Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Y9YksH2bUiHljz8P5EhHyhB5y9g.roa
File:                     Y9YksH2bUiHljz8P5EhHyhB5y9g.roa (raw, json)
Hash identifier:          T5FIsRO2g9NTZMOXMSlY2kZF7GuiHFYTJEt+zSOsPvQ=
Subject key identifier:   63:D6:24:B0:7D:9B:52:21:E5:8F:3F:0F:E4:48:47:CA:10:79:CB:D8
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       0196D30211D8B9538C5565873E0B56B3C933
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Y9YksH2bUiHljz8P5EhHyhB5y9g.roa
Signing time:             Thu 15 May 2025 08:14:10 +0000
ROA not before:           Thu 15 May 2025 08:14:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        185.64.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:02:11:d8:b9:53:8c:55:65:87:3e:0b:56:b3:c9:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: May 15 08:14:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63d624b07d9b5221e58f3f0fe44847ca1079cbd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a2:01:c9:5a:bc:7c:e3:c1:c0:ae:a3:bc:4b:
                    45:4c:90:d6:9a:84:d0:2f:b4:c7:b9:1c:94:f7:9c:
                    34:91:52:0b:07:28:1d:5b:c0:64:13:d1:fa:84:9d:
                    c7:b2:ae:31:5b:32:1c:93:44:3e:67:94:36:df:63:
                    e1:ec:9b:07:7c:60:12:7f:0e:a6:68:a6:26:d4:14:
                    2d:27:6d:19:6f:97:9c:bf:68:17:98:ae:c6:fa:99:
                    5b:03:0b:e7:6a:63:de:32:94:78:28:25:be:10:55:
                    7f:02:29:e2:46:82:ce:7f:f7:fc:56:de:4c:51:41:
                    dd:b2:07:08:87:d5:d1:83:07:5a:19:32:de:35:1c:
                    da:a0:8d:96:38:89:ff:70:c1:16:b4:20:5f:06:cb:
                    2a:58:2b:cb:1f:aa:f4:47:34:5a:52:6b:2a:13:03:
                    a5:17:66:f9:89:4b:68:aa:95:7c:fb:a9:d1:c9:40:
                    83:e9:f7:97:71:a5:96:79:8f:43:b3:46:e0:53:ab:
                    b8:9b:20:69:5a:50:58:0b:ef:24:bc:1d:8d:93:dd:
                    8b:d3:3f:24:cd:b2:b9:28:c4:29:cf:0d:c1:03:4e:
                    3a:5b:37:62:32:10:cf:fa:30:32:4a:58:d5:1f:f7:
                    4c:db:57:4d:6d:46:36:f9:7f:30:c2:81:35:b0:1f:
                    1d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D6:24:B0:7D:9B:52:21:E5:8F:3F:0F:E4:48:47:CA:10:79:CB:D8
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Y9YksH2bUiHljz8P5EhHyhB5y9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c3:3c:ec:19:c3:03:1b:0e:18:dd:4f:92:7f:74:79:84:e4:
         d1:23:71:bb:23:b8:20:25:b3:b5:90:cc:30:f2:e2:60:3b:11:
         af:de:21:c1:1b:64:92:8f:5f:39:34:aa:a3:73:b5:15:b6:35:
         55:8f:7e:27:80:50:77:1d:00:d0:0b:ab:0f:e6:01:b4:81:fb:
         a7:54:fb:4c:fb:fc:0e:4c:b1:08:68:d9:bc:7c:e6:7e:d2:27:
         98:73:af:19:0f:f4:0c:97:86:bc:b2:e4:3b:ab:ae:13:04:a1:
         35:1e:f2:47:b7:01:aa:98:fe:02:51:4d:53:03:8d:89:19:75:
         f6:72:47:23:61:0a:b1:08:87:d3:e7:44:d5:e0:6c:1a:9c:04:
         e3:2f:4e:30:14:d5:79:41:70:4d:54:af:ca:8c:2e:43:5c:7e:
         95:2d:bb:ce:4c:7e:9a:06:bd:23:49:af:8b:bf:83:d4:64:a6:
         d2:78:ee:9e:9c:ed:75:50:74:f7:97:c8:55:15:9c:1f:1e:d9:
         65:19:ee:6e:b5:ed:35:05:d7:ee:74:48:4f:f2:e2:b5:a5:86:
         33:f4:90:8f:6c:2f:55:ac:d2:8d:01:de:43:db:6b:2b:4b:36:
         87:dc:8f:4b:c8:1c:72:ac:1a:7c:86:aa:70:99:6b:a4:0c:b5:
         ab:bb:e3:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbTAhHYuVOMVWWHPgtWs8kzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjUwNTE1MDgxNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Q2MjRiMDdkOWI1MjIxZTU4ZjNmMGZlNDQ4NDdjYTEwNzljYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6IByVq8fOPBwK6jvEtFTJDWmoTQ
L7THuRyU95w0kVILBygdW8BkE9H6hJ3Hsq4xWzIck0Q+Z5Q232Ph7JsHfGASfw6m
aKYm1BQtJ20Zb5ecv2gXmK7G+plbAwvnamPeMpR4KCW+EFV/AiniRoLOf/f8Vt5M
UUHdsgcIh9XRgwdaGTLeNRzaoI2WOIn/cMEWtCBfBssqWCvLH6r0RzRaUmsqEwOl
F2b5iUtoqpV8+6nRyUCD6feXcaWWeY9Ds0bgU6u4myBpWlBYC+8kvB2Nk92L0z8k
zbK5KMQpzw3BA046WzdiMhDP+jAySljVH/dM21dNbUY2+X8wwoE1sB8dTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPWJLB9m1Ih5Y8/D+RIR8oQecvYMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvWTlZa3NIMmJVaUhsano4UDVFaEh5aEI1eTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUBOMA0G
CSqGSIb3DQEBCwUAA4IBAQAnwzzsGcMDGw4Y3U+Sf3R5hOTRI3G7I7ggJbO1kMww
8uJgOxGv3iHBG2SSj185NKqjc7UVtjVVj34ngFB3HQDQC6sP5gG0gfunVPtM+/wO
TLEIaNm8fOZ+0ieYc68ZD/QMl4a8suQ7q64TBKE1HvJHtwGqmP4CUU1TA42JGXX2
ckcjYQqxCIfT50TV4GwanATjL04wFNV5QXBNVK/KjC5DXH6VLbvOTH6aBr0jSa+L
v4PUZKbSeO6enO11UHT3l8hVFZwfHtllGe5ute01BdfudEhP8uK1pYYz9JCPbC9V
rNKNAd5D22srSzaH3I9LyBxyrBp8hqpwmWukDLWru+Nh
-----END CERTIFICATE-----