Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yPbPGHVnybfOg3CbVa6ATXW9MZw.roa
File:                     yPbPGHVnybfOg3CbVa6ATXW9MZw.roa (raw, json)
Hash identifier:          kq99i/gc1aAyBNAILAzQo/xTksP0pqpuR2NJXZwO3bo=
Subject key identifier:   C8:F6:CF:18:75:67:C9:B7:CE:83:70:9B:55:AE:80:4D:75:BD:31:9C
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FC8649BF8DE33E6942C3B87E9DA35
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yPbPGHVnybfOg3CbVa6ATXW9MZw.roa
Signing time:             Wed 01 Jan 2025 13:48:15 +0000
ROA not before:           Wed 01 Jan 2025 13:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198289
IP address blocks:        78.133.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c8:64:9b:f8:de:33:e6:94:2c:3b:87:e9:da:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8f6cf187567c9b7ce83709b55ae804d75bd319c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bf:3a:35:a7:5f:23:8f:df:63:dc:23:c4:15:
                    24:73:36:81:5a:6e:d6:3a:50:dc:f1:51:ed:9e:98:
                    29:66:09:36:f6:dc:b5:09:46:5a:85:e1:06:48:ec:
                    68:d3:29:d2:92:92:ae:98:48:57:f8:9c:ad:e0:6b:
                    a9:28:19:0c:a5:98:47:6f:a3:75:66:75:8e:9b:b6:
                    6f:5c:21:b9:92:4c:10:64:fa:e8:d3:0d:f9:79:f8:
                    4c:29:7d:c3:de:dd:35:dc:0c:f6:12:a4:f0:25:ae:
                    72:b2:66:b8:9d:8d:db:4d:14:3e:f1:d9:1e:29:06:
                    ed:48:17:45:05:b5:8a:02:ba:4c:0f:d3:ef:f4:d6:
                    cf:59:64:81:94:e8:9e:cc:bd:7c:1b:33:4c:1c:5d:
                    b1:ab:62:28:e1:c2:7d:a4:27:3c:0c:77:6c:2d:b0:
                    8a:c2:c4:a9:1a:aa:71:6a:df:bb:09:ec:db:de:52:
                    fe:5a:f2:e9:1e:b9:29:1c:de:55:96:48:17:fb:75:
                    03:89:8a:4a:6c:c3:ff:b3:b1:1c:77:e2:ce:fb:58:
                    8a:47:49:19:a0:56:ec:a9:bb:ca:cd:4b:8e:d1:8c:
                    4e:40:03:08:a0:b4:b4:29:b0:fc:61:83:de:c5:a8:
                    09:f6:26:8e:60:06:a3:b6:d7:59:cf:b4:48:ca:0e:
                    ea:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F6:CF:18:75:67:C9:B7:CE:83:70:9B:55:AE:80:4D:75:BD:31:9C
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/yPbPGHVnybfOg3CbVa6ATXW9MZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b6:5e:53:16:0f:ce:9a:e6:57:81:b5:0b:c1:f3:b8:51:3a:
         48:20:00:1b:68:9d:23:47:5c:20:ba:56:f3:50:57:95:45:65:
         19:b0:7c:6c:c7:1a:b9:20:05:19:27:cc:4e:0e:61:0d:98:9e:
         1f:06:f9:3d:81:33:b5:5c:e8:0f:fe:42:e7:67:17:b9:15:43:
         3b:17:6d:50:55:af:34:af:f0:04:35:b1:6a:17:bb:0d:e3:b8:
         0f:61:65:4e:4f:5e:32:88:0d:aa:e5:cd:45:13:b4:12:c0:b1:
         57:98:cb:44:aa:1f:3f:56:4b:60:ff:64:64:ab:83:da:c5:16:
         cf:05:84:72:6f:c3:53:7f:a4:85:49:8b:f3:50:8e:96:37:1d:
         01:83:60:6b:9e:2d:1c:87:ff:0a:6c:b2:9e:ad:16:8f:7f:6d:
         65:c8:f3:d5:b9:aa:d8:c9:88:8e:f3:c7:28:06:e7:f0:33:5f:
         19:6a:25:5b:44:0d:c8:16:29:a5:7d:92:e3:06:64:0e:2f:4c:
         cd:a3:3b:e1:24:30:77:11:40:29:e4:5a:b0:02:2a:a0:70:2e:
         af:20:87:42:17:2b:ef:55:7c:86:ad:9d:bb:21:7d:24:13:ba:
         03:71:b6:91:d5:f5:3e:50:cc:6b:82:8e:11:85:51:63:c8:d9:
         15:3f:1c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8hkm/jeM+aULDuH6do1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY2Y2YxODc1NjdjOWI3Y2U4MzcwOWI1NWFlODA0ZDc1YmQzMTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb86NadfI4/fY9wjxBUkczaBWm7W
OlDc8VHtnpgpZgk29ty1CUZaheEGSOxo0ynSkpKumEhX+Jyt4GupKBkMpZhHb6N1
ZnWOm7ZvXCG5kkwQZPro0w35efhMKX3D3t013Az2EqTwJa5ysma4nY3bTRQ+8dke
KQbtSBdFBbWKArpMD9Pv9NbPWWSBlOiezL18GzNMHF2xq2Io4cJ9pCc8DHdsLbCK
wsSpGqpxat+7Cezb3lL+WvLpHrkpHN5VlkgX+3UDiYpKbMP/s7Ecd+LO+1iKR0kZ
oFbsqbvKzUuO0YxOQAMIoLS0KbD8YYPexagJ9iaOYAajttdZz7RIyg7qCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMj2zxh1Z8m3zoNwm1WugE11vTGcMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEveVBiUEdIVm55YmZPZzNDYlZhNkFUWFc5TVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToXEMA0G
CSqGSIb3DQEBCwUAA4IBAQBBtl5TFg/OmuZXgbULwfO4UTpIIAAbaJ0jR1wgulbz
UFeVRWUZsHxsxxq5IAUZJ8xODmENmJ4fBvk9gTO1XOgP/kLnZxe5FUM7F21QVa80
r/AENbFqF7sN47gPYWVOT14yiA2q5c1FE7QSwLFXmMtEqh8/Vktg/2Rkq4PaxRbP
BYRyb8NTf6SFSYvzUI6WNx0Bg2Brni0ch/8KbLKerRaPf21lyPPVuarYyYiO88co
BufwM18ZaiVbRA3IFimlfZLjBmQOL0zNozvhJDB3EUAp5FqwAiqgcC6vIIdCFyvv
VXyGrZ27IX0kE7oDcbaR1fU+UMxrgo4RhVFjyNkVPxzu
-----END CERTIFICATE-----