Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/YJ0hIC0g4jRwPT2ffsWDri3U1BY.roa
File:                     YJ0hIC0g4jRwPT2ffsWDri3U1BY.roa (raw, json)
Hash identifier:          aRSOvWay4BgtDjCfPmINM1fcXP7qlHTJkbgxSvqFhJc=
Subject key identifier:   60:9D:21:20:2D:20:E2:34:70:3D:3D:9F:7E:C5:83:AE:2D:D4:D4:16
Certificate issuer:       /CN=b031e2ca824ca8d5562406a7021ae3c13a1425d8
Certificate serial:       01942825DC4565072C88FC71EDFB52177EF2
Authority key identifier: B0:31:E2:CA:82:4C:A8:D5:56:24:06:A7:02:1A:E3:C1:3A:14:25:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDHiyoJMqNVWJAanAhrjwToUJdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/YJ0hIC0g4jRwPT2ffsWDri3U1BY.roa
Signing time:             Thu 02 Jan 2025 17:52:37 +0000
ROA not before:           Thu 02 Jan 2025 17:52:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        185.72.140.0/24 maxlen: 24
                          185.72.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/sDHiyoJMqNVWJAanAhrjwToUJdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/sDHiyoJMqNVWJAanAhrjwToUJdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDHiyoJMqNVWJAanAhrjwToUJdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:dc:45:65:07:2c:88:fc:71:ed:fb:52:17:7e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b031e2ca824ca8d5562406a7021ae3c13a1425d8
        Validity
            Not Before: Jan  2 17:52:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=609d21202d20e234703d3d9f7ec583ae2dd4d416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:84:ad:e4:39:5e:49:25:73:7d:5d:a3:dc:06:
                    a5:01:d5:dd:18:5d:98:84:60:05:22:f1:09:8a:06:
                    9f:46:23:a1:cb:d5:f5:cd:12:25:ed:7e:50:dc:12:
                    e6:2a:55:ab:45:2e:01:b6:2f:0b:92:04:b2:eb:f1:
                    53:44:5d:12:d2:5e:6e:cb:6f:e9:f2:e5:cb:b3:b6:
                    c9:10:f0:aa:8c:a9:8d:6d:06:7c:ed:04:b8:9a:5f:
                    27:b9:fc:64:08:77:7a:c7:76:54:7e:a8:b6:29:f8:
                    22:ef:da:15:55:c4:30:e4:59:6e:0e:65:4f:bb:c1:
                    42:1f:9a:35:3a:2d:e3:76:f5:8e:0c:e3:fd:57:27:
                    f8:f6:3f:bd:96:64:24:0a:af:8e:df:78:22:9f:8e:
                    d6:c1:52:36:1a:35:01:9d:e7:10:d4:9f:5c:bf:46:
                    00:38:50:67:b4:b8:c0:c1:91:8f:6a:f4:77:4c:44:
                    fa:f5:9c:e3:91:ae:f6:d9:af:2b:5e:5a:ab:2d:d6:
                    f9:fc:cd:ba:50:4f:b6:eb:42:5b:73:90:27:c1:c3:
                    fb:7a:41:6e:0d:b0:20:69:90:73:d8:f2:10:26:44:
                    42:5a:f3:51:c8:59:f6:f3:6c:cb:32:ce:d5:97:c0:
                    fe:c2:f2:28:92:94:d9:ca:13:0e:60:e4:dc:b1:f1:
                    fc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9D:21:20:2D:20:E2:34:70:3D:3D:9F:7E:C5:83:AE:2D:D4:D4:16
            X509v3 Authority Key Identifier:
