Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/YxOtOgnU8cB_r8ppQ7zt7Yn1h8E.roa
File:                     YxOtOgnU8cB_r8ppQ7zt7Yn1h8E.roa (raw, json)
Hash identifier:          hJKrCqMArUUFLmdCBbP2zXvFwtLGr52qkPC83BZ9tdo=
Subject key identifier:   63:13:AD:3A:09:D4:F1:C0:7F:AF:CA:69:43:BC:ED:ED:89:F5:87:C1
Certificate issuer:       /CN=d604e49e928305abcb8f32def3fefc03ebbcde44
Certificate serial:       018CC424EDE50E256366FF7F3266972E2D4C
Authority key identifier: D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gTknpKDBavLjzLe8_78A-u83kQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/YxOtOgnU8cB_r8ppQ7zt7Yn1h8E.roa
Signing time:             Mon 01 Jan 2024 08:30:03 +0000
ROA not before:           Mon 01 Jan 2024 08:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.19.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gTknpKDBavLjzLe8_78A-u83kQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Nov 2024 22:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ed:e5:0e:25:63:66:ff:7f:32:66:97:2e:2d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d604e49e928305abcb8f32def3fefc03ebbcde44
        Validity
            Not Before: Jan  1 08:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6313ad3a09d4f1c07fafca6943bceded89f587c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:39:aa:ee:2c:6a:f9:d8:61:ab:75:24:2c:c0:
                    d9:73:aa:15:67:7e:16:96:d9:47:30:22:36:0a:f4:
                    93:15:fa:bf:d2:a7:bd:0f:2b:08:bd:53:58:61:c1:
                    b2:b3:23:19:58:31:f5:96:d4:95:09:1b:61:16:8c:
                    6d:9c:38:ed:d6:6e:99:b4:ca:ff:50:fa:5b:92:84:
                    2c:80:29:7e:7e:7b:56:21:84:df:8a:eb:f4:a0:6d:
                    d9:f2:09:ea:65:f3:b8:af:90:c3:4a:1b:5f:01:7e:
                    9a:a4:4e:9c:f5:65:5b:02:cf:11:d8:66:2d:ba:a0:
                    38:e5:a6:ce:24:6d:0f:29:bf:ae:de:99:5b:0d:16:
                    85:65:8f:30:f7:10:1c:58:94:e0:fb:68:5b:31:ad:
                    1d:d4:6d:90:3a:b4:9a:c5:48:e1:92:39:2a:8c:02:
                    55:fc:72:5a:b7:c5:ff:73:b9:60:f3:b1:c3:73:cc:
                    9c:70:80:89:b5:5e:ee:9c:4f:b4:2d:f8:30:d6:dd:
                    65:4c:d7:6f:ae:6c:c7:0e:b7:8e:d6:b8:d3:1f:87:
                    bd:c5:4a:ab:00:63:42:ec:5c:7a:0a:fa:3f:35:51:
                    d5:bd:33:dd:3e:0e:b6:a2:1f:a4:ef:51:ce:d1:df:
                    34:0a:4e:63:4f:ab:db:88:23:68:59:18:e8:04:b0:
                    dd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:13:AD:3A:09:D4:F1:C0:7F:AF:CA:69:43:BC:ED:ED:89:F5:87:C1
            X509v3 Authority Key Identifier:
                keyid:D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gTknpKDBavLjzLe8_78A-u83kQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/YxOtOgnU8cB_r8ppQ7zt7Yn1h8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.19.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         40:d6:f7:2c:b2:ba:5a:af:02:78:cf:34:92:e4:60:cb:c5:94:
         69:d1:3c:ec:4a:b0:f7:e7:11:c7:da:6c:d4:c7:c0:e4:44:cb:
         26:bb:8e:ff:c3:eb:4c:6b:62:c1:30:88:92:14:ae:50:38:ef:
         78:e0:73:c8:08:8f:3e:16:e7:49:ef:c8:b7:be:f3:fc:5f:8d:
         55:d7:fb:34:04:7e:66:c6:ef:11:3c:00:2c:fa:e8:e9:fa:86:
         e5:a6:7e:3c:47:7d:88:6b:6d:48:65:35:a0:f2:03:5a:f0:4c:
         73:5b:f6:f2:b5:c5:09:e3:75:40:13:ee:ce:bd:94:d7:19:21:
         5e:fb:c3:75:60:00:03:76:d7:2f:3b:99:fb:29:6b:8a:7f:e2:
         16:1c:96:b6:3f:79:9f:06:ec:57:27:68:c1:75:09:83:2e:9d:
         a0:e4:a8:ec:98:19:c3:d4:e4:7b:5f:c7:74:70:86:3c:c7:3e:
         9a:72:08:18:5a:f0:bb:7e:40:93:71:71:73:b8:a4:90:cc:67:
         e5:e2:d3:d4:ad:e5:e5:c3:3d:f8:c5:f4:d4:c5:ae:ac:80:1a:
         e3:06:32:fc:32:5c:32:65:7a:04:b8:b9:71:f8:c0:54:97:9d:
         fc:e1:d6:b5:03:3d:d8:b1:05:1f:49:2e:52:77:b7:a1:86:2c:
         6b:13:df:e6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEJO3lDiVjZv9/MmaXLi1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDRlNDllOTI4MzA1YWJjYjhmMzJkZWYzZmVmYzAzZWJi
Y2RlNDQwHhcNMjQwMTAxMDgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzEzYWQzYTA5ZDRmMWMwN2ZhZmNhNjk0M2JjZWRlZDg5ZjU4N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTmq7ixq+dhhq3UkLMDZc6oVZ34W
ltlHMCI2CvSTFfq/0qe9DysIvVNYYcGysyMZWDH1ltSVCRthFoxtnDjt1m6ZtMr/
UPpbkoQsgCl+fntWIYTfiuv0oG3Z8gnqZfO4r5DDShtfAX6apE6c9WVbAs8R2GYt
uqA45abOJG0PKb+u3plbDRaFZY8w9xAcWJTg+2hbMa0d1G2QOrSaxUjhkjkqjAJV
/HJat8X/c7lg87HDc8yccICJtV7unE+0Lfgw1t1lTNdvrmzHDreO1rjTH4e9xUqr
AGNC7Fx6Cvo/NVHVvTPdPg62oh+k71HO0d80Ck5jT6vbiCNoWRjoBLDdDwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGMTrToJ1PHAf6/KaUO87e2J9YfBMB8GA1UdIwQY
MBaAFNYE5J6SgwWry48y3vP+/APrvN5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdUa25wS0RCYXZManpMZThfNzhBLXU4M2tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9hODMwYTItMDI3MS00ZGU5LWJjMzgt
MDNjODIxNTc0MjFhLzEvWXhPdE9nblU4Y0JfcjhwcFE3enQ3WW4xaDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9hODMwYTItMDI3MS00ZGU5LWJjMzgtMDNjODIxNTc0MjFh
LzEvMWdUa25wS0RCYXZManpMZThfNzhBLXU4M2tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjRMwDQYJ
KoZIhvcNAQELBQADggEBAEDW9yyyulqvAnjPNJLkYMvFlGnRPOxKsPfnEcfabNTH
wOREyya7jv/D60xrYsEwiJIUrlA473jgc8gIjz4W50nvyLe+8/xfjVXX+zQEfmbG
7xE8ACz66On6huWmfjxHfYhrbUhlNaDyA1rwTHNb9vK1xQnjdUAT7s69lNcZIV77
w3VgAAN21y87mfspa4p/4hYclrY/eZ8G7FcnaMF1CYMunaDkqOyYGcPU5Htfx3Rw
hjzHPppyCBha8Lt+QJNxcXO4pJDMZ+Xi09St5eXDPfjF9NTFrqyAGuMGMvwyXDJl
egS4uXH4wFSXnfzh1rUDPdixBR9JLlJ3t6GGLGsT3+Y=
-----END CERTIFICATE-----