Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yhqVe4Sn24zi_JIb67RXByR1VSQ.roa
File:                     yhqVe4Sn24zi_JIb67RXByR1VSQ.roa (raw, json)
Hash identifier:          La+NLcwh/KNZqDSlW2+NIxMVYGXgKLJKSMn3cef+vEM=
Subject key identifier:   CA:1A:95:7B:84:A7:DB:8C:E2:FC:92:1B:EB:B4:57:07:24:75:55:24
Certificate issuer:       /CN=c937d2f6f0b78c0ed75b8efc28009d7979614003
Certificate serial:       018E0C893064D3A86B05C63BB44ABF97B309
Authority key identifier: C9:37:D2:F6:F0:B7:8C:0E:D7:5B:8E:FC:28:00:9D:79:79:61:40:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yhqVe4Sn24zi_JIb67RXByR1VSQ.roa
Signing time:             Tue 05 Mar 2024 02:55:01 +0000
ROA not before:           Tue 05 Mar 2024 02:55:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62134
IP address blocks:        185.46.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0c:89:30:64:d3:a8:6b:05:c6:3b:b4:4a:bf:97:b3:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c937d2f6f0b78c0ed75b8efc28009d7979614003
        Validity
            Not Before: Mar  5 02:55:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca1a957b84a7db8ce2fc921bebb4570724755524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:76:3f:bf:d8:ec:18:64:dc:01:85:2c:b0:d0:
                    f2:5e:56:f3:83:89:17:5f:f0:ed:f6:44:a8:bd:b8:
                    aa:eb:97:64:32:61:8b:22:7e:3f:b8:c7:5e:ac:ea:
                    61:4f:16:4d:7a:4b:f4:e5:70:ef:d7:20:7b:2e:f3:
                    a6:bf:77:9b:0f:b8:8b:92:ee:c2:ab:79:18:cf:6f:
                    8e:2f:02:5e:02:12:02:14:73:4b:fb:08:13:f2:8d:
                    e1:a7:39:4e:db:54:3c:13:fb:21:cc:4f:e0:95:86:
                    a9:cd:c8:82:4c:07:d3:9f:96:4e:53:0f:c9:23:9a:
                    89:79:8d:e3:66:06:be:2a:a8:8e:d0:8e:47:54:9b:
                    9f:25:4a:44:ba:15:cd:20:18:3c:a2:68:29:c9:fb:
                    77:88:be:ce:51:5b:93:2c:ca:b5:bc:e5:0c:6d:0b:
                    eb:2b:8b:15:02:5b:34:c9:2a:fd:5a:6b:e6:60:1e:
                    46:12:a6:10:80:62:ef:a2:77:97:0c:d8:9a:2d:ba:
                    c9:d5:f4:8e:93:f5:4e:b1:89:4f:25:7d:e0:cd:55:
                    4a:96:de:70:34:37:dc:69:e6:6f:05:43:b3:30:41:
                    eb:08:ac:8f:00:6d:94:08:d8:1d:bd:98:49:b2:42:
                    7d:71:da:4f:26:93:1c:d0:3a:4b:4a:e7:94:df:fc:
                    45:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1A:95:7B:84:A7:DB:8C:E2:FC:92:1B:EB:B4:57:07:24:75:55:24
            X509v3 Authority Key Identifier:
                keyid:C9:37:D2:F6:F0:B7:8C:0E:D7:5B:8E:FC:28:00:9D:79:79:61:40:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yhqVe4Sn24zi_JIb67RXByR1VSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:32:e2:a2:4d:41:b1:3b:88:40:1d:6c:91:2c:fa:fc:28:2a:
