Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/yo8ZqxdIfDt-MqMWvXNK8K8pPYI.roa
File:                     yo8ZqxdIfDt-MqMWvXNK8K8pPYI.roa (raw, json)
Hash identifier:          VxAtrBzorR5PgKS2HAW+16G4t+6adVYC2syIodpKoZ8=
Subject key identifier:   CA:8F:19:AB:17:48:7C:3B:7E:32:A3:16:BD:73:4A:F0:AF:29:3D:82
Certificate issuer:       /CN=c0395ec8821d8f8189413392bd876d7bd795c16c
Certificate serial:       018CC64AB3A0BCCBC5EDB6D5513A5EAB5352
Authority key identifier: C0:39:5E:C8:82:1D:8F:81:89:41:33:92:BD:87:6D:7B:D7:95:C1:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wDleyIIdj4GJQTOSvYdte9eVwWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/yo8ZqxdIfDt-MqMWvXNK8K8pPYI.roa
Signing time:             Mon 01 Jan 2024 18:30:33 +0000
ROA not before:           Mon 01 Jan 2024 18:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        194.39.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/wDleyIIdj4GJQTOSvYdte9eVwWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/wDleyIIdj4GJQTOSvYdte9eVwWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wDleyIIdj4GJQTOSvYdte9eVwWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b3:a0:bc:cb:c5:ed:b6:d5:51:3a:5e:ab:53:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0395ec8821d8f8189413392bd876d7bd795c16c
        Validity
            Not Before: Jan  1 18:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca8f19ab17487c3b7e32a316bd734af0af293d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ac:c0:d4:05:54:06:12:af:23:e8:31:af:59:
                    11:ea:38:3a:70:4a:4a:86:b2:b9:20:50:05:b2:75:
                    a4:fa:4b:10:ba:0c:5a:2a:93:f0:22:f0:50:cb:21:
                    7c:d3:43:cf:4d:b0:be:ec:14:5b:85:aa:33:9b:74:
                    df:2b:d0:9a:3b:95:de:8e:15:b5:e9:e7:6a:af:f5:
                    1d:48:73:a2:95:ba:c5:1a:52:01:13:02:da:ce:78:
                    97:55:5e:8b:d1:af:3e:52:cd:6b:77:f2:44:d4:db:
                    8e:d1:be:92:83:b6:47:61:2c:74:c3:24:1c:8b:ee:
                    f7:27:0f:2d:a3:d1:c1:5c:37:30:e7:64:ef:30:85:
                    46:b9:3b:87:49:73:1b:0a:a1:13:6f:70:54:b0:58:
                    ce:fe:11:1f:1b:fe:af:36:1c:1c:17:40:88:2d:36:
                    57:74:3a:b4:c5:30:be:3e:95:7f:a0:36:de:16:86:
                    21:2d:6f:fc:a8:a7:2e:48:6b:66:6b:2c:1b:f5:79:
                    8a:17:a9:ba:20:74:88:41:b1:e5:08:66:57:5d:10:
                    4a:01:c0:65:96:48:1e:2e:f0:3d:60:c3:02:74:dd:
                    a8:59:95:9f:eb:0f:62:e6:5e:d4:cd:52:55:30:1d:
                    93:87:8b:cf:0f:0a:e1:c0:89:65:7e:14:42:c1:a4:
                    34:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:8F:19:AB:17:48:7C:3B:7E:32:A3:16:BD:73:4A:F0:AF:29:3D:82
            X509v3 Authority Key Identifier:
