Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uyAIlGOn0vO5piSysUF2Ju-aw.roa
File:                     c0uyAIlGOn0vO5piSysUF2Ju-aw.roa (raw, json)
Hash identifier:          4XHETRLKmMi8IPLG6uXis4YdiB+OZfWGhUxOMU23gnE=
Subject key identifier:   73:4B:B2:00:89:46:3A:7D:2F:3B:9A:62:4B:2B:14:17:62:6E:F9:AC
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0196736AF14A6A0269DD6512035954CAB99F
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uyAIlGOn0vO5piSysUF2Ju-aw.roa
Signing time:             Sat 26 Apr 2025 18:45:10 +0000
ROA not before:           Sat 26 Apr 2025 18:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210705
IP address blocks:        188.212.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:73:6a:f1:4a:6a:02:69:dd:65:12:03:59:54:ca:b9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr 26 18:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=734bb20089463a7d2f3b9a624b2b1417626ef9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fa:f6:4b:b5:15:79:ae:53:aa:bb:37:d0:c8:
                    1f:66:62:73:44:7f:0c:37:92:30:36:b7:04:31:21:
                    68:ce:8c:7d:15:f2:ac:81:47:16:e1:a2:cc:ac:23:
                    b2:88:74:3f:07:cf:85:48:b3:cc:af:dc:da:48:f4:
                    9d:35:73:00:df:e1:b6:8c:84:59:29:b7:a5:55:83:
                    38:9b:ae:ff:46:18:a3:a4:b2:e1:3a:53:b3:a8:88:
                    0a:fc:91:b1:5b:be:49:53:17:33:69:20:51:5d:17:
                    d4:a7:b6:e8:a5:52:be:99:e9:24:59:31:e4:c9:36:
                    0b:89:4d:e1:07:87:11:b5:5f:7f:4f:61:39:8c:7d:
                    87:24:de:ec:2f:17:b8:c4:94:87:3b:23:6d:0c:79:
                    4e:ac:c4:68:ff:85:b9:19:e0:45:f4:f0:e3:0b:f3:
                    52:a8:9a:40:b9:fc:8e:df:fe:c6:52:a6:fd:e7:7c:
                    14:2b:9f:e8:e3:62:dc:8f:26:1c:a8:8c:e7:42:40:
                    70:d4:53:59:7b:86:9d:42:11:89:86:ef:97:cf:b4:
                    2a:c1:5e:ee:42:b8:56:d8:d3:74:87:ba:aa:96:8d:
                    cc:4e:19:31:df:61:e3:9d:3b:d5:39:48:4e:15:1a:
                    25:e5:4d:12:90:fa:56:1c:dc:ff:2c:31:0a:3f:a1:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4B:B2:00:89:46:3A:7D:2F:3B:9A:62:4B:2B:14:17:62:6E:F9:AC
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uyAIlGOn0vO5piSysUF2Ju-aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:06:8b:7a:c3:4f:61:e5:c2:20:37:75:30:29:99:35:b8:8c:
         76:38:e3:c1:d2:90:f4:ed:84:57:b0:3b:75:94:1d:ce:fd:7a:
         57:7c:58:f0:72:b3:c9:97:58:7d:49:96:cb:78:1c:24:f1:d6:
         e3:76:65:6c:be:0d:f4:a9:4a:f5:ff:8a:33:c6:49:46:2b:68:
         7e:61:ae:ed:12:47:25:44:6c:2b:76:b4:3c:bc:02:7a:d5:63:
         1c:99:a6:c4:ad:3c:87:6c:ac:af:8d:67:33:b2:cf:2d:13:c8:
         71:99:4a:4c:a3:a8:4e:55:af:c8:30:2c:71:fe:31:16:3d:ef:
         86:4d:17:ff:de:98:1b:84:78:94:a1:ca:ca:4f:f5:c0:c6:da:
         8e:60:79:ad:0e:55:86:33:f9:eb:94:dc:f7:f6:a9:fd:e2:91:
         3a:aa:1d:e5:3c:1a:d7:cb:88:9b:78:11:2f:51:dc:c0:71:78:
         a8:4a:a8:bc:c9:f7:05:25:bc:55:6f:8b:43:43:69:6e:94:14:
         10:8a:3f:cf:4d:72:f0:aa:ca:4b:e5:12:56:8b:a4:1f:b8:75:
         0f:d2:c9:2c:7f:d5:ab:85:2f:b4:8c:75:ba:71:e8:c2:b8:4f:
         10:95:43:f0:25:d6:39:39:eb:e6:8f:a6:1b:28:2b:bc:0b:cd:
         a7:4f:cb:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZzavFKagJp3WUSA1lUyrmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNDI2MTg0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRiYjIwMDg5NDYzYTdkMmYzYjlhNjI0YjJiMTQxNzYyNmVmOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/r2S7UVea5Tqrs30MgfZmJzRH8M
N5IwNrcEMSFozox9FfKsgUcW4aLMrCOyiHQ/B8+FSLPMr9zaSPSdNXMA3+G2jIRZ
KbelVYM4m67/RhijpLLhOlOzqIgK/JGxW75JUxczaSBRXRfUp7bopVK+mekkWTHk
yTYLiU3hB4cRtV9/T2E5jH2HJN7sLxe4xJSHOyNtDHlOrMRo/4W5GeBF9PDjC/NS
qJpAufyO3/7GUqb953wUK5/o42LcjyYcqIznQkBw1FNZe4adQhGJhu+Xz7QqwV7u
QrhW2NN0h7qqlo3MThkx32HjnTvVOUhOFRol5U0SkPpWHNz/LDEKP6E48QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNLsgCJRjp9LzuaYksrFBdibvmsMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvYzB1eUFJbEdPbjB2TzVwaVN5c1VGMkp1LWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNRhMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Bot6w09h5cIgN3UwKZk1uIx2OOPB0pD07YRXsDt1
lB3O/XpXfFjwcrPJl1h9SZbLeBwk8dbjdmVsvg30qUr1/4ozxklGK2h+Ya7tEkcl
RGwrdrQ8vAJ61WMcmabErTyHbKyvjWczss8tE8hxmUpMo6hOVa/IMCxx/jEWPe+G
TRf/3pgbhHiUocrKT/XAxtqOYHmtDlWGM/nrlNz39qn94pE6qh3lPBrXy4ibeBEv
UdzAcXioSqi8yfcFJbxVb4tDQ2lulBQQij/PTXLwqspL5RJWi6QfuHUP0sksf9Wr
hS+0jHW6cejCuE8QlUPwJdY5Oevmj6YbKCu8C82nT8uN
-----END CERTIFICATE-----