Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Ky_o2gJmcuRwCykA12haZzX257w.roa
File:                     Ky_o2gJmcuRwCykA12haZzX257w.roa (raw, json)
Hash identifier:          2SLVXpJ4g5619E7GOfQUMXqFNCcVwKAQTwJMwj4QH2Q=
Subject key identifier:   2B:2F:E8:DA:02:66:72:E4:70:0B:29:00:D7:68:5A:67:35:F6:E7:BC
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       01942220026B49121088D74685F480F4D6BB
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Ky_o2gJmcuRwCykA12haZzX257w.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200081
IP address blocks:        185.75.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:02:6b:49:12:10:88:d7:46:85:f4:80:f4:d6:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b2fe8da026672e4700b2900d7685a6735f6e7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6f:23:cc:8f:b4:40:ac:88:cb:f4:19:31:4a:
                    b2:97:7b:a9:74:42:83:73:a4:81:7c:bc:7e:5e:6e:
                    a6:d0:0a:6c:2d:75:cd:cf:2b:62:78:1d:02:ef:ce:
                    8d:4e:6e:e5:f1:1c:c9:48:54:8c:6a:d9:53:9d:72:
                    e4:cb:0f:1c:86:9a:1b:d3:e9:37:4b:3d:15:bd:46:
                    d4:dd:58:fb:3d:c8:8b:49:24:5f:0c:e4:5e:da:f6:
                    a9:94:81:6a:94:fe:7e:c1:23:82:a5:41:eb:c9:bd:
                    bf:33:90:43:20:f6:fa:7c:51:46:b7:92:56:1c:fa:
                    e7:52:2d:6f:46:f5:fe:31:19:8b:44:34:e7:33:a9:
                    e5:23:bc:96:dc:ee:98:7e:d7:71:1a:82:25:e6:48:
                    c7:ac:63:83:fc:11:45:9c:c0:49:81:5d:ef:41:1f:
                    1e:8d:b1:b4:f3:c3:e9:aa:9d:d2:e5:60:82:d3:b6:
                    5f:36:0d:11:db:45:f5:38:ee:5f:12:b1:7b:a3:56:
                    38:6c:30:53:5c:db:9e:79:a9:26:a6:bf:20:bb:bf:
                    21:8e:2b:3c:b0:24:c8:7d:9b:1e:08:e6:2b:dd:65:
                    83:90:69:ef:21:60:b6:99:7c:45:61:2d:fd:3e:47:
                    cd:b6:84:34:f9:44:13:e5:06:cd:e9:29:9f:40:6b:
                    2e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:2F:E8:DA:02:66:72:E4:70:0B:29:00:D7:68:5A:67:35:F6:E7:BC
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Ky_o2gJmcuRwCykA12haZzX257w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0f:20:26:2c:f9:5d:aa:43:4b:ab:58:1d:c1:17:8e:eb:26:
         ec:1c:eb:54:58:8b:2e:c1:ca:13:f5:6b:f5:b0:90:23:2c:bc:
         0c:9d:fa:32:94:73:79:f9:c6:f2:29:06:96:74:1c:fb:92:44:
         d6:e9:02:91:12:a5:f2:4e:fb:c6:71:1d:ac:65:f4:20:31:64:
         f8:fb:b8:e6:e4:f3:17:1f:ed:83:6a:e1:f5:f0:fc:2e:11:19:
         6e:b9:2e:f0:9f:e0:73:2e:df:e5:c7:34:34:5c:87:c4:0e:c1:
         f2:3a:65:ec:37:61:62:bb:6a:b3:f9:d4:d0:bf:79:38:7d:32:
         bb:d6:47:c9:48:23:2d:93:6e:dc:3c:77:d1:d0:af:a8:cd:72:
         04:50:1e:5d:c6:f9:c0:77:cb:ec:67:59:f1:0a:19:e7:2e:50:
         07:db:05:a5:87:29:a5:e1:58:d1:15:98:dd:fc:76:ac:d8:c2:
         10:f5:d3:ca:fa:43:83:41:ef:89:6f:ee:11:21:e6:c0:7c:19:
         f5:90:3f:b6:a1:87:f0:6c:62:3a:c3:81:ad:f7:0a:3e:0a:7e:
         51:ca:19:bb:27:82:3f:15:83:fd:ba:43:2e:ac:31:5a:4c:84:
         bb:40:f1:cc:b7:0e:f7:31:6a:bc:46:73:82:4a:7d:5e:f1:29:
         93:18:cf:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAJrSRIQiNdGhfSA9Na7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJmZThkYTAyNjY3MmU0NzAwYjI5MDBkNzY4NWE2NzM1ZjZlN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m8jzI+0QKyIy/QZMUqyl3updEKD
c6SBfLx+Xm6m0ApsLXXNzytieB0C786NTm7l8RzJSFSMatlTnXLkyw8chpob0+k3
Sz0VvUbU3Vj7PciLSSRfDORe2vaplIFqlP5+wSOCpUHryb2/M5BDIPb6fFFGt5JW
HPrnUi1vRvX+MRmLRDTnM6nlI7yW3O6YftdxGoIl5kjHrGOD/BFFnMBJgV3vQR8e
jbG088Ppqp3S5WCC07ZfNg0R20X1OO5fErF7o1Y4bDBTXNueeakmpr8gu78hjis8
sCTIfZseCOYr3WWDkGnvIWC2mXxFYS39PkfNtoQ0+UQT5QbN6SmfQGsuuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsv6NoCZnLkcAspANdoWmc19ue8MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvS3lfbzJnSm1jdVJ3Q3lrQTEyaGFaelgyNTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUuGMA0G
CSqGSIb3DQEBCwUAA4IBAQCQDyAmLPldqkNLq1gdwReO6ybsHOtUWIsuwcoT9Wv1
sJAjLLwMnfoylHN5+cbyKQaWdBz7kkTW6QKREqXyTvvGcR2sZfQgMWT4+7jm5PMX
H+2DauH18PwuERluuS7wn+BzLt/lxzQ0XIfEDsHyOmXsN2Fiu2qz+dTQv3k4fTK7
1kfJSCMtk27cPHfR0K+ozXIEUB5dxvnAd8vsZ1nxChnnLlAH2wWlhyml4VjRFZjd
/Has2MIQ9dPK+kODQe+Jb+4RIebAfBn1kD+2oYfwbGI6w4Gt9wo+Cn5Ryhm7J4I/
FYP9ukMurDFaTIS7QPHMtw73MWq8RnOCSn1e8SmTGM+k
-----END CERTIFICATE-----