Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/NKYWlz4gwZY4JXbw2fZ-33Yiq7Q.roa
File:                     NKYWlz4gwZY4JXbw2fZ-33Yiq7Q.roa (raw, json)
Hash identifier:          78EN8i32FjxMTLLdcIXwd9Vb1kdj7OWCE2WX2/B4rLA=
Subject key identifier:   34:A6:16:97:3E:20:C1:96:38:25:76:F0:D9:F6:7E:DF:76:22:AB:B4
Certificate issuer:       /CN=5d370a48b59fb811495f11c49734482f22b1a392
Certificate serial:       019424B28E87DE0FEE3331BED5293E90A448
Authority key identifier: 5D:37:0A:48:B5:9F:B8:11:49:5F:11:C4:97:34:48:2F:22:B1:A3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTcKSLWfuBFJXxHElzRILyKxo5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/NKYWlz4gwZY4JXbw2fZ-33Yiq7Q.roa
Signing time:             Thu 02 Jan 2025 01:47:48 +0000
ROA not before:           Thu 02 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56388
IP address blocks:        185.156.200.0/24 maxlen: 24
                          185.156.201.0/24 maxlen: 24
                          185.156.202.0/24 maxlen: 24
                          185.156.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/XTcKSLWfuBFJXxHElzRILyKxo5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/XTcKSLWfuBFJXxHElzRILyKxo5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTcKSLWfuBFJXxHElzRILyKxo5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:8e:87:de:0f:ee:33:31:be:d5:29:3e:90:a4:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d370a48b59fb811495f11c49734482f22b1a392
        Validity
            Not Before: Jan  2 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34a616973e20c196382576f0d9f67edf7622abb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:de:21:1a:63:16:7b:f8:a4:fd:91:96:44:84:
                    4c:48:8b:38:36:da:a3:e4:1d:54:35:10:b3:42:a5:
                    2a:cc:9f:92:89:a0:97:b1:0e:0f:d3:2c:94:dc:8f:
                    ea:c3:f2:c0:44:5f:4b:30:66:fc:02:9e:1a:ec:2b:
                    6f:6c:97:38:e1:b1:20:69:7e:97:2c:85:45:ad:88:
                    fb:16:f0:e3:e1:07:fd:5b:1b:af:a4:6e:50:7e:c0:
                    e4:aa:4f:5d:04:ea:a3:8e:fe:a1:1f:a0:b9:c9:85:
                    d4:f9:68:cf:d9:6c:9d:ab:18:a8:2e:08:71:1f:5a:
                    0c:52:a1:89:c3:46:cd:bf:98:71:86:12:14:c3:e9:
                    c1:24:77:51:06:4d:d9:dd:ee:ad:9c:77:26:ee:d7:
                    fa:15:ab:93:f7:89:73:ad:d3:96:65:4e:8a:04:af:
                    4a:08:2c:3f:ab:a7:87:27:45:41:f8:aa:fb:98:e2:
                    98:6d:ac:50:eb:fb:f6:f6:93:fb:b7:97:98:45:4f:
                    49:ac:ec:0f:90:06:6b:ba:c0:07:72:1a:a6:62:65:
                    85:2e:78:70:37:6f:8e:f0:d4:f0:3d:de:d2:61:52:
                    18:f1:33:a1:2a:1b:06:7a:41:ac:48:c1:a0:8b:46:
                    b0:d8:84:70:d2:50:da:a7:37:e5:37:35:b7:b0:29:
                    78:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:A6:16:97:3E:20:C1:96:38:25:76:F0:D9:F6:7E:DF:76:22:AB:B4
            X509v3 Authority Key Identifier:
