Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/YzYY5Pk4uD_RFCQ6kGkD8Ksosug.roa
File:                     YzYY5Pk4uD_RFCQ6kGkD8Ksosug.roa (raw, json)
Hash identifier:          JV37Wu2EuvzzpKn9Z7XGUJb+gi9iNJI/YQAjXDOu0ds=
Subject key identifier:   63:36:18:E4:F9:38:B8:3F:D1:14:24:3A:90:69:03:F0:AB:28:B2:E8
Certificate issuer:       /CN=a750a9b1d454949f0b19303524d55e625df0ba4b
Certificate serial:       01942369CF89BE9199539FC29A253BBADCBA
Authority key identifier: A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/YzYY5Pk4uD_RFCQ6kGkD8Ksosug.roa
Signing time:             Wed 01 Jan 2025 19:48:44 +0000
ROA not before:           Wed 01 Jan 2025 19:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43877
IP address blocks:        195.245.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:cf:89:be:91:99:53:9f:c2:9a:25:3b:ba:dc:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a750a9b1d454949f0b19303524d55e625df0ba4b
        Validity
            Not Before: Jan  1 19:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=633618e4f938b83fd114243a906903f0ab28b2e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:25:d7:b2:94:43:22:ad:cd:d6:0d:a9:23:11:
                    d5:16:07:e3:b2:8e:8f:79:ac:ec:96:cb:8b:02:93:
                    3b:6a:fe:db:61:c8:30:c2:20:f7:ee:21:02:24:92:
                    26:65:e9:22:de:98:e1:55:a0:30:49:73:37:9f:75:
                    2f:05:66:5d:f8:60:c8:bf:58:36:eb:6e:d4:7c:b6:
                    c1:3e:45:f1:10:4a:5f:55:d3:d6:ad:93:df:f8:fe:
                    c2:fe:f4:98:c2:0a:29:b7:57:3f:83:5e:ef:83:70:
                    e9:43:d3:49:c3:c5:ae:be:7b:6b:a2:f2:8e:a1:19:
                    28:be:30:dd:2c:15:05:b1:28:95:ac:4d:3d:a6:76:
                    2f:4e:05:b6:4d:fc:18:a6:39:e9:80:f9:db:1e:43:
                    c5:f2:46:9e:2b:6c:52:0e:92:1c:2c:48:17:52:eb:
                    13:6e:b8:4a:03:e8:fc:3f:6b:3f:dd:53:a4:8b:6f:
                    a1:09:d6:51:38:de:04:64:be:6f:ee:12:80:47:0f:
                    ab:9f:1b:cf:80:49:a1:da:6e:9b:8f:58:20:25:24:
                    96:b1:07:ab:26:38:18:7d:50:4e:e4:fa:85:45:6f:
                    83:32:74:45:45:ef:64:bb:0d:df:ce:4a:53:6b:ed:
                    ea:bd:86:f2:55:b9:e5:1f:de:30:61:8f:3f:0b:46:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:36:18:E4:F9:38:B8:3F:D1:14:24:3A:90:69:03:F0:AB:28:B2:E8
            X509v3 Authority Key Identifier:
                keyid:A7:50:A9:B1:D4:54:94:9F:0B:19:30:35:24:D5:5E:62:5D:F0:BA:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p1CpsdRUlJ8LGTA1JNVeYl3wuks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/YzYY5Pk4uD_RFCQ6kGkD8Ksosug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5b4830-7c0f-43d2-bc1f-74016031c238/1/p1CpsdRUlJ8LGTA1JNVeYl3wuks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e7:20:4e:fc:55:1b:85:61:72:25:a4:5e:45:00:e3:28:fe:
         96:19:25:fc:ce:00:cb:8a:ec:0a:9f:9c:0f:75:09:37:b9:71:
         92:f1:ad:53:f8:24:0b:63:2e:0a:0c:44:9f:b2:3d:20:ad:00:
         08:c0:ae:aa:ae:c2:f9:93:d7:c6:29:2b:02:bc:e4:a3:6d:a3:
         68:15:2a:0b:48:8e:d4:2b:fc:ca:e5:6e:a6:c9:eb:83:bb:89:
         bb:cc:24:b1:1d:57:48:6b:3a:ce:34:c5:22:b2:6e:55:ed:14:
         99:52:b1:40:05:a0:47:6a:f2:78:b9:e6:7f:1d:32:44:44:4b:
         82:f0:a5:66:81:f8:39:26:5f:cc:15:13:68:20:2a:c1:78:04:
         33:b9:d1:42:fd:91:53:a5:fe:9b:f7:43:04:7a:32:2d:7b:a6:
         c1:e0:b5:f7:16:67:f8:26:18:ae:a4:d5:e6:4e:7a:47:4f:05:
         c9:88:67:bb:49:2a:f0:42:f7:d9:1b:fe:09:76:f2:66:1e:52:
         b4:2b:24:25:39:50:42:c9:eb:14:35:76:11:44:c5:43:d2:9b:
         40:29:98:b8:35:cf:35:63:b9:ce:19:3e:12:22:e0:72:22:6a:
         e6:a1:84:44:db:3c:bf:78:82:6e:de:73:6c:e5:f3:5a:97:85:
         03:11:c6:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjac+JvpGZU5/CmiU7uty6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NTBhOWIxZDQ1NDk0OWYwYjE5MzAzNTI0ZDU1ZTYyNWRm
MGJhNGIwHhcNMjUwMTAxMTk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM2MThlNGY5MzhiODNmZDExNDI0M2E5MDY5MDNmMGFiMjhiMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiXXspRDIq3N1g2pIxHVFgfjso6P
eazslsuLApM7av7bYcgwwiD37iECJJImZeki3pjhVaAwSXM3n3UvBWZd+GDIv1g2
627UfLbBPkXxEEpfVdPWrZPf+P7C/vSYwgopt1c/g17vg3DpQ9NJw8WuvntrovKO
oRkovjDdLBUFsSiVrE09pnYvTgW2TfwYpjnpgPnbHkPF8kaeK2xSDpIcLEgXUusT
brhKA+j8P2s/3VOki2+hCdZRON4EZL5v7hKARw+rnxvPgEmh2m6bj1ggJSSWsQer
JjgYfVBO5PqFRW+DMnRFRe9kuw3fzkpTa+3qvYbyVbnlH94wYY8/C0ZwYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGM2GOT5OLg/0RQkOpBpA/CrKLLoMB8GA1UdIwQY
MBaAFKdQqbHUVJSfCxkwNSTVXmJd8LpLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDFDcHNkUlVsSjhMR1RBMUpOVmVZbDN3dWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81YjQ4MzAtN2MwZi00M2QyLWJjMWYt
NzQwMTYwMzFjMjM4LzEvWXpZWTVQazR1RF9SRkNRNmtHa0Q4S3Nvc3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi81YjQ4MzAtN2MwZi00M2QyLWJjMWYtNzQwMTYwMzFjMjM4
LzEvcDFDcHNkUlVsSjhMR1RBMUpOVmVZbDN3dWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/XCMA0G
CSqGSIb3DQEBCwUAA4IBAQBW5yBO/FUbhWFyJaReRQDjKP6WGSX8zgDLiuwKn5wP
dQk3uXGS8a1T+CQLYy4KDESfsj0grQAIwK6qrsL5k9fGKSsCvOSjbaNoFSoLSI7U
K/zK5W6myeuDu4m7zCSxHVdIazrONMUism5V7RSZUrFABaBHavJ4ueZ/HTJEREuC
8KVmgfg5Jl/MFRNoICrBeAQzudFC/ZFTpf6b90MEejIte6bB4LX3Fmf4JhiupNXm
TnpHTwXJiGe7SSrwQvfZG/4JdvJmHlK0KyQlOVBCyesUNXYRRMVD0ptAKZi4Nc81
Y7nOGT4SIuByImrmoYRE2zy/eIJu3nNs5fNal4UDEcYl
-----END CERTIFICATE-----