Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YbglpsbIIv_EKa0olQOZ6OiQazw.roa
File:                     YbglpsbIIv_EKa0olQOZ6OiQazw.roa (raw, json)
Hash identifier:          SUvDN+5sSw5TqQXpL0uO3P+Q6W0YnCo1FRFDEDC0/SI=
Subject key identifier:   61:B8:25:A6:C6:C8:22:FF:C4:29:AD:28:95:03:99:E8:E8:90:6B:3C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC969948254629C57B782A4FB32D9BEEB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YbglpsbIIv_EKa0olQOZ6OiQazw.roa
Signing time:             Tue 02 Jan 2024 09:03:08 +0000
ROA not before:           Tue 02 Jan 2024 09:03:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212755
IP address blocks:        84.54.50.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:69:94:82:54:62:9c:57:b7:82:a4:fb:32:d9:be:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 09:03:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61b825a6c6c822ffc429ad28950399e8e8906b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6c:63:e1:b9:22:72:06:6d:f8:7e:bf:40:9d:
                    21:f0:16:b6:ba:52:5c:62:8a:47:4e:02:50:0a:ed:
                    bb:33:f3:09:82:dc:bd:13:4e:62:3c:3e:fb:ce:2d:
                    17:3b:6c:04:3b:0e:8f:23:2d:4f:fb:87:8d:eb:1d:
                    d4:10:05:3a:9c:a6:d8:e3:d4:23:6a:25:d4:d2:34:
                    3a:c0:ca:1b:9b:73:6c:4c:cf:38:97:24:df:7e:45:
                    04:ba:4c:69:3b:77:58:22:e8:27:51:47:41:43:9e:
                    ed:84:50:1b:47:3c:6e:3f:73:4f:04:a3:96:6b:ae:
                    5e:e1:04:f4:e4:59:be:46:91:3f:9e:b7:9a:6b:94:
                    c7:30:39:30:33:70:09:b2:4a:01:e9:45:14:db:88:
                    71:bb:eb:d2:2d:53:f5:f8:45:49:bc:86:d9:2e:30:
                    61:42:b8:fc:ac:af:da:cb:33:05:f6:f5:dc:c0:c4:
                    7e:4d:1f:d0:8f:c9:59:ed:f8:22:a6:a4:21:0a:14:
                    c2:77:82:62:d8:58:6c:b3:ea:31:57:79:0a:d4:8a:
                    65:f7:1b:5c:c2:71:8f:7b:02:95:d5:8f:64:1d:3d:
                    e5:0a:fe:00:77:28:d5:56:34:7c:1c:62:71:64:02:
                    e8:42:2d:b5:30:3c:c5:b4:19:49:b5:58:0a:aa:8f:
                    2f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B8:25:A6:C6:C8:22:FF:C4:29:AD:28:95:03:99:E8:E8:90:6B:3C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YbglpsbIIv_EKa0olQOZ6OiQazw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.50.0/24
                  194.55.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:25:91:39:3c:b9:d8:d3:a6:19:62:e2:ee:ee:6d:c2:ca:32:
         81:64:69:d9:08:c6:05:d5:d2:12:64:65:bb:ec:2d:8d:39:46:
         77:fa:fe:00:7d:fc:f7:e6:e7:54:e7:06:04:da:7b:f0:a6:f9:
         26:08:fa:7d:8c:1c:01:9b:f7:91:e3:fc:5f:cd:09:f9:86:1f:
         a7:e6:a4:83:a1:fd:ef:41:f8:7f:75:4f:f6:11:f3:48:4f:37:
         e7:40:38:88:d2:ce:e2:b1:34:8f:df:b7:11:2a:83:68:5f:63:
         52:b8:16:24:4f:a3:e5:c5:7f:29:07:ec:89:f5:a8:c7:55:61:
         01:dc:66:6a:0c:0b:6d:85:93:cd:03:a0:79:a4:9a:6b:65:a5:
         f7:cd:8b:6f:0e:4d:03:78:63:5d:97:f3:dc:86:4d:b3:6a:0a:
         9e:94:cb:03:67:40:6a:dc:be:80:e9:76:fe:93:28:fb:80:43:
         9e:3e:8a:d2:3b:f2:6a:b6:a9:54:d1:28:91:f8:85:4c:f0:8a:
         0c:52:ea:0e:0d:53:1b:cc:b5:fd:b3:a2:cf:47:7c:47:f4:24:
         db:db:18:83:44:3a:04:19:3b:54:f3:74:42:25:09:a3:9c:34:
         e8:9c:ac:80:2e:92:b4:6a:6b:8d:ae:b2:ab:93:54:ab:dd:1a:
         6e:ea:ed:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJaZSCVGKcV7eCpPsy2b7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDkwMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWI4MjVhNmM2YzgyMmZmYzQyOWFkMjg5NTAzOTllOGU4OTA2YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGxj4bkicgZt+H6/QJ0h8Ba2ulJc
YopHTgJQCu27M/MJgty9E05iPD77zi0XO2wEOw6PIy1P+4eN6x3UEAU6nKbY49Qj
aiXU0jQ6wMobm3NsTM84lyTffkUEukxpO3dYIugnUUdBQ57thFAbRzxuP3NPBKOW
a65e4QT05Fm+RpE/nreaa5THMDkwM3AJskoB6UUU24hxu+vSLVP1+EVJvIbZLjBh
Qrj8rK/ayzMF9vXcwMR+TR/Qj8lZ7fgipqQhChTCd4Ji2Fhss+oxV3kK1Ipl9xtc
wnGPewKV1Y9kHT3lCv4AdyjVVjR8HGJxZALoQi21MDzFtBlJtVgKqo8vOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGG4JabGyCL/xCmtKJUDmejokGs8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWWJnbHBzYklJdl9FS2Ewb2xRT1o2T2lRYXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVDYyAwQA
wjfjMA0GCSqGSIb3DQEBCwUAA4IBAQCXJZE5PLnY06YZYuLu7m3CyjKBZGnZCMYF
1dISZGW77C2NOUZ3+v4Affz35udU5wYE2nvwpvkmCPp9jBwBm/eR4/xfzQn5hh+n
5qSDof3vQfh/dU/2EfNITzfnQDiI0s7isTSP37cRKoNoX2NSuBYkT6PlxX8pB+yJ
9ajHVWEB3GZqDAtthZPNA6B5pJprZaX3zYtvDk0DeGNdl/Pchk2zagqelMsDZ0Bq
3L6A6Xb+kyj7gEOePorSO/JqtqlU0SiR+IVM8IoMUuoODVMbzLX9s6LPR3xH9CTb
2xiDRDoEGTtU83RCJQmjnDTonKyALpK0amuNrrKrk1Sr3Rpu6u3Z
-----END CERTIFICATE-----