                keyid:C0:39:5E:C8:82:1D:8F:81:89:41:33:92:BD:87:6D:7B:D7:95:C1:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wDleyIIdj4GJQTOSvYdte9eVwWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/yo8ZqxdIfDt-MqMWvXNK8K8pPYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/02966a-a7ae-4054-ab34-f7e73ddef4e2/1/wDleyIIdj4GJQTOSvYdte9eVwWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c1:76:d4:d5:a3:d2:6d:78:17:c7:b8:ed:86:95:4c:33:70:
         6b:4a:d1:52:e9:55:58:5c:70:dd:bd:e5:8c:fc:c9:c9:82:2c:
         f6:10:4c:59:f1:25:e9:c4:85:fd:1c:a3:36:af:a5:dd:43:91:
         e1:c1:d8:ea:4e:3b:66:08:34:04:e0:c6:57:a0:48:09:4a:f9:
         cd:42:98:3a:44:5e:17:5b:66:b1:e9:a0:ed:d1:59:1c:16:1a:
         39:23:5f:95:b0:43:13:3a:34:a5:21:97:e1:e4:69:66:5a:27:
         f6:50:e9:21:9c:88:65:30:f2:ad:03:fc:9c:70:4d:40:26:cb:
         80:46:4d:83:a0:3b:e6:39:f9:95:c4:b6:47:40:e9:c9:7b:b8:
         66:e5:56:3e:d7:22:28:a0:fd:01:de:7e:5a:3c:d7:c2:a1:90:
         b6:d1:4b:d0:90:b1:c4:9f:d4:92:38:85:02:01:b8:81:d3:ff:
         4a:fa:01:96:cb:9c:5d:7a:7b:2c:33:14:ef:39:0a:7d:b6:7b:
         37:ce:bd:d6:b6:f9:07:02:ab:61:42:e1:c2:db:72:07:00:aa:
         1d:92:38:90:f5:e7:08:8d:2e:ee:24:e9:c8:2f:aa:56:c0:c8:
         0f:cd:f4:9d:cd:0d:77:1f:c4:80:c5:91:9c:d6:65:1a:18:1e:
         76:45:54:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrOgvMvF7bbVUTpeq1NSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMzk1ZWM4ODIxZDhmODE4OTQxMzM5MmJkODc2ZDdiZDc5
NWMxNmMwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYThmMTlhYjE3NDg3YzNiN2UzMmEzMTZiZDczNGFmMGFmMjkzZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKzA1AVUBhKvI+gxr1kR6jg6cEpK
hrK5IFAFsnWk+ksQugxaKpPwIvBQyyF800PPTbC+7BRbhaozm3TfK9CaO5XejhW1
6edqr/UdSHOilbrFGlIBEwLazniXVV6L0a8+Us1rd/JE1NuO0b6Sg7ZHYSx0wyQc
i+73Jw8to9HBXDcw52TvMIVGuTuHSXMbCqETb3BUsFjO/hEfG/6vNhwcF0CILTZX
dDq0xTC+PpV/oDbeFoYhLW/8qKcuSGtmaywb9XmKF6m6IHSIQbHlCGZXXRBKAcBl
lkgeLvA9YMMCdN2oWZWf6w9i5l7UzVJVMB2Th4vPDwrhwIllfhRCwaQ0rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqPGasXSHw7fjKjFr1zSvCvKT2CMB8GA1UdIwQY
MBaAFMA5XsiCHY+BiUEzkr2HbXvXlcFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0RsZXlJSWRqNEdKUVRPU3ZZZHRlOWVWd1d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wMjk2NmEtYTdhZS00MDU0LWFiMzQt
ZjdlNzNkZGVmNGUyLzEveW84WnF4ZElmRHQtTXFNV3ZYTks4SzhwUFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wMjk2NmEtYTdhZS00MDU0LWFiMzQtZjdlNzNkZGVmNGUy
LzEvd0RsZXlJSWRqNEdKUVRPU3ZZZHRlOWVWd1d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwid5MA0G
CSqGSIb3DQEBCwUAA4IBAQB+wXbU1aPSbXgXx7jthpVMM3BrStFS6VVYXHDdveWM
/MnJgiz2EExZ8SXpxIX9HKM2r6XdQ5HhwdjqTjtmCDQE4MZXoEgJSvnNQpg6RF4X
W2ax6aDt0VkcFho5I1+VsEMTOjSlIZfh5GlmWif2UOkhnIhlMPKtA/yccE1AJsuA
Rk2DoDvmOfmVxLZHQOnJe7hm5VY+1yIooP0B3n5aPNfCoZC20UvQkLHEn9SSOIUC
AbiB0/9K+gGWy5xdenssMxTvOQp9tns3zr3WtvkHAqthQuHC23IHAKodkjiQ9ecI
jS7uJOnIL6pWwMgPzfSdzQ13H8SAxZGc1mUaGB52RVSw
-----END CERTIFICATE-----