Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/AYRRAczcbq7u60pHgYeS1szSrpI.roa
File:                     AYRRAczcbq7u60pHgYeS1szSrpI.roa (raw, json)
Hash identifier:          HzlS835dTUJE//lhH5z57Uv4DsWgC3yZXjv319hgV3I=
Subject key identifier:   01:84:51:01:CC:DC:6E:AE:EE:EB:4A:47:81:87:92:D6:CC:D2:AE:92
Certificate issuer:       /CN=ae9488913d73479783da7bf56b164e5c84d4fc6a
Certificate serial:       0194228DF2F6550151AF42320DE1A619C5C4
Authority key identifier: AE:94:88:91:3D:73:47:97:83:DA:7B:F5:6B:16:4E:5C:84:D4:FC:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rpSIkT1zR5eD2nv1axZOXITU_Go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/AYRRAczcbq7u60pHgYeS1szSrpI.roa
Signing time:             Wed 01 Jan 2025 15:48:35 +0000
ROA not before:           Wed 01 Jan 2025 15:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48387
IP address blocks:        195.88.60.0/23 maxlen: 24
                          2001:67c:10a8::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/rpSIkT1zR5eD2nv1axZOXITU_Go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/rpSIkT1zR5eD2nv1axZOXITU_Go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rpSIkT1zR5eD2nv1axZOXITU_Go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f2:f6:55:01:51:af:42:32:0d:e1:a6:19:c5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae9488913d73479783da7bf56b164e5c84d4fc6a
        Validity
            Not Before: Jan  1 15:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01845101ccdc6eaeeeeb4a47818792d6ccd2ae92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f6:99:8f:4e:9f:08:41:b4:76:33:da:eb:2b:
                    6c:4e:80:37:94:e1:35:c9:fd:6f:b0:2b:6e:2b:0a:
                    ca:59:ff:86:ba:53:c5:fc:3a:ef:e4:08:36:a1:2b:
                    7f:c9:34:4f:28:60:61:ed:0f:be:11:c2:85:3d:8c:
                    b1:41:ea:9d:db:5d:21:7c:49:21:e8:38:bc:f8:61:
                    41:8d:ab:96:83:4c:5a:5f:b2:b0:73:9f:00:54:a8:
                    8a:1e:67:42:66:6a:73:c3:bf:98:e6:c9:67:e7:6b:
                    ab:e3:89:de:12:4e:a1:45:b1:62:5e:76:ba:e5:f3:
                    23:92:f7:af:12:0d:9c:e4:d9:d3:15:53:42:45:20:
                    e2:fb:e8:7a:78:70:2c:08:93:8e:b4:1c:61:fd:b7:
                    74:c0:80:97:c9:12:68:02:00:f2:e3:42:40:87:94:
                    9d:93:7e:99:77:29:e6:fe:28:48:1f:48:22:46:13:
                    15:c2:1a:56:6b:76:74:09:6d:fa:6d:8e:5b:a3:4a:
                    f2:f6:88:e8:40:25:bd:4a:4c:c7:91:20:33:c5:7e:
                    3b:67:78:9a:72:14:05:44:4d:5f:24:c7:a0:f7:9a:
                    b8:16:03:b0:83:7c:5c:31:8e:85:56:47:87:60:57:
                    bf:d8:06:42:ef:88:c2:93:08:b3:f3:bd:68:26:c8:
                    83:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:84:51:01:CC:DC:6E:AE:EE:EB:4A:47:81:87:92:D6:CC:D2:AE:92
            X509v3 Authority Key Identifier:
