Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/YINxsdCwZc3ub_x2FGspy_tgnAs.roa
File:                     YINxsdCwZc3ub_x2FGspy_tgnAs.roa (raw, json)
Hash identifier:          JbutJkMYaTeGRPUO+QHR/wv0jFqczlaA74cvyWatAPM=
Subject key identifier:   60:83:71:B1:D0:B0:65:CD:EE:6F:FC:76:14:6B:29:CB:FB:60:9C:0B
Certificate issuer:       /CN=c49eee24deab5520119b6a3da0457d39c40641db
Certificate serial:       018CC8DEDFC14425C972C5890DD49EE146ED
Authority key identifier: C4:9E:EE:24:DE:AB:55:20:11:9B:6A:3D:A0:45:7D:39:C4:06:41:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJ7uJN6rVSARm2o9oEV9OcQGQds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/YINxsdCwZc3ub_x2FGspy_tgnAs.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43667
IP address blocks:        77.91.192.0/21 maxlen: 24
                          185.32.132.0/22 maxlen: 24
                          94.198.128.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/xJ7uJN6rVSARm2o9oEV9OcQGQds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/xJ7uJN6rVSARm2o9oEV9OcQGQds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJ7uJN6rVSARm2o9oEV9OcQGQds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:df:c1:44:25:c9:72:c5:89:0d:d4:9e:e1:46:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c49eee24deab5520119b6a3da0457d39c40641db
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=608371b1d0b065cdee6ffc76146b29cbfb609c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ed:97:16:2d:5f:74:78:c9:44:67:46:18:eb:
                    21:64:3e:c6:ee:e6:0e:84:b8:ea:d8:99:55:81:00:
                    35:b8:51:6c:1b:e7:37:64:b3:3e:9e:9e:ec:f0:b9:
                    04:79:82:d7:78:98:ed:78:af:93:e3:3e:77:64:07:
                    87:e3:25:4d:96:3d:25:72:5d:33:48:fd:99:55:41:
                    8e:97:16:4d:1a:de:f0:2b:e1:d6:ef:a3:1a:ff:3d:
                    19:36:b0:a1:b9:bb:30:79:a0:84:34:1d:ab:cd:73:
                    91:4c:0d:c8:8e:ee:70:e2:0d:84:50:0d:fd:9a:d0:
                    b0:8e:61:87:9d:fb:d9:bf:a2:88:df:3f:e5:53:71:
                    23:82:1f:cc:a5:af:13:ca:73:0c:52:7b:5b:0b:e2:
                    e5:bc:d5:a0:4d:2b:7c:6d:4e:97:8a:01:32:1f:ae:
                    d7:4b:2a:a7:00:de:cc:2a:4e:c4:7b:96:e6:d3:aa:
                    24:bb:82:e1:4d:96:f4:78:3e:56:c1:f8:84:62:7e:
                    9e:73:98:36:73:19:3b:4d:3f:72:db:ea:9d:d9:f0:
                    9a:19:cb:8c:09:2f:58:45:a8:5b:aa:4e:65:f9:0f:
                    50:d7:c3:58:d6:62:9b:04:cb:ef:5c:bd:75:f7:c0:
                    12:ab:95:c2:e7:00:bf:74:1d:99:51:42:5c:f8:c7:
                    36:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:83:71:B1:D0:B0:65:CD:EE:6F:FC:76:14:6B:29:CB:FB:60:9C:0B
            X509v3 Authority Key Identifier:
                keyid:C4:9E:EE:24:DE:AB:55:20:11:9B:6A:3D:A0:45:7D:39:C4:06:41:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJ7uJN6rVSARm2o9oEV9OcQGQds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/YINxsdCwZc3ub_x2FGspy_tgnAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9786f4-dd54-4e43-aea4-59c4c10aebd9/1/xJ7uJN6rVSARm2o9oEV9OcQGQds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.192.0/21
                  94.198.128.0/21
                  185.32.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:20:f0:7c:01:d4:8d:d3:36:03:aa:e1:10:18:b3:2f:01:67:
         c1:c1:49:26:60:65:0e:a4:bd:80:a2:e4:c6:a0:2c:0d:18:b3:
         6b:a0:fa:4b:88:5d:2d:86:87:38:c2:c9:b5:ab:41:d7:e1:8a:
         c2:6b:30:ea:b6:08:d2:df:0a:a9:4c:56:d2:d1:f4:d2:34:30:
         46:ac:75:ad:19:a8:17:36:4f:a1:80:1d:f8:b8:54:7d:65:65:
         c7:56:c8:b1:72:25:86:8c:4e:73:a8:7b:f2:c6:98:7d:73:60:
         3f:5a:66:a4:d4:97:cf:48:e1:82:39:c9:20:8d:24:47:8c:e2:
         e8:5d:d5:f3:0f:ad:6f:c6:bf:51:44:20:0a:4e:b2:da:c9:08:
         8b:c6:7e:92:9a:f5:32:10:ad:62:6e:0a:d5:cb:9f:af:6a:a7:
         51:26:1a:76:f0:5f:54:c9:6a:b6:57:b6:4d:ef:0a:eb:6f:d6:
         81:21:41:4a:d7:96:3a:39:45:0a:66:3f:c0:25:06:b9:1e:c6:
         b4:a7:22:12:3e:92:26:b9:1c:1b:d3:66:5f:cb:e1:22:39:8c:
         11:68:38:b4:77:7a:2e:5e:2d:7a:39:bd:8e:71:4f:5c:bb:76:
         4a:ce:08:b8:4a:ea:62:56:b9:d3:72:41:e4:79:03:e5:29:99:
         84:b8:3c:5f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3t/BRCXJcsWJDdSe4UbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OWVlZTI0ZGVhYjU1MjAxMTliNmEzZGEwNDU3ZDM5YzQw
NjQxZGIwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDgzNzFiMWQwYjA2NWNkZWU2ZmZjNzYxNDZiMjljYmZiNjA5YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+2XFi1fdHjJRGdGGOshZD7G7uYO
hLjq2JlVgQA1uFFsG+c3ZLM+np7s8LkEeYLXeJjteK+T4z53ZAeH4yVNlj0lcl0z
SP2ZVUGOlxZNGt7wK+HW76Ma/z0ZNrChubsweaCENB2rzXORTA3Iju5w4g2EUA39
mtCwjmGHnfvZv6KI3z/lU3Ejgh/Mpa8TynMMUntbC+LlvNWgTSt8bU6XigEyH67X
SyqnAN7MKk7Ee5bm06oku4LhTZb0eD5WwfiEYn6ec5g2cxk7TT9y2+qd2fCaGcuM
CS9YRahbqk5l+Q9Q18NY1mKbBMvvXL1198ASq5XC5wC/dB2ZUUJc+Mc27QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGCDcbHQsGXN7m/8dhRrKcv7YJwLMB8GA1UdIwQY
MBaAFMSe7iTeq1UgEZtqPaBFfTnEBkHbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEo3dUpONnJWU0FSbTJvOW9FVjlPY1FHUWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85Nzg2ZjQtZGQ1NC00ZTQzLWFlYTQt
NTljNGMxMGFlYmQ5LzEvWUlOeHNkQ3daYzN1Yl94MkZHc3B5X3RnbkFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85Nzg2ZjQtZGQ1NC00ZTQzLWFlYTQtNTljNGMxMGFlYmQ5
LzEveEo3dUpONnJWU0FSbTJvOW9FVjlPY1FHUWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDTVvAAwQD
XsaAAwQCuSCEMA0GCSqGSIb3DQEBCwUAA4IBAQBbIPB8AdSN0zYDquEQGLMvAWfB
wUkmYGUOpL2AouTGoCwNGLNroPpLiF0thoc4wsm1q0HX4YrCazDqtgjS3wqpTFbS
0fTSNDBGrHWtGagXNk+hgB34uFR9ZWXHVsixciWGjE5zqHvyxph9c2A/Wmak1JfP
SOGCOckgjSRHjOLoXdXzD61vxr9RRCAKTrLayQiLxn6SmvUyEK1ibgrVy5+vaqdR
Jhp28F9UyWq2V7ZN7wrrb9aBIUFK15Y6OUUKZj/AJQa5Hsa0pyISPpImuRwb02Zf
y+EiOYwRaDi0d3ouXi16Ob2OcU9cu3ZKzgi4SupiVrnTckHkeQPlKZmEuDxf
-----END CERTIFICATE-----