Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/ApYo8usd2f87kfxBSCL43GkwNl4.roa
File:                     ApYo8usd2f87kfxBSCL43GkwNl4.roa (raw, json)
Hash identifier:          HVht7PktvVlX5vG6maaHsCCbjpS8pRttM16W+m0bt9g=
Subject key identifier:   02:96:28:F2:EB:1D:D9:FF:3B:91:FC:41:48:22:F8:DC:69:30:36:5E
Certificate issuer:       /CN=9a70b051e5cdf962dbc26b352488d0831bdf9a3c
Certificate serial:       0194258F9E408837ED46C3C6D2A566310499
Authority key identifier: 9A:70:B0:51:E5:CD:F9:62:DB:C2:6B:35:24:88:D0:83:1B:DF:9A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/ApYo8usd2f87kfxBSCL43GkwNl4.roa
Signing time:             Thu 02 Jan 2025 05:49:16 +0000
ROA not before:           Thu 02 Jan 2025 05:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39756
IP address blocks:        194.126.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:9e:40:88:37:ed:46:c3:c6:d2:a5:66:31:04:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a70b051e5cdf962dbc26b352488d0831bdf9a3c
        Validity
            Not Before: Jan  2 05:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=029628f2eb1dd9ff3b91fc414822f8dc6930365e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:81:bb:2d:19:40:e7:a2:8c:ed:ba:e9:b1:24:
                    91:d8:f0:d9:9f:fe:40:12:c1:67:d5:90:a1:1a:6b:
                    1d:fb:ea:4c:8e:e7:4d:f1:38:22:98:ad:7f:e2:34:
                    f0:0a:e1:a6:ee:a3:25:d2:04:6e:b0:c0:4a:82:81:
                    a1:db:24:26:e4:be:c6:12:c6:2f:75:b3:2f:9c:36:
                    21:46:3a:cb:c3:5c:a1:6f:9d:14:f8:b9:cc:01:5c:
                    09:d8:3a:9f:7b:45:30:a1:59:d1:7d:84:6f:13:55:
                    2b:2e:9d:34:72:1b:bf:59:3c:33:e1:fc:2e:f2:5b:
                    53:0f:05:88:d9:e5:b5:3d:82:3a:06:d0:0d:fc:db:
                    f0:b9:12:c5:ba:fb:d8:a8:67:4e:69:6e:90:8e:04:
                    1e:e5:53:8c:92:5d:7b:3e:76:8b:08:26:d2:64:2d:
                    98:7b:e8:e0:3f:13:fd:78:98:72:28:21:76:2e:64:
                    b2:25:78:d4:d9:05:d6:89:09:29:46:2a:d8:13:c4:
                    69:2b:ce:36:0d:b9:61:20:69:68:92:ff:e3:d2:a7:
                    08:a3:e8:97:e7:a7:d2:b2:05:52:f2:31:a5:43:74:
                    04:c9:64:cc:f7:bc:6c:37:1c:97:ac:28:31:52:ab:
                    24:79:dd:b5:36:fa:f3:9a:1c:79:53:d8:a0:31:38:
                    62:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:96:28:F2:EB:1D:D9:FF:3B:91:FC:41:48:22:F8:DC:69:30:36:5E
            X509v3 Authority Key Identifier:
                keyid:9A:70:B0:51:E5:CD:F9:62:DB:C2:6B:35:24:88:D0:83:1B:DF:9A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnCwUeXN-WLbwms1JIjQgxvfmjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/ApYo8usd2f87kfxBSCL43GkwNl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f9691d-afb2-41f2-8d22-fa46b4f9a20c/1/mnCwUeXN-WLbwms1JIjQgxvfmjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:06:14:b6:b0:7e:08:7f:62:15:7b:0a:c1:ef:57:b5:65:64:
         2d:23:d2:19:cd:44:6c:0a:2b:a6:22:b8:93:c0:da:6c:1b:2e:
         9e:b6:bc:69:50:1b:1d:89:54:5b:81:c8:4e:ec:cc:93:86:2b:
         2b:83:4b:79:ce:16:95:dd:da:4f:42:61:05:cc:52:72:1b:b4:
         7d:60:d2:51:c5:9e:e2:19:43:73:56:56:c7:87:9c:1c:36:b8:
         b6:04:ee:07:c7:16:3b:85:e6:38:6e:fa:f4:90:a0:c0:8a:a5:
         40:77:a3:d5:c8:1d:a2:99:58:a1:67:b6:b4:44:20:d8:20:c0:
         37:75:de:94:d7:64:cb:94:d2:bc:10:04:f3:70:51:85:6d:43:
         5b:ba:e5:98:5a:21:b3:4b:62:df:53:54:99:de:c9:fb:b1:b6:
         be:a5:0d:66:54:5f:35:da:b6:33:99:09:31:96:3a:c2:74:a3:
         73:c3:ad:ed:77:db:d1:0d:b7:2c:9a:34:30:12:f9:34:50:7e:
         eb:33:ca:bb:c9:a8:6b:30:92:cb:b5:91:95:33:05:7c:2d:92:
         9e:c1:4e:6d:d2:71:f3:92:66:97:a8:3c:f3:90:0c:2a:a8:62:
         d4:45:5c:fe:f1:b7:f1:df:8d:ff:05:5a:a0:a8:a9:27:8e:e3:
         44:22:86:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj55AiDftRsPG0qVmMQSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzBiMDUxZTVjZGY5NjJkYmMyNmIzNTI0ODhkMDgzMWJk
ZjlhM2MwHhcNMjUwMTAyMDU0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjk2MjhmMmViMWRkOWZmM2I5MWZjNDE0ODIyZjhkYzY5MzAzNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIG7LRlA56KM7brpsSSR2PDZn/5A
EsFn1ZChGmsd++pMjudN8TgimK1/4jTwCuGm7qMl0gRusMBKgoGh2yQm5L7GEsYv
dbMvnDYhRjrLw1yhb50U+LnMAVwJ2Dqfe0UwoVnRfYRvE1UrLp00chu/WTwz4fwu
8ltTDwWI2eW1PYI6BtAN/NvwuRLFuvvYqGdOaW6QjgQe5VOMkl17PnaLCCbSZC2Y
e+jgPxP9eJhyKCF2LmSyJXjU2QXWiQkpRirYE8RpK842DblhIGlokv/j0qcIo+iX
56fSsgVS8jGlQ3QEyWTM97xsNxyXrCgxUqsked21Nvrzmhx5U9igMThiMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKWKPLrHdn/O5H8QUgi+NxpMDZeMB8GA1UdIwQY
MBaAFJpwsFHlzfli28JrNSSI0IMb35o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5Dd1VlWE4tV0xid21zMUpJalFneHZmbWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mOTY5MWQtYWZiMi00MWYyLThkMjIt
ZmE0NmI0ZjlhMjBjLzEvQXBZbzh1c2QyZjg3a2Z4QlNDTDQzR2t3Tmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mOTY5MWQtYWZiMi00MWYyLThkMjItZmE0NmI0ZjlhMjBj
LzEvbW5Dd1VlWE4tV0xid21zMUpJalFneHZmbWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn79MA0G
CSqGSIb3DQEBCwUAA4IBAQBRBhS2sH4If2IVewrB71e1ZWQtI9IZzURsCiumIriT
wNpsGy6etrxpUBsdiVRbgchO7MyThisrg0t5zhaV3dpPQmEFzFJyG7R9YNJRxZ7i
GUNzVlbHh5wcNri2BO4HxxY7heY4bvr0kKDAiqVAd6PVyB2imVihZ7a0RCDYIMA3
dd6U12TLlNK8EATzcFGFbUNbuuWYWiGzS2LfU1SZ3sn7sba+pQ1mVF812rYzmQkx
ljrCdKNzw63td9vRDbcsmjQwEvk0UH7rM8q7yahrMJLLtZGVMwV8LZKewU5t0nHz
kmaXqDzzkAwqqGLURVz+8bfx343/BVqgqKknjuNEIoYl
-----END CERTIFICATE-----