Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y3w50ZEwrtIkPorPoZxHWG9eEH0.roa
File:                     Y3w50ZEwrtIkPorPoZxHWG9eEH0.roa (raw, json)
Hash identifier:          5Tcj1jK0GCQK+mBU7lHCiUUJd7S0HpOxRejtgVU6kmc=
Subject key identifier:   63:7C:39:D1:91:30:AE:D2:24:3E:8A:CF:A1:9C:47:58:6F:5E:10:7D
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019421B24D44DE8E0DC091D686703D8E3D01
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y3w50ZEwrtIkPorPoZxHWG9eEH0.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        5.180.49.0/24 maxlen: 24
                          45.8.192.0/24 maxlen: 24
                          45.8.193.0/24 maxlen: 24
                          45.8.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4d:44:de:8e:0d:c0:91:d6:86:70:3d:8e:3d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=637c39d19130aed2243e8acfa19c47586f5e107d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:21:d9:f2:b0:62:07:b7:15:59:94:3f:78:97:
                    98:8c:ee:80:ea:78:b7:0d:29:0f:a7:e9:5c:ac:41:
                    f5:a1:2a:c7:72:87:53:60:b7:50:40:ba:0a:65:af:
                    05:7c:f5:2a:18:42:81:fe:96:16:d6:ea:f1:1e:ee:
                    4f:ba:3c:ea:34:93:bc:38:aa:50:39:da:5e:dd:4b:
                    bb:4d:25:59:b2:5e:51:8c:de:bf:f6:83:ef:ac:ba:
                    29:e9:bb:e4:46:9a:4b:a8:80:55:c3:d0:8b:56:6b:
                    1f:ba:4f:8d:50:a2:91:95:09:0e:20:c5:4c:9d:16:
                    3d:63:71:2b:cd:ab:c0:aa:09:c4:e9:3d:3d:5d:7c:
                    45:28:b5:97:04:3c:ff:0f:9e:1b:ca:db:29:1c:86:
                    70:54:6c:b1:29:17:b1:c1:77:5a:33:2e:28:a6:6c:
                    5a:df:16:81:87:9a:d4:1f:17:dc:15:2f:a9:ec:3d:
                    ba:c0:54:19:25:3b:b5:3f:3b:e2:96:97:b3:98:44:
                    de:41:5d:f5:af:97:51:45:6e:79:07:9e:96:38:fe:
                    11:e8:57:1b:20:d3:e0:d2:55:ed:65:b7:5b:6e:d4:
                    15:19:1f:75:e5:64:e4:e9:40:4d:74:05:3f:f4:1b:
                    82:16:9d:40:1c:74:85:1a:11:f7:4f:fe:a9:a4:dd:
                    d8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:7C:39:D1:91:30:AE:D2:24:3E:8A:CF:A1:9C:47:58:6F:5E:10:7D
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Y3w50ZEwrtIkPorPoZxHWG9eEH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.49.0/24
                  45.8.192.0/23
                  45.8.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:6e:90:42:28:1e:03:75:ae:24:c9:ac:95:7b:b4:63:5d:87:
         58:8c:05:e3:9c:a3:0f:aa:79:27:23:3c:98:df:7c:ad:09:9a:
         10:48:36:a5:e9:a0:f7:bd:cf:57:0b:82:15:0f:69:1c:c8:a2:
         74:d6:6d:9a:16:97:85:31:17:94:73:26:22:69:f0:45:47:10:
         ee:3d:3b:6b:50:fe:f9:77:44:08:16:5b:83:28:a7:d5:c6:ae:
         4a:fe:b4:eb:d1:43:2b:e0:ce:1c:6a:d6:77:9d:5f:9f:ae:97:
         0a:79:6e:a2:c5:f3:eb:60:5e:2a:86:9e:15:7e:f2:56:4d:47:
         7a:86:07:b6:76:46:f3:48:2a:8b:2f:da:7c:6e:9e:29:1e:20:
         80:44:ea:5e:ff:55:5d:36:18:3a:fe:be:43:66:b2:37:fc:74:
         d0:4c:9d:ea:8a:9b:b6:3b:99:08:c9:e0:03:45:e7:d7:b1:30:
         9e:1e:86:c7:2b:e3:c7:c7:d1:7f:82:e2:88:5e:f4:49:06:07:
         59:aa:29:07:3b:b6:c4:e8:8a:a2:d0:d0:37:88:66:c3:d5:a1:
         1f:95:ee:e4:09:7f:75:e5:88:70:15:0c:d2:42:cf:ef:5e:6c:
         92:fb:34:b7:01:f6:5f:82:1e:9b:6b:41:fd:a3:15:c0:a6:a3:
         5a:69:c1:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsk1E3o4NwJHWhnA9jj0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzdjMzlkMTkxMzBhZWQyMjQzZThhY2ZhMTljNDc1ODZmNWUxMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSHZ8rBiB7cVWZQ/eJeYjO6A6ni3
DSkPp+lcrEH1oSrHcodTYLdQQLoKZa8FfPUqGEKB/pYW1urxHu5PujzqNJO8OKpQ
Odpe3Uu7TSVZsl5RjN6/9oPvrLop6bvkRppLqIBVw9CLVmsfuk+NUKKRlQkOIMVM
nRY9Y3ErzavAqgnE6T09XXxFKLWXBDz/D54bytspHIZwVGyxKRexwXdaMy4opmxa
3xaBh5rUHxfcFS+p7D26wFQZJTu1PzvilpezmETeQV31r5dRRW55B56WOP4R6Fcb
INPg0lXtZbdbbtQVGR915WTk6UBNdAU/9BuCFp1AHHSFGhH3T/6ppN3YwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGN8OdGRMK7SJD6Kz6GcR1hvXhB9MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvWTN3NTBaRXdydElrUG9yUG9aeEhXRzllRUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbQxAwQB
LQjAAwQALQjKMA0GCSqGSIb3DQEBCwUAA4IBAQA8bpBCKB4Dda4kyayVe7RjXYdY
jAXjnKMPqnknIzyY33ytCZoQSDal6aD3vc9XC4IVD2kcyKJ01m2aFpeFMReUcyYi
afBFRxDuPTtrUP75d0QIFluDKKfVxq5K/rTr0UMr4M4catZ3nV+frpcKeW6ixfPr
YF4qhp4VfvJWTUd6hge2dkbzSCqLL9p8bp4pHiCAROpe/1VdNhg6/r5DZrI3/HTQ
TJ3qipu2O5kIyeADRefXsTCeHobHK+PHx9F/guKIXvRJBgdZqikHO7bE6Iqi0NA3
iGbD1aEfle7kCX915YhwFQzSQs/vXmyS+zS3AfZfgh6ba0H9oxXApqNaacHJ
-----END CERTIFICATE-----