Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/YSvlEI-QwRaOJVEKhPo-n7hFfMs.roa
File:                     YSvlEI-QwRaOJVEKhPo-n7hFfMs.roa (raw, json)
Hash identifier:          2D47YFaNK7fea1JKhXlBWUic8EXXrjyXZMVK5ghBVPU=
Subject key identifier:   61:2B:E5:10:8F:90:C1:16:8E:25:51:0A:84:FA:3E:9F:B8:45:7C:CB
Certificate issuer:       /CN=5bd3e848c58a6451ca874cdcfc37e9bc0f5d9ac7
Certificate serial:       0194228E2249AF29E61E74ED50C8D166F619
Authority key identifier: 5B:D3:E8:48:C5:8A:64:51:CA:87:4C:DC:FC:37:E9:BC:0F:5D:9A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W9PoSMWKZFHKh0zc_DfpvA9dmsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/YSvlEI-QwRaOJVEKhPo-n7hFfMs.roa
Signing time:             Wed 01 Jan 2025 15:48:47 +0000
ROA not before:           Wed 01 Jan 2025 15:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209820
IP address blocks:        80.208.254.0/24 maxlen: 24
                          80.209.254.0/24 maxlen: 24
                          185.40.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/W9PoSMWKZFHKh0zc_DfpvA9dmsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/W9PoSMWKZFHKh0zc_DfpvA9dmsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W9PoSMWKZFHKh0zc_DfpvA9dmsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:22:49:af:29:e6:1e:74:ed:50:c8:d1:66:f6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bd3e848c58a6451ca874cdcfc37e9bc0f5d9ac7
        Validity
            Not Before: Jan  1 15:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=612be5108f90c1168e25510a84fa3e9fb8457ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:91:b9:51:f6:9b:f7:b8:13:33:64:f7:ab:44:
                    7a:26:a3:ed:22:20:42:3f:84:2b:63:0e:c4:46:9e:
                    dc:42:94:7a:98:41:a3:6e:3a:6b:82:62:48:28:3f:
                    a4:ae:b2:f8:c4:cc:f8:82:7d:b2:c9:ea:bf:ac:0c:
                    4a:f4:4e:bb:da:f9:62:8e:05:86:a0:30:83:d0:e8:
                    93:cb:e8:4e:f9:59:69:9d:e3:4b:b4:1e:59:5d:1e:
                    3d:52:7f:a6:9f:7e:20:dd:94:69:98:68:e0:db:3f:
                    2b:8c:ea:33:11:54:9a:a3:75:8e:08:b0:d9:47:3b:
                    7b:a3:c3:a4:d5:8a:63:28:da:19:f7:62:65:5f:ef:
                    ee:ae:d7:47:ed:74:a8:d1:21:a4:9e:f0:a3:6b:21:
                    60:46:fb:0e:db:f0:41:13:7b:ea:fb:b0:61:8b:3f:
                    e9:78:d8:92:3e:5b:c5:8f:7a:02:7a:7f:68:4c:5e:
                    f8:38:bf:53:ea:99:1a:94:6f:9f:8f:d5:1d:65:e7:
                    f0:eb:0b:4b:d0:bd:f2:7a:2f:d2:49:c2:4c:47:5e:
                    9a:84:43:e1:77:9b:fd:06:c0:0b:01:01:4f:7c:ff:
                    f9:67:c4:4c:09:72:09:da:f7:df:fe:26:3e:f3:6b:
                    cd:7e:c8:45:51:86:00:54:f3:12:eb:ff:4b:e4:64:
                    3a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:2B:E5:10:8F:90:C1:16:8E:25:51:0A:84:FA:3E:9F:B8:45:7C:CB
            X509v3 Authority Key Identifier:
                keyid:5B:D3:E8:48:C5:8A:64:51:CA:87:4C:DC:FC:37:E9:BC:0F:5D:9A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9PoSMWKZFHKh0zc_DfpvA9dmsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/YSvlEI-QwRaOJVEKhPo-n7hFfMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0b87f5-e5d2-456f-abe0-484d4586ee7b/1/W9PoSMWKZFHKh0zc_DfpvA9dmsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.254.0/24
                  80.209.254.0/24
                  185.40.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:a4:1c:a7:e3:f7:48:7d:d6:96:31:a4:29:47:8e:80:c1:f9:
         9b:2e:fc:aa:8c:4d:ff:a9:43:63:f7:88:23:b7:dc:62:99:df:
         63:26:c9:51:18:c1:6f:c5:1b:01:7a:27:26:8e:11:ac:96:99:
         7c:bb:e8:e5:79:66:d4:78:28:0b:af:c5:81:5d:50:f2:da:ce:
         42:19:29:83:2d:d6:7b:a7:05:58:7b:f4:9f:d5:52:0c:a4:2c:
         0f:91:40:c0:1e:4f:3e:63:43:4c:12:9e:e2:6c:71:82:37:0c:
         c1:8b:aa:76:53:27:9c:ce:69:69:3c:90:ab:a2:7f:44:21:3b:
         24:5a:33:4c:c9:16:ad:e8:10:d8:77:ab:4f:a5:2e:33:0a:ff:
         a0:d4:26:c0:bf:f3:32:aa:b1:80:e1:2f:ec:74:3b:36:40:57:
         4f:01:ee:a7:0e:d4:4f:8e:be:4d:af:3b:93:d6:ba:d4:21:7a:
         de:b4:e8:d5:76:43:6c:d5:ba:8b:97:4e:56:cb:4d:89:f4:08:
         8a:1c:67:0e:fa:03:ae:bd:63:79:a1:6b:7c:b7:15:0e:12:96:
         64:d9:42:59:02:a1:71:51:2b:14:e7:75:db:f0:37:3e:01:96:
         93:49:f2:d7:47:9f:c4:03:97:72:39:de:3e:ca:c1:ee:08:b1:
         0f:5b:61:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijiJJrynmHnTtUMjRZvYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDNlODQ4YzU4YTY0NTFjYTg3NGNkY2ZjMzdlOWJjMGY1
ZDlhYzcwHhcNMjUwMTAxMTU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTJiZTUxMDhmOTBjMTE2OGUyNTUxMGE4NGZhM2U5ZmI4NDU3Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpG5Ufab97gTM2T3q0R6JqPtIiBC
P4QrYw7ERp7cQpR6mEGjbjprgmJIKD+krrL4xMz4gn2yyeq/rAxK9E672vlijgWG
oDCD0OiTy+hO+VlpneNLtB5ZXR49Un+mn34g3ZRpmGjg2z8rjOozEVSao3WOCLDZ
Rzt7o8Ok1YpjKNoZ92JlX+/urtdH7XSo0SGknvCjayFgRvsO2/BBE3vq+7Bhiz/p
eNiSPlvFj3oCen9oTF74OL9T6pkalG+fj9UdZefw6wtL0L3yei/SScJMR16ahEPh
d5v9BsALAQFPfP/5Z8RMCXIJ2vff/iY+82vNfshFUYYAVPMS6/9L5GQ6/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGEr5RCPkMEWjiVRCoT6Pp+4RXzLMB8GA1UdIwQY
MBaAFFvT6EjFimRRyodM3Pw36bwPXZrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlQb1NNV0taRkhLaDB6Y19EZnB2QTlkbXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wYjg3ZjUtZTVkMi00NTZmLWFiZTAt
NDg0ZDQ1ODZlZTdiLzEvWVN2bEVJLVF3UmFPSlZFS2hQby1uN2hGZk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wYjg3ZjUtZTVkMi00NTZmLWFiZTAtNDg0ZDQ1ODZlZTdi
LzEvVzlQb1NNV0taRkhLaDB6Y19EZnB2QTlkbXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUND+AwQA
UNH+AwQAuSiMMA0GCSqGSIb3DQEBCwUAA4IBAQCBpByn4/dIfdaWMaQpR46Awfmb
LvyqjE3/qUNj94gjt9ximd9jJslRGMFvxRsBeicmjhGslpl8u+jleWbUeCgLr8WB
XVDy2s5CGSmDLdZ7pwVYe/Sf1VIMpCwPkUDAHk8+Y0NMEp7ibHGCNwzBi6p2Uyec
zmlpPJCron9EITskWjNMyRat6BDYd6tPpS4zCv+g1CbAv/MyqrGA4S/sdDs2QFdP
Ae6nDtRPjr5NrzuT1rrUIXretOjVdkNs1bqLl05Wy02J9AiKHGcO+gOuvWN5oWt8
txUOEpZk2UJZAqFxUSsU53Xb8Dc+AZaTSfLXR5/EA5dyOd4+ysHuCLEPW2EZ
-----END CERTIFICATE-----