Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/y56Nfh76gjyCOcGtBhnizTX0loY.roa
File:                     y56Nfh76gjyCOcGtBhnizTX0loY.roa (raw, json)
Hash identifier:          dmNc2ZsuWYEatVtEk4lt6dGr12Zbm0hnX7vLaFN6FWI=
Subject key identifier:   CB:9E:8D:7E:1E:FA:82:3C:82:39:C1:AD:06:19:E2:CD:35:F4:96:86
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019778D55AB7D4365E30D4E7F30255A42281
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/y56Nfh76gjyCOcGtBhnizTX0loY.roa
Signing time:             Mon 16 Jun 2025 13:02:17 +0000
ROA not before:           Mon 16 Jun 2025 13:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        91.204.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:d5:5a:b7:d4:36:5e:30:d4:e7:f3:02:55:a4:22:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Jun 16 13:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb9e8d7e1efa823c8239c1ad0619e2cd35f49686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fe:57:18:7e:16:bc:72:66:ee:fc:35:4e:54:
                    60:cb:c0:ca:61:cc:e5:92:63:e8:24:de:2c:a8:27:
                    f8:30:db:9d:26:af:0e:e4:f0:6c:b5:b6:bb:c4:0c:
                    13:2b:53:2d:f0:e2:16:cd:9d:e7:52:a9:63:e3:8c:
                    1d:fc:b5:bb:4e:e2:bf:97:f1:0e:24:89:a5:37:da:
                    c0:f5:8a:18:c9:54:20:bf:ed:99:fa:c7:62:76:2d:
                    2f:13:d5:60:7e:c9:9a:d4:d8:ca:bd:21:04:f3:3a:
                    56:98:dd:34:33:6c:26:ad:d8:b9:1e:8e:99:8a:c0:
                    11:e7:17:5f:0d:d1:a9:29:42:51:e0:51:2e:dd:38:
                    47:9e:01:48:db:99:bc:27:cd:1f:0a:a6:66:b0:0c:
                    1d:a8:70:25:12:96:4a:71:d1:3f:34:72:b3:24:e5:
                    25:1c:55:aa:8b:8f:ac:0a:49:d1:28:2f:3b:1f:36:
                    e4:4a:91:e0:cb:23:ad:9c:1c:7e:df:70:57:3a:cd:
                    44:9f:8b:df:59:e6:6b:50:93:e3:cf:5e:b2:b7:48:
                    52:4c:97:7f:d2:54:15:3b:87:d8:aa:4e:b0:57:a7:
                    d8:a0:1b:e7:ce:02:c6:05:dc:28:e7:be:22:8d:f8:
                    12:75:7e:5f:be:13:de:c3:98:e4:c7:89:9e:36:7c:
                    23:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9E:8D:7E:1E:FA:82:3C:82:39:C1:AD:06:19:E2:CD:35:F4:96:86
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/y56Nfh76gjyCOcGtBhnizTX0loY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:45:d7:66:54:b2:21:bb:09:ee:e8:72:66:f2:25:a3:54:e1:
         37:5a:dd:cf:95:37:51:d4:87:f2:6c:bf:2a:ca:9e:3a:f3:58:
         e9:32:e0:fd:40:0b:37:95:41:02:89:06:b0:0e:12:6d:66:ad:
         8c:fa:0f:57:8e:57:3c:ce:1f:cb:ca:68:a1:c3:db:cf:82:d8:
         c1:46:11:b1:14:0b:01:bb:24:e1:27:d0:82:b3:46:51:4b:2a:
         18:d0:6a:ef:9d:9a:46:53:22:92:e8:4b:99:70:1f:fe:ad:a4:
         32:51:0d:81:a9:e6:f5:90:b1:c6:ad:d1:cd:7e:c4:fa:f1:34:
         4a:a9:85:47:5c:d7:b5:9f:06:a4:fb:90:41:a2:2d:b4:70:87:
         66:35:e1:38:77:a5:cb:ae:2c:eb:9c:2e:ed:bf:b0:43:a9:3c:
         1e:d3:ad:d7:dd:ac:27:ee:7c:a7:3a:61:24:98:1d:37:43:d3:
         24:f6:f3:a3:b9:57:8e:28:b2:57:e5:2b:5d:66:6e:a1:6c:cb:
         80:51:1c:44:70:fe:e2:16:45:34:94:5b:cf:fa:99:5e:b9:d1:
         56:43:8d:71:38:a9:4c:ea:49:2b:8a:e3:2f:46:04:f9:6f:2f:
         e8:2c:f9:51:59:ee:f2:49:67:1d:68:56:70:34:56:e3:11:bb:
         6c:23:8d:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd41Vq31DZeMNTn8wJVpCKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjUwNjE2MTMwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjllOGQ3ZTFlZmE4MjNjODIzOWMxYWQwNjE5ZTJjZDM1ZjQ5Njg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgv5XGH4WvHJm7vw1TlRgy8DKYczl
kmPoJN4sqCf4MNudJq8O5PBstba7xAwTK1Mt8OIWzZ3nUqlj44wd/LW7TuK/l/EO
JImlN9rA9YoYyVQgv+2Z+sdidi0vE9Vgfsma1NjKvSEE8zpWmN00M2wmrdi5Ho6Z
isAR5xdfDdGpKUJR4FEu3ThHngFI25m8J80fCqZmsAwdqHAlEpZKcdE/NHKzJOUl
HFWqi4+sCknRKC87HzbkSpHgyyOtnBx+33BXOs1En4vfWeZrUJPjz16yt0hSTJd/
0lQVO4fYqk6wV6fYoBvnzgLGBdwo574ijfgSdX5fvhPew5jkx4meNnwjJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuejX4e+oI8gjnBrQYZ4s019JaGMB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEveTU2TmZoNzZnanlDT2NHdEJobml6VFgwbG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8xKMA0G
CSqGSIb3DQEBCwUAA4IBAQB9RddmVLIhuwnu6HJm8iWjVOE3Wt3PlTdR1IfybL8q
yp4681jpMuD9QAs3lUECiQawDhJtZq2M+g9Xjlc8zh/Lymihw9vPgtjBRhGxFAsB
uyThJ9CCs0ZRSyoY0GrvnZpGUyKS6EuZcB/+raQyUQ2Bqeb1kLHGrdHNfsT68TRK
qYVHXNe1nwak+5BBoi20cIdmNeE4d6XLrizrnC7tv7BDqTwe063X3awn7nynOmEk
mB03Q9Mk9vOjuVeOKLJX5StdZm6hbMuAURxEcP7iFkU0lFvP+pleudFWQ41xOKlM
6kkriuMvRgT5by/oLPlRWe7ySWcdaFZwNFbjEbtsI41+
-----END CERTIFICATE-----