Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/dv2-CubAEzDgm9-A6q6tebm8sb8.roa
File:                     dv2-CubAEzDgm9-A6q6tebm8sb8.roa (raw, json)
Hash identifier:          TsKOArcBjp/tutNspO+BZ3fNFViji2g9Yje5CxDDQXE=
Subject key identifier:   76:FD:BE:0A:E6:C0:13:30:E0:9B:DF:80:EA:AE:AD:79:B9:BC:B1:BF
Certificate issuer:       /CN=af036816a317dd99d25383a32a681859c047b5ff
Certificate serial:       019424454BEA80056AC4C5742DFE36BE3051
Authority key identifier: AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/dv2-CubAEzDgm9-A6q6tebm8sb8.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        194.187.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4b:ea:80:05:6a:c4:c5:74:2d:fe:36:be:30:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af036816a317dd99d25383a32a681859c047b5ff
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76fdbe0ae6c01330e09bdf80eaaead79b9bcb1bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:92:24:9a:e4:89:ef:01:13:87:88:01:75:d4:
                    f8:c1:b7:a8:c1:2a:dc:70:fa:1f:6a:17:a8:8f:58:
                    52:f6:b1:47:41:1e:df:19:0f:6d:4c:6e:65:76:0b:
                    8f:93:bd:bb:9e:0b:cc:b6:ec:a8:c3:cd:44:f7:10:
                    b4:28:e1:96:53:0e:34:b7:36:e1:62:42:6c:33:ee:
                    c8:ae:7b:a8:1f:72:6c:b4:13:92:54:15:0a:7a:8f:
                    6e:de:97:4d:d5:23:29:d3:04:5f:4e:8c:2a:61:71:
                    22:4e:80:f3:14:b0:5c:e5:e2:50:d2:6d:4c:fd:00:
                    86:45:c9:c4:27:10:ee:02:b0:b4:1c:ce:b2:ab:db:
                    36:5c:02:25:54:44:00:76:fd:23:d9:ee:5f:7c:6e:
                    c5:b4:35:d2:00:92:f8:b1:20:5b:da:e7:2b:aa:f1:
                    1f:c2:4d:f7:6d:38:f2:4b:05:39:d4:5b:bb:7b:e7:
                    18:be:aa:ce:b1:3d:1e:ee:36:8d:7e:3a:06:8b:9b:
                    47:99:ab:be:3c:2a:08:a7:82:9d:6d:89:ff:69:3b:
                    29:35:e1:06:8a:b1:d1:03:93:42:dc:37:04:bf:69:
                    07:45:34:bc:9c:4b:a2:ae:7e:6c:3d:52:8a:c4:f6:
                    8e:f4:8d:f6:1d:13:39:85:df:2c:64:11:4b:ad:d7:
                    d4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FD:BE:0A:E6:C0:13:30:E0:9B:DF:80:EA:AE:AD:79:B9:BC:B1:BF
            X509v3 Authority Key Identifier:
                keyid:AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/dv2-CubAEzDgm9-A6q6tebm8sb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:cf:b3:a7:a9:41:4d:50:fb:6d:ef:03:67:5a:d0:6f:17:47:
         79:f9:8e:da:37:0e:84:40:85:ea:88:9c:63:ef:1b:76:af:40:
         9f:09:6c:27:dc:a3:d9:45:5c:bd:ca:cc:45:2a:a5:f5:c8:22:
         30:4e:69:e4:16:19:21:e3:4d:35:77:40:88:76:a8:95:a6:40:
         4a:63:7b:4d:db:86:d3:2c:00:48:e8:21:18:9e:ca:0f:b6:0b:
         17:b7:f6:89:b1:7a:ec:cd:4e:4a:47:54:43:72:13:57:6a:75:
         1d:00:b0:89:d4:f5:ed:47:6b:01:b2:a9:cb:35:71:74:02:83:
         0a:5d:36:ec:11:f0:33:b9:8d:f5:fc:87:10:e1:59:36:4b:44:
         ab:90:ee:bc:37:f5:0c:ad:1a:04:c3:3b:e5:e9:ff:82:46:2d:
         84:dd:59:6f:b2:eb:7c:83:70:99:09:6b:55:19:77:fc:d1:fd:
         cb:0e:9b:36:cc:ac:39:3c:69:a8:21:d2:e8:79:73:4f:e7:e4:
         fa:78:8e:4e:0e:ca:14:b2:dc:a2:01:7b:ce:17:b7:0b:0b:2a:
         3a:fb:ac:29:18:94:08:a6:82:57:8d:73:d6:1a:41:4d:7e:2d:
         e1:39:28:d1:79:1a:90:65:d4:4d:a6:4b:37:3a:c4:a8:ef:4d:
         b6:ab:4c:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUvqgAVqxMV0Lf42vjBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDM2ODE2YTMxN2RkOTlkMjUzODNhMzJhNjgxODU5YzA0
N2I1ZmYwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZkYmUwYWU2YzAxMzMwZTA5YmRmODBlYWFlYWQ3OWI5YmNiMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJIkmuSJ7wETh4gBddT4wbeowSrc
cPofaheoj1hS9rFHQR7fGQ9tTG5ldguPk727ngvMtuyow81E9xC0KOGWUw40tzbh
YkJsM+7IrnuoH3JstBOSVBUKeo9u3pdN1SMp0wRfTowqYXEiToDzFLBc5eJQ0m1M
/QCGRcnEJxDuArC0HM6yq9s2XAIlVEQAdv0j2e5ffG7FtDXSAJL4sSBb2ucrqvEf
wk33bTjySwU51Fu7e+cYvqrOsT0e7jaNfjoGi5tHmau+PCoIp4KdbYn/aTspNeEG
irHRA5NC3DcEv2kHRTS8nEuirn5sPVKKxPaO9I32HRM5hd8sZBFLrdfUDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHb9vgrmwBMw4JvfgOqurXm5vLG/MB8GA1UdIwQY
MBaAFK8DaBajF92Z0lODoypoGFnAR7X/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEt
NGE0ZTBmNDI0ZjE3LzEvZHYyLUN1YkFFekRnbTktQTZxNnRlYm04c2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEtNGE0ZTBmNDI0ZjE3
LzEvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrs4MA0G
CSqGSIb3DQEBCwUAA4IBAQBAz7OnqUFNUPtt7wNnWtBvF0d5+Y7aNw6EQIXqiJxj
7xt2r0CfCWwn3KPZRVy9ysxFKqX1yCIwTmnkFhkh4001d0CIdqiVpkBKY3tN24bT
LABI6CEYnsoPtgsXt/aJsXrszU5KR1RDchNXanUdALCJ1PXtR2sBsqnLNXF0AoMK
XTbsEfAzuY31/IcQ4Vk2S0SrkO68N/UMrRoEwzvl6f+CRi2E3Vlvsut8g3CZCWtV
GXf80f3LDps2zKw5PGmoIdLoeXNP5+T6eI5ODsoUstyiAXvOF7cLCyo6+6wpGJQI
poJXjXPWGkFNfi3hOSjReRqQZdRNpks3OsSo7022q0yC
-----END CERTIFICATE-----