Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/ydjVuxhclCo9WITtZ8reVakuUyk.roa
File:                     ydjVuxhclCo9WITtZ8reVakuUyk.roa (raw, json)
Hash identifier:          xSeH/WCDjMoX4ZrZ3Xlx1/Z9w0yzrfN0W1h+i1dlTy8=
Subject key identifier:   C9:D8:D5:BB:18:5C:94:2A:3D:58:84:ED:67:CA:DE:55:A9:2E:53:29
Certificate issuer:       /CN=daaf0ff365d4bd908de902eeda03b279c2f809d3
Certificate serial:       0194274809AC4188B162FADB3F6A793604B9
Authority key identifier: DA:AF:0F:F3:65:D4:BD:90:8D:E9:02:EE:DA:03:B2:79:C2:F8:09:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8P82XUvZCN6QLu2gOyecL4CdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/ydjVuxhclCo9WITtZ8reVakuUyk.roa
Signing time:             Thu 02 Jan 2025 13:50:19 +0000
ROA not before:           Thu 02 Jan 2025 13:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42184
IP address blocks:        195.66.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/2q8P82XUvZCN6QLu2gOyecL4CdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/2q8P82XUvZCN6QLu2gOyecL4CdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8P82XUvZCN6QLu2gOyecL4CdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 01:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:09:ac:41:88:b1:62:fa:db:3f:6a:79:36:04:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf0ff365d4bd908de902eeda03b279c2f809d3
        Validity
            Not Before: Jan  2 13:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9d8d5bb185c942a3d5884ed67cade55a92e5329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:03:1e:c4:33:82:5d:65:41:e5:1a:90:1b:28:
                    f9:84:ac:0b:62:fd:eb:71:0d:a3:71:ab:c7:18:07:
                    a5:1b:33:e3:56:9c:61:76:83:c4:5d:96:b5:dd:7d:
                    11:a5:eb:4a:d9:52:70:4e:4c:31:cf:e8:fb:0e:ec:
                    74:7b:c2:23:37:cc:2d:8a:af:bc:ee:5b:44:b4:5c:
                    f7:6e:53:04:04:07:28:1c:36:66:7a:82:db:20:b6:
                    b5:43:7a:43:43:8b:26:f9:5c:d7:81:cf:ed:ab:d6:
                    35:f1:9a:c8:e2:53:88:5c:4c:54:0a:94:47:d5:e1:
                    c4:af:64:58:6b:9d:eb:3b:f1:f3:08:fa:7e:f7:d1:
                    f9:80:85:fd:48:3a:49:a9:2e:af:93:d2:3c:80:ff:
                    ca:d7:19:28:b2:fa:4f:4c:06:6d:fc:7d:f9:03:82:
                    92:28:ab:98:be:ab:93:66:87:1e:96:ec:b4:1d:c6:
                    22:01:80:43:24:75:c0:01:ac:e0:e6:d4:65:c5:f0:
                    83:53:b2:e6:af:40:c8:67:87:ea:34:c3:c2:ed:ff:
                    d1:26:af:9a:d2:32:33:51:91:4c:26:bf:7d:d1:08:
                    ea:ee:5d:07:61:5a:4c:e1:55:1d:9d:3c:32:04:1a:
                    0c:69:44:61:3d:c9:0e:81:fb:26:27:e4:0e:01:40:
                    6a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D8:D5:BB:18:5C:94:2A:3D:58:84:ED:67:CA:DE:55:A9:2E:53:29
            X509v3 Authority Key Identifier:
                keyid:DA:AF:0F:F3:65:D4:BD:90:8D:E9:02:EE:DA:03:B2:79:C2:F8:09:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8P82XUvZCN6QLu2gOyecL4CdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/ydjVuxhclCo9WITtZ8reVakuUyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/779260-7be9-4b66-9df0-409176f846d3/1/2q8P82XUvZCN6QLu2gOyecL4CdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:b8:d7:03:16:38:55:0f:6d:ad:d7:e8:f4:c2:06:5d:ac:48:
         f3:fd:da:35:c1:88:7a:8e:e8:00:96:96:02:4d:eb:49:f9:08:
         12:bf:67:1e:87:78:a4:bb:4a:df:7d:1f:b1:c5:00:b2:97:b2:
         84:56:66:8f:03:70:f4:1e:02:03:e5:c6:ab:51:68:49:ea:d2:
         34:99:e9:a3:08:92:85:f3:54:25:43:de:b8:d7:8d:f1:68:84:
         3f:5b:ea:c5:e3:32:4d:ec:ae:f7:79:82:ac:52:5d:4b:f6:d1:
         3a:8f:5d:4c:9d:2e:e5:6d:28:35:5d:59:5f:f8:ae:88:47:b1:
         42:f5:26:4f:a5:00:3d:ff:b0:a4:02:26:d9:9d:99:32:92:45:
         12:2d:2c:ea:58:37:68:14:04:be:03:7c:34:1f:1c:d3:46:6b:
         b4:37:c0:7d:49:2d:cd:63:0a:3e:d8:e8:7b:19:61:08:41:55:
         db:6a:26:2b:5e:c7:a8:e5:08:68:2a:72:bb:2a:29:11:43:9f:
         d2:6b:aa:8d:b4:8e:f0:f7:4e:07:26:f0:5a:0d:a8:31:56:5c:
         4f:80:6e:ea:23:65:5e:b2:e7:10:d7:8e:a1:74:50:d5:11:f7:
         9f:b5:ac:ed:80:9c:b4:fb:68:31:30:6a:9b:99:9f:71:08:10:
         e9:6b:ee:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAmsQYixYvrbP2p5NgS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYwZmYzNjVkNGJkOTA4ZGU5MDJlZWRhMDNiMjc5YzJm
ODA5ZDMwHhcNMjUwMTAyMTM1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ4ZDViYjE4NWM5NDJhM2Q1ODg0ZWQ2N2NhZGU1NWE5MmU1MzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwMexDOCXWVB5RqQGyj5hKwLYv3r
cQ2jcavHGAelGzPjVpxhdoPEXZa13X0RpetK2VJwTkwxz+j7Dux0e8IjN8wtiq+8
7ltEtFz3blMEBAcoHDZmeoLbILa1Q3pDQ4sm+VzXgc/tq9Y18ZrI4lOIXExUCpRH
1eHEr2RYa53rO/HzCPp+99H5gIX9SDpJqS6vk9I8gP/K1xkosvpPTAZt/H35A4KS
KKuYvquTZoceluy0HcYiAYBDJHXAAazg5tRlxfCDU7Lmr0DIZ4fqNMPC7f/RJq+a
0jIzUZFMJr990Qjq7l0HYVpM4VUdnTwyBBoMaURhPckOgfsmJ+QOAUBqJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnY1bsYXJQqPViE7WfK3lWpLlMpMB8GA1UdIwQY
MBaAFNqvD/Nl1L2QjekC7toDsnnC+AnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4UDgyWFV2WkNONlFMdTJnT3llY0w0Q2RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83NzkyNjAtN2JlOS00YjY2LTlkZjAt
NDA5MTc2Zjg0NmQzLzEveWRqVnV4aGNsQ285V0lUdFo4cmVWYWt1VXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83NzkyNjAtN2JlOS00YjY2LTlkZjAtNDA5MTc2Zjg0NmQz
LzEvMnE4UDgyWFV2WkNONlFMdTJnT3llY0w0Q2RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0J5MA0G
CSqGSIb3DQEBCwUAA4IBAQBbuNcDFjhVD22t1+j0wgZdrEjz/do1wYh6jugAlpYC
TetJ+QgSv2ceh3iku0rffR+xxQCyl7KEVmaPA3D0HgID5carUWhJ6tI0memjCJKF
81QlQ964143xaIQ/W+rF4zJN7K73eYKsUl1L9tE6j11MnS7lbSg1XVlf+K6IR7FC
9SZPpQA9/7CkAibZnZkykkUSLSzqWDdoFAS+A3w0HxzTRmu0N8B9SS3NYwo+2Oh7
GWEIQVXbaiYrXseo5QhoKnK7KikRQ5/Sa6qNtI7w904HJvBaDagxVlxPgG7qI2Ve
sucQ146hdFDVEfeftaztgJy0+2gxMGqbmZ9xCBDpa+4w
-----END CERTIFICATE-----