Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/sYrkqtslIewoX_6wadaN2UhvCQg.roa
File:                     sYrkqtslIewoX_6wadaN2UhvCQg.roa (raw, json)
Hash identifier:          Oj08Cr1VcQgzFndi/8RHmivr+b/zmwMkws7/hKkzL0k=
Subject key identifier:   B1:8A:E4:AA:DB:25:21:EC:28:5F:FE:B0:69:D6:8D:D9:48:6F:09:08
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       019424458B44723370CEEC760ACF65E0500F
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/sYrkqtslIewoX_6wadaN2UhvCQg.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        185.155.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8b:44:72:33:70:ce:ec:76:0a:cf:65:e0:50:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b18ae4aadb2521ec285ffeb069d68dd9486f0908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c0:01:53:29:23:de:38:f2:59:54:d3:f5:dc:
                    22:e5:f2:75:ba:f9:37:cc:4d:38:3d:9e:80:88:e3:
                    27:6a:81:8c:ea:eb:50:84:ca:28:9d:8b:f5:cc:8e:
                    1d:04:41:5a:89:7d:79:26:de:99:a8:c2:81:33:9c:
                    ba:35:48:b2:15:e8:fd:ac:17:d6:46:9a:21:4b:d6:
                    28:05:bb:82:ae:4b:70:68:10:b3:ae:0f:96:f1:9b:
                    73:65:19:30:c8:35:94:32:da:18:da:e6:2b:0e:19:
                    ea:ee:e7:cd:19:46:42:b2:43:9b:49:bf:04:74:f4:
                    32:2e:5a:1f:9c:ae:1b:8f:39:91:82:28:82:21:ca:
                    b4:41:51:f2:7f:cc:73:c9:18:10:77:ce:06:e9:cd:
                    c5:38:f4:ab:d1:98:a1:d3:16:42:f5:1e:2b:9c:d9:
                    81:a6:77:c5:7a:aa:44:87:e0:69:8b:26:c6:7a:8d:
                    2b:4c:5d:47:1f:79:1e:b0:09:c7:f6:64:c6:fb:0f:
                    96:8c:49:47:c3:e5:06:3d:e1:d5:1e:e9:62:59:67:
                    81:64:8e:37:37:46:4b:c9:99:8a:02:b6:65:8e:d5:
                    c7:a1:2e:3d:10:0d:a2:91:79:06:3b:ea:45:0e:c5:
                    2e:65:73:06:68:d4:ee:4b:b4:e6:cb:59:cc:28:8d:
                    a4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8A:E4:AA:DB:25:21:EC:28:5F:FE:B0:69:D6:8D:D9:48:6F:09:08
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/sYrkqtslIewoX_6wadaN2UhvCQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5b:ea:51:5a:b0:56:05:c3:c8:23:fb:63:e4:53:b2:34:cd:
         bd:cc:32:17:85:40:99:79:6d:9e:12:43:e0:48:55:74:fa:41:
         17:07:84:e7:ab:74:91:9d:8e:04:8a:9d:af:f9:50:0b:a5:de:
         d7:ac:f6:1c:80:3a:f0:fc:2d:88:6a:2c:0b:97:60:4c:0d:49:
         ae:87:46:a2:81:48:71:0f:53:c4:c9:c2:13:41:47:72:c4:3f:
         8d:19:43:bd:7f:4a:09:b4:37:25:38:fd:f5:05:a9:11:d4:26:
         be:70:2b:a7:86:36:22:38:9a:c0:1c:98:2c:52:73:02:98:6b:
         21:c6:63:04:3d:42:cc:14:ba:33:97:bd:59:92:fa:3d:f4:96:
         97:aa:6b:43:8d:28:b3:91:2e:ea:b7:08:3e:ff:62:c2:fe:3c:
         4f:94:7d:2e:c5:d7:ec:80:e6:ee:8f:bc:98:32:81:83:e3:10:
         12:6f:3f:90:b3:02:d2:27:49:dd:6a:bc:8c:7b:64:3f:a5:20:
         e8:41:5d:ab:e3:c5:be:f6:72:2a:6e:69:1f:fe:87:77:58:d3:
         d6:c6:70:9b:14:cf:ad:a4:9d:72:a1:52:a1:99:00:ed:53:9e:
         15:0b:18:16:64:39:b6:29:ef:67:2e:63:c5:be:8d:1d:d7:22:
         96:69:19:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYtEcjNwzux2Cs9l4FAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThhZTRhYWRiMjUyMWVjMjg1ZmZlYjA2OWQ2OGRkOTQ4NmYwOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcABUykj3jjyWVTT9dwi5fJ1uvk3
zE04PZ6AiOMnaoGM6utQhMoonYv1zI4dBEFaiX15Jt6ZqMKBM5y6NUiyFej9rBfW
RpohS9YoBbuCrktwaBCzrg+W8ZtzZRkwyDWUMtoY2uYrDhnq7ufNGUZCskObSb8E
dPQyLlofnK4bjzmRgiiCIcq0QVHyf8xzyRgQd84G6c3FOPSr0Zih0xZC9R4rnNmB
pnfFeqpEh+BpiybGeo0rTF1HH3kesAnH9mTG+w+WjElHw+UGPeHVHuliWWeBZI43
N0ZLyZmKArZljtXHoS49EA2ikXkGO+pFDsUuZXMGaNTuS7Tmy1nMKI2kPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGK5KrbJSHsKF/+sGnWjdlIbwkIMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvc1lya3F0c2xJZXdvWF82d2FkYU4yVWh2Q1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvoMA0G
CSqGSIb3DQEBCwUAA4IBAQA3W+pRWrBWBcPII/tj5FOyNM29zDIXhUCZeW2eEkPg
SFV0+kEXB4Tnq3SRnY4Eip2v+VALpd7XrPYcgDrw/C2IaiwLl2BMDUmuh0aigUhx
D1PEycITQUdyxD+NGUO9f0oJtDclOP31BakR1Ca+cCunhjYiOJrAHJgsUnMCmGsh
xmMEPULMFLozl71Zkvo99JaXqmtDjSizkS7qtwg+/2LC/jxPlH0uxdfsgObuj7yY
MoGD4xASbz+QswLSJ0ndaryMe2Q/pSDoQV2r48W+9nIqbmkf/od3WNPWxnCbFM+t
pJ1yoVKhmQDtU54VCxgWZDm2Ke9nLmPFvo0d1yKWaRln
-----END CERTIFICATE-----