Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YUX3UidE32_ddSr9m81-QjIoPbU.roa
File:                     YUX3UidE32_ddSr9m81-QjIoPbU.roa (raw, json)
Hash identifier:          Ikqzc3//Ojyv28sSSAfbU24QYF9QFb1GTPF8Q6Dv/l4=
Subject key identifier:   61:45:F7:52:27:44:DF:6F:DD:75:2A:FD:9B:CD:7E:42:32:28:3D:B5
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC7ED6B62F1B89684711EA9DD640A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YUX3UidE32_ddSr9m81-QjIoPbU.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198479
IP address blocks:        91.235.48.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c7:ed:6b:62:f1:b8:96:84:71:1e:a9:dd:64:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6145f7522744df6fdd752afd9bcd7e4232283db5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:2b:c6:8d:b1:0f:2c:12:0f:0d:f3:eb:30:
                    1d:27:83:87:13:2f:94:12:25:cc:b9:28:4e:3e:2b:
                    9f:7a:91:ed:42:29:47:57:08:df:73:28:76:42:04:
                    fb:8c:56:f2:3e:64:58:a0:39:4d:e9:85:80:49:d0:
                    d2:37:f1:38:a4:b3:9e:db:dc:e9:f8:25:45:e2:60:
                    4b:cb:3e:1c:62:80:7d:ec:6b:81:11:93:92:64:f8:
                    7e:71:ae:71:90:2d:dd:20:98:e9:71:85:b7:41:51:
                    b7:28:a4:4d:76:05:93:49:fd:3f:43:b6:c9:32:b1:
                    1c:da:f0:52:a5:28:27:9c:63:11:1b:f1:22:d6:6b:
                    b3:7f:9f:1d:d4:6b:aa:e0:6e:93:05:3f:b9:d6:00:
                    df:a1:fc:f8:b4:10:50:33:f6:72:9a:16:1a:e3:e7:
                    2e:3c:a3:34:b2:6b:9e:38:62:ab:1f:b9:4d:b1:4f:
                    8c:a5:eb:5b:af:82:70:0e:f3:9e:d1:a4:26:45:09:
                    e5:68:25:01:e9:01:78:37:15:bf:69:65:36:f3:0a:
                    88:59:e9:db:4c:d1:06:9d:74:0e:fe:f3:aa:16:8d:
                    69:a0:99:87:14:30:3d:97:50:99:d3:2a:9e:cd:52:
                    85:68:7c:a1:ae:96:22:8a:0c:13:42:90:11:f6:47:
                    3c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:45:F7:52:27:44:DF:6F:DD:75:2A:FD:9B:CD:7E:42:32:28:3D:B5
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/YUX3UidE32_ddSr9m81-QjIoPbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:83:6f:e8:88:f5:8d:2e:ca:45:b1:bf:2d:cf:8b:7f:bb:61:
         b8:ea:47:d2:82:49:25:26:c4:3a:de:7d:13:5e:76:18:a0:45:
         1a:21:0b:93:37:45:11:c6:13:83:ab:b4:b7:c0:55:5b:1c:aa:
         f1:56:40:3e:00:09:bd:9c:67:9a:04:8f:dd:d1:e6:ee:48:b1:
         bc:1a:9d:a0:d8:00:22:58:d0:4c:8a:19:12:ea:be:3d:40:09:
         41:d3:c7:85:47:ae:a9:54:8b:6f:29:49:19:16:a6:d3:cb:9a:
         e3:7b:30:75:78:4d:95:fa:ed:cd:c7:a9:fb:7c:ee:90:a2:57:
         39:33:0c:e5:76:16:c1:7b:da:c6:ad:5a:01:86:10:3b:54:6b:
         ca:82:9e:9e:93:fb:fe:b5:36:8f:6f:13:53:95:84:d6:4d:9e:
         63:bd:d9:d4:b9:5a:e9:9f:c8:c3:53:98:b3:5b:5d:a1:6b:26:
         c5:02:0c:60:5b:ad:c5:59:77:33:59:b5:32:cf:70:97:6b:ff:
         7c:db:56:d0:77:f3:27:bb:c4:9d:d7:92:0b:58:0a:e0:a6:3f:
         07:e2:19:9b:bb:5b:b3:cd:c3:62:a8:34:bd:f7:97:51:74:bb:
         cb:ea:af:1b:58:1e:75:db:70:f9:f5:4f:d5:16:c0:8a:8b:47:
         37:ab:fc:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sfta2LxuJaEcR6p3WQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQ1Zjc1MjI3NDRkZjZmZGQ3NTJhZmQ5YmNkN2U0MjMyMjgzZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArForxo2xDywSDw3z6zAdJ4OHEy+U
EiXMuShOPiufepHtQilHVwjfcyh2QgT7jFbyPmRYoDlN6YWASdDSN/E4pLOe29zp
+CVF4mBLyz4cYoB97GuBEZOSZPh+ca5xkC3dIJjpcYW3QVG3KKRNdgWTSf0/Q7bJ
MrEc2vBSpSgnnGMRG/Ei1muzf58d1Guq4G6TBT+51gDfofz4tBBQM/ZymhYa4+cu
PKM0smueOGKrH7lNsU+Mpetbr4JwDvOe0aQmRQnlaCUB6QF4NxW/aWU28wqIWenb
TNEGnXQO/vOqFo1poJmHFDA9l1CZ0yqezVKFaHyhrpYiigwTQpAR9kc8SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFF91InRN9v3XUq/ZvNfkIyKD21MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWVVYM1VpZEUzMl9kZFNyOW04MS1RaklvUGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+swMA0G
CSqGSIb3DQEBCwUAA4IBAQBPg2/oiPWNLspFsb8tz4t/u2G46kfSgkklJsQ63n0T
XnYYoEUaIQuTN0URxhODq7S3wFVbHKrxVkA+AAm9nGeaBI/d0ebuSLG8Gp2g2AAi
WNBMihkS6r49QAlB08eFR66pVItvKUkZFqbTy5rjezB1eE2V+u3Nx6n7fO6Qolc5
MwzldhbBe9rGrVoBhhA7VGvKgp6ek/v+tTaPbxNTlYTWTZ5jvdnUuVrpn8jDU5iz
W12haybFAgxgW63FWXczWbUyz3CXa/9821bQd/Mnu8Sd15ILWArgpj8H4hmbu1uz
zcNiqDS995dRdLvL6q8bWB5123D59U/VFsCKi0c3q/yD
-----END CERTIFICATE-----