         1c:ab:7c:c6:e4:38:7e:b9:b0:a5:cd:46:32:21:6a:ab:69:4e:
         ae:1e:f0:56:aa:cf:25:c7:45:2a:84:40:9f:22:5e:2f:50:6c:
         6d:56:83:68:bd:92:15:d0:8f:d0:a4:22:76:2c:2e:37:e7:15:
         59:0a:43:27:2f:0c:ba:b2:e3:79:a5:9d:69:02:90:8f:d4:c1:
         d7:e8:04:53:f8:a1:b4:46:cf:2a:01:8f:57:5b:a0:4c:9d:91:
         76:12:a4:17:59:30:94:1d:4d:66:29:f9:5b:6a:3b:8f:e3:67:
         a3:3a:24:ed:07:b9:31:65:ff:d1:67:a9:7e:d8:8f:ba:84:c5:
         b7:4e:c5:8d:24:bc:69:f6:1c:a9:1c:68:9b:36:ce:e3:ad:45:
         0f:8a:0c:cf:0f:4c:bd:c8:f6:49:92:57:b9:8f:9e:a3:55:d8:
         70:f4:92:59:77:1e:30:6d:8b:af:c2:19:3e:f8:2a:4e:d4:12:
         37:5a:09:fb:a2:30:74:b7:c7:0c:a8:e1:d1:19:b7:cb:3e:c9:
         23:2b:f3:a8:9b:29:92:68:37:a2:7f:3c:56:93:4c:63:b5:4d:
         c3:e3:66:52:4b:6e:27:a8:41:8a:4a:85:8f:cf:d2:96:48:05:
         f8:94:58:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4MiTBk06hrBcY7tEq/l7MJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzdkMmY2ZjBiNzhjMGVkNzViOGVmYzI4MDA5ZDc5Nzk2
MTQwMDMwHhcNMjQwMzA1MDI1NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFhOTU3Yjg0YTdkYjhjZTJmYzkyMWJlYmI0NTcwNzI0NzU1NTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXY/v9jsGGTcAYUssNDyXlbzg4kX
X/Dt9kSovbiq65dkMmGLIn4/uMderOphTxZNekv05XDv1yB7LvOmv3ebD7iLku7C
q3kYz2+OLwJeAhICFHNL+wgT8o3hpzlO21Q8E/shzE/glYapzciCTAfTn5ZOUw/J
I5qJeY3jZga+KqiO0I5HVJufJUpEuhXNIBg8omgpyft3iL7OUVuTLMq1vOUMbQvr
K4sVAls0ySr9WmvmYB5GEqYQgGLvoneXDNiaLbrJ1fSOk/VOsYlPJX3gzVVKlt5w
NDfcaeZvBUOzMEHrCKyPAG2UCNgdvZhJskJ9cdpPJpMc0DpLSueU3/xF2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoalXuEp9uM4vySG+u0VwckdVUkMB8GA1UdIwQY
MBaAFMk30vbwt4wO11uO/CgAnXl5YUADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVRmUzl2QzNqQTdYVzQ3OEtBQ2RlWGxoUUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iOWJkMDYtOTZjOC00ZTcxLWJhMTIt
OTM3NzU0Y2JiNTA1LzEveWhxVmU0U24yNHppX0pJYjY3UlhCeVIxVlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iOWJkMDYtOTZjOC00ZTcxLWJhMTItOTM3NzU0Y2JiNTA1
LzEveVRmUzl2QzNqQTdYVzQ3OEtBQ2RlWGxoUUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS54MA0G
CSqGSIb3DQEBCwUAA4IBAQCWMuKiTUGxO4hAHWyRLPr8KCocq3zG5Dh+ubClzUYy
IWqraU6uHvBWqs8lx0UqhECfIl4vUGxtVoNovZIV0I/QpCJ2LC435xVZCkMnLwy6
suN5pZ1pApCP1MHX6ART+KG0Rs8qAY9XW6BMnZF2EqQXWTCUHU1mKflbajuP42ej
OiTtB7kxZf/RZ6l+2I+6hMW3TsWNJLxp9hypHGibNs7jrUUPigzPD0y9yPZJkle5
j56jVdhw9JJZdx4wbYuvwhk++CpO1BI3Wgn7ojB0t8cMqOHRGbfLPskjK/OomymS
aDeifzxWk0xjtU3D42ZSS24nqEGKSoWPz9KWSAX4lFi0
-----END CERTIFICATE-----