Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/_yCY8mYqw-72y0r0gBi2TmfoSbw.roa
File:                     _yCY8mYqw-72y0r0gBi2TmfoSbw.roa (raw, json)
Hash identifier:          5EpTXkfN7PQLj7GejAPZKjuVQP2RcujLIJn/V29BG2o=
Subject key identifier:   FF:20:98:F2:66:2A:C3:EE:F6:CB:4A:F4:80:18:B6:4E:67:E8:49:BC
Certificate issuer:       /CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
Certificate serial:       018CC26D4137E1D81091EDF6C2F0A40FC22F
Authority key identifier: 2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/_yCY8mYqw-72y0r0gBi2TmfoSbw.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198405
IP address blocks:        185.156.97.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:37:e1:d8:10:91:ed:f6:c2:f0:a4:0f:c2:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff2098f2662ac3eef6cb4af48018b64e67e849bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e4:c8:0a:fe:56:2f:20:a2:52:88:7f:d0:78:
                    19:89:bc:c2:82:1d:75:2a:3c:1c:cc:83:7b:69:b0:
                    72:1c:a0:47:4a:7b:15:74:59:1c:b0:ad:a9:c1:21:
                    39:d4:5e:25:33:25:2b:be:ed:c7:64:6d:e2:b8:5f:
                    7a:80:37:80:ed:55:f1:5a:3e:f5:d5:71:2c:0b:c4:
                    87:d2:dd:3b:bd:69:04:7b:1e:91:53:47:97:28:ab:
                    3f:9e:6f:57:b6:22:b4:12:16:2e:89:38:0a:b1:f3:
                    64:b9:32:8c:9e:9f:f6:1e:65:c5:ad:f4:ef:3a:fb:
                    e1:f6:ba:be:ae:64:8a:6f:a6:28:c1:4a:17:26:ec:
                    d6:8e:03:68:b6:75:80:08:c3:67:dc:e8:49:01:51:
                    66:a9:a0:dd:ed:f9:41:bf:7d:53:02:6d:40:40:2f:
                    35:23:48:5f:d1:7d:90:f4:c1:17:8f:05:f0:fd:c3:
                    b8:7b:c9:f1:ce:69:35:6f:2a:30:ac:9e:bc:69:70:
                    c3:ac:71:d3:6a:c2:21:26:b4:c6:ad:c7:31:a8:da:
                    fa:cc:01:5c:3f:ac:2a:a2:4b:eb:c4:8e:6b:5c:5f:
                    af:90:58:bd:21:91:69:74:71:05:53:f3:cf:ef:9a:
                    90:ea:fb:d1:0e:be:1d:aa:0e:1e:f2:31:40:2f:cc:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:20:98:F2:66:2A:C3:EE:F6:CB:4A:F4:80:18:B6:4E:67:E8:49:BC
            X509v3 Authority Key Identifier:
                keyid:2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/_yCY8mYqw-72y0r0gBi2TmfoSbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:ab:4e:1f:35:8c:e1:0a:38:c9:ec:4c:7d:3f:da:b9:5e:9a:
         bf:97:9c:ee:04:cc:10:3f:79:6c:a4:28:e9:8c:b6:f4:eb:01:
         8d:48:dc:af:84:f8:41:74:af:a7:24:f7:58:37:98:4f:46:6a:
         0b:58:f7:88:b7:d1:af:26:b7:2e:b0:28:4d:64:3e:ed:ba:c7:
         88:ae:6c:84:00:47:40:c5:39:f6:ce:ad:44:77:fb:0a:67:c1:
         54:77:bd:06:e3:12:50:69:3f:d3:8c:01:bb:17:6c:67:7f:3c:
         9c:af:9f:0a:a8:a7:92:16:04:a1:bb:f0:09:dc:d3:1b:03:f6:
         42:87:70:d1:6b:cd:da:25:a0:b8:95:4c:13:12:3c:0e:3c:7f:
         3c:e0:d8:d3:7d:1d:88:a6:4d:0d:53:97:49:8b:4e:0b:9f:6b:
         2d:2e:e4:f4:90:89:b9:f7:00:a9:56:5f:b2:3c:a9:01:21:6b:
         0b:24:a1:b6:9f:bf:bb:ed:35:79:83:7c:11:98:c4:c6:57:8d:
         ef:68:e3:dc:41:0d:67:e1:30:a8:dd:6c:73:7a:04:92:c0:64:
         65:f1:10:19:19:4c:0f:22:98:e8:30:14:6d:f1:7e:b2:19:2f:
         7b:61:ff:fc:c0:c5:6b:c2:7c:c5:0f:e2:9b:eb:14:96:c3:79:
         64:aa:be:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUE34dgQke32wvCkD8IvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMWU2NWY4MDgzYzg1OWJjZDBkMmM1MmExZTA2MWViNTEz
MWY1ZjEwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjIwOThmMjY2MmFjM2VlZjZjYjRhZjQ4MDE4YjY0ZTY3ZTg0OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguTICv5WLyCiUoh/0HgZibzCgh11
KjwczIN7abByHKBHSnsVdFkcsK2pwSE51F4lMyUrvu3HZG3iuF96gDeA7VXxWj71
1XEsC8SH0t07vWkEex6RU0eXKKs/nm9XtiK0EhYuiTgKsfNkuTKMnp/2HmXFrfTv
Ovvh9rq+rmSKb6YowUoXJuzWjgNotnWACMNn3OhJAVFmqaDd7flBv31TAm1AQC81
I0hf0X2Q9MEXjwXw/cO4e8nxzmk1byowrJ68aXDDrHHTasIhJrTGrccxqNr6zAFc
P6wqokvrxI5rXF+vkFi9IZFpdHEFU/PP75qQ6vvRDr4dqg4e8jFAL8xJxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8gmPJmKsPu9stK9IAYtk5n6Em8MB8GA1UdIwQY
MBaAFCoeZfgIPIWbzQ0sUqHgYetRMfXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTIt
Y2ZiOGRhNTQ5MDY3LzEvX3lDWThtWXF3LTcyeTByMGdCaTJUbWZvU2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTItY2ZiOGRhNTQ5MDY3
LzEvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZxhMA0G
CSqGSIb3DQEBCwUAA4IBAQA+q04fNYzhCjjJ7Ex9P9q5Xpq/l5zuBMwQP3lspCjp
jLb06wGNSNyvhPhBdK+nJPdYN5hPRmoLWPeIt9GvJrcusChNZD7tuseIrmyEAEdA
xTn2zq1Ed/sKZ8FUd70G4xJQaT/TjAG7F2xnfzycr58KqKeSFgShu/AJ3NMbA/ZC
h3DRa83aJaC4lUwTEjwOPH884NjTfR2Ipk0NU5dJi04Ln2stLuT0kIm59wCpVl+y
PKkBIWsLJKG2n7+77TV5g3wRmMTGV43vaOPcQQ1n4TCo3WxzegSSwGRl8RAZGUwP
IpjoMBRt8X6yGS97Yf/8wMVrwnzFD+Kb6xSWw3lkqr7F
-----END CERTIFICATE-----