                keyid:AE:94:88:91:3D:73:47:97:83:DA:7B:F5:6B:16:4E:5C:84:D4:FC:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rpSIkT1zR5eD2nv1axZOXITU_Go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/AYRRAczcbq7u60pHgYeS1szSrpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/705d00-25a1-4bab-9ba4-4353cd82d57b/1/rpSIkT1zR5eD2nv1axZOXITU_Go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.60.0/23
                IPv6:
                  2001:67c:10a8::/47

    Signature Algorithm: sha256WithRSAEncryption
         43:08:b1:a9:e7:3c:d7:fd:d9:72:38:2f:c6:b0:56:53:a5:a7:
         88:d7:29:71:81:aa:67:5e:ed:5c:62:9e:ea:92:11:e3:2c:b3:
         93:fe:fa:f5:aa:57:d6:fb:2e:c5:cf:93:e4:8e:a2:eb:f2:d0:
         8d:e6:3e:38:c1:ca:48:35:1e:83:14:ba:14:87:90:12:14:8d:
         42:3a:56:cb:b7:a1:a6:07:a5:f0:30:dd:47:41:cd:bf:7e:97:
         e5:b2:a1:ed:d3:d9:c7:8b:db:ac:22:cb:16:20:28:49:4e:c7:
         ec:95:7a:42:a7:6c:e6:65:05:94:7d:28:64:6f:fe:db:3f:25:
         b4:ff:23:99:8b:29:b3:ac:b2:3c:4e:fd:dd:d2:f5:d6:a0:2c:
         74:71:eb:e2:b6:c4:8c:dd:35:ad:38:8c:eb:04:c7:87:71:13:
         ea:0f:c7:37:6d:ca:19:0f:d1:81:4d:92:09:6c:22:00:08:e9:
         ac:ca:e3:c4:25:dd:18:7e:47:8c:4b:a6:3a:c3:c7:77:ce:27:
         95:f1:b2:0a:20:4d:00:95:18:da:f7:23:8f:c8:e0:04:71:04:
         df:76:08:e8:cd:69:94:d2:ea:11:76:c5:66:05:65:c8:a3:10:
         d4:12:0c:6d:8c:de:2d:54:d9:03:b7:df:32:b9:c4:98:fc:bc:
         f8:03:fc:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijfL2VQFRr0IyDeGmGcXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOTQ4ODkxM2Q3MzQ3OTc4M2RhN2JmNTZiMTY0ZTVjODRk
NGZjNmEwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTg0NTEwMWNjZGM2ZWFlZWVlYjRhNDc4MTg3OTJkNmNjZDJhZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfaZj06fCEG0djPa6ytsToA3lOE1
yf1vsCtuKwrKWf+GulPF/Drv5Ag2oSt/yTRPKGBh7Q++EcKFPYyxQeqd210hfEkh
6Di8+GFBjauWg0xaX7Kwc58AVKiKHmdCZmpzw7+Y5sln52ur44neEk6hRbFiXna6
5fMjkvevEg2c5NnTFVNCRSDi++h6eHAsCJOOtBxh/bd0wICXyRJoAgDy40JAh5Sd
k36Zdynm/ihIH0giRhMVwhpWa3Z0CW36bY5bo0ry9ojoQCW9SkzHkSAzxX47Z3ia
chQFRE1fJMeg95q4FgOwg3xcMY6FVkeHYFe/2AZC74jCkwiz871oJsiDXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAGEUQHM3G6u7utKR4GHktbM0q6SMB8GA1UdIwQY
MBaAFK6UiJE9c0eXg9p79WsWTlyE1PxqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnBTSWtUMXpSNWVEMm52MWF4Wk9YSVRVX0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83MDVkMDAtMjVhMS00YmFiLTliYTQt
NDM1M2NkODJkNTdiLzEvQVlSUkFjemNicTd1NjBwSGdZZVMxc3pTcnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83MDVkMDAtMjVhMS00YmFiLTliYTQtNDM1M2NkODJkNTdi
LzEvcnBTSWtUMXpSNWVEMm52MWF4Wk9YSVRVX0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw1g8MA8E
AgACMAkDBwEgAQZ8EKgwDQYJKoZIhvcNAQELBQADggEBAEMIsannPNf92XI4L8aw
VlOlp4jXKXGBqmde7VxinuqSEeMss5P++vWqV9b7LsXPk+SOouvy0I3mPjjBykg1
HoMUuhSHkBIUjUI6Vsu3oaYHpfAw3UdBzb9+l+Wyoe3T2ceL26wiyxYgKElOx+yV
ekKnbOZlBZR9KGRv/ts/JbT/I5mLKbOssjxO/d3S9dagLHRx6+K2xIzdNa04jOsE
x4dxE+oPxzdtyhkP0YFNkglsIgAI6azK48Ql3Rh+R4xLpjrDx3fOJ5XxsgogTQCV
GNr3I4/I4ARxBN92COjNaZTS6hF2xWYFZcijENQSDG2M3i1U2QO33zK5xJj8vPgD
/MM=
-----END CERTIFICATE-----