Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/Y5NkjhxNGx4ss5GCzKl7-rIduCM.roa
File:                     Y5NkjhxNGx4ss5GCzKl7-rIduCM.roa (raw, json)
Hash identifier:          /DJ0Dj5nLfrACSNcG6NOE2ReJp4ef+Ajvh1vnuYm/CY=
Subject key identifier:   63:93:64:8E:1C:4D:1B:1E:2C:B3:91:82:CC:A9:7B:FA:B2:1D:B8:23
Certificate issuer:       /CN=5a5125afc5ec978b2a321291c2a5570fe619159e
Certificate serial:       0194236A3B6321CE3EA6B441D5D6ACF73702
Authority key identifier: 5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/Y5NkjhxNGx4ss5GCzKl7-rIduCM.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3b:63:21:ce:3e:a6:b4:41:d5:d6:ac:f7:37:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5125afc5ec978b2a321291c2a5570fe619159e
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6393648e1c4d1b1e2cb39182cca97bfab21db823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:06:7f:86:dd:98:ad:35:74:68:74:9d:e5:76:
                    59:e5:f5:a4:d0:b0:86:d7:d0:1c:79:52:b6:48:c6:
                    f6:b6:fb:21:95:80:99:ff:a7:73:49:5c:83:66:1d:
                    d6:8c:04:3e:2f:46:65:aa:58:6d:6c:7b:6b:d3:6e:
                    70:30:52:73:a9:2f:14:96:d3:7e:78:75:88:99:60:
                    ee:6a:b9:21:76:24:fd:14:a5:7f:be:40:9f:01:ba:
                    94:98:7f:cb:92:96:ca:a7:a5:da:79:f7:31:9f:85:
                    63:13:4f:d1:19:55:27:54:8b:76:6a:b1:b1:79:09:
                    df:fa:50:15:47:03:97:3a:d7:e6:bf:59:c0:a4:0e:
                    ff:2c:4e:20:df:f9:00:7f:ab:03:f1:27:e5:c1:57:
                    35:4c:ac:58:6d:02:77:0d:ba:ac:78:34:82:9c:43:
                    cd:87:da:db:7b:39:f4:37:2f:12:2d:33:5a:bb:08:
                    b6:27:5b:a8:36:16:ba:cd:30:c3:a1:04:db:46:59:
                    0b:e0:30:f4:5a:5b:43:70:9e:59:d6:38:80:1c:59:
                    f1:45:81:f7:04:5d:21:21:7d:d1:20:a3:01:eb:b4:
                    6b:9a:6e:8d:17:3a:1a:32:f9:c5:1e:14:62:53:4d:
                    b8:bc:87:c7:86:21:5c:12:49:b5:3a:92:cd:70:93:
                    25:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:93:64:8E:1C:4D:1B:1E:2C:B3:91:82:CC:A9:7B:FA:B2:1D:B8:23
            X509v3 Authority Key Identifier:
                keyid:5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/Y5NkjhxNGx4ss5GCzKl7-rIduCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:03:54:0b:02:ce:d8:3a:88:00:ca:4e:41:d8:04:33:64:88:
         18:b1:d1:72:0f:83:77:96:d2:60:e7:62:04:2e:16:d1:e3:c5:
         16:bd:1d:85:f2:72:02:d1:fe:d1:db:5d:3c:c5:44:7f:89:73:
         c5:06:de:4c:e3:31:d2:b4:50:2a:00:c6:74:17:dc:b4:1e:15:
         30:a9:fa:2b:47:ca:24:aa:0f:12:6c:0f:ed:33:72:2d:47:e0:
         6a:2d:fb:6a:15:03:1a:a7:d5:be:70:4a:92:b4:38:49:69:58:
         5c:35:21:06:ef:6e:8f:5e:3e:11:b5:e7:3c:3c:df:6d:ba:4f:
         58:79:08:bf:9d:34:5e:37:de:19:86:63:3f:f5:6c:a6:79:61:
         ef:c7:dd:95:e1:9c:1f:3a:01:72:84:6e:40:3d:e5:b0:0c:a7:
         3b:23:43:a0:35:1f:bd:bb:80:d0:b4:a2:d9:ae:87:15:c9:4a:
         97:91:7b:15:bf:59:1b:d7:5e:16:4b:3b:5c:d6:d8:56:f9:63:
         67:08:d5:0a:39:73:14:2d:ef:de:2b:eb:99:04:11:59:ca:5e:
         de:13:14:b4:23:ed:36:87:ff:a2:8b:ea:b5:1a:61:c2:45:89:
         3d:a9:e1:4a:19:45:62:34:bd:96:15:fc:67:6e:ae:be:60:bb:
         b7:25:57:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajtjIc4+prRB1das9zcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNTEyNWFmYzVlYzk3OGIyYTMyMTI5MWMyYTU1NzBmZTYx
OTE1OWUwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzkzNjQ4ZTFjNGQxYjFlMmNiMzkxODJjY2E5N2JmYWIyMWRiODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAZ/ht2YrTV0aHSd5XZZ5fWk0LCG
19AceVK2SMb2tvshlYCZ/6dzSVyDZh3WjAQ+L0ZlqlhtbHtr025wMFJzqS8UltN+
eHWImWDuarkhdiT9FKV/vkCfAbqUmH/LkpbKp6Xaefcxn4VjE0/RGVUnVIt2arGx
eQnf+lAVRwOXOtfmv1nApA7/LE4g3/kAf6sD8SflwVc1TKxYbQJ3DbqseDSCnEPN
h9rbezn0Ny8SLTNauwi2J1uoNha6zTDDoQTbRlkL4DD0WltDcJ5Z1jiAHFnxRYH3
BF0hIX3RIKMB67Rrmm6NFzoaMvnFHhRiU024vIfHhiFcEkm1OpLNcJMlPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOTZI4cTRseLLORgsype/qyHbgjMB8GA1UdIwQY
MBaAFFpRJa/F7JeLKjISkcKlVw/mGRWeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMt
YTZmYjRkZjU0ODFlLzEvWTVOa2poeE5HeDRzczVHQ3pLbDctcklkdUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMtYTZmYjRkZjU0ODFl
LzEvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG1lMA0G
CSqGSIb3DQEBCwUAA4IBAQCBA1QLAs7YOogAyk5B2AQzZIgYsdFyD4N3ltJg52IE
LhbR48UWvR2F8nIC0f7R2108xUR/iXPFBt5M4zHStFAqAMZ0F9y0HhUwqforR8ok
qg8SbA/tM3ItR+BqLftqFQMap9W+cEqStDhJaVhcNSEG726PXj4Rtec8PN9tuk9Y
eQi/nTReN94ZhmM/9WymeWHvx92V4ZwfOgFyhG5APeWwDKc7I0OgNR+9u4DQtKLZ
rocVyUqXkXsVv1kb114WSztc1thW+WNnCNUKOXMULe/eK+uZBBFZyl7eExS0I+02
h/+ii+q1GmHCRYk9qeFKGUViNL2WFfxnbq6+YLu3JVem
-----END CERTIFICATE-----