Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/M-gXFd7N6RQlOS3FU49vKYSovUs.roa
File:                     M-gXFd7N6RQlOS3FU49vKYSovUs.roa (raw, json)
Hash identifier:          3OvRn3YgHg1m6lctKtBNgoRt6uS+lTyZBl7EBoP4/D0=
Subject key identifier:   33:E8:17:15:DE:CD:E9:14:25:39:2D:C5:53:8F:6F:29:84:A8:BD:4B
Certificate issuer:       /CN=8d8045f9df08c53057e9df9fb7b7a575103fff4a
Certificate serial:       01966374062C7026AADBD2E34E494ACC8980
Authority key identifier: 8D:80:45:F9:DF:08:C5:30:57:E9:DF:9F:B7:B7:A5:75:10:3F:FF:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYBF-d8IxTBX6d-ft7eldRA__0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/M-gXFd7N6RQlOS3FU49vKYSovUs.roa
Signing time:             Wed 23 Apr 2025 16:21:10 +0000
ROA not before:           Wed 23 Apr 2025 16:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62417
IP address blocks:        185.231.78.0/24 maxlen: 24
                          185.231.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/jYBF-d8IxTBX6d-ft7eldRA__0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/jYBF-d8IxTBX6d-ft7eldRA__0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYBF-d8IxTBX6d-ft7eldRA__0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:74:06:2c:70:26:aa:db:d2:e3:4e:49:4a:cc:89:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d8045f9df08c53057e9df9fb7b7a575103fff4a
        Validity
            Not Before: Apr 23 16:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33e81715decde91425392dc5538f6f2984a8bd4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6e:c4:fe:0b:ce:03:ac:03:ed:a9:c2:86:ea:
                    17:5c:e7:b7:e4:d1:da:c5:8f:03:5a:7d:62:b4:98:
                    31:b8:ba:28:50:28:f1:91:f8:d8:58:ee:c7:d6:ce:
                    2b:4d:dd:5c:f5:83:f8:a9:b3:66:59:ac:a8:5c:94:
                    e0:a0:7f:6f:d9:5e:30:3a:cd:43:c6:a3:e4:99:3e:
                    f4:2e:28:90:77:1c:88:b5:4d:98:14:03:43:d7:c1:
                    36:ed:b0:48:e2:ca:bd:f0:7c:76:8e:3a:58:b1:a1:
                    10:a1:50:df:ad:4c:56:21:5d:c5:16:1f:58:81:e1:
                    e5:ad:0d:d3:15:05:16:5e:04:e2:89:55:7a:ec:6a:
                    31:82:23:4f:4b:4e:a8:44:da:ef:fb:88:3b:53:cd:
                    a2:0e:cf:02:09:f7:d3:92:3e:f3:82:82:48:9e:f7:
                    6a:7d:14:09:1d:17:80:0b:02:4a:ee:0a:10:de:74:
                    09:4f:da:34:10:02:8f:b9:41:e0:c1:42:d5:37:ec:
                    e6:06:7d:e0:55:e5:74:90:64:19:20:eb:19:87:e0:
                    1a:00:bc:1e:98:15:15:bf:75:43:45:df:ef:20:1b:
                    83:41:31:0d:c9:d3:22:97:04:2b:b4:64:b4:10:1f:
                    af:d5:5e:13:32:67:7c:ef:3d:02:9d:60:d1:a2:cf:
                    be:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E8:17:15:DE:CD:E9:14:25:39:2D:C5:53:8F:6F:29:84:A8:BD:4B
            X509v3 Authority Key Identifier:
                keyid:8D:80:45:F9:DF:08:C5:30:57:E9:DF:9F:B7:B7:A5:75:10:3F:FF:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYBF-d8IxTBX6d-ft7eldRA__0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/M-gXFd7N6RQlOS3FU49vKYSovUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a671bf-aaa0-4fd3-85fc-821e69413131/1/jYBF-d8IxTBX6d-ft7eldRA__0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:df:63:8e:0d:49:5d:25:1b:c0:28:28:d6:3a:5a:a1:0c:fd:
         ed:bd:b2:0c:ea:73:16:03:43:cc:31:41:34:bb:68:ca:5f:cd:
         5a:d9:36:9e:e8:d0:01:10:e5:b7:55:c3:fb:9f:6c:6d:97:1b:
         ad:fc:7d:ba:b6:70:cc:25:52:9c:0d:bd:86:89:03:a5:af:13:
         97:61:10:86:23:06:de:2c:65:2c:68:44:dd:30:02:8c:87:5d:
         8a:58:6f:94:79:9c:8a:9b:d5:93:59:56:3a:86:ec:81:c8:44:
         ce:b4:92:f4:e8:6b:46:f7:29:f0:16:76:cb:d1:82:79:d8:f7:
         1f:d7:c8:aa:f8:90:df:c4:9b:5e:d9:35:77:1b:86:7d:38:2c:
         f6:9b:64:78:c1:40:ec:a9:7c:a8:89:10:9f:a1:b0:01:55:65:
         8a:e4:00:ec:aa:82:89:99:02:4f:24:11:a0:0e:90:39:76:b8:
         1e:82:c3:b5:fc:a5:ae:95:82:72:f0:ce:ea:fd:f8:d3:74:f5:
         a9:f6:e8:16:f0:08:11:56:a2:04:76:aa:7a:09:98:b7:30:9c:
         e8:ff:2a:32:99:84:7e:fb:3c:85:c7:9c:88:81:79:cb:19:73:
         b5:ac:9f:40:22:32:ab:34:f5:64:d4:91:70:ea:84:d4:57:87:
         10:cc:2d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZjdAYscCaq29LjTklKzImAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODA0NWY5ZGYwOGM1MzA1N2U5ZGY5ZmI3YjdhNTc1MTAz
ZmZmNGEwHhcNMjUwNDIzMTYyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U4MTcxNWRlY2RlOTE0MjUzOTJkYzU1MzhmNmYyOTg0YThiZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG7E/gvOA6wD7anChuoXXOe35NHa
xY8DWn1itJgxuLooUCjxkfjYWO7H1s4rTd1c9YP4qbNmWayoXJTgoH9v2V4wOs1D
xqPkmT70LiiQdxyItU2YFAND18E27bBI4sq98Hx2jjpYsaEQoVDfrUxWIV3FFh9Y
geHlrQ3TFQUWXgTiiVV67GoxgiNPS06oRNrv+4g7U82iDs8CCffTkj7zgoJInvdq
fRQJHReACwJK7goQ3nQJT9o0EAKPuUHgwULVN+zmBn3gVeV0kGQZIOsZh+AaALwe
mBUVv3VDRd/vIBuDQTENydMilwQrtGS0EB+v1V4TMmd87z0CnWDRos++GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPoFxXezekUJTktxVOPbymEqL1LMB8GA1UdIwQY
MBaAFI2ARfnfCMUwV+nfn7e3pXUQP/9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallCRi1kOEl4VEJYNmQtZnQ3ZWxkUkFfXzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hNjcxYmYtYWFhMC00ZmQzLTg1ZmMt
ODIxZTY5NDEzMTMxLzEvTS1nWEZkN042UlFsT1MzRlU0OXZLWVNvdlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hNjcxYmYtYWFhMC00ZmQzLTg1ZmMtODIxZTY5NDEzMTMx
LzEvallCRi1kOEl4VEJYNmQtZnQ3ZWxkUkFfXzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuedOMA0G
CSqGSIb3DQEBCwUAA4IBAQCr32OODUldJRvAKCjWOlqhDP3tvbIM6nMWA0PMMUE0
u2jKX81a2Tae6NABEOW3VcP7n2xtlxut/H26tnDMJVKcDb2GiQOlrxOXYRCGIwbe
LGUsaETdMAKMh12KWG+UeZyKm9WTWVY6huyByETOtJL06GtG9ynwFnbL0YJ52Pcf
18iq+JDfxJte2TV3G4Z9OCz2m2R4wUDsqXyoiRCfobABVWWK5ADsqoKJmQJPJBGg
DpA5drgegsO1/KWulYJy8M7q/fjTdPWp9ugW8AgRVqIEdqp6CZi3MJzo/yoymYR+
+zyFx5yIgXnLGXO1rJ9AIjKrNPVk1JFw6oTUV4cQzC23
-----END CERTIFICATE-----