Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/2yUVHb7bKQBM4p7hGq3iiZimEbc.roa
File:                     2yUVHb7bKQBM4p7hGq3iiZimEbc.roa (raw, json)
Hash identifier:          a9OMpn99so26tcAAD5Nx55fldNYwi9TBv8dYukEeMlU=
Subject key identifier:   DB:25:15:1D:BE:DB:29:00:4C:E2:9E:E1:1A:AD:E2:89:98:A6:11:B7
Certificate issuer:       /CN=46e53230ae7cf6868aa683b624b59a811888f0ba
Certificate serial:       019426D9E279E87017DFFA27A924D77563C6
Authority key identifier: 46:E5:32:30:AE:7C:F6:86:8A:A6:83:B6:24:B5:9A:81:18:88:F0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RuUyMK589oaKpoO2JLWagRiI8Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/2yUVHb7bKQBM4p7hGq3iiZimEbc.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31592
IP address blocks:        193.247.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/RuUyMK589oaKpoO2JLWagRiI8Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/RuUyMK589oaKpoO2JLWagRiI8Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RuUyMK589oaKpoO2JLWagRiI8Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e2:79:e8:70:17:df:fa:27:a9:24:d7:75:63:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46e53230ae7cf6868aa683b624b59a811888f0ba
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db25151dbedb29004ce29ee11aade28998a611b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:de:64:84:ba:7f:c6:64:23:a3:b9:86:24:23:
                    08:ef:7f:ac:5a:b7:7b:04:5e:ff:0f:06:a8:17:af:
                    58:9a:67:1a:62:1f:96:79:1a:17:3b:8f:22:4e:2b:
                    f6:b6:b5:3c:54:f2:c7:9d:0f:a6:bf:4f:50:30:02:
                    80:e0:16:6d:e8:95:01:55:13:a1:99:cc:a0:a2:a4:
                    87:77:2c:6c:e4:47:8a:66:73:0e:e6:90:fe:ff:29:
                    94:77:aa:ca:4b:29:c6:0f:7a:b5:d2:02:40:f1:38:
                    3d:89:e8:a9:60:29:0c:5b:84:c6:a8:8c:82:62:40:
                    39:87:6e:cc:20:c5:d4:ee:6b:64:7d:73:78:1f:62:
                    cd:85:df:97:bb:60:d0:43:bc:5f:0b:2b:c5:b1:47:
                    67:be:2b:22:b2:ba:2e:70:c4:45:e0:fd:c8:0b:b5:
                    73:c7:85:88:06:40:34:b7:a2:5b:e4:99:b1:fc:78:
                    63:ed:57:b1:38:c9:c9:cd:5e:0b:f5:45:d5:d3:2a:
                    24:80:3e:03:eb:76:f3:0d:65:8f:c6:4b:ff:d1:d2:
                    e6:27:fb:84:8e:48:9c:cf:ca:ca:83:36:39:12:b7:
                    27:8e:ed:c7:c3:52:a0:77:63:a3:f9:b8:bf:dd:dd:
                    cf:74:f5:2f:7e:86:8d:03:e9:24:36:1f:63:1a:43:
                    c0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:25:15:1D:BE:DB:29:00:4C:E2:9E:E1:1A:AD:E2:89:98:A6:11:B7
            X509v3 Authority Key Identifier:
                keyid:46:E5:32:30:AE:7C:F6:86:8A:A6:83:B6:24:B5:9A:81:18:88:F0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RuUyMK589oaKpoO2JLWagRiI8Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/2yUVHb7bKQBM4p7hGq3iiZimEbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/c33a2b-39a0-4920-a441-2322403ec787/1/RuUyMK589oaKpoO2JLWagRiI8Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:12:f4:9d:a4:08:23:50:2d:38:5f:4d:73:95:a5:06:08:e5:
         4b:5a:11:3e:74:96:cf:44:13:cd:8e:65:bb:ec:0f:0c:15:7c:
         1f:05:d5:17:8c:28:34:b6:ba:e2:2a:2d:23:3a:3a:e0:cf:94:
         50:2d:c8:79:2a:be:42:89:c6:84:55:10:3e:0c:f1:ea:20:24:
         f8:18:6e:f1:53:cb:50:54:be:ae:9f:23:f4:6e:b7:94:b9:3f:
         f5:65:b5:72:ba:c1:6a:05:ef:d9:57:63:61:5a:6a:ca:f2:6f:
         a3:f5:10:b1:e9:1d:71:83:a0:02:6e:84:c6:ee:21:0e:ff:c4:
         28:cb:e3:51:86:ba:c1:cc:9a:df:93:26:1c:97:bc:34:11:72:
         c9:21:9f:77:d4:68:aa:dc:03:85:84:38:b8:e2:c0:c2:82:17:
         4a:ae:81:2f:47:04:d1:a6:18:00:b0:7f:59:0c:2b:50:ab:cf:
         d6:4c:c8:20:e4:d8:ab:4a:e1:58:17:ac:82:26:58:0c:2e:b4:
         d2:ad:c2:9e:5e:a6:2d:12:4a:f2:ec:d7:a7:f2:a0:17:99:12:
         2e:57:e2:a3:aa:3b:45:61:06:9f:ca:c0:bf:82:b7:f4:b7:81:
         97:47:65:7c:16:59:2c:1f:e1:32:28:e2:bc:e6:53:3c:45:89:
         f4:f4:3e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eJ56HAX3/onqSTXdWPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZTUzMjMwYWU3Y2Y2ODY4YWE2ODNiNjI0YjU5YTgxMTg4
OGYwYmEwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjI1MTUxZGJlZGIyOTAwNGNlMjllZTExYWFkZTI4OTk4YTYxMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd5khLp/xmQjo7mGJCMI73+sWrd7
BF7/DwaoF69YmmcaYh+WeRoXO48iTiv2trU8VPLHnQ+mv09QMAKA4BZt6JUBVROh
mcygoqSHdyxs5EeKZnMO5pD+/ymUd6rKSynGD3q10gJA8Tg9ieipYCkMW4TGqIyC
YkA5h27MIMXU7mtkfXN4H2LNhd+Xu2DQQ7xfCyvFsUdnvisisroucMRF4P3IC7Vz
x4WIBkA0t6Jb5Jmx/Hhj7VexOMnJzV4L9UXV0yokgD4D63bzDWWPxkv/0dLmJ/uE
jkicz8rKgzY5Ercnju3Hw1Kgd2Oj+bi/3d3PdPUvfoaNA+kkNh9jGkPAeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNslFR2+2ykATOKe4Rqt4omYphG3MB8GA1UdIwQY
MBaAFEblMjCufPaGiqaDtiS1moEYiPC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnVVeU1LNTg5b2FLcG9PMkpMV2FnUmlJOExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9jMzNhMmItMzlhMC00OTIwLWE0NDEt
MjMyMjQwM2VjNzg3LzEvMnlVVkhiN2JLUUJNNHA3aEdxM2lpWmltRWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9jMzNhMmItMzlhMC00OTIwLWE0NDEtMjMyMjQwM2VjNzg3
LzEvUnVVeU1LNTg5b2FLcG9PMkpMV2FnUmlJOExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfdfMA0G
CSqGSIb3DQEBCwUAA4IBAQBlEvSdpAgjUC04X01zlaUGCOVLWhE+dJbPRBPNjmW7
7A8MFXwfBdUXjCg0trriKi0jOjrgz5RQLch5Kr5CicaEVRA+DPHqICT4GG7xU8tQ
VL6unyP0breUuT/1ZbVyusFqBe/ZV2NhWmrK8m+j9RCx6R1xg6ACboTG7iEO/8Qo
y+NRhrrBzJrfkyYcl7w0EXLJIZ931Giq3AOFhDi44sDCghdKroEvRwTRphgAsH9Z
DCtQq8/WTMgg5NirSuFYF6yCJlgMLrTSrcKeXqYtEkry7Nen8qAXmRIuV+KjqjtF
YQafysC/grf0t4GXR2V8FlksH+EyKOK85lM8RYn09D5Y
-----END CERTIFICATE-----