Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/eYogUWo3t6BNkEy-YGVk_YuGw0g.roa
File:                     eYogUWo3t6BNkEy-YGVk_YuGw0g.roa (raw, json)
Hash identifier:          J3dT7UKbU59mEpNx9Lp9Zr6xC6MDX1qYDbkMaFhekDU=
Subject key identifier:   79:8A:20:51:6A:37:B7:A0:4D:90:4C:BE:60:65:64:FD:8B:86:C3:48
Certificate issuer:       /CN=34a63dc86120e87f4cff8c59af3261e6e1292fd9
Certificate serial:       018CC8DEEAFAF9406C81987DDF7181C4273B
Authority key identifier: 34:A6:3D:C8:61:20:E8:7F:4C:FF:8C:59:AF:32:61:E6:E1:29:2F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NKY9yGEg6H9M_4xZrzJh5uEpL9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/eYogUWo3t6BNkEy-YGVk_YuGw0g.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210966
IP address blocks:        185.25.106.0/24 maxlen: 24
                          2a11:540::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/NKY9yGEg6H9M_4xZrzJh5uEpL9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/NKY9yGEg6H9M_4xZrzJh5uEpL9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NKY9yGEg6H9M_4xZrzJh5uEpL9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ea:fa:f9:40:6c:81:98:7d:df:71:81:c4:27:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34a63dc86120e87f4cff8c59af3261e6e1292fd9
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=798a20516a37b7a04d904cbe606564fd8b86c348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:11:0c:d6:15:e0:94:a1:0e:2c:41:f1:81:dd:
                    26:a7:5a:74:b1:54:e6:6c:b5:99:35:21:71:07:17:
                    30:b5:27:b2:54:a8:19:cd:37:a1:52:62:a7:11:61:
                    f6:f7:0c:62:27:17:a8:d3:a9:e0:03:1e:2a:4e:48:
                    db:92:f9:56:97:a1:5e:de:ec:aa:01:47:fe:cd:ab:
                    91:33:5b:de:d1:4c:d8:0c:f5:2d:e6:11:4c:1d:7d:
                    76:7e:75:54:d4:4d:ab:f2:f3:63:25:bb:7c:01:7a:
                    21:d7:3a:3f:c0:72:30:ab:1a:be:20:2b:2c:b0:51:
                    df:f5:75:d1:95:2d:4e:90:77:3e:e3:42:d7:4c:a4:
                    4c:77:1e:ff:3b:42:32:f1:9b:1e:e7:b5:79:31:fb:
                    16:7b:bb:39:c5:ea:49:12:cf:6e:95:17:6b:95:ef:
                    18:25:50:6c:d3:a6:51:78:33:b2:c7:60:20:02:b6:
                    4e:fc:76:2c:29:4f:e6:22:17:ae:65:87:fe:00:30:
                    29:97:38:b6:a5:91:eb:fd:58:32:98:b5:e4:dc:18:
                    7f:68:33:4d:28:40:64:20:77:69:d5:f2:35:e7:50:
                    3c:96:d0:d4:79:96:ec:50:2d:56:27:0b:8f:8e:a7:
                    32:43:b9:b8:66:fe:ec:d6:b1:eb:38:7c:88:1f:88:
                    f3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:8A:20:51:6A:37:B7:A0:4D:90:4C:BE:60:65:64:FD:8B:86:C3:48
            X509v3 Authority Key Identifier:
                keyid:34:A6:3D:C8:61:20:E8:7F:4C:FF:8C:59:AF:32:61:E6:E1:29:2F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NKY9yGEg6H9M_4xZrzJh5uEpL9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/eYogUWo3t6BNkEy-YGVk_YuGw0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/6b9c7a-9dc7-4040-b29a-fc7a0ea6b0e2/1/NKY9yGEg6H9M_4xZrzJh5uEpL9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.106.0/24
                IPv6:
                  2a11:540::/30

    Signature Algorithm: sha256WithRSAEncryption
         7e:28:55:4b:65:ea:7c:ce:f9:53:a2:9b:ea:4f:36:97:12:7b:
         eb:a1:49:4c:be:74:60:01:fb:14:57:9f:4e:c7:88:2d:02:39:
         b2:68:2f:ad:2c:74:4d:df:b7:fc:71:16:4a:e0:81:b5:6e:77:
         93:48:40:be:e3:7d:78:7c:ff:00:80:57:8d:67:dc:14:9e:90:
         2f:6a:9b:2e:8e:48:d6:11:2d:1f:a0:bb:7c:ff:b0:ec:82:1c:
         73:77:66:1b:aa:58:a8:67:b4:52:f4:64:c5:99:f5:68:ff:2a:
         99:47:0f:01:58:bf:a7:7b:43:e3:07:3e:25:91:c9:1d:a8:c1:
         d5:1b:c2:62:6b:bd:42:e7:c8:ec:0b:87:b1:5e:33:b9:87:96:
         ae:d7:bf:a2:f6:2a:ae:fe:00:23:43:01:27:5f:2c:cd:a2:b0:
         22:65:26:5d:6c:4c:4c:b0:45:ae:7d:da:7d:c1:03:df:69:06:
         d2:ba:81:65:3f:79:5b:c0:91:2f:82:19:85:3d:da:c9:6c:d5:
         5d:68:6e:23:ab:df:8b:a4:fc:2e:15:72:d0:c0:c3:eb:6a:84:
         8e:e6:e5:d0:97:e5:e2:91:ad:51:75:80:3e:bf:f8:3d:d6:a0:
         79:21:f0:b3:05:f7:48:13:74:1c:09:07:73:7f:38:3b:6d:26:
         82:bb:cd:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3ur6+UBsgZh933GBxCc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YTYzZGM4NjEyMGU4N2Y0Y2ZmOGM1OWFmMzI2MWU2ZTEy
OTJmZDkwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OThhMjA1MTZhMzdiN2EwNGQ5MDRjYmU2MDY1NjRmZDhiODZjMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshEM1hXglKEOLEHxgd0mp1p0sVTm
bLWZNSFxBxcwtSeyVKgZzTehUmKnEWH29wxiJxeo06ngAx4qTkjbkvlWl6Fe3uyq
AUf+zauRM1ve0UzYDPUt5hFMHX12fnVU1E2r8vNjJbt8AXoh1zo/wHIwqxq+ICss
sFHf9XXRlS1OkHc+40LXTKRMdx7/O0Iy8Zse57V5MfsWe7s5xepJEs9ulRdrle8Y
JVBs06ZReDOyx2AgArZO/HYsKU/mIheuZYf+ADAplzi2pZHr/VgymLXk3Bh/aDNN
KEBkIHdp1fI151A8ltDUeZbsUC1WJwuPjqcyQ7m4Zv7s1rHrOHyIH4jz2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHmKIFFqN7egTZBMvmBlZP2LhsNIMB8GA1UdIwQY
MBaAFDSmPchhIOh/TP+MWa8yYebhKS/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTktZOXlHRWc2SDlNXzR4WnJ6Smg1dUVwTDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82YjljN2EtOWRjNy00MDQwLWIyOWEt
ZmM3YTBlYTZiMGUyLzEvZVlvZ1VXbzN0NkJOa0V5LVlHVmtfWXVHdzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82YjljN2EtOWRjNy00MDQwLWIyOWEtZmM3YTBlYTZiMGUy
LzEvTktZOXlHRWc2SDlNXzR4WnJ6Smg1dUVwTDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRlqMA0E
AgACMAcDBQIqEQVAMA0GCSqGSIb3DQEBCwUAA4IBAQB+KFVLZep8zvlTopvqTzaX
EnvroUlMvnRgAfsUV59Ox4gtAjmyaC+tLHRN37f8cRZK4IG1bneTSEC+4314fP8A
gFeNZ9wUnpAvapsujkjWES0foLt8/7Dsghxzd2YbqlioZ7RS9GTFmfVo/yqZRw8B
WL+ne0PjBz4lkckdqMHVG8Jia71C58jsC4exXjO5h5au17+i9iqu/gAjQwEnXyzN
orAiZSZdbExMsEWufdp9wQPfaQbSuoFlP3lbwJEvghmFPdrJbNVdaG4jq9+LpPwu
FXLQwMPraoSO5uXQl+Xika1RdYA+v/g91qB5IfCzBfdIE3QcCQdzfzg7bSaCu82c
-----END CERTIFICATE-----