Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/CYNP6vN-qElEU6kqxQQrlgtjw0E.roa
File:                     CYNP6vN-qElEU6kqxQQrlgtjw0E.roa (raw, json)
Hash identifier:          50zm/kAB1hENUbgpvzJQwq1lkvUVeWylyOULFWpoN/I=
Subject key identifier:   09:83:4F:EA:F3:7E:A8:49:44:53:A9:2A:C5:04:2B:96:0B:63:C3:41
Certificate issuer:       /CN=500db1715052253bf523f140b9f5637a11d5e9af
Certificate serial:       01942143B74C8972F57939EB23C32A51B201
Authority key identifier: 50:0D:B1:71:50:52:25:3B:F5:23:F1:40:B9:F5:63:7A:11:D5:E9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/CYNP6vN-qElEU6kqxQQrlgtjw0E.roa
Signing time:             Wed 01 Jan 2025 09:47:53 +0000
ROA not before:           Wed 01 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197981
IP address blocks:        176.67.88.0/21 maxlen: 25
                          185.103.64.0/22 maxlen: 22
                          2a00:89c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b7:4c:89:72:f5:79:39:eb:23:c3:2a:51:b2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500db1715052253bf523f140b9f5637a11d5e9af
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09834feaf37ea8494453a92ac5042b960b63c341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:15:06:7d:b3:7e:ce:92:f2:3c:28:ac:23:d7:
                    b4:ba:79:45:e3:c5:2d:d7:f5:19:e2:5e:bd:f4:61:
                    f1:78:67:ed:3f:79:d0:8e:3e:1b:8f:68:81:07:2b:
                    cd:24:ed:2b:99:cd:bb:7c:fa:2a:fe:1b:88:1e:72:
                    c7:a8:75:dc:eb:18:19:ae:63:ae:13:98:2e:3f:04:
                    5e:20:f2:85:93:23:76:1f:85:14:a5:0d:19:6a:f5:
                    df:1c:31:15:cb:0e:54:6b:7c:be:f8:03:a9:ad:ba:
                    86:30:84:b6:09:1b:6e:ce:4c:a9:25:3b:11:22:4d:
                    bd:42:d8:07:c7:3c:2a:8a:8b:05:ba:f7:a2:bf:08:
                    69:1b:68:93:54:70:0e:be:7e:c9:cc:8f:9c:7f:a8:
                    dc:96:e8:ce:d0:60:13:5e:3d:a0:95:af:6a:27:c2:
                    1b:84:b5:dc:b2:a9:75:a1:79:dc:48:59:43:6c:fb:
                    2d:c9:73:84:e2:04:72:42:aa:7b:66:80:ce:d8:04:
                    93:88:5e:2f:28:b0:6d:7f:15:51:9a:ae:6a:ff:29:
                    d3:54:b3:41:1f:5e:b7:07:3b:ca:6d:88:32:28:7b:
                    a2:0f:f9:85:88:c9:b1:50:8f:41:ba:8b:e6:7b:3a:
                    63:c2:77:d9:39:37:2c:41:0f:e5:64:55:7b:83:a6:
                    dc:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:83:4F:EA:F3:7E:A8:49:44:53:A9:2A:C5:04:2B:96:0B:63:C3:41
            X509v3 Authority Key Identifier:
                keyid:50:0D:B1:71:50:52:25:3B:F5:23:F1:40:B9:F5:63:7A:11:D5:E9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/CYNP6vN-qElEU6kqxQQrlgtjw0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.88.0/21
