Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y2S_GzBs4bCrPUz4ZciBkJ9LI1o.roa
File:                     Y2S_GzBs4bCrPUz4ZciBkJ9LI1o.roa (raw, json)
Hash identifier:          lsK2c1BQeOTD6J0UDMG+6dPjLWdqC0Qc2blLgjuazgo=
Subject key identifier:   63:64:BF:1B:30:6C:E1:B0:AB:3D:4C:F8:65:C8:81:90:9F:4B:23:5A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE87795B7DE039649A85117768763
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y2S_GzBs4bCrPUz4ZciBkJ9LI1o.roa
Signing time:             Tue 02 Jan 2024 06:29:29 +0000
ROA not before:           Tue 02 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48115
IP address blocks:        94.156.36.0/24 maxlen: 24
                          94.156.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e8:77:95:b7:de:03:96:49:a8:51:17:76:87:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6364bf1b306ce1b0ab3d4cf865c881909f4b235a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d2:0f:c8:82:25:d0:0a:60:4a:5c:37:b9:44:
                    23:96:f2:a2:5d:70:74:00:2c:60:43:d8:99:8e:31:
                    56:da:69:27:b3:30:31:bd:6e:93:e7:24:21:31:33:
                    a5:36:1e:9d:69:ff:75:46:c1:f1:03:82:f0:93:a1:
                    2f:8c:fc:1a:3f:8d:6f:75:eb:db:db:4b:d8:b4:e5:
                    5a:fc:78:12:b5:85:13:84:63:dc:74:09:61:03:3a:
                    0a:a8:9f:ac:18:85:03:68:a9:9a:b3:75:57:1f:ed:
                    7c:ec:bb:ba:0a:b0:e2:60:02:dc:2f:fc:7a:54:bd:
                    2b:fa:b4:bd:79:a1:55:28:bd:be:f4:3d:5e:0c:ef:
                    ec:68:59:68:5b:f4:1d:ed:a1:8b:a7:e3:a4:ba:36:
                    e0:5b:54:fe:aa:31:01:09:1e:b6:5c:f9:03:1d:8f:
                    4c:61:33:32:f0:d5:0f:7c:a0:5a:6e:9e:1b:86:a1:
                    21:26:10:27:74:fc:15:de:5c:d2:34:0b:dd:ac:ff:
                    35:38:24:64:58:0c:91:c6:34:58:31:1a:4f:84:22:
                    53:d2:52:4f:45:e5:2e:07:81:16:c2:19:0b:92:bd:
                    0d:7a:b3:3a:71:34:7b:84:d6:96:a7:3f:63:ca:c9:
                    cc:ed:5c:a3:59:8f:9e:00:4b:78:d7:fa:de:8b:10:
                    67:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:64:BF:1B:30:6C:E1:B0:AB:3D:4C:F8:65:C8:81:90:9F:4B:23:5A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Y2S_GzBs4bCrPUz4ZciBkJ9LI1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.36.0/24
                  94.156.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:02:d1:66:69:c9:93:ed:37:b6:d2:f1:e8:3a:58:ff:89:38:
         f1:88:9e:29:26:ad:c4:26:b5:00:93:5d:e9:c0:34:f5:aa:80:
         37:58:ef:5c:0d:12:04:16:a3:2d:1a:51:ab:d2:a5:47:8e:f3:
         be:c7:12:8c:2b:3e:78:df:3c:83:31:94:a7:cb:47:5c:92:0e:
         77:7a:67:d3:19:dc:b6:be:4c:51:0a:cd:19:0e:2a:96:ee:9b:
         ba:ed:a4:7d:89:f7:02:08:b0:16:ec:ab:5c:e4:8b:92:bc:8a:
         7b:3e:45:b9:88:a0:40:b7:d5:a0:d1:61:9b:e2:2b:40:df:82:
         07:f1:91:1b:42:d5:4a:09:7e:ad:dd:d9:05:64:23:65:1b:8e:
         a6:ac:2e:f3:f5:39:9d:be:ce:07:cd:02:a3:6d:f4:3b:93:16:
         e4:8b:cb:8b:93:72:4f:ec:13:03:65:da:11:a9:33:c0:02:6d:
         03:5c:30:94:83:09:93:6e:20:ac:31:7e:d6:d1:08:5e:01:17:
         be:7e:9c:5b:20:72:1f:0d:2c:52:e2:ef:f5:c8:58:59:d5:92:
         2e:17:0e:2b:dc:c4:54:76:97:06:f1:2d:bb:22:eb:3a:1c:fb:
         e2:21:ca:7f:63:fc:ec:4f:ea:60:3a:af:ff:7d:73:0a:51:0d:
         d5:ff:19:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3Oh3lbfeA5ZJqFEXdodjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzY0YmYxYjMwNmNlMWIwYWIzZDRjZjg2NWM4ODE5MDlmNGIyMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9IPyIIl0ApgSlw3uUQjlvKiXXB0
ACxgQ9iZjjFW2mknszAxvW6T5yQhMTOlNh6daf91RsHxA4Lwk6EvjPwaP41vdevb
20vYtOVa/HgStYUThGPcdAlhAzoKqJ+sGIUDaKmas3VXH+187Lu6CrDiYALcL/x6
VL0r+rS9eaFVKL2+9D1eDO/saFloW/Qd7aGLp+OkujbgW1T+qjEBCR62XPkDHY9M
YTMy8NUPfKBabp4bhqEhJhAndPwV3lzSNAvdrP81OCRkWAyRxjRYMRpPhCJT0lJP
ReUuB4EWwhkLkr0NerM6cTR7hNaWpz9jysnM7VyjWY+eAEt41/reixBniwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGNkvxswbOGwqz1M+GXIgZCfSyNaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWTJTX0d6QnM0YkNyUFV6NFpjaUJrSjlMSTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpwkAwQA
XpxlMA0GCSqGSIb3DQEBCwUAA4IBAQBMAtFmacmT7Te20vHoOlj/iTjxiJ4pJq3E
JrUAk13pwDT1qoA3WO9cDRIEFqMtGlGr0qVHjvO+xxKMKz543zyDMZSny0dckg53
emfTGdy2vkxRCs0ZDiqW7pu67aR9ifcCCLAW7Ktc5IuSvIp7PkW5iKBAt9Wg0WGb
4itA34IH8ZEbQtVKCX6t3dkFZCNlG46mrC7z9Tmdvs4HzQKjbfQ7kxbki8uLk3JP
7BMDZdoRqTPAAm0DXDCUgwmTbiCsMX7W0QheARe+fpxbIHIfDSxS4u/1yFhZ1ZIu
Fw4r3MRUdpcG8S27Ius6HPviIcp/Y/zsT+pgOq//fXMKUQ3V/xnR
-----END CERTIFICATE-----