Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/yyvELcORfofkP-WeGpZwKuaBw_Q.roa
File:                     yyvELcORfofkP-WeGpZwKuaBw_Q.roa (raw, json)
Hash identifier:          4+8pYhEeFWOgedy0C+0IR+tgnEJ+zl9mtWO3Ad1HhNg=
Subject key identifier:   CB:2B:C4:2D:C3:91:7E:87:E4:3F:E5:9E:1A:96:70:2A:E6:81:C3:F4
Certificate issuer:       /CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
Certificate serial:       018CC26D700924003642973FF55B325CB83E
Authority key identifier: 11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/yyvELcORfofkP-WeGpZwKuaBw_Q.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51353
IP address blocks:        80.82.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:09:24:00:36:42:97:3f:f5:5b:32:5c:b8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb2bc42dc3917e87e43fe59e1a96702ae681c3f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1a:f5:0d:97:1f:e6:50:12:f4:f4:cb:6a:e4:
                    14:93:2a:23:71:8c:58:86:ce:ce:b0:82:22:3e:61:
                    ea:36:00:60:65:02:15:36:47:a2:9e:21:3a:91:d9:
                    60:2b:32:cd:f3:bc:35:06:dd:83:41:bf:0e:58:78:
                    9e:9f:e8:71:a8:a3:86:d0:12:6e:c7:05:df:ba:7b:
                    67:c0:8a:f6:81:b1:e5:32:ba:6d:db:53:fa:52:cc:
                    cc:5c:69:c1:56:d9:a5:18:c8:b3:33:25:ca:54:50:
                    3a:0a:32:08:64:e1:0d:28:ea:67:1f:59:1a:bb:9e:
                    cb:df:5c:92:ca:9a:c6:6a:e1:dd:c4:c0:93:40:97:
                    16:73:b9:d4:78:f7:d7:e1:1a:94:49:61:c3:9d:49:
                    37:c0:58:96:1c:d8:37:4a:c0:20:73:db:b4:9f:d9:
                    e5:ec:c0:a1:77:4d:e3:fd:d3:84:5d:37:24:1b:5f:
                    69:44:7e:64:0a:21:93:3e:67:6c:f2:f6:f5:e1:7d:
                    82:21:c8:12:bf:c0:95:bb:6d:d4:e4:bf:d4:7c:e9:
                    cc:72:11:52:0d:af:df:f8:81:97:b8:70:b9:b1:f9:
                    5f:d6:be:7e:01:9f:b4:49:8c:81:a1:e7:f3:1a:4b:
                    80:54:d1:12:f2:5d:08:ee:41:68:70:9d:e3:a4:5c:
                    4c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2B:C4:2D:C3:91:7E:87:E4:3F:E5:9E:1A:96:70:2A:E6:81:C3:F4
            X509v3 Authority Key Identifier:
                keyid:11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/yyvELcORfofkP-WeGpZwKuaBw_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.82.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:b2:b2:e3:ac:47:53:d6:78:fd:32:21:66:b1:d4:98:43:b4:
         b1:14:58:3a:63:45:fb:2c:90:b4:90:3f:7f:51:ca:69:df:38:
         a3:72:e5:f5:2d:84:3a:d8:93:4b:ad:bd:e6:0d:99:eb:88:68:
         3f:16:2a:db:d8:b3:b5:56:2c:db:e0:48:91:3f:7a:87:eb:21:
         2e:40:1e:4d:e6:ba:22:cf:6f:87:a6:2d:4b:45:26:23:a6:cd:
         97:eb:61:45:8e:df:e4:f6:34:c5:31:d8:f9:b1:2d:cc:0d:e7:
         b8:6a:af:82:68:20:03:1c:5b:5e:a0:4b:05:75:b8:c0:f2:6a:
         6d:9c:ff:7c:13:21:fb:0b:f3:b9:76:48:4e:3c:c7:b8:80:0d:
         4d:7e:f0:51:d2:01:bc:d4:b0:c3:55:b0:9d:c5:0f:92:35:d8:
         ec:80:f1:f4:f8:61:f6:4a:de:90:7f:87:2d:fa:42:15:49:01:
         ab:95:7e:6f:18:f9:8e:7c:69:20:8e:df:c2:3d:4b:0b:a8:e4:
         79:70:38:62:31:2d:2d:2e:38:b7:76:29:0d:5c:c6:b4:fa:23:
         dd:7d:3c:a9:a9:c6:50:76:94:39:5c:ef:c6:e8:2b:ab:16:c9:
         67:d2:17:33:15:46:06:19:a7:5f:a8:3d:a5:49:d9:2c:0a:5d:
         75:6e:a5:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXAJJAA2Qpc/9VsyXLg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmZhMjk2MWZhMGUwYjA3MDQxMjkzZGRjMGMzNjkzYTll
MGEyMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJiYzQyZGMzOTE3ZTg3ZTQzZmU1OWUxYTk2NzAyYWU2ODFjM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRr1DZcf5lAS9PTLauQUkyojcYxY
hs7OsIIiPmHqNgBgZQIVNkeiniE6kdlgKzLN87w1Bt2DQb8OWHien+hxqKOG0BJu
xwXfuntnwIr2gbHlMrpt21P6UszMXGnBVtmlGMizMyXKVFA6CjIIZOENKOpnH1ka
u57L31ySyprGauHdxMCTQJcWc7nUePfX4RqUSWHDnUk3wFiWHNg3SsAgc9u0n9nl
7MChd03j/dOEXTckG19pRH5kCiGTPmds8vb14X2CIcgSv8CVu23U5L/UfOnMchFS
Da/f+IGXuHC5sflf1r5+AZ+0SYyBoefzGkuAVNES8l0I7kFocJ3jpFxMywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsrxC3DkX6H5D/lnhqWcCrmgcP0MB8GA1UdIwQY
MBaAFBG/opYfoOCwcEEpPdwMNpOp4KI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgt
Nzg3OTFjOTM1NmEzLzEveXl2RUxjT1Jmb2ZrUC1XZUdwWndLdWFCd19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgtNzg3OTFjOTM1NmEz
LzEvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsrLjrEdT1nj9MiFmsdSYQ7SxFFg6Y0X7LJC0kD9/
Ucpp3zijcuX1LYQ62JNLrb3mDZnriGg/Firb2LO1Vizb4EiRP3qH6yEuQB5N5roi
z2+Hpi1LRSYjps2X62FFjt/k9jTFMdj5sS3MDee4aq+CaCADHFteoEsFdbjA8mpt
nP98EyH7C/O5dkhOPMe4gA1NfvBR0gG81LDDVbCdxQ+SNdjsgPH0+GH2St6Qf4ct
+kIVSQGrlX5vGPmOfGkgjt/CPUsLqOR5cDhiMS0tLji3dikNXMa0+iPdfTypqcZQ
dpQ5XO/G6CurFsln0hczFUYGGadfqD2lSdksCl11bqXX
-----END CERTIFICATE-----