                keyid:B0:31:E2:CA:82:4C:A8:D5:56:24:06:A7:02:1A:E3:C1:3A:14:25:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDHiyoJMqNVWJAanAhrjwToUJdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/YJ0hIC0g4jRwPT2ffsWDri3U1BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b7b933-7e80-4b37-a285-130e4dc015ab/1/sDHiyoJMqNVWJAanAhrjwToUJdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         da:12:71:97:b1:a7:ae:f3:d8:f5:02:c3:1f:13:4e:a8:c5:29:
         84:78:14:25:16:9a:32:41:91:e2:8d:39:a1:8e:81:8c:20:19:
         55:72:b5:36:cd:cb:eb:81:c9:91:b8:93:91:8b:4d:fc:8a:95:
         fd:80:9a:99:8e:b6:a0:63:cc:bb:15:8a:f5:53:3a:e9:46:02:
         d8:bc:3a:f1:1c:00:4a:84:69:7d:6f:c2:0c:d2:8f:84:23:4e:
         0a:ca:2e:fb:54:76:ab:6e:07:35:c5:ab:d1:39:df:03:c5:d0:
         e1:e4:c3:63:47:09:76:88:0d:df:63:6c:37:d0:3e:18:64:7b:
         95:6f:6b:b2:eb:a7:db:81:79:d7:93:16:d0:cd:ba:c1:43:1d:
         eb:58:54:31:5d:05:f5:65:74:de:b8:fb:9a:ea:82:9a:22:b4:
         a8:e7:dd:d0:54:ca:81:4a:9b:4f:21:ab:66:32:ae:f7:7f:7a:
         45:4c:52:91:68:0d:c1:33:62:0e:50:ba:20:02:e1:17:3a:d2:
         4f:4e:b1:81:7c:5b:cf:b2:45:79:75:4a:30:69:4f:5b:c1:82:
         2e:8f:21:82:71:21:64:3c:45:17:96:ce:79:24:b1:8b:06:15:
         63:a6:fb:46:ef:e2:8b:8d:4f:6d:43:4e:57:55:83:26:51:46:
         7c:98:f9:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJdxFZQcsiPxx7ftSF37yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMzFlMmNhODI0Y2E4ZDU1NjI0MDZhNzAyMWFlM2MxM2Ex
NDI1ZDgwHhcNMjUwMTAyMTc1MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDlkMjEyMDJkMjBlMjM0NzAzZDNkOWY3ZWM1ODNhZTJkZDRkNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oSt5DleSSVzfV2j3AalAdXdGF2Y
hGAFIvEJigafRiOhy9X1zRIl7X5Q3BLmKlWrRS4Bti8LkgSy6/FTRF0S0l5uy2/p
8uXLs7bJEPCqjKmNbQZ87QS4ml8nufxkCHd6x3ZUfqi2Kfgi79oVVcQw5FluDmVP
u8FCH5o1Oi3jdvWODOP9Vyf49j+9lmQkCq+O33gin47WwVI2GjUBnecQ1J9cv0YA
OFBntLjAwZGPavR3TET69Zzjka722a8rXlqrLdb5/M26UE+260Jbc5AnwcP7ekFu
DbAgaZBz2PIQJkRCWvNRyFn282zLMs7Vl8D+wvIokpTZyhMOYOTcsfH82wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCdISAtIOI0cD09n37Fg64t1NQWMB8GA1UdIwQY
MBaAFLAx4sqCTKjVViQGpwIa48E6FCXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0RIaXlvSk1xTlZXSkFhbkFocmp3VG9VSmRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iN2I5MzMtN2U4MC00YjM3LWEyODUt
MTMwZTRkYzAxNWFiLzEvWUowaElDMGc0alJ3UFQyZmZzV0RyaTNVMUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iN2I5MzMtN2U4MC00YjM3LWEyODUtMTMwZTRkYzAxNWFi
LzEvc0RIaXlvSk1xTlZXSkFhbkFocmp3VG9VSmRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUiMMA0G
CSqGSIb3DQEBCwUAA4IBAQDaEnGXsaeu89j1AsMfE06oxSmEeBQlFpoyQZHijTmh
joGMIBlVcrU2zcvrgcmRuJORi038ipX9gJqZjragY8y7FYr1UzrpRgLYvDrxHABK
hGl9b8IM0o+EI04Kyi77VHarbgc1xavROd8DxdDh5MNjRwl2iA3fY2w30D4YZHuV
b2uy66fbgXnXkxbQzbrBQx3rWFQxXQX1ZXTeuPua6oKaIrSo593QVMqBSptPIatm
Mq73f3pFTFKRaA3BM2IOULogAuEXOtJPTrGBfFvPskV5dUowaU9bwYIujyGCcSFk
PEUXls55JLGLBhVjpvtG7+KLjU9tQ05XVYMmUUZ8mPls
-----END CERTIFICATE-----