                  185.103.64.0/22
                IPv6:
                  2a00:89c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:37:3a:b6:f3:a5:0b:ae:a3:3b:85:35:1a:bb:1e:ea:d5:55:
         d6:c9:8a:b5:db:18:a5:5d:2c:f5:68:96:aa:4d:9e:81:e6:eb:
         09:fa:3e:fa:0f:cf:a8:d7:0d:1c:2a:15:6c:c0:d6:02:55:86:
         4b:46:07:58:36:92:76:6a:e1:d8:09:ba:e0:37:70:bd:5b:03:
         85:bd:a9:52:46:2d:83:32:a9:a7:e6:57:5b:b4:c0:98:db:52:
         42:9f:61:c5:44:1c:b1:2c:fc:23:2b:61:18:fb:20:f4:55:e5:
         93:ef:2f:4f:03:f1:18:96:7e:5d:e0:0f:71:8b:24:0e:b5:61:
         5a:3b:53:e0:34:c9:b9:15:a7:12:fd:74:47:6a:56:f6:cc:41:
         b0:b0:6f:21:9b:62:dc:b7:4a:51:f3:40:6e:ec:01:4c:70:57:
         ba:b6:61:03:d7:7b:60:7e:49:ae:81:08:8f:0b:ca:bd:1c:7a:
         79:fd:c9:2b:87:8f:5d:c8:72:69:46:6b:a2:b7:11:ae:f6:89:
         bc:99:5f:2e:79:5a:17:be:b6:9e:16:e6:94:9d:40:42:4f:9b:
         a7:93:08:4f:5a:02:97:22:ab:cf:c1:32:71:da:2c:5e:c4:64:
         5d:43:2e:6a:82:fe:ce:f9:ce:e4:62:c0:7c:b5:34:0e:1c:23:
         d6:4c:c9:33
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhQ7dMiXL1eTnrI8MqUbIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMGRiMTcxNTA1MjI1M2JmNTIzZjE0MGI5ZjU2MzdhMTFk
NWU5YWYwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTgzNGZlYWYzN2VhODQ5NDQ1M2E5MmFjNTA0MmI5NjBiNjNjMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRUGfbN+zpLyPCisI9e0unlF48Ut
1/UZ4l699GHxeGftP3nQjj4bj2iBByvNJO0rmc27fPoq/huIHnLHqHXc6xgZrmOu
E5guPwReIPKFkyN2H4UUpQ0ZavXfHDEVyw5Ua3y++AOprbqGMIS2CRtuzkypJTsR
Ik29QtgHxzwqiosFuveivwhpG2iTVHAOvn7JzI+cf6jclujO0GATXj2gla9qJ8Ib
hLXcsql1oXncSFlDbPstyXOE4gRyQqp7ZoDO2ASTiF4vKLBtfxVRmq5q/ynTVLNB
H163BzvKbYgyKHuiD/mFiMmxUI9BuovmezpjwnfZOTcsQQ/lZFV7g6bc9wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAmDT+rzfqhJRFOpKsUEK5YLY8NBMB8GA1UdIwQY
MBaAFFANsXFQUiU79SPxQLn1Y3oR1emvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUEyeGNWQlNKVHYxSV9GQXVmVmplaEhWNmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xZjdiYWQtZTVkZC00ZTUyLWIwZDQt
OGY1Yzk4NjdlOTk4LzEvQ1lOUDZ2Ti1xRWxFVTZrcXhRUXJsZ3RqdzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xZjdiYWQtZTVkZC00ZTUyLWIwZDQtOGY1Yzk4NjdlOTk4
LzEvVUEyeGNWQlNKVHYxSV9GQXVmVmplaEhWNmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsENYAwQC
uWdAMA0EAgACMAcDBQAqAInAMA0GCSqGSIb3DQEBCwUAA4IBAQBWNzq286ULrqM7
hTUaux7q1VXWyYq12xilXSz1aJaqTZ6B5usJ+j76D8+o1w0cKhVswNYCVYZLRgdY
NpJ2auHYCbrgN3C9WwOFvalSRi2DMqmn5ldbtMCY21JCn2HFRByxLPwjK2EY+yD0
VeWT7y9PA/EYln5d4A9xiyQOtWFaO1PgNMm5FacS/XRHalb2zEGwsG8hm2Lct0pR
80Bu7AFMcFe6tmED13tgfkmugQiPC8q9HHp5/ckrh49dyHJpRmuitxGu9om8mV8u
eVoXvraeFuaUnUBCT5unkwhPWgKXIqvPwTJx2ixexGRdQy5qgv7O+c7kYsB8tTQO
HCPWTMkz
-----END CERTIFICATE-----