Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/y6XbwTdraju7epdQsvZSGSFiGc8.roa
File:                     y6XbwTdraju7epdQsvZSGSFiGc8.roa (raw, json)
Hash identifier:          3bnMpjdHVAigcUzJ74ejz+TADuNILoqgQcIoOR7ifkM=
Subject key identifier:   CB:A5:DB:C1:37:6B:6A:3B:BB:7A:97:50:B2:F6:52:19:21:62:19:CF
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194228DC24B76EB824F02E68101CF0472ED
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/y6XbwTdraju7epdQsvZSGSFiGc8.roa
Signing time:             Wed 01 Jan 2025 15:48:22 +0000
ROA not before:           Wed 01 Jan 2025 15:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        194.31.72.0/24 maxlen: 24
                          2a0c:5c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c2:4b:76:eb:82:4f:02:e6:81:01:cf:04:72:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  1 15:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cba5dbc1376b6a3bbb7a9750b2f65219216219cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ba:7a:5a:c6:c1:74:27:3f:1a:2c:d5:82:81:
                    30:fc:37:ab:c4:54:25:40:0a:90:7c:f8:ee:60:f5:
                    6f:a7:01:13:6c:c7:16:60:1a:44:81:88:6a:aa:8a:
                    66:8e:f2:da:95:bb:5e:5b:09:3e:5b:4c:00:86:3c:
                    40:ca:29:be:a7:98:dc:1f:c4:0b:69:4e:b5:ed:de:
                    7b:af:b6:a1:96:44:91:42:b2:a0:89:ed:a6:0e:a9:
                    b0:21:86:df:8f:7a:ab:b0:9d:22:64:27:59:2b:3d:
                    83:8c:90:1a:c9:1d:64:7a:1c:37:fa:cb:8d:af:af:
                    3e:81:8f:00:bb:7a:71:58:ef:46:bb:d5:e7:f7:df:
                    75:1a:1b:f0:b9:a9:40:e3:f3:37:83:7d:0a:fb:a8:
                    88:35:1c:af:99:04:9f:a8:d1:eb:ed:12:d1:0d:25:
                    5d:20:53:db:65:09:ae:a7:d7:73:ef:4a:06:99:46:
                    ed:d9:80:c5:47:4c:fd:df:8d:54:58:4c:c0:7e:c3:
                    83:70:61:f9:6a:be:e9:ae:a6:9f:e5:0c:e0:f3:4c:
                    a3:0b:69:8d:b7:69:05:2b:25:cd:9b:fb:e8:c0:32:
                    26:f5:1e:83:cd:e7:f9:9e:b7:96:3b:95:b5:30:41:
                    15:db:4e:56:98:ca:71:25:11:ce:2d:1e:a9:92:d4:
                    d8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A5:DB:C1:37:6B:6A:3B:BB:7A:97:50:B2:F6:52:19:21:62:19:CF
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/y6XbwTdraju7epdQsvZSGSFiGc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.72.0/24
                IPv6:
                  2a0c:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:bb:75:6c:fc:19:27:af:c7:73:1b:88:14:59:1d:d9:25:7c:
         56:e1:5c:7a:3a:48:95:79:8b:91:ce:18:62:0a:85:29:ef:bd:
         77:98:8d:81:8c:85:a9:b2:43:d0:60:f5:2c:e4:8e:7b:94:e0:
         29:aa:9c:ef:5c:ff:4f:d1:cc:e2:82:1e:25:93:71:e3:d4:64:
         f0:c6:b8:ed:70:b7:78:e5:03:d4:d4:12:aa:79:aa:d8:bc:b9:
         99:a4:0a:0a:aa:37:98:98:cd:a5:8c:9d:ba:9c:75:93:ce:f5:
         5f:f0:40:12:34:eb:52:28:be:d8:1a:e3:53:89:16:61:c8:2d:
         aa:b0:98:5f:7a:b2:80:8f:54:8e:f7:24:ee:61:43:66:ab:b6:
         41:69:c7:fb:a1:b0:36:29:2c:fa:cc:bf:cf:ff:0f:7e:ac:e4:
         1e:7d:d8:67:86:b4:1b:f5:84:24:15:8d:ac:7d:1a:82:8e:fd:
         97:36:5f:8a:08:f2:29:18:4c:33:30:3f:5c:32:15:d6:34:96:
         63:56:42:f7:25:54:76:a7:79:f5:38:99:4b:a3:02:de:9e:83:
         4d:3c:6e:84:5b:a3:f0:13:f2:c1:50:a0:7d:9a:0e:4e:0b:56:
         4c:28:85:59:3e:b8:98:a7:54:b6:13:c7:61:54:63:82:81:aa:
         8e:8b:a8:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijcJLduuCTwLmgQHPBHLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMTAxMTU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE1ZGJjMTM3NmI2YTNiYmI3YTk3NTBiMmY2NTIxOTIxNjIxOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7p6WsbBdCc/GizVgoEw/DerxFQl
QAqQfPjuYPVvpwETbMcWYBpEgYhqqopmjvLalbteWwk+W0wAhjxAyim+p5jcH8QL
aU617d57r7ahlkSRQrKgie2mDqmwIYbfj3qrsJ0iZCdZKz2DjJAayR1kehw3+suN
r68+gY8Au3pxWO9Gu9Xn9991GhvwualA4/M3g30K+6iINRyvmQSfqNHr7RLRDSVd
IFPbZQmup9dz70oGmUbt2YDFR0z9341UWEzAfsODcGH5ar7prqaf5Qzg80yjC2mN
t2kFKyXNm/vowDIm9R6Dzef5nreWO5W1MEEV205WmMpxJRHOLR6pktTYaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMul28E3a2o7u3qXULL2UhkhYhnPMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEveTZYYndUZHJhanU3ZXBkUXN2WlNHU0ZpR2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwh9IMA0E
AgACMAcDBQMqDAXAMA0GCSqGSIb3DQEBCwUAA4IBAQAnu3Vs/Bknr8dzG4gUWR3Z
JXxW4Vx6OkiVeYuRzhhiCoUp7713mI2BjIWpskPQYPUs5I57lOApqpzvXP9P0czi
gh4lk3Hj1GTwxrjtcLd45QPU1BKqearYvLmZpAoKqjeYmM2ljJ26nHWTzvVf8EAS
NOtSKL7YGuNTiRZhyC2qsJhferKAj1SO9yTuYUNmq7ZBacf7obA2KSz6zL/P/w9+
rOQefdhnhrQb9YQkFY2sfRqCjv2XNl+KCPIpGEwzMD9cMhXWNJZjVkL3JVR2p3n1
OJlLowLenoNNPG6EW6PwE/LBUKB9mg5OC1ZMKIVZPriYp1S2E8dhVGOCgaqOi6gz
-----END CERTIFICATE-----