Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GxYedkSTeiLaGGZm3zR7zXc_okU.roa
File:                     GxYedkSTeiLaGGZm3zR7zXc_okU.roa (raw, json)
Hash identifier:          yZtZ5bEs3PMC5gEdtfPDZZYkR4su+br574QwtztI1z0=
Subject key identifier:   1B:16:1E:76:44:93:7A:22:DA:18:66:66:DF:34:7B:CD:77:3F:A2:45
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01956B112436BCD02A41152FB9BDBCC6A75A
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GxYedkSTeiLaGGZm3zR7zXc_okU.roa
Signing time:             Thu 06 Mar 2025 10:47:20 +0000
ROA not before:           Thu 06 Mar 2025 10:47:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24768
IP address blocks:        195.216.164.0/22 maxlen: 22
                          195.216.168.0/22 maxlen: 22
                          213.182.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:11:24:36:bc:d0:2a:41:15:2f:b9:bd:bc:c6:a7:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Mar  6 10:47:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b161e7644937a22da186666df347bcd773fa245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:83:43:5c:44:27:1a:a8:08:6f:3c:c9:14:df:
                    61:83:bc:7c:0f:67:c5:67:81:07:f9:62:97:fe:1e:
                    e8:c6:3b:17:f4:71:62:dc:5b:b7:99:2a:5f:aa:88:
                    03:ba:ae:11:91:a4:b1:bf:9d:a8:c0:28:e7:49:af:
                    38:d4:e0:69:63:68:89:60:8e:74:db:cf:bc:05:7b:
                    e5:8c:c3:22:19:db:6d:c6:c4:b9:14:36:e9:18:1d:
                    e4:24:d4:f4:19:de:30:16:9d:0b:cc:c2:32:72:03:
                    46:6f:12:e3:56:b7:17:7e:fc:11:0a:61:89:38:9c:
                    70:e7:34:13:12:41:79:d3:83:5c:57:09:39:29:3c:
                    8c:db:93:aa:ed:55:b7:29:af:21:8e:e7:c3:cd:55:
                    a8:0b:c2:74:d2:60:cd:81:59:93:92:52:cd:6b:71:
                    8a:1a:1a:61:3d:a5:ce:06:ac:0c:14:79:6e:0a:09:
                    a5:66:25:70:87:ef:68:4b:5a:01:77:31:c8:44:c3:
                    1c:02:cb:10:0a:d9:04:df:92:6b:b4:18:b3:5b:c3:
                    7e:33:d3:88:7c:82:bd:be:10:fb:bb:03:f9:73:cb:
                    93:37:13:d1:d1:7e:cc:0c:2d:9e:00:21:30:3e:ea:
                    de:be:6c:16:79:56:1f:b1:30:4b:b7:84:5e:b8:21:
                    13:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:16:1E:76:44:93:7A:22:DA:18:66:66:DF:34:7B:CD:77:3F:A2:45
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GxYedkSTeiLaGGZm3zR7zXc_okU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.164.0-195.216.171.255
                  213.182.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:98:4b:c7:74:f9:eb:3f:a7:c9:51:27:4b:09:d1:57:ca:66:
         39:69:0e:f2:9e:84:ce:48:a6:85:fc:a6:99:dd:9e:6f:84:b4:
         fa:36:31:b1:de:03:bb:f4:f0:d0:e2:71:b3:87:d3:da:6a:4a:
         73:cc:bd:22:0e:81:78:3e:1b:c1:ed:0b:18:d1:fb:0f:36:f3:
         ed:74:88:7b:bc:44:4f:c5:ce:04:24:fa:44:8a:4b:31:37:61:
         e0:90:d6:75:8d:b6:b4:c0:88:c3:04:6b:be:3f:12:f6:42:c7:
         da:97:31:41:de:1e:bf:a8:e5:c1:3e:4d:a7:8c:1a:43:c7:81:
         8e:d7:ff:2b:b6:57:65:49:7e:9d:1e:94:f7:bb:54:33:0c:2b:
         c4:b9:5c:ec:d5:52:95:45:46:ad:7f:b6:72:28:86:e6:25:7b:
         ec:68:c3:25:82:71:d9:87:b9:fe:fb:c5:1f:6d:07:cb:ca:31:
         b6:80:ab:6e:15:a0:a5:6a:fb:e0:92:cd:b0:d6:dd:95:bb:6c:
         af:b6:c2:ec:d7:ff:b7:82:ea:17:80:45:dd:ce:ce:96:9f:a9:
         01:94:a3:f7:a4:c0:94:b1:69:e4:fe:f8:b1:e8:cb:89:dd:cf:
         7e:91:42:cb:60:b5:00:41:1a:88:59:ae:2f:7b:51:f2:f2:52:
         b6:0d:5a:4d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZVrESQ2vNAqQRUvub28xqdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMzA2MTA0NzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjE2MWU3NjQ0OTM3YTIyZGExODY2NjZkZjM0N2JjZDc3M2ZhMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYNDXEQnGqgIbzzJFN9hg7x8D2fF
Z4EH+WKX/h7oxjsX9HFi3Fu3mSpfqogDuq4RkaSxv52owCjnSa841OBpY2iJYI50
28+8BXvljMMiGdttxsS5FDbpGB3kJNT0Gd4wFp0LzMIycgNGbxLjVrcXfvwRCmGJ
OJxw5zQTEkF504NcVwk5KTyM25Oq7VW3Ka8hjufDzVWoC8J00mDNgVmTklLNa3GK
GhphPaXOBqwMFHluCgmlZiVwh+9oS1oBdzHIRMMcAssQCtkE35JrtBizW8N+M9OI
fIK9vhD7uwP5c8uTNxPR0X7MDC2eACEwPurevmwWeVYfsTBLt4ReuCETfQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBsWHnZEk3oi2hhmZt80e813P6JFMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvR3hZZWRrU1RlaUxhR0dabTN6Ujd6WGNfb2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBALD2KQD
BALD2KgDBADVtsMwDQYJKoZIhvcNAQELBQADggEBAFSYS8d0+es/p8lRJ0sJ0VfK
ZjlpDvKehM5IpoX8ppndnm+EtPo2MbHeA7v08NDicbOH09pqSnPMvSIOgXg+G8Ht
CxjR+w828+10iHu8RE/FzgQk+kSKSzE3YeCQ1nWNtrTAiMMEa74/EvZCx9qXMUHe
Hr+o5cE+TaeMGkPHgY7X/yu2V2VJfp0elPe7VDMMK8S5XOzVUpVFRq1/tnIohuYl
e+xowyWCcdmHuf77xR9tB8vKMbaAq24VoKVq++CSzbDW3ZW7bK+2wuzX/7eC6heA
Rd3OzpafqQGUo/ekwJSxaeT++LHoy4ndz36RQstgtQBBGohZri97UfLyUrYNWk0=
-----END CERTIFICATE-----