Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pOouLLrM_fPZOnQs6zwFn5Phg1A.roa
File:                     pOouLLrM_fPZOnQs6zwFn5Phg1A.roa (raw, json)
Hash identifier:          /KoAmA+1k0JwlfyqAV8ggH0wccERUauLpX2rgBT+8fk=
Subject key identifier:   A4:EA:2E:2C:BA:CC:FD:F3:D9:3A:74:2C:EB:3C:05:9F:93:E1:83:50
Certificate issuer:       /CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
Certificate serial:       019424448618BEC97FBAB99F1243A883C9E7
Authority key identifier: 77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pOouLLrM_fPZOnQs6zwFn5Phg1A.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        195.184.252.0/24 maxlen: 24
                          195.184.253.0/24 maxlen: 24
                          195.184.254.0/24 maxlen: 24
                          195.184.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:86:18:be:c9:7f:ba:b9:9f:12:43:a8:83:c9:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7736a5c85a08d80749041cb9cfa517fb7d589ba8
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4ea2e2cbaccfdf3d93a742ceb3c059f93e18350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a7:6c:26:96:85:65:e7:c3:82:5e:84:f6:62:
                    03:5a:3e:37:01:99:88:96:4b:90:15:8d:cf:dc:70:
                    6e:e4:f0:0d:00:99:4e:46:cf:76:d1:dc:fe:a6:af:
                    51:00:58:a6:31:34:f5:c9:05:c4:8a:ab:5a:69:b8:
                    0d:36:fd:00:56:82:a1:47:87:13:44:e6:a4:f7:86:
                    c7:30:4d:79:7c:a8:f3:fb:15:ae:3c:dd:44:db:ec:
                    b3:56:0b:9e:4e:db:14:cd:a8:6a:a6:2a:b5:35:6c:
                    63:a1:4f:6c:7c:39:ea:d6:ba:76:22:1e:fb:bb:5f:
                    ca:14:aa:2e:05:d7:05:6f:d1:19:1a:51:c4:26:b4:
                    9e:de:66:19:b4:63:04:b8:9e:05:06:1f:5d:34:ec:
                    96:36:68:77:dd:42:a5:b2:1c:05:12:c7:e9:17:f3:
                    4b:c2:c1:f3:4a:17:a8:ba:5c:1b:1a:f1:48:95:17:
                    01:4a:f6:4d:ec:0b:4e:69:08:b3:2e:83:90:41:37:
                    ad:00:e3:70:76:1e:ae:c5:ff:3a:eb:6b:bc:02:83:
                    95:26:04:f5:9d:43:5f:78:84:bc:28:e0:c1:29:bd:
                    b5:35:1c:76:03:0a:16:df:e9:6f:b8:12:1b:51:0e:
                    87:58:64:4a:85:33:9e:b1:d3:6f:58:31:f8:b2:45:
                    c3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EA:2E:2C:BA:CC:FD:F3:D9:3A:74:2C:EB:3C:05:9F:93:E1:83:50
            X509v3 Authority Key Identifier:
