Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xoYVIPgUaEsbBWQIFcxUpTKKI2Q.roa
File:                     xoYVIPgUaEsbBWQIFcxUpTKKI2Q.roa (raw, json)
Hash identifier:          sqIcyg1A3WdzW7N50IG4Du7XLYD7UFrI2WgkLzLk5Nc=
Subject key identifier:   C6:86:15:20:F8:14:68:4B:1B:05:64:08:15:CC:54:A5:32:8A:23:64
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01931AF4C9630675206C741A34609ABC60A5
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xoYVIPgUaEsbBWQIFcxUpTKKI2Q.roa
Signing time:             Mon 11 Nov 2024 11:21:10 +0000
ROA not before:           Mon 11 Nov 2024 11:21:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214024
IP address blocks:        185.206.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:f4:c9:63:06:75:20:6c:74:1a:34:60:9a:bc:60:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 11 11:21:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6861520f814684b1b05640815cc54a5328a2364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:87:c1:01:67:e3:13:d5:f3:9a:12:8a:01:10:
                    4b:00:7f:3d:e4:8b:27:18:74:b9:aa:20:c8:25:f4:
                    00:58:c5:c2:3e:52:db:e3:58:f7:be:6f:a3:f3:b6:
                    c4:72:0a:9a:02:9c:37:a2:fa:1d:54:f2:7d:66:d6:
                    35:04:8b:fd:59:0b:11:59:0b:cc:0b:5e:65:6c:ed:
                    12:97:ba:d2:0d:d9:6e:c9:e6:cb:fe:51:53:fd:f4:
                    05:9f:30:bd:b4:27:b0:67:d0:17:da:47:20:d6:21:
                    eb:52:62:1b:c9:30:09:01:7e:e1:93:f2:88:0e:07:
                    dd:7e:f3:81:66:ca:87:79:fa:9c:00:c4:a0:f3:02:
                    88:82:3b:ee:8d:91:d2:46:00:08:6c:02:eb:eb:b0:
                    4a:0d:25:32:d7:97:f5:83:4d:ad:3e:25:e7:79:13:
                    6b:bd:ad:71:92:c7:42:87:3c:ca:f1:6a:57:e0:84:
                    bb:ab:90:79:00:5e:8a:17:67:9e:bd:b0:ed:bb:16:
                    6b:a9:31:49:8a:e6:6d:ff:2f:8a:43:f8:84:b8:6a:
                    73:92:a8:93:b9:b8:22:90:52:90:65:74:f8:6f:cf:
                    76:4b:b4:ba:32:79:b2:58:71:75:28:b8:57:19:24:
                    a5:b8:7d:c1:df:3d:0e:da:57:a0:cd:c6:c5:a2:f2:
                    c1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:86:15:20:F8:14:68:4B:1B:05:64:08:15:CC:54:A5:32:8A:23:64
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xoYVIPgUaEsbBWQIFcxUpTKKI2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ee:a6:f0:9b:8c:d7:2d:eb:f7:6f:41:b5:3c:79:85:1b:f2:
         26:ef:0b:55:05:ca:46:2d:3d:b2:c3:de:35:54:91:ad:47:ce:
         70:6b:7f:ba:3b:f3:d5:37:56:13:14:e7:ea:a5:fb:a5:fa:d4:
         61:fc:ff:c4:d2:95:4e:a5:f1:59:49:de:f4:90:03:07:8f:5b:
         c2:a6:07:9f:c3:74:c1:a8:ed:c9:5b:dd:d3:43:3a:31:ac:7f:
         98:7b:19:cc:51:15:2e:6e:f5:ff:b2:77:2f:99:d8:59:40:b2:
         28:b1:bb:95:5d:4a:d3:36:27:27:83:7a:da:e4:50:6e:3c:27:
         3e:a8:d5:15:09:e4:02:f0:6f:80:7a:bc:41:df:26:8c:af:26:
         af:65:8e:6c:e8:c1:96:9c:e3:5b:74:e3:85:4c:b8:78:7d:e4:
         0d:c0:90:f5:e6:53:15:0b:a2:2c:03:fb:6e:73:aa:12:c3:27:
         d1:5a:26:92:88:39:a9:16:8e:e6:04:20:f0:92:df:a2:ce:b9:
         f0:8a:d8:df:8a:b1:c9:c5:ad:23:86:c0:52:31:5a:9b:f6:72:
         07:0d:96:cd:cf:64:c5:fd:c4:c7:27:55:9f:f2:f5:50:1d:4b:
         dc:44:f4:26:7e:b1:50:ef:f2:5a:3e:a1:5e:ad:73:be:62:7b:
         e4:97:ba:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMa9MljBnUgbHQaNGCavGClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTExMTEyMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjg2MTUyMGY4MTQ2ODRiMWIwNTY0MDgxNWNjNTRhNTMyOGEyMzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIfBAWfjE9XzmhKKARBLAH895Isn
GHS5qiDIJfQAWMXCPlLb41j3vm+j87bEcgqaApw3ovodVPJ9ZtY1BIv9WQsRWQvM
C15lbO0Sl7rSDdluyebL/lFT/fQFnzC9tCewZ9AX2kcg1iHrUmIbyTAJAX7hk/KI
DgfdfvOBZsqHefqcAMSg8wKIgjvujZHSRgAIbALr67BKDSUy15f1g02tPiXneRNr
va1xksdChzzK8WpX4IS7q5B5AF6KF2eevbDtuxZrqTFJiuZt/y+KQ/iEuGpzkqiT
ubgikFKQZXT4b892S7S6MnmyWHF1KLhXGSSluH3B3z0O2legzcbFovLB8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaGFSD4FGhLGwVkCBXMVKUyiiNkMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveG9ZVklQZ1VhRXNiQldRSUZjeFVwVEtLSTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc76MA0G
CSqGSIb3DQEBCwUAA4IBAQAK7qbwm4zXLev3b0G1PHmFG/Im7wtVBcpGLT2yw941
VJGtR85wa3+6O/PVN1YTFOfqpful+tRh/P/E0pVOpfFZSd70kAMHj1vCpgefw3TB
qO3JW93TQzoxrH+YexnMURUubvX/sncvmdhZQLIosbuVXUrTNicng3ra5FBuPCc+
qNUVCeQC8G+AerxB3yaMryavZY5s6MGWnONbdOOFTLh4feQNwJD15lMVC6IsA/tu
c6oSwyfRWiaSiDmpFo7mBCDwkt+izrnwitjfirHJxa0jhsBSMVqb9nIHDZbNz2TF
/cTHJ1Wf8vVQHUvcRPQmfrFQ7/JaPqFerXO+Ynvkl7qZ
-----END CERTIFICATE-----