Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/VY9eK5UDgM8cF5fQuZWCH3hj3eA.roa
File:                     VY9eK5UDgM8cF5fQuZWCH3hj3eA.roa (raw, json)
Hash identifier:          qTHZ+C1cnqnVIMoDjxTgGcCaZrRZmrNQzU/Zp9wobok=
Subject key identifier:   55:8F:5E:2B:95:03:80:CF:1C:17:97:D0:B9:95:82:1F:78:63:DD:E0
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0195F25A29299E538B5E6DFFE1E3509D0CFB
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/VY9eK5UDgM8cF5fQuZWCH3hj3eA.roa
Signing time:             Tue 01 Apr 2025 17:15:49 +0000
ROA not before:           Tue 01 Apr 2025 17:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        87.254.11.0/24 maxlen: 24
                          185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f2:5a:29:29:9e:53:8b:5e:6d:ff:e1:e3:50:9d:0c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Apr  1 17:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=558f5e2b950380cf1c1797d0b995821f7863dde0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8c:4d:7a:9c:0b:fd:03:7c:ed:57:82:7f:40:
                    05:15:ce:eb:a0:bb:da:0d:15:6e:40:1a:8a:6c:90:
                    09:f4:02:b9:95:17:86:41:bc:19:3d:f5:85:59:17:
                    76:c4:43:57:80:c2:d9:c2:b2:09:c8:84:4d:8d:c9:
                    0b:b0:d4:f6:41:9f:e4:15:48:ee:cc:f5:42:7b:ec:
                    ce:b0:ce:6f:8e:e6:f2:a9:33:a5:56:12:b5:9a:d5:
                    d7:ee:4d:e6:10:77:7e:f0:a7:25:a1:89:e9:a5:a4:
                    f0:57:9e:45:18:86:36:c5:1d:6a:66:59:58:71:bf:
                    c1:be:45:5b:76:7e:a0:f8:47:e4:4b:ea:10:b8:b5:
                    2a:9c:a2:57:6b:44:04:6e:8d:66:e2:d2:0d:2f:3b:
                    3d:eb:7f:08:28:50:46:5e:7e:53:4d:cf:15:00:27:
                    48:ab:d4:9a:03:c5:cd:5c:ca:3a:61:bb:16:f4:4a:
                    cb:0b:a9:a3:1e:0b:95:a0:22:c9:14:08:b2:9a:83:
                    09:0b:99:b1:ee:3e:16:7c:8f:11:3a:84:8d:7b:c9:
                    c7:5d:e5:2b:e3:41:19:01:cc:03:06:59:ed:fd:a8:
                    a6:49:54:ce:82:b7:9f:b8:37:86:33:c8:fc:a3:93:
                    3b:2a:8e:de:de:a6:fc:88:93:65:88:ef:8a:e3:ce:
                    c2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:8F:5E:2B:95:03:80:CF:1C:17:97:D0:B9:95:82:1F:78:63:DD:E0
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/VY9eK5UDgM8cF5fQuZWCH3hj3eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.11.0/24
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:1c:c8:88:6f:50:98:88:11:c4:eb:d4:85:f4:7e:9e:c3:0f:
         83:44:56:7b:ec:6e:5d:25:0e:e0:01:b2:9b:aa:bf:cd:4e:92:
         0e:55:9a:3d:ad:42:c2:2b:a4:b4:fa:f7:fb:6e:a8:e5:8d:1a:
         8e:f2:a2:32:85:54:36:4b:88:32:ae:9c:50:9a:5e:f3:27:76:
         ab:e7:5c:80:4b:0d:39:66:54:17:ec:22:85:66:44:42:00:94:
         48:ef:bf:45:6c:04:b9:80:e6:2c:6b:28:10:fb:30:4c:dc:63:
         17:37:3e:91:f3:73:62:c5:b8:03:71:b2:3b:96:1d:2e:1a:39:
         ad:6a:a7:a5:04:17:6f:38:50:c9:0d:0b:a2:fb:74:b9:3e:ac:
         e8:cf:54:7c:35:51:80:b1:9f:43:6f:c5:10:f2:b6:0f:82:74:
         10:ea:bd:97:8c:9d:55:45:1a:36:c9:77:a3:42:77:7d:95:d2:
         5b:7f:40:5c:d6:4c:7d:42:59:0a:e5:d2:d7:63:69:0a:39:c4:
         bd:b3:15:f4:4a:ac:62:eb:7d:54:ef:57:00:28:ec:3c:88:d8:
         05:bd:b0:b2:c6:d8:4c:33:fe:9e:f7:ba:0f:22:8a:9b:25:2d:
         45:9d:cd:36:3e:5a:81:74:92:25:42:e9:97:71:eb:0c:a4:50:
         77:f4:52:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXyWikpnlOLXm3/4eNQnQz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNDAxMTcxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NThmNWUyYjk1MDM4MGNmMWMxNzk3ZDBiOTk1ODIxZjc4NjNkZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YxNepwL/QN87VeCf0AFFc7roLva
DRVuQBqKbJAJ9AK5lReGQbwZPfWFWRd2xENXgMLZwrIJyIRNjckLsNT2QZ/kFUju
zPVCe+zOsM5vjubyqTOlVhK1mtXX7k3mEHd+8KcloYnppaTwV55FGIY2xR1qZllY
cb/BvkVbdn6g+EfkS+oQuLUqnKJXa0QEbo1m4tINLzs9638IKFBGXn5TTc8VACdI
q9SaA8XNXMo6YbsW9ErLC6mjHguVoCLJFAiymoMJC5mx7j4WfI8ROoSNe8nHXeUr
40EZAcwDBlnt/aimSVTOgrefuDeGM8j8o5M7Ko7e3qb8iJNliO+K487CmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFWPXiuVA4DPHBeX0LmVgh94Y93gMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvVlk5ZUs1VURnTThjRjVmUXVaV0NIM2hqM2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/4LAwQB
udKoMA0GCSqGSIb3DQEBCwUAA4IBAQAuHMiIb1CYiBHE69SF9H6eww+DRFZ77G5d
JQ7gAbKbqr/NTpIOVZo9rULCK6S0+vf7bqjljRqO8qIyhVQ2S4gyrpxQml7zJ3ar
51yASw05ZlQX7CKFZkRCAJRI779FbAS5gOYsaygQ+zBM3GMXNz6R83NixbgDcbI7
lh0uGjmtaqelBBdvOFDJDQui+3S5Pqzoz1R8NVGAsZ9Db8UQ8rYPgnQQ6r2XjJ1V
RRo2yXejQnd9ldJbf0Bc1kx9QlkK5dLXY2kKOcS9sxX0Sqxi631U71cAKOw8iNgF
vbCyxthMM/6e97oPIoqbJS1Fnc02PlqBdJIlQumXcesMpFB39FKQ
-----END CERTIFICATE-----