Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/Yf8xLh6ONOE-LcHsXkQWHpv_Qbs.roa
File:                     Yf8xLh6ONOE-LcHsXkQWHpv_Qbs.roa (raw, json)
Hash identifier:          w0wC5FwQryxr68NY97Vqd4lkkn8kQ9lhz7BZtY1f10I=
Subject key identifier:   61:FF:31:2E:1E:8E:34:E1:3E:2D:C1:EC:5E:44:16:1E:9B:FF:41:BB
Certificate issuer:       /CN=82e69214d6fd55e75050ba811bf7c12439109fee
Certificate serial:       0194228E04BBA0B436CBE63B6AA53844DFEC
Authority key identifier: 82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/Yf8xLh6ONOE-LcHsXkQWHpv_Qbs.roa
Signing time:             Wed 01 Jan 2025 15:48:40 +0000
ROA not before:           Wed 01 Jan 2025 15:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48754
IP address blocks:        91.212.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:04:bb:a0:b4:36:cb:e6:3b:6a:a5:38:44:df:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e69214d6fd55e75050ba811bf7c12439109fee
        Validity
            Not Before: Jan  1 15:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61ff312e1e8e34e13e2dc1ec5e44161e9bff41bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ad:36:cb:51:d2:d8:64:55:f3:30:27:70:d3:
                    8f:d2:4b:d3:73:54:81:25:63:e0:d4:ec:a6:77:20:
                    65:aa:0e:30:7b:02:ea:aa:61:56:84:58:6c:77:e9:
                    99:f7:07:82:e6:c7:65:31:57:50:ca:6e:2c:ae:49:
                    9f:57:a6:99:55:93:10:8d:72:1e:c8:5f:f5:c2:16:
                    c7:64:06:c6:e7:2d:3d:55:ae:dc:78:dd:95:81:db:
                    2c:ee:56:1e:6e:0a:5a:6c:eb:02:8a:11:e7:e7:a9:
                    9a:12:b3:f7:c6:86:88:cf:da:ef:ad:18:60:33:92:
                    64:f9:f9:ad:ce:19:7d:6e:f1:2e:da:91:ff:0c:21:
                    7f:83:58:88:dc:83:5d:c3:b0:cd:af:69:3a:74:2c:
                    92:74:06:08:c8:ec:24:31:6e:74:3c:d4:4f:ce:12:
                    b5:54:78:a3:3f:1b:40:ff:0f:e9:00:e5:10:a3:9d:
                    02:58:78:b3:e4:a6:3f:0b:c0:96:57:09:7d:5f:60:
                    10:4f:48:19:7f:5d:d7:15:38:ea:85:cb:dc:cc:b6:
                    e6:b9:23:70:a3:51:0e:81:a5:f0:44:bf:f0:8d:74:
                    ef:74:dc:54:c8:c0:fa:31:5d:1c:45:35:36:6c:9a:
                    30:61:45:d3:f1:98:fb:fe:02:b8:07:7b:4c:f2:6d:
                    7c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FF:31:2E:1E:8E:34:E1:3E:2D:C1:EC:5E:44:16:1E:9B:FF:41:BB
            X509v3 Authority Key Identifier:
                keyid:82:E6:92:14:D6:FD:55:E7:50:50:BA:81:1B:F7:C1:24:39:10:9F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guaSFNb9VedQULqBG_fBJDkQn-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/Yf8xLh6ONOE-LcHsXkQWHpv_Qbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/173fc5-343b-4976-b2a1-96bc6baa563b/1/guaSFNb9VedQULqBG_fBJDkQn-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:89:a5:2e:1b:af:4c:a1:e5:db:8c:14:25:e6:1b:22:a1:22:
         98:09:54:a7:b3:d9:d9:d3:0f:a4:03:f5:12:1f:4a:07:ae:53:
         c6:25:0c:74:c2:a0:f8:9c:33:fa:34:c3:d9:0f:8b:2c:16:ce:
         ec:be:34:19:df:5b:c1:e8:72:88:b2:45:64:e7:54:93:2d:15:
         ee:fd:88:31:6a:5b:44:0b:9e:29:d8:3f:91:fb:36:99:f3:34:
         bc:3f:98:8a:93:02:c8:c2:f9:a1:dc:80:28:00:df:0c:59:2a:
         4a:5b:c5:a1:69:f8:d3:0f:c0:e9:b9:3c:4f:5b:f1:bb:01:fa:
         2c:c0:0c:66:69:59:7c:9d:08:7d:60:0f:87:fb:bd:17:70:4a:
         9e:2a:40:0e:e1:d1:20:6b:45:2b:67:32:7a:67:91:af:96:ab:
         0b:a6:60:21:0d:99:d2:a2:61:34:67:f8:6b:be:63:71:9a:1a:
         65:42:a2:e1:af:19:87:64:3f:1b:64:73:98:55:66:78:3b:8f:
         b6:96:ca:1d:63:94:67:da:4e:ff:71:71:23:33:dd:5d:d6:f6:
         2e:71:d1:58:41:dd:62:42:16:dc:75:a7:df:7b:03:25:26:79:
         87:5d:f4:fb:45:d7:7f:9a:01:66:28:b5:7b:0a:17:db:20:a8:
         d1:8d:33:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgS7oLQ2y+Y7aqU4RN/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTY5MjE0ZDZmZDU1ZTc1MDUwYmE4MTFiZjdjMTI0Mzkx
MDlmZWUwHhcNMjUwMTAxMTU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWZmMzEyZTFlOGUzNGUxM2UyZGMxZWM1ZTQ0MTYxZTliZmY0MWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqK02y1HS2GRV8zAncNOP0kvTc1SB
JWPg1OymdyBlqg4wewLqqmFWhFhsd+mZ9weC5sdlMVdQym4srkmfV6aZVZMQjXIe
yF/1whbHZAbG5y09Va7ceN2Vgdss7lYebgpabOsCihHn56maErP3xoaIz9rvrRhg
M5Jk+fmtzhl9bvEu2pH/DCF/g1iI3INdw7DNr2k6dCySdAYIyOwkMW50PNRPzhK1
VHijPxtA/w/pAOUQo50CWHiz5KY/C8CWVwl9X2AQT0gZf13XFTjqhcvczLbmuSNw
o1EOgaXwRL/wjXTvdNxUyMD6MV0cRTU2bJowYUXT8Zj7/gK4B3tM8m18LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGH/MS4ejjThPi3B7F5EFh6b/0G7MB8GA1UdIwQY
MBaAFILmkhTW/VXnUFC6gRv3wSQ5EJ/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VhU0ZOYjlWZWRRVUxxQkdfZkJKRGtRbi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xNzNmYzUtMzQzYi00OTc2LWIyYTEt
OTZiYzZiYWE1NjNiLzEvWWY4eExoNk9OT0UtTGNIc1hrUVdIcHZfUWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xNzNmYzUtMzQzYi00OTc2LWIyYTEtOTZiYzZiYWE1NjNi
LzEvZ3VhU0ZOYjlWZWRRVUxxQkdfZkJKRGtRbi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QXMA0G
CSqGSIb3DQEBCwUAA4IBAQBmiaUuG69MoeXbjBQl5hsioSKYCVSns9nZ0w+kA/US
H0oHrlPGJQx0wqD4nDP6NMPZD4ssFs7svjQZ31vB6HKIskVk51STLRXu/YgxaltE
C54p2D+R+zaZ8zS8P5iKkwLIwvmh3IAoAN8MWSpKW8WhafjTD8DpuTxPW/G7Afos
wAxmaVl8nQh9YA+H+70XcEqeKkAO4dEga0UrZzJ6Z5GvlqsLpmAhDZnSomE0Z/hr
vmNxmhplQqLhrxmHZD8bZHOYVWZ4O4+2lsodY5Rn2k7/cXEjM91d1vYucdFYQd1i
QhbcdaffewMlJnmHXfT7Rdd/mgFmKLV7ChfbIKjRjTMV
-----END CERTIFICATE-----