg.roa
File:                     Yn8A51JXhydA1w7EudMw20btWgg.roa (raw, json)
Hash identifier:          8RUIJ3RFWn4yzWXCDTrT+NipGbDk4lPsQLa6ndOWD40=
Subject key identifier:   62:7F:00:E7:52:57:87:27:40:D7:0E:C4:B9:D3:30:DB:46:ED:5A:08
Certificate issuer:       /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial:       019607C0ADCDF2A3135D2590EC7D79CCE98C
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/Yn8A51JXhydA1w7EudMw20btWgg.roa
Signing time:             Sat 05 Apr 2025 20:59:50 +0000
ROA not before:           Sat 05 Apr 2025 20:59:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57152
IP address blocks:        188.125.165.0/24 maxlen: 24
                          188.125.174.0/24 maxlen: 24
                          194.177.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:07:c0:ad:cd:f2:a3:13:5d:25:90:ec:7d:79:cc:e9:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
        Validity
            Not Before: Apr  5 20:59:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=627f00e75257872740d70ec4b9d330db46ed5a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:84:e1:0f:07:59:76:2d:44:9a:be:e9:77:1c:
                    a3:e2:da:c1:19:c2:2f:b9:fe:de:6a:d1:01:7d:7c:
                    f3:87:06:41:5c:91:fe:60:0c:39:22:b1:9e:af:f6:
                    b3:e9:01:cc:f6:85:37:ba:e0:b0:e2:08:c3:68:cc:
                    63:7c:53:dc:cd:85:32:08:40:b0:81:4c:70:ac:6a:
                    32:ae:c1:8a:9b:13:36:52:85:29:86:af:72:b3:3a:
                    8b:9f:69:cb:da:9c:4a:b5:11:9a:ec:2f:9e:44:d4:
                    b1:3f:da:a2:09:44:ed:6c:d8:04:8f:4b:05:96:48:
                    3d:80:8a:61:4b:2c:3a:86:21:13:db:24:7e:e9:f0:
                    9e:9c:20:6f:1d:49:d9:5e:4b:77:d9:a6:46:ac:e1:
                    df:7d:8d:26:f7:f6:22:e4:d0:fc:fa:6f:42:4b:14:
                    56:4d:85:5e:1d:3d:4f:35:15:0c:08:e6:70:0d:7c:
                    2f:dd:b1:b5:d8:71:51:03:f0:fd:67:7a:5e:10:8f:
                    db:bb:0a:df:c8:82:99:03:83:2c:78:15:41:19:a6:
                    70:2c:1a:29:3f:59:a1:85:1e:9c:6c:2b:35:b9:e7:
                    c2:af:79:f3:87:7f:4d:a8:96:4e:e7:36:68:3f:a7:
                    be:ee:c6:bd:75:99:cc:cf:b1:b1:66:d5:da:e1:3e:
                    d7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7F:00:E7:52:57:87:27:40:D7:0E:C4:B9:D3:30:DB:46:ED:5A:08
            X509v3 Authority Key Identifier:
                keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/Yn8A51JXhydA1w7EudMw20btWgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.165.0/24
                  188.125.174.0/24
                  194.177.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:56:e9:64:24:f7:48:61:8f:2c:a6:8f:74:96:39:a1:98:40:
         c3:3d:b8:c3:51:4f:50:f1:2f:30:22:97:31:16:88:26:d2:74:
         ed:e0:3d:29:73:a4:3d:c6:02:4a:99:c7:f3:6d:79:ec:6a:b6:
         3b:81:59:f2:4d:25:b9:ae:c4:36:85:0e:b7:f7:2a:37:39:52:
         e3:11:ad:f6:14:f7:a4:a7:92:e3:b2:68:d1:60:08:6a:42:07:
         9a:53:85:e4:8f:57:f5:a1:11:9e:95:ae:da:d6:eb:fa:f3:82:
         26:43:35:aa:e3:f2:ba:5e:48:07:50:43:47:4a:cd:15:73:a7:
         6a:bb:57:60:b3:b5:8a:30:3c:45:3a:33:e8:0b:67:f9:28:9b:
         ff:1f:b0:e6:7b:f9:24:ec:4e:60:a1:09:b8:e3:9e:ce:28:92:
         90:80:98:fa:02:93:33:05:fb:39:1a:f3:9b:04:94:5b:56:19:
         fc:32:b5:6c:77:15:d9:ef:28:4a:7d:ab:c8:bd:ea:66:29:00:
         7d:ef:1f:69:8d:1a:ef:26:1b:67:d7:f3:d4:97:f9:16:8f:74:
         83:7c:e3:f6:e7:a2:91:74:0d:25:d7:83:38:82:d0:92:c0:bc:
         1a:6b:cf:3d:1e:13:fe:13:2e:b1:09:14:d4:98:9c:4e:52:7e:
         4e:e8:48:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYHwK3N8qMTXSWQ7H15zOmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjUwNDA1MjA1OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjdmMDBlNzUyNTc4NzI3NDBkNzBlYzRiOWQzMzBkYjQ2ZWQ1YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIThDwdZdi1Emr7pdxyj4trBGcIv
uf7eatEBfXzzhwZBXJH+YAw5IrGer/az6QHM9oU3uuCw4gjDaMxjfFPczYUyCECw
gUxwrGoyrsGKmxM2UoUphq9yszqLn2nL2pxKtRGa7C+eRNSxP9qiCUTtbNgEj0sF
lkg9gIphSyw6hiET2yR+6fCenCBvHUnZXkt32aZGrOHffY0m9/Yi5ND8+m9CSxRW
TYVeHT1PNRUMCOZwDXwv3bG12HFRA/D9Z3peEI/buwrfyIKZA4MseBVBGaZwLBop
P1mhhR6cbCs1uefCr3nzh39NqJZO5zZoP6e+7sa9dZnMz7GxZtXa4T7XlQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGJ/AOdSV4cnQNcOxLnTMNtG7VoIMB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEvWW44QTUxSlhoeWRBMXc3RXVkTXcyMGJ0V2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvH2lAwQA
vH2uAwQAwrEOMA0GCSqGSIb3DQEBCwUAA4IBAQB4VulkJPdIYY8spo90ljmhmEDD
PbjDUU9Q8S8wIpcxFogm0nTt4D0pc6Q9xgJKmcfzbXnsarY7gVnyTSW5rsQ2hQ63
9yo3OVLjEa32FPekp5LjsmjRYAhqQgeaU4Xkj1f1oRGela7a1uv684ImQzWq4/K6
XkgHUENHSs0Vc6dqu1dgs7WKMDxFOjPoC2f5KJv/H7Dme/kk7E5goQm4457OKJKQ
gJj6ApMzBfs5GvObBJRbVhn8MrVsdxXZ7yhKfavIvepmKQB97x9pjRrvJhtn1/PU
l/kWj3SDfOP256KRdA0l14M4gtCSwLwaa889HhP+Ey6xCRTUmJxOUn5O6Egm
-----END CERTIFICATE-----