Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/yitip1-kJD5dQRdS53t4KfkARHM.roa
File:                     yitip1-kJD5dQRdS53t4KfkARHM.roa (raw, json)
Hash identifier:          cgy9OckdIOJNSQ5+HtqFQg4ACHdIPiP47DMcF7GV8yY=
Subject key identifier:   CA:2B:62:A7:5F:A4:24:3E:5D:41:17:52:E7:7B:78:29:F9:00:44:73
Certificate issuer:       /CN=f3211d2ecd60924ef2276f86939b070c0081574b
Certificate serial:       019595421115E1C4626BA049A52E82B24F23
Authority key identifier: F3:21:1D:2E:CD:60:92:4E:F2:27:6F:86:93:9B:07:0C:00:81:57:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/yitip1-kJD5dQRdS53t4KfkARHM.roa
Signing time:             Fri 14 Mar 2025 15:24:49 +0000
ROA not before:           Fri 14 Mar 2025 15:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49453
IP address blocks:        78.41.63.0/24 maxlen: 24
                          2a14:bc80:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:95:42:11:15:e1:c4:62:6b:a0:49:a5:2e:82:b2:4f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3211d2ecd60924ef2276f86939b070c0081574b
        Validity
            Not Before: Mar 14 15:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca2b62a75fa4243e5d411752e77b7829f9004473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:dd:a2:a3:c7:45:02:0a:a0:aa:1d:14:2f:62:
                    91:e1:bc:1e:2d:72:ce:d5:fb:8e:57:ce:79:22:4c:
                    a4:64:88:5e:4f:a9:51:98:8c:d1:c3:9c:2a:06:5d:
                    b4:b0:8b:7d:52:fe:98:ea:a5:d7:bc:14:b9:a6:82:
                    6c:af:48:7c:92:05:f1:80:4b:30:c4:21:cc:c5:6c:
                    52:d6:72:9c:0e:1d:36:36:e9:03:1e:a3:44:f0:e9:
                    37:a3:56:d3:c6:90:f5:f4:94:4b:02:82:05:55:8e:
                    dc:fc:fc:4d:a9:d8:5e:b1:96:76:a5:80:5a:c3:3a:
                    13:c4:0d:5b:1b:44:aa:a9:84:36:5a:23:e4:1f:92:
                    6e:f3:79:df:77:b1:03:6c:fa:c6:a5:ac:7c:41:7e:
                    0f:7d:91:b7:d3:e5:5e:da:09:50:ad:85:d9:9a:bf:
                    a5:58:75:dc:cc:62:85:a0:e9:65:8b:47:b6:39:a9:
                    aa:69:a6:84:53:0f:af:ab:f3:d9:a2:74:9e:e8:4d:
                    67:ae:d8:27:36:86:d0:0a:e1:93:43:a3:31:72:d1:
                    6f:e0:8e:ea:41:6f:51:d8:3a:ed:fb:ab:87:23:3b:
                    72:97:b4:89:1b:9a:4f:7d:6f:22:52:04:d9:75:d0:
                    01:5f:3f:16:f8:d6:7d:4a:82:84:87:fc:f6:ba:b5:
                    36:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2B:62:A7:5F:A4:24:3E:5D:41:17:52:E7:7B:78:29:F9:00:44:73
            X509v3 Authority Key Identifier:
                keyid:F3:21:1D:2E:CD:60:92:4E:F2:27:6F:86:93:9B:07:0C:00:81:57:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/yitip1-kJD5dQRdS53t4KfkARHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/034960-9fe3-4f74-b9cd-c5cf08eedb9c/1/8yEdLs1gkk7yJ2-Gk5sHDACBV0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.63.0/24
