Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/ywz51nx2Az2FIOdnvxmxOqpSYZc.roa
File:                     ywz51nx2Az2FIOdnvxmxOqpSYZc.roa (raw, json)
Hash identifier:          ywhzW4X8gfJWs3Te7uv4qk5K0NbexGMZNrN76iHRuoY=
Subject key identifier:   CB:0C:F9:D6:7C:76:03:3D:85:20:E7:67:BF:19:B1:3A:AA:52:61:97
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       0196251CEB4E56D5A2262B58A696E4F305FD
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/ywz51nx2Az2FIOdnvxmxOqpSYZc.roa
Signing time:             Fri 11 Apr 2025 13:49:34 +0000
ROA not before:           Fri 11 Apr 2025 13:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213282
IP address blocks:        185.211.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 15:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:25:1c:eb:4e:56:d5:a2:26:2b:58:a6:96:e4:f3:05:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: Apr 11 13:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb0cf9d67c76033d8520e767bf19b13aaa526197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:27:7d:d4:a3:9e:c1:12:ca:36:8d:9f:a4:24:
                    2d:a0:1a:4f:93:ed:06:43:ff:82:96:47:6c:38:57:
                    d4:b2:3b:36:b5:85:cf:b8:6a:1c:15:45:1e:d1:32:
                    05:0e:92:89:1e:81:64:64:29:71:02:72:36:62:76:
                    15:c8:bd:94:be:e9:2e:cd:db:52:0b:54:19:3e:ac:
                    02:43:74:d1:cf:57:65:4d:97:62:6d:32:59:7d:bf:
                    12:f1:c9:26:51:0e:dd:71:2d:5f:95:0c:ad:18:56:
                    04:50:32:7f:d3:e1:83:b4:87:ac:e8:f4:76:49:7c:
                    fe:7b:c5:da:e9:15:0b:a4:f0:36:23:96:b4:a9:a6:
                    23:af:fd:94:cd:c7:9e:6f:6c:24:28:b4:80:c9:bf:
                    a6:d0:ed:07:d3:54:25:15:bf:39:9c:5c:a4:1e:07:
                    39:eb:15:be:6f:3e:93:c1:95:d8:76:9a:6c:be:a3:
                    f8:f5:49:71:67:ca:c5:38:4c:54:e3:df:63:d2:8e:
                    42:69:dd:78:7e:e6:76:0a:4c:bb:a1:4f:52:6a:29:
                    1d:aa:df:2d:d9:2a:d5:b3:d9:d8:ea:6d:20:0d:8f:
                    f0:e9:19:cb:1f:7d:f0:93:3c:ba:5f:6c:a6:9a:83:
                    f1:c3:d7:29:1f:7c:58:31:23:da:c6:db:9d:98:9a:
                    68:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0C:F9:D6:7C:76:03:3D:85:20:E7:67:BF:19:B1:3A:AA:52:61:97
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/ywz51nx2Az2FIOdnvxmxOqpSYZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:ef:a2:47:07:1a:03:d1:66:1d:a4:83:b7:6b:e2:19:52:13:
         5e:95:4b:fc:0f:dd:63:e4:85:13:73:67:d3:04:04:70:cf:cf:
         73:4f:08:60:f6:48:ee:3b:0f:01:aa:7d:23:f4:2f:7b:84:f3:
         fc:39:e9:ba:bd:fb:ed:bf:c1:71:6c:4a:76:02:a8:04:b6:b3:
         13:9c:16:f6:a8:e4:65:3f:f1:c7:a7:61:a3:64:aa:9f:a4:51:
         96:0d:ca:5a:1d:3d:28:e1:54:b7:ad:73:a4:e4:e1:bb:b4:f6:
         3c:89:54:b6:14:8c:c2:60:b3:18:53:12:5d:9b:b9:f2:c9:fa:
         44:6b:f9:6c:b9:7c:b0:d1:4c:30:13:14:d2:41:fe:72:3f:51:
         6d:3d:34:1c:0f:22:1b:5d:c6:10:a8:74:4a:41:3b:81:85:10:
         0b:02:c2:e0:16:f7:f4:ce:f6:dc:8a:85:b3:53:ff:dc:fa:ae:
         7c:f0:4c:83:81:ee:8a:d6:96:ac:c0:80:0e:5f:33:d0:ca:65:
         69:1b:f7:fb:b2:d3:55:e0:1d:3a:9b:58:eb:eb:97:e7:06:79:
         46:c3:a7:6b:6d:2e:b6:19:a5:9c:b4:09:81:af:54:79:b9:3d:
         65:d8:28:05:88:ca:10:24:a6:33:24:c8:48:50:07:a6:52:25:
         f2:2b:ae:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYlHOtOVtWiJitYppbk8wX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjUwNDExMTM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjBjZjlkNjdjNzYwMzNkODUyMGU3NjdiZjE5YjEzYWFhNTI2MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCd91KOewRLKNo2fpCQtoBpPk+0G
Q/+ClkdsOFfUsjs2tYXPuGocFUUe0TIFDpKJHoFkZClxAnI2YnYVyL2UvukuzdtS
C1QZPqwCQ3TRz1dlTZdibTJZfb8S8ckmUQ7dcS1flQytGFYEUDJ/0+GDtIes6PR2
SXz+e8Xa6RULpPA2I5a0qaYjr/2Uzceeb2wkKLSAyb+m0O0H01QlFb85nFykHgc5
6xW+bz6TwZXYdppsvqP49UlxZ8rFOExU499j0o5Cad14fuZ2Cky7oU9Saikdqt8t
2SrVs9nY6m0gDY/w6RnLH33wkzy6X2ymmoPxw9cpH3xYMSPaxtudmJpo7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsM+dZ8dgM9hSDnZ78ZsTqqUmGXMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEveXd6NTFueDJBejJGSU9kbnZ4bXhPcXBTWVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudNkMA0G
CSqGSIb3DQEBCwUAA4IBAQCC76JHBxoD0WYdpIO3a+IZUhNelUv8D91j5IUTc2fT
BARwz89zTwhg9kjuOw8Bqn0j9C97hPP8Oem6vfvtv8FxbEp2AqgEtrMTnBb2qORl
P/HHp2GjZKqfpFGWDcpaHT0o4VS3rXOk5OG7tPY8iVS2FIzCYLMYUxJdm7nyyfpE
a/lsuXyw0UwwExTSQf5yP1FtPTQcDyIbXcYQqHRKQTuBhRALAsLgFvf0zvbcioWz
U//c+q588EyDge6K1paswIAOXzPQymVpG/f7stNV4B06m1jr65fnBnlGw6drbS62
GaWctAmBr1R5uT1l2CgFiMoQJKYzJMhIUAemUiXyK64W
-----END CERTIFICATE-----