                keyid:77:36:A5:C8:5A:08:D8:07:49:04:1C:B9:CF:A5:17:FB:7D:58:9B:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dzalyFoI2AdJBBy5z6UX-31Ym6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/pOouLLrM_fPZOnQs6zwFn5Phg1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/6da289-abec-49f5-a759-cf1f4c7c9222/1/dzalyFoI2AdJBBy5z6UX-31Ym6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:40:83:2f:b6:b7:11:26:0b:72:cf:b5:07:c0:e4:77:85:4c:
         81:b7:1c:75:28:bc:0d:5b:1f:12:11:76:b8:f0:ce:de:44:d0:
         5c:d5:33:36:29:d0:bd:54:db:b3:96:5e:2c:f4:47:47:c0:9a:
         ad:56:85:c4:d2:aa:f9:40:93:52:40:9e:eb:6c:ea:df:4f:31:
         24:03:92:a3:a2:2b:d0:1f:61:e6:a1:51:ca:f0:50:c2:4c:6a:
         2c:0b:85:82:0b:4c:c3:61:99:46:89:83:f7:2d:96:f3:fc:85:
         dc:a5:40:dc:38:a7:4d:25:be:86:21:97:e0:dc:8f:32:28:1d:
         a4:e1:b9:13:a2:31:8f:80:46:d5:c6:77:bb:8a:3a:95:6d:f4:
         4a:28:f6:99:2b:75:e0:85:34:11:54:76:90:54:fb:e0:b5:95:
         6a:94:fa:bb:12:7f:24:61:f7:09:8b:cb:94:03:c1:9c:a7:25:
         08:77:ef:c1:3d:35:08:7d:b3:28:5e:df:5d:08:d3:d7:85:98:
         e3:ee:ba:db:73:30:77:11:ee:ad:2f:7d:d2:33:dd:75:08:9c:
         54:ff:59:ac:35:e4:6f:cf:9a:a2:a2:ea:00:14:20:5b:4b:a5:
         97:6e:e0:29:fe:66:ec:92:6e:b7:b1:ab:ac:18:cb:2d:f0:45:
         37:15:05:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIYYvsl/urmfEkOog8nnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MzZhNWM4NWEwOGQ4MDc0OTA0MWNiOWNmYTUxN2ZiN2Q1
ODliYTgwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVhMmUyY2JhY2NmZGYzZDkzYTc0MmNlYjNjMDU5ZjkzZTE4MzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqdsJpaFZefDgl6E9mIDWj43AZmI
lkuQFY3P3HBu5PANAJlORs920dz+pq9RAFimMTT1yQXEiqtaabgNNv0AVoKhR4cT
ROak94bHME15fKjz+xWuPN1E2+yzVgueTtsUzahqpiq1NWxjoU9sfDnq1rp2Ih77
u1/KFKouBdcFb9EZGlHEJrSe3mYZtGMEuJ4FBh9dNOyWNmh33UKlshwFEsfpF/NL
wsHzSheoulwbGvFIlRcBSvZN7AtOaQizLoOQQTetAONwdh6uxf8662u8AoOVJgT1
nUNfeIS8KODBKb21NRx2AwoW3+lvuBIbUQ6HWGRKhTOesdNvWDH4skXDPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTqLiy6zP3z2Tp0LOs8BZ+T4YNQMB8GA1UdIwQY
MBaAFHc2pchaCNgHSQQcuc+lF/t9WJuoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTkt
Y2YxZjRjN2M5MjIyLzEvcE9vdUxMck1fZlBaT25RczZ6d0ZuNVBoZzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82ZGEyODktYWJlYy00OWY1LWE3NTktY2YxZjRjN2M5MjIy
LzEvZHphbHlGb0kyQWRKQkJ5NXo2VVgtMzFZbTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw7j8MA0G
CSqGSIb3DQEBCwUAA4IBAQCSQIMvtrcRJgtyz7UHwOR3hUyBtxx1KLwNWx8SEXa4
8M7eRNBc1TM2KdC9VNuzll4s9EdHwJqtVoXE0qr5QJNSQJ7rbOrfTzEkA5KjoivQ
H2HmoVHK8FDCTGosC4WCC0zDYZlGiYP3LZbz/IXcpUDcOKdNJb6GIZfg3I8yKB2k
4bkTojGPgEbVxne7ijqVbfRKKPaZK3XghTQRVHaQVPvgtZVqlPq7En8kYfcJi8uU
A8GcpyUId+/BPTUIfbMoXt9dCNPXhZjj7rrbczB3Ee6tL33SM911CJxU/1msNeRv
z5qiouoAFCBbS6WXbuAp/mbskm63sausGMst8EU3FQUd
-----END CERTIFICATE-----