Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/YNy2gXiy30ryCGRriUHpHagAAGw.roa
File:                     YNy2gXiy30ryCGRriUHpHagAAGw.roa (raw, json)
Hash identifier:          HxFEjYkihFtU2VF+anVdxPnpIcq/yrQhubN+L8+juKg=
Subject key identifier:   60:DC:B6:81:78:B2:DF:4A:F2:08:64:6B:89:41:E9:1D:A8:00:00:6C
Certificate issuer:       /CN=ed32ef0caf0a057529fb928f76962a7425390dba
Certificate serial:       0196ED5DC2FEDE7345D6A1F95A754AADF291
Authority key identifier: ED:32:EF:0C:AF:0A:05:75:29:FB:92:8F:76:96:2A:74:25:39:0D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/YNy2gXiy30ryCGRriUHpHagAAGw.roa
Signing time:             Tue 20 May 2025 11:04:27 +0000
ROA not before:           Tue 20 May 2025 11:04:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197682
IP address blocks:        192.162.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:5d:c2:fe:de:73:45:d6:a1:f9:5a:75:4a:ad:f2:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed32ef0caf0a057529fb928f76962a7425390dba
        Validity
            Not Before: May 20 11:04:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60dcb68178b2df4af208646b8941e91da800006c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:28:3b:07:aa:a9:37:7a:ee:8b:b0:3a:1b:52:
                    24:49:78:a1:58:5f:5f:18:aa:3c:01:dc:5d:0c:fd:
                    6b:c1:14:6a:4a:d6:93:06:2e:ff:97:80:92:4c:ec:
                    10:d6:7b:aa:40:1c:3c:3d:d9:c5:d8:5c:7b:c4:f1:
                    0f:33:4e:b1:bc:2e:11:ea:84:a8:cc:b4:a0:32:6a:
                    9e:be:1f:4a:9d:41:da:81:9b:78:97:ef:db:ce:26:
                    7a:cd:3d:49:a4:c7:86:e1:2f:52:cb:66:47:89:9c:
                    49:c7:d6:0c:f5:29:8c:1e:91:8c:75:9d:54:b7:dd:
                    88:83:1a:1a:b3:15:e9:fd:e2:48:2a:08:cc:a7:a5:
                    42:11:17:eb:7a:6b:a0:88:bf:cc:84:ee:a2:02:23:
                    a4:33:e1:79:ce:a1:b9:9b:85:32:51:f5:2f:cd:a3:
                    2f:78:93:08:7f:56:17:17:31:d9:3f:4d:62:92:c8:
                    0e:a0:e0:89:64:48:d6:d6:19:d8:2d:a5:c9:98:44:
                    3e:d8:0d:57:79:b5:36:3e:13:2e:78:27:4e:65:c9:
                    eb:87:20:23:ea:23:b9:b2:de:9e:81:43:fc:33:e0:
                    0e:99:ef:b9:4b:9c:fd:26:bc:12:4c:44:89:d3:f2:
                    38:b7:9e:14:11:f6:dd:78:e8:4d:c8:59:a1:b1:09:
                    59:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:DC:B6:81:78:B2:DF:4A:F2:08:64:6B:89:41:E9:1D:A8:00:00:6C
            X509v3 Authority Key Identifier:
                keyid:ED:32:EF:0C:AF:0A:05:75:29:FB:92:8F:76:96:2A:74:25:39:0D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/YNy2gXiy30ryCGRriUHpHagAAGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/5f632f-e256-4f26-821a-1db531c9d2d8/1/7TLvDK8KBXUp-5KPdpYqdCU5Dbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:cb:2f:0f:36:0b:d3:21:f4:16:9f:90:f3:f4:94:06:3a:73:
         1d:ce:5c:23:3b:b1:7c:d3:65:b3:51:7b:2e:b9:92:42:f4:83:
         8f:03:f0:34:35:7f:88:4a:30:e7:59:fd:41:c3:38:ed:3a:21:
         68:58:54:ab:07:52:db:99:cb:35:8f:9d:80:f5:df:e9:de:65:
         95:14:72:15:f2:cf:40:1f:ac:87:41:17:09:7b:1e:77:ed:c2:
         a4:61:44:e6:9e:02:69:18:33:b6:db:fc:9b:fa:04:c6:6a:80:
         3e:d2:4c:7b:d3:d1:d6:a4:6c:87:63:c7:5d:31:37:90:86:d9:
         94:ca:42:2d:e1:b7:a0:0a:ce:9a:66:94:26:d0:89:fb:bf:fd:
         2f:43:d2:fd:d7:cf:68:35:59:9d:4f:ba:76:23:e0:e5:34:b9:
         3b:d0:f2:af:4e:f3:ed:20:c5:73:d1:35:10:4a:e0:c9:70:90:
         36:62:73:5f:f8:83:81:91:fb:31:eb:b5:6b:c1:e5:5f:3d:6d:
         e3:8b:69:63:a2:13:ba:b8:2e:41:c4:93:4a:ff:25:92:e1:61:
         7f:06:a3:5c:da:99:a8:b4:88:ce:54:7e:67:1a:34:59:71:66:
         c1:26:fd:b7:62:53:ff:6e:22:2a:f2:5e:60:cd:e8:2f:2d:fa:
         b9:55:e8:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtXcL+3nNF1qH5WnVKrfKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzJlZjBjYWYwYTA1NzUyOWZiOTI4Zjc2OTYyYTc0MjUz
OTBkYmEwHhcNMjUwNTIwMTEwNDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGRjYjY4MTc4YjJkZjRhZjIwODY0NmI4OTQxZTkxZGE4MDAwMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsig7B6qpN3rui7A6G1IkSXihWF9f
GKo8AdxdDP1rwRRqStaTBi7/l4CSTOwQ1nuqQBw8PdnF2Fx7xPEPM06xvC4R6oSo
zLSgMmqevh9KnUHagZt4l+/bziZ6zT1JpMeG4S9Sy2ZHiZxJx9YM9SmMHpGMdZ1U
t92IgxoasxXp/eJIKgjMp6VCERfremugiL/MhO6iAiOkM+F5zqG5m4UyUfUvzaMv
eJMIf1YXFzHZP01iksgOoOCJZEjW1hnYLaXJmEQ+2A1XebU2PhMueCdOZcnrhyAj
6iO5st6egUP8M+AOme+5S5z9JrwSTESJ0/I4t54UEfbdeOhNyFmhsQlZ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDctoF4st9K8ghka4lB6R2oAABsMB8GA1UdIwQY
MBaAFO0y7wyvCgV1KfuSj3aWKnQlOQ26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RMdkRLOEtCWFVwLTVLUGRwWXFkQ1U1RGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81ZjYzMmYtZTI1Ni00ZjI2LTgyMWEt
MWRiNTMxYzlkMmQ4LzEvWU55MmdYaXkzMHJ5Q0dScmlVSHBIYWdBQUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81ZjYzMmYtZTI1Ni00ZjI2LTgyMWEtMWRiNTMxYzlkMmQ4
LzEvN1RMdkRLOEtCWFVwLTVLUGRwWXFkQ1U1RGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKIsMA0G
CSqGSIb3DQEBCwUAA4IBAQAcyy8PNgvTIfQWn5Dz9JQGOnMdzlwjO7F802WzUXsu
uZJC9IOPA/A0NX+ISjDnWf1BwzjtOiFoWFSrB1Lbmcs1j52A9d/p3mWVFHIV8s9A
H6yHQRcJex537cKkYUTmngJpGDO22/yb+gTGaoA+0kx709HWpGyHY8ddMTeQhtmU
ykIt4begCs6aZpQm0In7v/0vQ9L9189oNVmdT7p2I+DlNLk70PKvTvPtIMVz0TUQ
SuDJcJA2YnNf+IOBkfsx67VrweVfPW3ji2ljohO6uC5BxJNK/yWS4WF/BqNc2pmo
tIjOVH5nGjRZcWbBJv23YlP/biIq8l5gzegvLfq5Veic
-----END CERTIFICATE-----