Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/1AY-3wX89pHsKMEMJWGHTHsJ8gI.roa
File:                     1AY-3wX89pHsKMEMJWGHTHsJ8gI.roa (raw, json)
Hash identifier:          isIoAb0bdzc9Cbbslo3RKCKles0GJe6/bSmHAxkyj+A=
Subject key identifier:   D4:06:3E:DF:05:FC:F6:91:EC:28:C1:0C:25:61:87:4C:7B:09:F2:02
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       0194228D71E7E260FC7C1CAABC2CAE9173EF
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/1AY-3wX89pHsKMEMJWGHTHsJ8gI.roa
Signing time:             Wed 01 Jan 2025 15:48:02 +0000
ROA not before:           Wed 01 Jan 2025 15:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1880
IP address blocks:        193.10.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:71:e7:e2:60:fc:7c:1c:aa:bc:2c:ae:91:73:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4063edf05fcf691ec28c10c2561874c7b09f202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a9:ac:72:9f:d3:91:a2:4d:b0:59:36:74:f7:
                    15:71:fe:99:cf:4d:54:2d:6d:4d:5f:15:f9:7d:da:
                    9d:fe:ff:c9:de:53:d1:74:5d:b6:b5:78:2e:50:c7:
                    c4:80:5a:c0:84:87:33:99:31:9f:97:ac:c2:36:8e:
                    97:19:34:3d:67:43:2a:d9:36:07:b2:c4:49:97:9b:
                    33:40:10:72:ad:c0:f2:25:32:15:c6:60:b8:e4:d8:
                    db:96:98:7b:8e:52:01:75:7d:b5:d5:0b:74:64:34:
                    4b:44:be:ea:0d:fd:29:3b:ea:61:fa:aa:3e:83:2a:
                    0a:8e:4f:16:8a:f1:b7:cf:ed:d4:76:bc:41:64:31:
                    d5:42:18:50:3b:5b:71:a3:6f:df:00:d7:5b:a7:5a:
                    d1:40:04:63:c6:50:96:85:c3:90:bf:99:74:62:22:
                    8b:65:65:e7:e5:5e:2c:b4:ae:b3:89:21:d0:ab:c5:
                    67:e7:d0:de:0d:6c:ee:af:e9:87:c2:1a:e3:4c:42:
                    81:23:dd:5d:40:46:ba:27:ca:bc:d8:1c:f2:43:5e:
                    81:71:5b:9e:83:48:f5:21:2a:10:ec:c1:5d:39:ee:
                    14:80:c6:0c:a4:18:dd:b5:16:e2:bd:8c:24:17:2c:
                    cc:a2:33:e1:4f:04:2c:e3:8d:36:e8:f5:d6:fa:fb:
                    1c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:06:3E:DF:05:FC:F6:91:EC:28:C1:0C:25:61:87:4C:7B:09:F2:02
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/1AY-3wX89pHsKMEMJWGHTHsJ8gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.10.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:56:42:57:f9:ea:32:88:52:25:e7:d0:16:1d:4b:17:6a:b7:
         05:26:cb:7f:fa:61:52:f1:5e:d6:d3:34:9a:9a:3b:83:8e:a9:
         88:93:03:4a:6e:22:88:c3:8e:12:c8:47:30:43:30:1c:75:69:
         fe:ff:99:2b:b0:26:8a:18:7c:05:57:7c:b5:10:52:f5:e0:8f:
         7c:61:2c:5d:33:d1:78:be:3e:d5:be:db:31:49:94:49:ea:4c:
         cb:35:81:ea:a7:a7:a1:a2:94:be:75:83:88:84:be:e7:69:e4:
         1d:27:56:47:2d:d5:81:b6:e4:a7:ad:51:24:6d:d7:da:78:c8:
         6e:82:1d:68:85:1f:fd:99:cb:b4:4f:66:d8:88:0d:76:ba:53:
         95:a2:e0:63:6a:5f:d1:f4:58:13:3e:47:14:1e:08:b3:b6:d5:
         cd:83:de:b7:90:97:bc:f0:bd:36:39:51:94:32:ee:de:69:e6:
         9d:31:a9:62:eb:23:bf:55:d0:e6:0b:c6:66:87:f8:08:91:39:
         f2:6e:6f:cb:15:64:55:5c:d6:c7:55:38:35:9c:14:42:78:bf:
         07:be:1e:ab:3d:3a:49:5b:3f:24:e9:df:52:03:75:1f:30:c0:
         38:be:31:c2:e2:1c:f1:6b:34:e0:cb:73:f9:08:16:95:77:b9:
         0a:12:6a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXHn4mD8fByqvCyukXPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDA2M2VkZjA1ZmNmNjkxZWMyOGMxMGMyNTYxODc0YzdiMDlmMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqmscp/TkaJNsFk2dPcVcf6Zz01U
LW1NXxX5fdqd/v/J3lPRdF22tXguUMfEgFrAhIczmTGfl6zCNo6XGTQ9Z0Mq2TYH
ssRJl5szQBByrcDyJTIVxmC45Njblph7jlIBdX211Qt0ZDRLRL7qDf0pO+ph+qo+
gyoKjk8WivG3z+3UdrxBZDHVQhhQO1txo2/fANdbp1rRQARjxlCWhcOQv5l0YiKL
ZWXn5V4stK6ziSHQq8Vn59DeDWzur+mHwhrjTEKBI91dQEa6J8q82BzyQ16BcVue
g0j1ISoQ7MFdOe4UgMYMpBjdtRbivYwkFyzMojPhTwQs44026PXW+vsc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQGPt8F/PaR7CjBDCVhh0x7CfICMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvMUFZLTN3WDg5cEhzS01FTUpXR0hUSHNKOGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQoHMA0G
CSqGSIb3DQEBCwUAA4IBAQB9VkJX+eoyiFIl59AWHUsXarcFJst/+mFS8V7W0zSa
mjuDjqmIkwNKbiKIw44SyEcwQzAcdWn+/5krsCaKGHwFV3y1EFL14I98YSxdM9F4
vj7VvtsxSZRJ6kzLNYHqp6ehopS+dYOIhL7naeQdJ1ZHLdWBtuSnrVEkbdfaeMhu
gh1ohR/9mcu0T2bYiA12ulOVouBjal/R9FgTPkcUHgizttXNg963kJe88L02OVGU
Mu7eaeadMali6yO/VdDmC8Zmh/gIkTnybm/LFWRVXNbHVTg1nBRCeL8Hvh6rPTpJ
Wz8k6d9SA3UfMMA4vjHC4hzxazTgy3P5CBaVd7kKEmqx
-----END CERTIFICATE-----