Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/ywL5ORbyPmPvGZ2n4Lyod0S4Kjc.roa
File:                     ywL5ORbyPmPvGZ2n4Lyod0S4Kjc.roa (raw, json)
Hash identifier:          pR5TdG5XN3SszlT0OTUuijGoZwESXw4bnQ5SWA8Q3JY=
Subject key identifier:   CB:02:F9:39:16:F2:3E:63:EF:19:9D:A7:E0:BC:A8:77:44:B8:2A:37
Certificate issuer:       /CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
Certificate serial:       018CC56E11D9D32803A39223A923E304B3C6
Authority key identifier: 9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/ywL5ORbyPmPvGZ2n4Lyod0S4Kjc.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59962
IP address blocks:        194.33.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:d9:d3:28:03:a3:92:23:a9:23:e3:04:b3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb02f93916f23e63ef199da7e0bca87744b82a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:77:8b:58:c4:7d:9b:75:d7:ee:c7:49:7d:16:
                    a7:19:f6:3a:44:ed:56:16:94:9f:71:58:c0:a5:d1:
                    bc:c7:5a:eb:63:5b:75:dd:ec:dc:ab:03:ca:25:22:
                    3a:79:89:7e:6c:b3:a2:21:86:47:b3:2f:ab:08:17:
                    f0:50:98:c1:47:a5:9d:c6:25:69:d3:f6:4e:4a:54:
                    af:6c:76:18:25:69:89:22:1f:b7:5c:57:17:c3:00:
                    e2:c9:5e:2e:63:6a:c6:fb:54:c2:d8:fb:b2:da:ca:
                    14:b4:c7:f2:c1:67:fb:63:b3:fd:c1:a8:f6:09:b2:
                    ca:37:69:32:cc:b6:6a:b2:17:57:06:9b:03:62:52:
                    89:3f:68:ca:2f:ff:33:96:f1:09:be:56:1c:3d:e6:
                    91:ba:83:a3:fd:08:83:0a:70:84:d8:24:b0:1c:d6:
                    13:0e:70:6f:a7:c5:ea:c0:e5:f0:ad:f3:34:e1:3c:
                    c8:89:d5:a5:5f:58:f9:e6:8a:d7:0d:e0:6e:10:7a:
                    24:6b:4a:3e:1e:59:dc:16:a2:49:9b:f2:48:de:2f:
                    a9:f0:90:a0:36:ea:ea:b9:d8:89:16:c6:53:64:25:
                    39:d1:f5:c1:0b:5e:72:f3:e4:77:db:c5:cb:30:b6:
                    a3:17:55:9d:39:a7:62:09:03:37:74:8e:3a:0f:49:
                    4c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:02:F9:39:16:F2:3E:63:EF:19:9D:A7:E0:BC:A8:77:44:B8:2A:37
            X509v3 Authority Key Identifier:
                keyid:9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/ywL5ORbyPmPvGZ2n4Lyod0S4Kjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:1d:1a:25:18:91:15:fb:30:84:fd:9f:8b:68:dc:72:fb:7f:
         fe:fd:3c:9f:be:31:e6:e2:f8:ee:4a:42:f3:fc:50:51:1e:dc:
         81:ac:bc:1a:81:92:d5:89:7e:b8:ce:26:77:00:ae:82:5a:df:
         84:8b:04:2e:fd:63:cd:dd:b9:cc:3c:0d:16:c8:2f:97:a3:e3:
         04:61:13:e5:50:b1:9d:f2:2e:3c:b2:cd:21:9a:a2:98:fd:3d:
         03:9d:1a:21:49:bc:64:cc:a4:1e:2a:fd:cd:e0:4d:6f:be:16:
         a7:27:6d:d7:74:fc:08:e2:8a:35:da:f6:7b:e8:ef:e4:7e:86:
         f1:12:bf:ea:c7:db:19:cf:a7:07:8f:10:cd:8a:6f:15:eb:0c:
         36:f4:4f:bf:8a:1c:71:2f:79:05:35:ef:ec:88:65:1a:64:3e:
         c9:e3:32:c4:3e:d3:a1:27:ba:52:3b:cf:e6:cf:d3:18:48:3c:
         60:1b:76:2d:a1:a8:c4:8e:f6:75:df:c2:dc:45:f3:64:ae:dd:
         c0:26:f0:bd:35:d0:8c:52:2b:1d:67:03:17:f4:9a:5f:0b:15:
         5b:70:c4:da:b7:a4:b3:f1:9c:c1:2a:66:31:6e:34:87:04:dc:
         b0:52:87:5b:e3:6d:fe:e0:c9:ae:8f:d6:6b:55:d4:a1:7b:78:
         f2:fa:77:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhHZ0ygDo5IjqSPjBLPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDdlZTczYzI4NzgwYjEyZjE1MmNmYTI1OWFkZTNkOGFl
MGQxM2IwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjAyZjkzOTE2ZjIzZTYzZWYxOTlkYTdlMGJjYTg3NzQ0YjgyYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhneLWMR9m3XX7sdJfRanGfY6RO1W
FpSfcVjApdG8x1rrY1t13ezcqwPKJSI6eYl+bLOiIYZHsy+rCBfwUJjBR6WdxiVp
0/ZOSlSvbHYYJWmJIh+3XFcXwwDiyV4uY2rG+1TC2Puy2soUtMfywWf7Y7P9waj2
CbLKN2kyzLZqshdXBpsDYlKJP2jKL/8zlvEJvlYcPeaRuoOj/QiDCnCE2CSwHNYT
DnBvp8XqwOXwrfM04TzIidWlX1j55orXDeBuEHoka0o+HlncFqJJm/JI3i+p8JCg
NurqudiJFsZTZCU50fXBC15y8+R328XLMLajF1WdOadiCQM3dI46D0lMmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsC+TkW8j5j7xmdp+C8qHdEuCo3MB8GA1UdIwQY
MBaAFJxH7nPCh4CxLxUs+iWa3j2K4NE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2Et
ZjNjMWE5YTExZDczLzEveXdMNU9SYnlQbVB2R1oybjRMeW9kMFM0S2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2EtZjNjMWE5YTExZDcz
LzEvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFoMA0G
CSqGSIb3DQEBCwUAA4IBAQBuHRolGJEV+zCE/Z+LaNxy+3/+/TyfvjHm4vjuSkLz
/FBRHtyBrLwagZLViX64ziZ3AK6CWt+EiwQu/WPN3bnMPA0WyC+Xo+MEYRPlULGd
8i48ss0hmqKY/T0DnRohSbxkzKQeKv3N4E1vvhanJ23XdPwI4oo12vZ76O/kfobx
Er/qx9sZz6cHjxDNim8V6ww29E+/ihxxL3kFNe/siGUaZD7J4zLEPtOhJ7pSO8/m
z9MYSDxgG3YtoajEjvZ138LcRfNkrt3AJvC9NdCMUisdZwMX9JpfCxVbcMTat6Sz
8ZzBKmYxbjSHBNywUodb423+4Mmuj9ZrVdShe3jy+neS
-----END CERTIFICATE-----