Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gHxg_cEk3DSkqvb129sOUrAgBuU.roa
File:                     gHxg_cEk3DSkqvb129sOUrAgBuU.roa (raw, json)
Hash identifier:          F0Z+OMB0WAC5D71pzeF7aSN7uJ1IvkWqb0qMHGRFw+w=
Subject key identifier:   80:7C:60:FD:C1:24:DC:34:A4:AA:F6:F5:DB:DB:0E:52:B0:20:06:E5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0196FC88F08A1B5E889E1D93BD07A088049E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gHxg_cEk3DSkqvb129sOUrAgBuU.roa
Signing time:             Fri 23 May 2025 09:45:55 +0000
ROA not before:           Fri 23 May 2025 09:45:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        194.147.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:88:f0:8a:1b:5e:88:9e:1d:93:bd:07:a0:88:04:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 23 09:45:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=807c60fdc124dc34a4aaf6f5dbdb0e52b02006e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cc:b5:c3:5c:0d:e8:e4:54:50:f3:82:fc:67:
                    99:33:92:24:76:75:4a:0a:01:bd:6c:47:41:5a:5c:
                    6f:53:91:aa:12:f5:be:a8:da:62:dc:08:da:1c:67:
                    26:2e:00:3e:2c:9f:49:81:2f:a6:1d:69:31:da:67:
                    83:eb:ab:31:10:a2:ad:ec:bc:a1:74:9f:89:a8:ee:
                    42:9e:96:8c:ad:24:e0:a6:c7:07:52:34:3a:6b:86:
                    3d:e2:21:72:6d:ea:a5:f5:b3:d8:7d:a2:f2:c6:db:
                    33:8a:5b:36:18:46:90:b2:2a:a7:52:bd:2d:26:5d:
                    df:23:f0:bc:da:a5:96:16:60:16:0b:2e:f0:63:91:
                    2f:c0:46:a4:98:49:7f:24:3e:55:b5:93:5d:d8:9e:
                    76:8b:35:17:69:39:9c:fe:f5:4d:68:55:7c:10:d2:
                    9a:ea:5f:a5:3c:a3:7d:7f:a7:f7:45:ea:8d:f6:cf:
                    1b:c3:8a:f4:6d:f3:04:27:86:db:61:72:a2:ce:fe:
                    93:72:93:1d:8f:3c:fe:a0:44:06:6a:ec:2f:2a:2d:
                    ff:ad:dd:a5:da:e3:61:8d:cc:e5:d1:ae:62:ac:5d:
                    7a:53:e3:53:9e:bc:20:0c:5e:bb:d1:92:ef:ba:26:
                    24:92:2d:19:bf:19:de:e9:e1:98:8c:a4:d3:e8:50:
                    f0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7C:60:FD:C1:24:DC:34:A4:AA:F6:F5:DB:DB:0E:52:B0:20:06:E5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gHxg_cEk3DSkqvb129sOUrAgBuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:8e:cb:61:ef:3c:7b:ed:df:96:9d:d8:58:c9:ef:a5:9f:4f:
         90:c9:70:2e:d7:21:9a:d0:f1:8d:79:cf:22:57:ec:32:b9:95:
         02:24:b7:a3:6b:d7:c7:5c:5a:ff:93:e5:0a:3c:c1:af:6d:ea:
         53:c4:a0:ae:62:0f:37:f5:87:25:d2:d1:3d:09:f0:ce:3e:0e:
         17:89:29:fd:14:90:93:6e:4c:e6:9d:ec:3a:c1:9f:7a:a4:58:
         20:d6:94:06:98:06:d5:8d:21:5e:2d:0b:6b:4f:fb:10:06:e0:
         39:cc:03:e4:41:df:00:6a:67:66:4c:a0:1e:a4:8f:44:06:f2:
         c5:75:f0:7b:1d:0c:7e:46:e3:64:82:e1:84:dc:fa:cf:b9:00:
         d0:a7:a9:d0:d8:98:d0:1c:3e:5e:de:3a:65:a1:d5:df:23:21:
         5a:3b:5e:9e:9b:bb:30:0b:c4:47:1f:53:e8:2d:15:98:ac:70:
         b4:d3:26:dc:55:fc:97:53:8b:2f:eb:d3:75:6a:81:5d:b0:b6:
         cf:2b:81:ab:e6:13:63:f5:4e:fb:b1:eb:b9:60:7c:2b:ae:d8:
         76:09:a8:a3:fe:0d:17:7c:5c:8d:79:60:53:f5:97:7a:37:ad:
         9a:ed:4b:fc:54:56:d4:60:66:a4:84:6b:28:7d:01:c1:a0:21:
         d0:9a:71:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb8iPCKG16Inh2TvQegiASeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNTIzMDk0NTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdjNjBmZGMxMjRkYzM0YTRhYWY2ZjVkYmRiMGU1MmIwMjAwNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsy1w1wN6ORUUPOC/GeZM5IkdnVK
CgG9bEdBWlxvU5GqEvW+qNpi3AjaHGcmLgA+LJ9JgS+mHWkx2meD66sxEKKt7Lyh
dJ+JqO5CnpaMrSTgpscHUjQ6a4Y94iFybeql9bPYfaLyxtszils2GEaQsiqnUr0t
Jl3fI/C82qWWFmAWCy7wY5EvwEakmEl/JD5VtZNd2J52izUXaTmc/vVNaFV8ENKa
6l+lPKN9f6f3ReqN9s8bw4r0bfMEJ4bbYXKizv6TcpMdjzz+oEQGauwvKi3/rd2l
2uNhjczl0a5irF16U+NTnrwgDF670ZLvuiYkki0Zvxne6eGYjKTT6FDw7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB8YP3BJNw0pKr29dvbDlKwIAblMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZ0h4Z19jRWszRFNrcXZiMTI5c09VckFnQnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpMRMA0G
CSqGSIb3DQEBCwUAA4IBAQABjsth7zx77d+WndhYye+ln0+QyXAu1yGa0PGNec8i
V+wyuZUCJLeja9fHXFr/k+UKPMGvbepTxKCuYg839Ycl0tE9CfDOPg4XiSn9FJCT
bkzmnew6wZ96pFgg1pQGmAbVjSFeLQtrT/sQBuA5zAPkQd8AamdmTKAepI9EBvLF
dfB7HQx+RuNkguGE3PrPuQDQp6nQ2JjQHD5e3jplodXfIyFaO16em7swC8RHH1Po
LRWYrHC00ybcVfyXU4sv69N1aoFdsLbPK4Gr5hNj9U77seu5YHwrrth2Caij/g0X
fFyNeWBT9Zd6N62a7Uv8VFbUYGakhGsofQHBoCHQmnGn
-----END CERTIFICATE-----