Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YsankS_USZgWqXDl1HHY7i0nIXA.roa
File:                     YsankS_USZgWqXDl1HHY7i0nIXA.roa (raw, json)
Hash identifier:          eRXMUpyBsBYhB16rFvYRSAy7X2xg703kBbyOe1WdxJo=
Subject key identifier:   62:C6:A7:91:2F:D4:49:98:16:A9:70:E5:D4:71:D8:EE:2D:27:21:70
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196BA455E2A503D3864150DEA4B4AD57DCC
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YsankS_USZgWqXDl1HHY7i0nIXA.roa
Signing time:             Sat 10 May 2025 12:57:10 +0000
ROA not before:           Sat 10 May 2025 12:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        188.209.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:45:5e:2a:50:3d:38:64:15:0d:ea:4b:4a:d5:7d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: May 10 12:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62c6a7912fd4499816a970e5d471d8ee2d272170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:39:32:d4:88:f2:74:77:d6:ec:50:3d:48:bc:
                    0a:3c:6e:2e:93:8a:80:fa:34:ed:02:08:ac:b3:26:
                    2a:3d:10:0a:40:f9:ad:49:68:b8:f7:0d:4d:9f:9d:
                    63:ed:38:fa:95:f7:33:20:be:92:ac:d4:ca:fa:23:
                    f3:d0:45:ae:ab:11:9c:97:70:0e:3f:40:71:53:da:
                    31:36:df:d7:1f:ed:88:a1:17:4c:de:17:4b:01:9d:
                    71:2f:11:87:c7:89:dc:1f:01:be:81:b6:e9:82:ba:
                    04:37:8e:3a:43:7e:ff:35:31:10:25:e9:b1:a6:70:
                    08:b1:c4:81:fa:82:ab:3a:50:6b:b8:df:1f:b0:9b:
                    89:ac:a7:fc:56:97:b6:88:2a:bd:42:48:ec:68:f5:
                    16:43:21:af:55:45:f5:c7:6a:29:0a:e2:4b:61:92:
                    95:c6:7b:39:40:e5:70:53:fe:9a:fc:48:9f:17:f7:
                    ef:97:96:b5:59:da:4e:3a:64:54:83:cc:a5:59:63:
                    f3:2f:0a:8d:07:e0:17:23:9e:ba:06:a6:8a:ee:c4:
                    1e:b3:74:2c:45:f7:ba:ad:47:27:a2:44:23:ec:48:
                    cb:f5:30:ea:79:c0:62:c7:db:86:78:4f:c6:7d:f4:
                    a3:c7:5c:62:76:c2:53:8d:28:9f:77:4a:20:cd:6d:
                    3a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C6:A7:91:2F:D4:49:98:16:A9:70:E5:D4:71:D8:EE:2D:27:21:70
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/YsankS_USZgWqXDl1HHY7i0nIXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:71:6e:e4:44:5e:27:3b:f4:9c:90:24:4a:1f:02:70:23:32:
         3b:4e:9f:53:fb:d9:6a:0d:d8:bb:fa:79:10:7d:11:95:b8:4e:
         95:ac:e3:a3:e2:35:08:76:2d:1e:74:4a:a3:2f:98:db:39:22:
         34:2c:96:8b:83:1f:09:b2:70:d6:2f:2a:54:bf:4d:26:02:de:
         2b:6f:aa:ca:41:97:2f:e5:36:81:57:f5:19:ff:8b:fe:e8:5d:
         49:2e:0e:1c:02:56:21:de:3f:ca:cd:d8:01:a0:57:76:2d:05:
         d6:a7:61:bc:7e:60:25:45:cd:a2:6d:97:e2:bd:ba:7b:c8:96:
         ec:fd:07:44:f9:42:94:ee:3e:55:f0:41:2e:a2:d3:e0:86:c1:
         73:47:e1:95:86:59:44:d4:15:2a:02:07:50:ac:bb:9c:75:ff:
         66:a9:0d:3b:86:02:aa:31:ce:ec:c2:40:23:b6:63:9e:85:66:
         b2:87:68:f6:7b:8b:3f:96:9b:96:87:a2:dd:3c:37:11:de:94:
         1d:26:45:95:1a:88:bb:70:66:82:fe:b2:b8:95:ff:49:59:be:
         b3:94:23:3b:07:49:61:86:dc:ed:51:f4:c4:d3:e1:54:58:39:
         30:42:a1:eb:7c:93:70:bd:29:9c:61:29:25:72:e8:eb:21:69:
         2a:b1:56:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa6RV4qUD04ZBUN6ktK1X3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNTEwMTI1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmM2YTc5MTJmZDQ0OTk4MTZhOTcwZTVkNDcxZDhlZTJkMjcyMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zky1IjydHfW7FA9SLwKPG4uk4qA
+jTtAgissyYqPRAKQPmtSWi49w1Nn51j7Tj6lfczIL6SrNTK+iPz0EWuqxGcl3AO
P0BxU9oxNt/XH+2IoRdM3hdLAZ1xLxGHx4ncHwG+gbbpgroEN446Q37/NTEQJemx
pnAIscSB+oKrOlBruN8fsJuJrKf8Vpe2iCq9QkjsaPUWQyGvVUX1x2opCuJLYZKV
xns5QOVwU/6a/EifF/fvl5a1WdpOOmRUg8ylWWPzLwqNB+AXI566BqaK7sQes3Qs
Rfe6rUcnokQj7EjL9TDqecBix9uGeE/GffSjx1xidsJTjSifd0ogzW065wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLGp5Ev1EmYFqlw5dRx2O4tJyFwMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvWXNhbmtTX1VTWmdXcVhEbDFISFk3aTBuSVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGMMA0G
CSqGSIb3DQEBCwUAA4IBAQAEcW7kRF4nO/SckCRKHwJwIzI7Tp9T+9lqDdi7+nkQ
fRGVuE6VrOOj4jUIdi0edEqjL5jbOSI0LJaLgx8JsnDWLypUv00mAt4rb6rKQZcv
5TaBV/UZ/4v+6F1JLg4cAlYh3j/KzdgBoFd2LQXWp2G8fmAlRc2ibZfivbp7yJbs
/QdE+UKU7j5V8EEuotPghsFzR+GVhllE1BUqAgdQrLucdf9mqQ07hgKqMc7swkAj
tmOehWayh2j2e4s/lpuWh6LdPDcR3pQdJkWVGoi7cGaC/rK4lf9JWb6zlCM7B0lh
htztUfTE0+FUWDkwQqHrfJNwvSmcYSklcujrIWkqsVZb
-----END CERTIFICATE-----