Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/xBRxdmpfvYOwV2CG-TGZUb7lV80.roa
File:                     xBRxdmpfvYOwV2CG-TGZUb7lV80.roa (raw, json)
Hash identifier:          BYeaby5+zBYzTYQvAAICT6cMk4h5pLzaoyyqUhm5i9M=
Subject key identifier:   C4:14:71:76:6A:5F:BD:83:B0:57:60:86:F9:31:99:51:BE:E5:57:CD
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       0194221FD1E3D06C7CEEEE6A5A070B09E981
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/xBRxdmpfvYOwV2CG-TGZUb7lV80.roa
Signing time:             Wed 01 Jan 2025 13:48:18 +0000
ROA not before:           Wed 01 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        194.169.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d1:e3:d0:6c:7c:ee:ee:6a:5a:07:0b:09:e9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Jan  1 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c41471766a5fbd83b0576086f9319951bee557cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:dd:8c:25:c2:ee:17:ad:ec:07:33:68:d2:7f:
                    89:d7:3c:4d:63:7b:80:05:67:6e:f3:5c:4f:54:ee:
                    91:a4:4c:d9:a7:a3:e7:0d:74:a1:d8:97:7c:f1:c3:
                    08:ea:c6:70:f3:6d:1a:65:74:77:b6:f6:54:76:46:
                    08:2a:a6:12:6f:52:3a:d7:13:42:97:2d:99:91:f5:
                    19:06:4a:7c:f6:0a:cb:98:f9:70:28:ee:2e:e6:58:
                    92:1e:40:1e:c6:51:6e:7a:8f:62:b3:4f:5c:09:52:
                    24:10:eb:a8:bf:31:f5:ad:f4:cc:e1:44:d3:ae:5d:
                    7e:db:45:8b:4c:df:5f:b0:86:1b:8a:54:93:6a:26:
                    50:f4:ce:55:f3:dd:be:b1:db:f3:a0:29:17:f7:f7:
                    39:e2:8a:40:32:9c:7d:fa:3d:df:4b:e1:de:72:b7:
                    eb:d0:a4:ed:c6:96:10:37:09:a1:88:0c:fe:33:b0:
                    ca:90:03:40:37:9d:3d:f7:28:87:13:96:f2:b2:1e:
                    24:78:65:77:f6:30:43:86:a9:d2:6c:2a:04:25:05:
                    49:e8:e3:b0:d7:f4:4f:e4:e3:75:29:7a:ac:a8:9b:
                    4b:d7:f2:61:71:67:b7:4f:c3:8a:5d:ea:8c:6f:9f:
                    51:1f:32:fa:e1:43:a4:1e:38:ce:45:c0:5e:71:e0:
                    b0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:14:71:76:6A:5F:BD:83:B0:57:60:86:F9:31:99:51:BE:E5:57:CD
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/xBRxdmpfvYOwV2CG-TGZUb7lV80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a6:d6:a4:a6:8d:52:a7:b0:20:bf:7c:16:11:fa:3e:69:0d:
         b8:7e:31:86:d9:da:06:64:bf:26:26:f9:93:36:2b:3f:56:26:
         76:4f:da:67:bc:0a:2b:19:64:4a:ff:d5:3a:e1:71:8d:aa:e8:
         3f:1e:0c:3d:56:39:ad:f3:77:fe:0f:93:ce:77:0f:04:1e:a6:
         48:d5:4e:a2:67:50:8a:82:d6:1c:51:ba:54:b6:c2:64:5d:34:
         4c:91:e6:e9:29:49:af:a6:51:31:a1:95:b8:ae:3a:5d:1b:de:
         ca:aa:b1:97:d9:63:13:86:37:1b:01:24:25:64:1b:f2:11:d5:
         73:21:d4:93:ad:e0:a3:81:c8:cc:f0:c0:98:93:e5:81:10:99:
         20:bb:80:c7:9d:d2:94:25:7e:30:cd:e2:e5:5f:33:8c:ff:02:
         b5:a9:22:8f:3b:fd:7b:e3:9b:e0:1f:a9:59:fa:3a:bf:4c:3b:
         29:5f:0e:30:8b:5c:99:7e:e4:8d:21:4c:9e:15:86:aa:e4:c3:
         c9:5e:88:bd:f6:b9:22:ec:ad:b4:15:b8:1e:17:e2:f8:9a:99:
         6b:ee:ba:10:53:f6:46:9f:fc:97:5d:b8:18:cf:1c:89:61:73:
         95:f5:64:11:9d:cd:3f:9f:eb:27:72:f4:92:fb:50:a4:d2:9f:
         ac:b5:13:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9Hj0Gx87u5qWgcLCemBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjUwMTAxMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDE0NzE3NjZhNWZiZDgzYjA1NzYwODZmOTMxOTk1MWJlZTU1N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjt2MJcLuF63sBzNo0n+J1zxNY3uA
BWdu81xPVO6RpEzZp6PnDXSh2Jd88cMI6sZw820aZXR3tvZUdkYIKqYSb1I61xNC
ly2ZkfUZBkp89grLmPlwKO4u5liSHkAexlFueo9is09cCVIkEOuovzH1rfTM4UTT
rl1+20WLTN9fsIYbilSTaiZQ9M5V892+sdvzoCkX9/c54opAMpx9+j3fS+Hecrfr
0KTtxpYQNwmhiAz+M7DKkANAN5099yiHE5bysh4keGV39jBDhqnSbCoEJQVJ6OOw
1/RP5ON1KXqsqJtL1/JhcWe3T8OKXeqMb59RHzL64UOkHjjORcBeceCw2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQUcXZqX72DsFdghvkxmVG+5VfNMB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEveEJSeGRtcGZ2WU93VjJDRy1UR1pVYjdsVjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnGMA0G
CSqGSIb3DQEBCwUAA4IBAQACptakpo1Sp7Agv3wWEfo+aQ24fjGG2doGZL8mJvmT
Nis/ViZ2T9pnvAorGWRK/9U64XGNqug/Hgw9Vjmt83f+D5POdw8EHqZI1U6iZ1CK
gtYcUbpUtsJkXTRMkebpKUmvplExoZW4rjpdG97KqrGX2WMThjcbASQlZBvyEdVz
IdSTreCjgcjM8MCYk+WBEJkgu4DHndKUJX4wzeLlXzOM/wK1qSKPO/1745vgH6lZ
+jq/TDspXw4wi1yZfuSNIUyeFYaq5MPJXoi99rki7K20FbgeF+L4mplr7roQU/ZG
n/yXXbgYzxyJYXOV9WQRnc0/n+sncvSS+1Ck0p+stRNk
-----END CERTIFICATE-----