Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/1DSZn5ns00u_zh3eaHcMM8S9LJ8.roa
File:                     1DSZn5ns00u_zh3eaHcMM8S9LJ8.roa (raw, json)
Hash identifier:          f2k2Rp4Tvmjd6WBxwwnYblRCaq4QO4K1UztQrgvzq4k=
Subject key identifier:   D4:34:99:9F:99:EC:D3:4B:BF:CE:1D:DE:68:77:0C:33:C4:BD:2C:9F
Certificate issuer:       /CN=60c44dff71879863ea71442023b7f354dc3dad7c
Certificate serial:       0194228D951DDE44B820FA7A025307AEBA85
Authority key identifier: 60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/1DSZn5ns00u_zh3eaHcMM8S9LJ8.roa
Signing time:             Wed 01 Jan 2025 15:48:11 +0000
ROA not before:           Wed 01 Jan 2025 15:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49882
IP address blocks:        91.92.196.0/24 maxlen: 24
                          185.88.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:95:1d:de:44:b8:20:fa:7a:02:53:07:ae:ba:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c44dff71879863ea71442023b7f354dc3dad7c
        Validity
            Not Before: Jan  1 15:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d434999f99ecd34bbfce1dde68770c33c4bd2c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f6:1f:79:7b:fe:64:27:de:e6:65:61:c6:d7:
                    97:b0:5f:ec:3f:22:1a:61:4a:ed:b3:52:ce:a1:89:
                    1e:a5:a1:08:63:9b:4e:77:cc:8b:ee:fa:b0:e6:91:
                    59:a0:98:ca:4b:c0:af:85:46:08:af:a9:09:ff:aa:
                    f3:ef:a8:ed:a7:bc:42:f2:ad:ce:90:a9:fa:e8:27:
                    d1:7b:47:f3:7b:8e:54:58:9f:6c:a8:f7:eb:73:bf:
                    d0:89:16:31:84:2d:7d:c3:36:97:d2:27:ce:cb:7c:
                    0e:e8:b5:d4:f1:8b:b4:8d:85:87:07:ae:5f:f7:6e:
                    2f:5f:3d:60:37:f1:48:62:36:2a:c6:dd:df:85:eb:
                    3c:f6:28:02:bd:b9:a2:c9:74:a5:21:4e:09:44:d4:
                    11:c1:78:4b:4d:b0:fd:39:e3:59:76:3c:e1:d4:d0:
                    c2:ef:ac:89:80:68:6b:53:2d:35:8a:9a:39:b8:9f:
                    07:64:f9:e0:18:fb:97:10:b4:52:9d:a2:0b:dd:24:
                    d9:d1:f0:a6:6d:c1:2b:52:5e:c1:e7:b9:4e:d2:f7:
                    d5:c0:7f:fa:28:82:36:1b:c5:b0:79:87:3e:7e:fe:
                    ca:ae:60:06:21:a7:18:80:79:97:93:ec:e2:11:b3:
                    a6:5a:02:97:0f:af:08:8b:67:cf:63:2e:99:87:4e:
                    59:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:34:99:9F:99:EC:D3:4B:BF:CE:1D:DE:68:77:0C:33:C4:BD:2C:9F
            X509v3 Authority Key Identifier:
                keyid:60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/1DSZn5ns00u_zh3eaHcMM8S9LJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.196.0/24
                  185.88.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:07:79:71:18:65:90:72:9d:aa:c6:2d:d7:66:36:b9:bf:3a:
         ca:44:ce:29:17:f5:1e:1b:f1:1b:38:1f:c4:d8:e0:58:93:05:
         87:85:b6:96:9f:f2:2f:e0:d1:86:78:0e:e4:ca:3e:dd:d0:1f:
         55:f3:d4:a6:39:55:ab:6a:9e:10:0b:63:db:36:98:18:42:8c:
         db:58:fd:74:6f:4d:d2:e4:b5:f2:67:c2:f2:91:9c:35:40:fd:
         49:9e:4f:b3:f7:13:c3:16:d9:a1:72:ac:2d:a2:9a:1e:8a:62:
         57:24:8e:7b:cc:21:cb:92:b7:e1:7f:42:ed:df:c8:96:e1:58:
         89:b6:8e:14:79:48:b3:6b:66:4a:51:b1:2e:c4:07:5e:4c:fd:
         5a:37:34:55:c1:e5:55:7c:bb:4f:e5:6d:b1:c1:ea:28:0c:76:
         2b:ae:7a:fa:eb:66:30:4b:60:8d:4c:19:9b:77:80:74:d4:f3:
         1b:9a:49:54:27:64:8e:fc:ca:af:81:99:d2:4f:8d:bb:ee:21:
         ad:83:0e:b8:59:fc:8d:66:62:20:40:0c:4b:01:9b:ae:17:3f:
         a8:ba:26:22:01:0f:ee:9f:cb:5d:cf:42:db:fe:66:cc:76:86:
         83:b5:87:81:37:6d:1c:78:cc:f1:04:6c:4a:c1:6c:3e:5b:75:
         74:fb:52:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijZUd3kS4IPp6AlMHrrqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzQ0ZGZmNzE4Nzk4NjNlYTcxNDQyMDIzYjdmMzU0ZGMz
ZGFkN2MwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDM0OTk5Zjk5ZWNkMzRiYmZjZTFkZGU2ODc3MGMzM2M0YmQyYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/YfeXv+ZCfe5mVhxteXsF/sPyIa
YUrts1LOoYkepaEIY5tOd8yL7vqw5pFZoJjKS8CvhUYIr6kJ/6rz76jtp7xC8q3O
kKn66CfRe0fze45UWJ9sqPfrc7/QiRYxhC19wzaX0ifOy3wO6LXU8Yu0jYWHB65f
924vXz1gN/FIYjYqxt3fhes89igCvbmiyXSlIU4JRNQRwXhLTbD9OeNZdjzh1NDC
76yJgGhrUy01ipo5uJ8HZPngGPuXELRSnaIL3STZ0fCmbcErUl7B57lO0vfVwH/6
KII2G8WweYc+fv7KrmAGIacYgHmXk+ziEbOmWgKXD68Ii2fPYy6Zh05ZmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNQ0mZ+Z7NNLv84d3mh3DDPEvSyfMB8GA1UdIwQY
MBaAFGDETf9xh5hj6nFEICO381TcPa18MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWIt
YjJkNzM2Nzg3MjdiLzEvMURTWm41bnMwMHVfemgzZWFIY01NOFM5TEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWItYjJkNzM2Nzg3Mjdi
LzEvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW1zEAwQC
uVi4MA0GCSqGSIb3DQEBCwUAA4IBAQA1B3lxGGWQcp2qxi3XZja5vzrKRM4pF/Ue
G/EbOB/E2OBYkwWHhbaWn/Iv4NGGeA7kyj7d0B9V89SmOVWrap4QC2PbNpgYQozb
WP10b03S5LXyZ8LykZw1QP1Jnk+z9xPDFtmhcqwtopoeimJXJI57zCHLkrfhf0Lt
38iW4ViJto4UeUiza2ZKUbEuxAdeTP1aNzRVweVVfLtP5W2xweooDHYrrnr662Yw
S2CNTBmbd4B01PMbmklUJ2SO/MqvgZnST4277iGtgw64WfyNZmIgQAxLAZuuFz+o
uiYiAQ/un8tdz0Lb/mbMdoaDtYeBN20ceMzxBGxKwWw+W3V0+1Jp
-----END CERTIFICATE-----