Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/IQJY4wiykJwUR66o9Fs0mVyK_BY.roa
File:                     IQJY4wiykJwUR66o9Fs0mVyK_BY.roa (raw, json)
Hash identifier:          sOQn6ofboeM57RYlzWfjexIU5njt7tJ8PQXKuKFY2zY=
Subject key identifier:   21:02:58:E3:08:B2:90:9C:14:47:AE:A8:F4:5B:34:99:5C:8A:FC:16
Certificate issuer:       /CN=72f862dfe0c34874120d2cc169fc3144938ee8d9
Certificate serial:       019428277CE22B8A798B0C6FF1F9AF8AA750
Authority key identifier: 72:F8:62:DF:E0:C3:48:74:12:0D:2C:C1:69:FC:31:44:93:8E:E8:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cvhi3-DDSHQSDSzBafwxRJOO6Nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/IQJY4wiykJwUR66o9Fs0mVyK_BY.roa
Signing time:             Thu 02 Jan 2025 17:54:24 +0000
ROA not before:           Thu 02 Jan 2025 17:54:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198024
IP address blocks:        185.127.72.0/22 maxlen: 22
                          2a06:c7c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/cvhi3-DDSHQSDSzBafwxRJOO6Nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/cvhi3-DDSHQSDSzBafwxRJOO6Nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cvhi3-DDSHQSDSzBafwxRJOO6Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 01:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:7c:e2:2b:8a:79:8b:0c:6f:f1:f9:af:8a:a7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72f862dfe0c34874120d2cc169fc3144938ee8d9
        Validity
            Not Before: Jan  2 17:54:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=210258e308b2909c1447aea8f45b34995c8afc16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b5:93:8e:86:6e:23:d5:de:66:3b:64:f3:0f:
                    1f:9c:94:0e:4e:78:53:62:c9:ed:d3:52:cd:28:87:
                    33:26:cd:61:5b:7f:3b:ac:7c:24:0d:0e:bb:1f:56:
                    65:c4:7e:34:eb:d9:fb:3c:f2:3f:78:ac:f9:bf:8b:
                    e2:f6:03:9f:88:ee:c2:67:0e:ae:25:67:cd:b0:a8:
                    5e:e3:a5:31:f1:9d:49:86:87:ac:f0:ab:56:b5:c1:
                    f9:3f:b2:f7:9c:f2:c9:87:63:46:5f:f0:7b:05:df:
                    3c:b2:64:be:09:dd:e0:af:23:0f:2d:99:05:62:48:
                    ac:f9:d2:74:45:e3:ab:68:b3:0a:77:7c:40:84:ed:
                    1a:e5:4e:20:37:9c:06:e1:9c:cb:ff:e1:2d:fa:6a:
                    55:ec:36:16:1c:0c:95:e7:4b:87:04:bc:7f:79:6f:
                    96:15:1b:b8:d9:97:c2:d2:9a:93:8c:9d:7d:ad:8e:
                    13:7f:a7:7d:0a:e7:51:ca:85:7b:de:ed:02:cb:20:
                    84:1f:32:49:9f:9c:15:e0:a7:55:53:bc:f2:3d:6d:
                    05:05:46:4d:55:d1:c2:ab:9e:8e:89:c9:08:20:ae:
                    ea:cc:f3:c8:17:8d:72:c1:0c:e3:1b:d3:b2:75:4a:
                    47:7c:94:27:d4:5b:f1:08:29:7e:ee:a4:19:1f:69:
                    ad:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:02:58:E3:08:B2:90:9C:14:47:AE:A8:F4:5B:34:99:5C:8A:FC:16
            X509v3 Authority Key Identifier:
