Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/eeYpshaoc5go--DBuuRmLZpBsio.roa
File:                     eeYpshaoc5go--DBuuRmLZpBsio.roa (raw, json)
Hash identifier:          9Ypg180659MtxxUjCyOwRub9c14vNLr84izZxblP7gQ=
Subject key identifier:   79:E6:29:B2:16:A8:73:98:28:FB:E0:C1:BA:E4:66:2D:9A:41:B2:2A
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       019425217C69093E0185E2BD63482325155F
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/eeYpshaoc5go--DBuuRmLZpBsio.roa
Signing time:             Thu 02 Jan 2025 03:48:58 +0000
ROA not before:           Thu 02 Jan 2025 03:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57724
IP address blocks:        185.9.185.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:7c:69:09:3e:01:85:e2:bd:63:48:23:25:15:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Jan  2 03:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79e629b216a8739828fbe0c1bae4662d9a41b22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d4:3a:34:8a:e9:4b:91:4c:c9:6c:f9:32:d7:
                    21:d1:60:2a:68:18:66:59:c8:28:25:85:00:19:df:
                    58:5a:20:1e:b9:df:96:a4:7f:94:31:bf:b8:29:2f:
                    11:67:e9:68:11:93:96:a6:30:e2:16:b1:ac:fa:d2:
                    ff:59:f4:0a:35:d3:25:91:72:2b:40:65:ac:c2:90:
                    b4:ba:c4:51:09:5c:e1:31:c3:6b:2b:b2:ab:63:a9:
                    09:81:47:ed:99:1b:57:e6:0c:96:7c:f1:1b:a7:17:
                    33:00:bd:d4:72:a8:44:87:60:34:9b:5b:30:8a:fc:
                    85:08:82:71:c6:b1:66:10:bf:73:97:e5:0b:0f:59:
                    1d:42:b5:48:a6:c9:d3:45:34:b5:9b:6f:6e:4c:74:
                    c7:14:22:ff:97:bc:ba:62:54:b8:38:8e:5b:0a:40:
                    ee:58:99:8f:81:20:f5:3d:92:ae:2b:85:70:d1:1a:
                    cd:6f:75:2a:4a:97:58:1c:7b:16:94:1f:93:6a:f5:
                    42:f3:7e:3f:56:c5:12:32:5d:90:28:0e:b6:c9:65:
                    b6:f5:81:d1:cf:e1:07:29:57:23:29:61:b0:2e:f5:
                    40:d5:5e:a9:84:fa:da:ee:ea:ad:9b:30:f5:da:96:
                    50:d0:55:02:15:3b:2d:6c:58:68:a5:98:70:6c:15:
                    50:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E6:29:B2:16:A8:73:98:28:FB:E0:C1:BA:E4:66:2D:9A:41:B2:2A
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/eeYpshaoc5go--DBuuRmLZpBsio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d5:47:cd:9c:a1:ef:e5:f7:04:fc:4c:11:ba:dc:52:b5:27:
         e6:e8:87:bc:1e:f8:19:49:8f:f6:87:cf:a4:c0:3a:0f:9e:85:
         f8:77:fe:e2:5d:a9:a0:97:0d:20:7d:20:cc:fa:ea:a3:3a:e3:
         f9:1e:ff:fe:99:77:0c:04:6c:81:e1:63:b6:1c:1c:c9:9c:01:
         cd:5a:32:9d:a5:c3:8e:62:16:5c:76:95:26:09:88:0b:0b:70:
         eb:df:13:b6:27:01:34:fb:4f:70:f3:e9:49:60:ba:92:2b:93:
         91:db:e8:88:b7:8a:a3:d3:2f:24:c8:45:d9:8f:49:89:ad:eb:
         16:ff:dc:80:9e:65:c1:08:8e:f6:47:43:d3:a0:8d:d7:2b:72:
         ae:44:e7:0f:54:d3:a0:0a:f1:66:93:da:42:01:a3:38:91:f4:
         6f:7b:86:df:01:8c:67:e0:7a:d0:c0:3c:cc:96:0e:7b:23:82:
         74:34:01:10:a4:bf:ac:98:07:22:4f:c0:6a:bc:a6:d0:19:c5:
         2e:e1:9b:c6:9f:f3:fb:7f:e3:2e:e3:2d:29:6d:f0:af:85:25:
         43:00:8b:46:b2:8d:42:1c:77:39:7b:5b:7b:49:ba:b2:7a:37:
         9a:9d:4e:96:41:16:8b:11:aa:37:2d:2a:9a:5f:c2:54:5f:2f:
         4f:ef:c1:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXxpCT4BheK9Y0gjJRVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwMTAyMDM0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWU2MjliMjE2YTg3Mzk4MjhmYmUwYzFiYWU0NjYyZDlhNDFiMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9Q6NIrpS5FMyWz5Mtch0WAqaBhm
WcgoJYUAGd9YWiAeud+WpH+UMb+4KS8RZ+loEZOWpjDiFrGs+tL/WfQKNdMlkXIr
QGWswpC0usRRCVzhMcNrK7KrY6kJgUftmRtX5gyWfPEbpxczAL3UcqhEh2A0m1sw
ivyFCIJxxrFmEL9zl+ULD1kdQrVIpsnTRTS1m29uTHTHFCL/l7y6YlS4OI5bCkDu
WJmPgSD1PZKuK4Vw0RrNb3UqSpdYHHsWlB+TavVC834/VsUSMl2QKA62yWW29YHR
z+EHKVcjKWGwLvVA1V6phPra7uqtmzD12pZQ0FUCFTstbFhopZhwbBVQAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHnmKbIWqHOYKPvgwbrkZi2aQbIqMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvZWVZcHNoYW9jNWdvLS1EQnV1Um1MWnBCc2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQm5MA0G
CSqGSIb3DQEBCwUAA4IBAQCp1UfNnKHv5fcE/EwRutxStSfm6Ie8HvgZSY/2h8+k
wDoPnoX4d/7iXamglw0gfSDM+uqjOuP5Hv/+mXcMBGyB4WO2HBzJnAHNWjKdpcOO
YhZcdpUmCYgLC3Dr3xO2JwE0+09w8+lJYLqSK5OR2+iIt4qj0y8kyEXZj0mJresW
/9yAnmXBCI72R0PToI3XK3KuROcPVNOgCvFmk9pCAaM4kfRve4bfAYxn4HrQwDzM
lg57I4J0NAEQpL+smAciT8BqvKbQGcUu4ZvGn/P7f+Mu4y0pbfCvhSVDAItGso1C
HHc5e1t7SbqyejeanU6WQRaLEao3LSqaX8JUXy9P78Ee
-----END CERTIFICATE-----