Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jYGVPwfsoaLtosUQAC4gJE56Z94.roa
File:                     jYGVPwfsoaLtosUQAC4gJE56Z94.roa (raw, json)
Hash identifier:          M2s0d7+cId10AxYm15LoFOp4M46aO9L/7V+fMU66zqA=
Subject key identifier:   8D:81:95:3F:07:EC:A1:A2:ED:A2:C5:10:00:2E:20:24:4E:7A:67:DE
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FF9FFF56E8C73AF392E510B95F57E7D
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jYGVPwfsoaLtosUQAC4gJE56Z94.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35598
IP address blocks:        194.26.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:f9:ff:f5:6e:8c:73:af:39:2e:51:0b:95:f5:7e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d81953f07eca1a2eda2c510002e20244e7a67de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9a:a4:ed:71:6c:49:04:d2:a4:bd:8a:aa:33:
                    fe:9c:ef:c4:55:3a:cd:3c:b5:22:b8:fb:5c:3c:1c:
                    c6:a9:8e:c7:13:95:26:fe:c5:1c:5a:92:8c:d9:eb:
                    31:1e:76:33:83:2e:67:09:5c:2d:0b:83:9c:ce:d8:
                    63:0d:83:98:1b:8f:da:73:06:c5:41:e7:f1:09:27:
                    9e:da:1a:9f:74:77:e1:c9:5a:6f:9c:cf:ef:1b:68:
                    c2:f3:af:c4:a4:3c:72:90:26:76:75:b4:04:34:a9:
                    70:15:2c:22:d4:51:fc:bf:3c:5c:13:5b:48:c5:b6:
                    6c:0a:f5:23:30:b4:1a:d3:5e:f9:49:dd:a9:f4:ef:
                    ef:ed:ae:cb:d1:f9:3f:d2:ce:3b:91:e7:b7:70:f1:
                    60:24:dd:e0:9d:97:b5:a2:3a:65:a6:a1:1c:bd:3e:
                    1f:4d:1a:46:8a:a2:9a:9d:85:1e:dd:1f:31:09:f4:
                    2d:7f:d7:33:cc:28:92:dd:28:57:6c:6d:ae:c7:85:
                    8f:4b:2c:6c:bf:a2:b0:1e:8c:f3:82:59:e7:2c:93:
                    6a:f2:56:9d:80:4c:58:b2:da:45:96:c2:4e:2b:5c:
                    98:85:3b:c8:3f:5d:8b:70:b3:5c:7b:4a:0d:c2:9a:
                    c5:9c:76:ce:0f:1b:f2:48:a7:dd:31:ff:51:d5:c4:
                    71:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:81:95:3F:07:EC:A1:A2:ED:A2:C5:10:00:2E:20:24:4E:7A:67:DE
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/jYGVPwfsoaLtosUQAC4gJE56Z94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:72:bd:31:6c:91:49:3d:06:70:7c:c8:ae:c6:46:f1:23:fe:
         89:93:ff:3a:21:86:d1:5b:07:45:f1:d0:8b:d7:1a:ef:c5:17:
         f4:95:59:3f:05:b9:1b:1b:2a:43:90:8b:22:b4:91:c1:5d:77:
         f1:3e:d4:67:8a:1e:9b:64:4c:02:12:e1:62:8c:b7:67:74:53:
         d1:01:21:4f:61:af:f0:36:76:e5:54:24:d6:1d:3a:0c:86:bd:
         c1:65:19:55:d8:87:49:47:70:4d:8e:77:48:4b:e4:7a:4e:4d:
         89:2e:0b:18:21:a7:6b:2a:f7:9c:e9:15:7d:d4:fd:29:04:56:
         08:73:d0:e2:f4:39:78:8c:95:8f:6d:96:ad:34:ab:21:13:80:
         d1:10:2e:6a:a5:51:c6:a7:38:7b:ec:25:fe:00:49:48:35:8e:
         e4:9e:61:ab:ff:4c:04:8c:0a:5f:5b:2e:b2:be:98:d0:c7:fb:
         2c:2a:e7:26:d2:37:93:b3:d2:79:7a:71:d1:f7:0d:7f:f1:d7:
         a2:fa:2b:c0:e3:f1:8d:5b:36:e6:5d:ae:6a:34:1d:ce:ed:31:
         3b:f5:04:fe:b5:63:4a:c4:8f:e5:88:4c:bc:80:2e:e7:63:86:
         ef:a4:d1:91:0f:2c:1e:1c:96:59:1f:73:91:0b:0f:01:24:b3:
         5b:15:fe:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+f/1boxzrzkuUQuV9X59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDgxOTUzZjA3ZWNhMWEyZWRhMmM1MTAwMDJlMjAyNDRlN2E2N2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5qk7XFsSQTSpL2KqjP+nO/EVTrN
PLUiuPtcPBzGqY7HE5Um/sUcWpKM2esxHnYzgy5nCVwtC4OczthjDYOYG4/acwbF
QefxCSee2hqfdHfhyVpvnM/vG2jC86/EpDxykCZ2dbQENKlwFSwi1FH8vzxcE1tI
xbZsCvUjMLQa0175Sd2p9O/v7a7L0fk/0s47kee3cPFgJN3gnZe1ojplpqEcvT4f
TRpGiqKanYUe3R8xCfQtf9czzCiS3ShXbG2ux4WPSyxsv6KwHozzglnnLJNq8lad
gExYstpFlsJOK1yYhTvIP12LcLNce0oNwprFnHbODxvySKfdMf9R1cRxHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2BlT8H7KGi7aLFEAAuICROemfeMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvallHVlB3ZnNvYUx0b3NVUUFDNGdKRTU2Wjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrSMA0G
CSqGSIb3DQEBCwUAA4IBAQAJcr0xbJFJPQZwfMiuxkbxI/6Jk/86IYbRWwdF8dCL
1xrvxRf0lVk/BbkbGypDkIsitJHBXXfxPtRnih6bZEwCEuFijLdndFPRASFPYa/w
NnblVCTWHToMhr3BZRlV2IdJR3BNjndIS+R6Tk2JLgsYIadrKvec6RV91P0pBFYI
c9Di9Dl4jJWPbZatNKshE4DREC5qpVHGpzh77CX+AElINY7knmGr/0wEjApfWy6y
vpjQx/ssKucm0jeTs9J5enHR9w1/8dei+ivA4/GNWzbmXa5qNB3O7TE79QT+tWNK
xI/liEy8gC7nY4bvpNGRDyweHJZZH3ORCw8BJLNbFf6u
-----END CERTIFICATE-----