                keyid:5D:37:0A:48:B5:9F:B8:11:49:5F:11:C4:97:34:48:2F:22:B1:A3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTcKSLWfuBFJXxHElzRILyKxo5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/NKYWlz4gwZY4JXbw2fZ-33Yiq7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/70858a-6395-402d-9ace-e272013026b4/1/XTcKSLWfuBFJXxHElzRILyKxo5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:c8:f2:44:41:df:68:e6:3d:aa:17:31:ab:e2:96:50:90:59:
         1e:0a:db:bd:b1:fc:ea:60:50:bf:a7:28:82:db:8f:e2:59:21:
         15:ac:6a:5e:fd:4f:61:c9:02:a8:92:f7:f0:1c:84:d6:69:51:
         1a:69:90:66:8c:6b:54:2d:42:c4:cc:ff:38:c8:4f:cc:3f:ba:
         20:7b:2e:f1:f7:de:5e:bc:bf:94:95:4a:66:05:1e:4d:82:6d:
         29:42:10:52:3e:3a:7e:92:c9:b3:af:15:98:e0:a9:d9:88:7e:
         6e:fd:6f:22:8d:41:d5:c3:f6:cf:f3:33:9b:a2:0f:af:73:b3:
         f2:8b:8d:21:46:27:da:65:fe:c8:2f:2b:7e:ac:c3:f4:a9:50:
         1a:91:1d:11:cf:7f:c1:9c:de:fd:18:75:55:37:a1:b3:3c:4b:
         02:5c:d7:89:40:42:15:62:70:26:79:e9:c4:4d:7d:53:ca:02:
         d4:65:b7:a1:6a:50:5d:f8:d3:87:9f:c9:f0:41:6e:e3:2f:d1:
         67:46:38:df:95:3c:3b:a6:2b:83:0d:c1:d0:3c:ff:4b:9d:a1:
         72:2a:25:67:ab:1a:78:7b:ae:14:d3:6f:3f:b1:ea:b6:12:d0:
         da:da:71:d9:59:bd:68:43:74:3b:f4:22:1c:9c:14:a7:55:56:
         ff:80:58:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkso6H3g/uMzG+1Sk+kKRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzcwYTQ4YjU5ZmI4MTE0OTVmMTFjNDk3MzQ0ODJmMjJi
MWEzOTIwHhcNMjUwMTAyMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE2MTY5NzNlMjBjMTk2MzgyNTc2ZjBkOWY2N2VkZjc2MjJhYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv94hGmMWe/ik/ZGWRIRMSIs4Ntqj
5B1UNRCzQqUqzJ+SiaCXsQ4P0yyU3I/qw/LARF9LMGb8Ap4a7CtvbJc44bEgaX6X
LIVFrYj7FvDj4Qf9WxuvpG5QfsDkqk9dBOqjjv6hH6C5yYXU+WjP2WydqxioLghx
H1oMUqGJw0bNv5hxhhIUw+nBJHdRBk3Z3e6tnHcm7tf6FauT94lzrdOWZU6KBK9K
CCw/q6eHJ0VB+Kr7mOKYbaxQ6/v29pP7t5eYRU9JrOwPkAZrusAHchqmYmWFLnhw
N2+O8NTwPd7SYVIY8TOhKhsGekGsSMGgi0aw2IRw0lDapzflNzW3sCl4gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSmFpc+IMGWOCV28Nn2ft92Iqu0MB8GA1UdIwQY
MBaAFF03Cki1n7gRSV8RxJc0SC8isaOSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRjS1NMV2Z1QkZKWHhIRWx6UklMeUt4bzVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83MDg1OGEtNjM5NS00MDJkLTlhY2Ut
ZTI3MjAxMzAyNmI0LzEvTktZV2x6NGd3Wlk0SlhidzJmWi0zM1lpcTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83MDg1OGEtNjM5NS00MDJkLTlhY2UtZTI3MjAxMzAyNmI0
LzEvWFRjS1NMV2Z1QkZKWHhIRWx6UklMeUt4bzVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZzIMA0G
CSqGSIb3DQEBCwUAA4IBAQAoyPJEQd9o5j2qFzGr4pZQkFkeCtu9sfzqYFC/pyiC
24/iWSEVrGpe/U9hyQKokvfwHITWaVEaaZBmjGtULULEzP84yE/MP7ogey7x995e
vL+UlUpmBR5Ngm0pQhBSPjp+ksmzrxWY4KnZiH5u/W8ijUHVw/bP8zObog+vc7Py
i40hRifaZf7ILyt+rMP0qVAakR0Rz3/BnN79GHVVN6GzPEsCXNeJQEIVYnAmeenE
TX1TygLUZbehalBd+NOHn8nwQW7jL9FnRjjflTw7piuDDcHQPP9LnaFyKiVnqxp4
e64U028/seq2EtDa2nHZWb1oQ3Q79CIcnBSnVVb/gFiM
-----END CERTIFICATE-----