Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/yKo-CbjxLW0bNXfKVddcYcSe-8g.roa
File:                     yKo-CbjxLW0bNXfKVddcYcSe-8g.roa (raw, json)
Hash identifier:          eYHmo0CUSUsDNqbPcqGOXa7l8kqt7mVufpMD1iQ5kZs=
Subject key identifier:   C8:AA:3E:09:B8:F1:2D:6D:1B:35:77:CA:55:D7:5C:61:C4:9E:FB:C8
Certificate issuer:       /CN=03d602b9e1da2b568df544bda50e415799bbb1e2
Certificate serial:       018CC424ACBACE1A1A34C7C45DCAD284AD2A
Authority key identifier: 03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/yKo-CbjxLW0bNXfKVddcYcSe-8g.roa
Signing time:             Mon 01 Jan 2024 08:29:46 +0000
ROA not before:           Mon 01 Jan 2024 08:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        82.117.230.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:04:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ac:ba:ce:1a:1a:34:c7:c4:5d:ca:d2:84:ad:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d602b9e1da2b568df544bda50e415799bbb1e2
        Validity
            Not Before: Jan  1 08:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8aa3e09b8f12d6d1b3577ca55d75c61c49efbc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bf:b2:f2:16:11:20:b6:05:95:3e:8f:d4:ef:
                    2c:c9:38:ed:d8:56:33:45:39:97:ba:f9:03:15:1b:
                    2e:55:df:66:31:65:59:50:4b:6d:06:6b:fb:2b:2c:
                    1f:ea:fe:21:b1:0e:a5:9e:52:35:be:2f:51:74:ef:
                    7f:16:65:cd:b6:fe:18:28:aa:f5:df:c0:db:33:ad:
                    23:48:27:06:02:e1:29:07:e9:09:b2:0b:7b:8e:5f:
                    56:f8:eb:d9:5c:89:73:b2:6d:43:cb:18:72:d2:34:
                    3e:66:d2:93:57:86:68:41:54:3d:5a:50:61:1d:fb:
                    ad:ea:65:52:87:b9:e0:14:a0:1e:32:e9:29:4f:5f:
                    e5:11:23:13:9d:c8:e2:3f:66:8d:06:29:59:6f:f6:
                    75:82:db:07:5a:e5:87:5d:d4:a0:fa:ec:44:b8:03:
                    57:eb:ff:7c:00:6a:a0:ce:8c:c2:dd:83:a1:34:f9:
                    94:9e:cb:7d:21:c9:f0:94:d0:cc:75:16:a8:34:b2:
                    93:5e:ec:37:ba:4f:d4:fc:0a:6d:af:97:70:70:54:
                    6d:4e:b4:28:d0:bc:2b:50:d2:2e:9c:88:b1:38:a0:
                    3b:e0:dd:d7:91:98:0e:b8:ef:97:fb:47:f8:31:8b:
                    12:13:da:9b:5c:ed:87:19:0d:17:4a:90:de:30:fa:
                    fc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:AA:3E:09:B8:F1:2D:6D:1B:35:77:CA:55:D7:5C:61:C4:9E:FB:C8
            X509v3 Authority Key Identifier:
                keyid:03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/yKo-CbjxLW0bNXfKVddcYcSe-8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:64:64:3e:d3:6b:bd:17:5d:46:d6:3d:e6:b0:2d:35:c0:fc:
         0e:eb:f5:77:02:03:f0:ae:f3:9b:7e:f4:8a:45:a8:04:cb:3b:
         22:83:a3:3e:3f:d9:72:93:f2:b8:45:28:11:d7:ab:33:bb:ac:
         eb:7d:7f:e4:02:a1:fa:ef:c5:73:a3:e6:69:47:77:d2:82:4a:
         4a:ee:66:61:20:eb:f9:14:3f:44:1f:c6:95:32:1a:43:2a:97:
         ac:8b:64:9f:d0:d7:0b:0b:2a:7c:cc:bd:32:f8:b2:5c:d4:0d:
         c7:37:39:94:fc:9f:b9:e0:5e:b7:4b:ef:27:f8:8a:f6:ae:aa:
         8c:00:f0:13:ea:32:c3:d2:01:e2:2a:81:95:b3:4e:a3:38:ff:
         a4:b6:da:c7:2c:d1:89:4c:09:84:9b:f1:e1:e8:d1:31:87:84:
         55:4a:83:08:c1:b6:9a:fa:ab:63:25:df:4f:3c:5c:5a:1a:aa:
         ff:42:d8:3c:71:f8:a5:0f:b5:22:70:39:94:d0:9a:67:f2:fe:
         20:bc:07:ed:74:ac:ac:bf:06:85:12:11:93:0d:91:48:f3:2e:
         8b:89:25:fd:7a:a6:9a:7b:61:34:e6:5a:89:57:22:79:af:ef:
         5d:dc:3d:4b:8e:11:fe:ab:ce:95:b8:4c:79:6c:86:d7:86:9b:
         d1:40:67:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKy6zhoaNMfEXcrShK0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDYwMmI5ZTFkYTJiNTY4ZGY1NDRiZGE1MGU0MTU3OTli
YmIxZTIwHhcNMjQwMTAxMDgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGFhM2UwOWI4ZjEyZDZkMWIzNTc3Y2E1NWQ3NWM2MWM0OWVmYmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL+y8hYRILYFlT6P1O8syTjt2FYz
RTmXuvkDFRsuVd9mMWVZUEttBmv7Kywf6v4hsQ6lnlI1vi9RdO9/FmXNtv4YKKr1
38DbM60jSCcGAuEpB+kJsgt7jl9W+OvZXIlzsm1Dyxhy0jQ+ZtKTV4ZoQVQ9WlBh
Hfut6mVSh7ngFKAeMukpT1/lESMTncjiP2aNBilZb/Z1gtsHWuWHXdSg+uxEuANX
6/98AGqgzozC3YOhNPmUnst9IcnwlNDMdRaoNLKTXuw3uk/U/Aptr5dwcFRtTrQo
0LwrUNIunIixOKA74N3XkZgOuO+X+0f4MYsSE9qbXO2HGQ0XSpDeMPr81wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiqPgm48S1tGzV3ylXXXGHEnvvIMB8GA1UdIwQY
MBaAFAPWArnh2itWjfVEvaUOQVeZu7HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEt
ZmI5N2RkZDU0ODkxLzEveUtvLUNianhMVzBiTlhmS1ZkZGNZY1NlLThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEtZmI5N2RkZDU0ODkx
LzEvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnXmMA0G
CSqGSIb3DQEBCwUAA4IBAQBpZGQ+02u9F11G1j3msC01wPwO6/V3AgPwrvObfvSK
RagEyzsig6M+P9lyk/K4RSgR16szu6zrfX/kAqH678Vzo+ZpR3fSgkpK7mZhIOv5
FD9EH8aVMhpDKpesi2Sf0NcLCyp8zL0y+LJc1A3HNzmU/J+54F63S+8n+Ir2rqqM
APAT6jLD0gHiKoGVs06jOP+kttrHLNGJTAmEm/Hh6NExh4RVSoMIwbaa+qtjJd9P
PFxaGqr/Qtg8cfilD7UicDmU0Jpn8v4gvAftdKysvwaFEhGTDZFI8y6LiSX9eqaa
e2E05lqJVyJ5r+9d3D1LjhH+q86VuEx5bIbXhpvRQGfr
-----END CERTIFICATE-----