Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/iO6OOltzYSW2yZ_5E85X-P4mF_0.roa
File:                     iO6OOltzYSW2yZ_5E85X-P4mF_0.roa (raw, json)
Hash identifier:          2XDE+mCyZurCdSAHCb4+FLC8SwOf/SeiDXoheU8dhOI=
Subject key identifier:   88:EE:8E:3A:5B:73:61:25:B6:C9:9F:F9:13:CE:57:F8:FE:26:17:FD
Certificate issuer:       /CN=cab11f493b31a5a2c1f23ce0e3004647a3242576
Certificate serial:       01967B197DD147BF65C0624621F944C055F9
Authority key identifier: CA:B1:1F:49:3B:31:A5:A2:C1:F2:3C:E0:E3:00:46:47:A3:24:25:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yrEfSTsxpaLB8jzg4wBGR6MkJXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/iO6OOltzYSW2yZ_5E85X-P4mF_0.roa
Signing time:             Mon 28 Apr 2025 06:33:10 +0000
ROA not before:           Mon 28 Apr 2025 06:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        185.209.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/yrEfSTsxpaLB8jzg4wBGR6MkJXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/yrEfSTsxpaLB8jzg4wBGR6MkJXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yrEfSTsxpaLB8jzg4wBGR6MkJXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:19:7d:d1:47:bf:65:c0:62:46:21:f9:44:c0:55:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cab11f493b31a5a2c1f23ce0e3004647a3242576
        Validity
            Not Before: Apr 28 06:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88ee8e3a5b736125b6c99ff913ce57f8fe2617fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fc:f6:79:f5:25:77:f4:c0:a9:0b:98:46:f1:
                    4f:f6:44:73:00:fa:e0:05:bd:4b:54:ac:a0:fb:3c:
                    40:64:fe:21:fb:88:3a:0b:ec:e1:4a:d5:b7:96:31:
                    69:55:21:01:38:14:6d:eb:ec:07:61:fa:4a:a0:69:
                    5f:14:5b:ec:dd:1d:b7:52:2c:83:e3:f5:5f:20:07:
                    b1:a0:81:36:0b:86:f1:6f:7d:bf:9d:3a:2a:74:39:
                    45:e5:ae:0c:03:17:f7:68:cd:4a:46:91:74:dd:7d:
                    8e:3b:5e:b8:28:d3:2d:3c:73:6d:f3:ce:16:4a:80:
                    fb:72:27:54:94:18:cd:b1:f6:e6:37:9c:fa:55:11:
                    00:ba:6b:d1:8f:6b:f3:c4:e0:b3:28:25:4d:f4:28:
                    66:6b:e0:cb:2f:74:87:ef:04:bc:34:b3:0f:b8:87:
                    40:b7:4a:ba:68:cc:02:b6:80:ce:b9:ac:84:b9:3c:
                    d0:86:0e:ef:7c:1e:f3:8a:5f:7e:0c:00:1f:0e:af:
                    d8:96:be:ac:97:5c:14:a6:72:9d:43:df:a8:4c:91:
                    8c:b8:03:e7:f7:ec:d1:be:a7:46:31:b9:58:5c:00:
                    46:34:08:07:c3:47:24:1c:c1:65:7b:68:3a:7a:23:
                    f8:05:30:68:3d:6f:a4:55:08:a4:00:c2:72:20:e5:
                    85:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:EE:8E:3A:5B:73:61:25:B6:C9:9F:F9:13:CE:57:F8:FE:26:17:FD
            X509v3 Authority Key Identifier:
                keyid:CA:B1:1F:49:3B:31:A5:A2:C1:F2:3C:E0:E3:00:46:47:A3:24:25:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yrEfSTsxpaLB8jzg4wBGR6MkJXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/iO6OOltzYSW2yZ_5E85X-P4mF_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/74d2ea-6e60-40af-a56a-151f6ed17691/1/yrEfSTsxpaLB8jzg4wBGR6MkJXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:cb:de:fb:8b:f9:44:61:aa:32:a4:e0:ec:94:ae:cc:cd:6d:
         6e:3f:61:bb:d1:96:57:0c:65:16:f8:b4:d4:72:9b:d8:5f:fd:
         2b:60:88:f5:09:72:e1:74:89:f3:d7:82:3f:7d:56:53:18:6a:
         2f:78:74:68:fd:87:e8:ba:2d:af:62:24:30:8d:d1:8b:ea:38:
         24:fe:e7:06:03:11:dd:11:a4:6b:b9:96:9f:87:ee:3a:a5:3c:
         d7:ea:d5:1f:8a:e7:23:43:fd:c0:48:a5:fa:83:fd:98:7a:7b:
         a4:9e:91:8f:d1:aa:49:e0:0f:d2:dc:20:29:d7:55:ab:06:3a:
         c3:f0:fa:31:f5:53:c6:14:02:b7:b2:b6:ef:bf:59:9f:2f:10:
         3c:ee:fc:b6:f0:05:ee:20:d9:16:ec:94:dd:ac:7b:97:28:0b:
         44:69:22:ec:a7:c7:ea:91:87:c8:c9:45:76:c8:3b:82:60:ea:
         68:01:b8:fa:57:f8:48:36:93:21:98:e8:3b:75:5f:92:36:ee:
         7c:a5:91:89:e0:4f:b3:55:00:37:a8:c7:cf:16:30:34:f0:c3:
         cf:9e:44:f1:d1:73:fe:ce:55:c2:fd:6d:2e:e0:26:8e:23:51:
         1c:0c:8d:e1:96:55:0d:ab:1b:6b:1f:51:96:76:1b:8c:90:00:
         fd:36:f6:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7GX3RR79lwGJGIflEwFX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYjExZjQ5M2IzMWE1YTJjMWYyM2NlMGUzMDA0NjQ3YTMy
NDI1NzYwHhcNMjUwNDI4MDYzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGVlOGUzYTViNzM2MTI1YjZjOTlmZjkxM2NlNTdmOGZlMjYxN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/z2efUld/TAqQuYRvFP9kRzAPrg
Bb1LVKyg+zxAZP4h+4g6C+zhStW3ljFpVSEBOBRt6+wHYfpKoGlfFFvs3R23UiyD
4/VfIAexoIE2C4bxb32/nToqdDlF5a4MAxf3aM1KRpF03X2OO164KNMtPHNt884W
SoD7cidUlBjNsfbmN5z6VREAumvRj2vzxOCzKCVN9Chma+DLL3SH7wS8NLMPuIdA
t0q6aMwCtoDOuayEuTzQhg7vfB7zil9+DAAfDq/Ylr6sl1wUpnKdQ9+oTJGMuAPn
9+zRvqdGMblYXABGNAgHw0ckHMFle2g6eiP4BTBoPW+kVQikAMJyIOWFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjujjpbc2Eltsmf+RPOV/j+Jhf9MB8GA1UdIwQY
MBaAFMqxH0k7MaWiwfI84OMARkejJCV2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXJFZlNUc3hwYUxCOGp6ZzR3QkdSNk1rSlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83NGQyZWEtNmU2MC00MGFmLWE1NmEt
MTUxZjZlZDE3NjkxLzEvaU82T09sdHpZU1cyeVpfNUU4NVgtUDRtRl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83NGQyZWEtNmU2MC00MGFmLWE1NmEtMTUxZjZlZDE3Njkx
LzEveXJFZlNUc3hwYUxCOGp6ZzR3QkdSNk1rSlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudErMA0G
CSqGSIb3DQEBCwUAA4IBAQAEy977i/lEYaoypODslK7MzW1uP2G70ZZXDGUW+LTU
cpvYX/0rYIj1CXLhdInz14I/fVZTGGoveHRo/Yfoui2vYiQwjdGL6jgk/ucGAxHd
EaRruZafh+46pTzX6tUfiucjQ/3ASKX6g/2YenuknpGP0apJ4A/S3CAp11WrBjrD
8Pox9VPGFAK3srbvv1mfLxA87vy28AXuINkW7JTdrHuXKAtEaSLsp8fqkYfIyUV2
yDuCYOpoAbj6V/hINpMhmOg7dV+SNu58pZGJ4E+zVQA3qMfPFjA08MPPnkTx0XP+
zlXC/W0u4CaOI1EcDI3hllUNqxtrH1GWdhuMkAD9NvaJ
-----END CERTIFICATE-----