                IPv6:
                  2a14:bc80:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:db:9c:c6:d5:ba:dd:66:34:d9:36:1f:d3:c1:c6:13:08:cc:
         0a:b1:e2:f6:85:c9:6a:f8:92:c5:b4:37:1a:0b:05:42:d4:6e:
         51:c3:63:78:b5:a6:31:ab:c4:78:ee:eb:b7:b3:54:73:08:e6:
         e4:3a:45:57:15:69:4a:e5:24:2e:f5:c4:08:29:a0:41:bf:75:
         ca:20:f8:a9:76:db:79:0f:da:af:69:82:54:9f:e1:a1:7d:8b:
         13:79:59:be:d5:fd:b7:85:6b:fe:77:7f:cb:a4:4b:d3:2b:8b:
         1f:ca:17:4c:3c:a5:5c:b9:2b:c9:2d:a9:ff:4d:1e:c1:51:8d:
         77:aa:c4:ec:c0:19:d6:35:9c:ef:22:70:3b:5f:a2:cb:20:ba:
         3c:90:39:31:d5:a9:76:6c:2b:6c:1e:9b:7f:3d:90:a1:4c:3b:
         98:46:ec:71:27:a9:a5:a8:aa:f9:1c:7c:86:53:f2:36:70:c1:
         af:6b:81:c1:1c:53:1a:35:4b:20:2e:c0:4e:8b:4d:7c:22:09:
         8c:c3:32:7a:12:61:5f:ef:e4:8e:47:83:98:ff:16:34:4e:74:
         d1:c4:51:21:8c:0f:3f:29:6b:2b:ff:88:1a:9a:5a:a2:e2:2d:
         d6:cd:71:93:f3:a8:10:5d:7d:b5:2a:e8:24:e6:33:00:82:18:
         17:55:43:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZWVQhEV4cRia6BJpS6Csk8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjExZDJlY2Q2MDkyNGVmMjI3NmY4NjkzOWIwNzBjMDA4
MTU3NGIwHhcNMjUwMzE0MTUyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJiNjJhNzVmYTQyNDNlNWQ0MTE3NTJlNzdiNzgyOWY5MDA0NDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2t2io8dFAgqgqh0UL2KR4bweLXLO
1fuOV855IkykZIheT6lRmIzRw5wqBl20sIt9Uv6Y6qXXvBS5poJsr0h8kgXxgEsw
xCHMxWxS1nKcDh02NukDHqNE8Ok3o1bTxpD19JRLAoIFVY7c/PxNqdhesZZ2pYBa
wzoTxA1bG0SqqYQ2WiPkH5Ju83nfd7EDbPrGpax8QX4PfZG30+Ve2glQrYXZmr+l
WHXczGKFoOlli0e2OamqaaaEUw+vq/PZonSe6E1nrtgnNobQCuGTQ6MxctFv4I7q
QW9R2Drt+6uHIztyl7SJG5pPfW8iUgTZddABXz8W+NZ9SoKEh/z2urU22wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMorYqdfpCQ+XUEXUud7eCn5AERzMB8GA1UdIwQY
MBaAFPMhHS7NYJJO8idvhpObBwwAgVdLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlFZExzMWdrazd5SjItR2s1c0hEQUNCVjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8wMzQ5NjAtOWZlMy00Zjc0LWI5Y2Qt
YzVjZjA4ZWVkYjljLzEveWl0aXAxLWtKRDVkUVJkUzUzdDRLZmtBUkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8wMzQ5NjAtOWZlMy00Zjc0LWI5Y2QtYzVjZjA4ZWVkYjlj
LzEvOHlFZExzMWdrazd5SjItR2s1c0hEQUNCVjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQATik/MA8E
AgACMAkDBwAqFLyAAQEwDQYJKoZIhvcNAQELBQADggEBAF/bnMbVut1mNNk2H9PB
xhMIzAqx4vaFyWr4ksW0NxoLBULUblHDY3i1pjGrxHju67ezVHMI5uQ6RVcVaUrl
JC71xAgpoEG/dcog+Kl223kP2q9pglSf4aF9ixN5Wb7V/beFa/53f8ukS9Mrix/K
F0w8pVy5K8ktqf9NHsFRjXeqxOzAGdY1nO8icDtfossgujyQOTHVqXZsK2wem389
kKFMO5hG7HEnqaWoqvkcfIZT8jZwwa9rgcEcUxo1SyAuwE6LTXwiCYzDMnoSYV/v
5I5Hg5j/FjROdNHEUSGMDz8payv/iBqaWqLiLdbNcZPzqBBdfbUq6CTmMwCCGBdV
Q/Q=
-----END CERTIFICATE-----