                keyid:72:F8:62:DF:E0:C3:48:74:12:0D:2C:C1:69:FC:31:44:93:8E:E8:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cvhi3-DDSHQSDSzBafwxRJOO6Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/IQJY4wiykJwUR66o9Fs0mVyK_BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/135fc4-b35a-42db-8141-220764dc345c/1/cvhi3-DDSHQSDSzBafwxRJOO6Nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.72.0/22
                IPv6:
                  2a06:c7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:d8:76:fb:89:f8:bf:21:9c:9a:aa:97:eb:9a:26:9e:c7:82:
         08:68:98:66:c8:1b:eb:8e:02:fb:5c:41:0b:9a:f0:71:bd:3f:
         8c:d1:f4:cb:e9:50:fb:fa:d4:ad:d3:18:1c:88:0c:a7:5e:c7:
         28:be:54:4d:25:88:e5:00:bb:b1:31:03:dd:e5:3b:b3:ab:d1:
         10:b8:d9:09:e2:80:0a:51:e9:d8:d8:74:72:a5:67:dd:37:17:
         e9:25:97:b0:b7:db:54:fe:35:3a:a7:f3:8c:85:42:de:fa:77:
         14:b7:ee:b9:8f:d1:cc:2f:29:fc:43:7d:30:20:2c:51:f3:6d:
         4e:88:2c:eb:3b:f8:6e:15:61:96:ae:f4:32:d9:0c:31:39:b8:
         3e:fe:53:f5:b7:6a:bd:1c:28:1c:7c:96:77:4d:ad:c8:21:af:
         3e:f1:78:16:54:d9:6c:05:b7:8e:61:e4:b5:07:05:9b:ec:ad:
         55:c9:64:0e:35:58:ea:44:af:bb:7a:63:03:f0:29:c4:ea:92:
         ae:b4:d0:a0:fe:33:68:02:75:2a:77:fe:10:e0:d5:16:91:d8:
         8a:44:b8:3a:2a:70:45:d4:f7:5b:b1:71:cd:13:ad:32:f2:07:
         f7:2c:c6:d0:4b:db:60:07:ec:ed:f7:1d:cb:4f:96:57:41:af:
         90:84:ad:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJ3ziK4p5iwxv8fmviqdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZjg2MmRmZTBjMzQ4NzQxMjBkMmNjMTY5ZmMzMTQ0OTM4
ZWU4ZDkwHhcNMjUwMTAyMTc1NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTAyNThlMzA4YjI5MDljMTQ0N2FlYThmNDViMzQ5OTVjOGFmYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLWTjoZuI9XeZjtk8w8fnJQOTnhT
Ysnt01LNKIczJs1hW387rHwkDQ67H1ZlxH4069n7PPI/eKz5v4vi9gOfiO7CZw6u
JWfNsKhe46Ux8Z1Jhoes8KtWtcH5P7L3nPLJh2NGX/B7Bd88smS+Cd3gryMPLZkF
Ykis+dJ0ReOraLMKd3xAhO0a5U4gN5wG4ZzL/+Et+mpV7DYWHAyV50uHBLx/eW+W
FRu42ZfC0pqTjJ19rY4Tf6d9CudRyoV73u0CyyCEHzJJn5wV4KdVU7zyPW0FBUZN
VdHCq56OickIIK7qzPPIF41ywQzjG9OydUpHfJQn1FvxCCl+7qQZH2mtDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCECWOMIspCcFEeuqPRbNJlcivwWMB8GA1UdIwQY
MBaAFHL4Yt/gw0h0Eg0swWn8MUSTjujZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ZoaTMtRERTSFFTRFN6QmFmd3hSSk9PNk5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8xMzVmYzQtYjM1YS00MmRiLTgxNDEt
MjIwNzY0ZGMzNDVjLzEvSVFKWTR3aXlrSndVUjY2bzlGczBtVnlLX0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8xMzVmYzQtYjM1YS00MmRiLTgxNDEtMjIwNzY0ZGMzNDVj
LzEvY3ZoaTMtRERTSFFTRFN6QmFmd3hSSk9PNk5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX9IMA0E
AgACMAcDBQMqBsfAMA0GCSqGSIb3DQEBCwUAA4IBAQA82Hb7ifi/IZyaqpfrmiae
x4IIaJhmyBvrjgL7XEELmvBxvT+M0fTL6VD7+tSt0xgciAynXscovlRNJYjlALux
MQPd5Tuzq9EQuNkJ4oAKUenY2HRypWfdNxfpJZewt9tU/jU6p/OMhULe+ncUt+65
j9HMLyn8Q30wICxR821OiCzrO/huFWGWrvQy2QwxObg+/lP1t2q9HCgcfJZ3Ta3I
Ia8+8XgWVNlsBbeOYeS1BwWb7K1VyWQONVjqRK+7emMD8CnE6pKutNCg/jNoAnUq
d/4Q4NUWkdiKRLg6KnBF1PdbsXHNE60y8gf3LMbQS9tgB+zt9x3LT5ZXQa+QhK2b
-----END CERTIFICATE-----