Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/YChRu76esiXr8ukn9XgB5OZKvOA.roa
File:                     YChRu76esiXr8ukn9XgB5OZKvOA.roa (raw, json)
Hash identifier:          O7gHtlaGRgG5LOLqsPJnAKipZJXusjyx9jbTPjKakJI=
Subject key identifier:   60:28:51:BB:BE:9E:B2:25:EB:F2:E9:27:F5:78:01:E4:E6:4A:BC:E0
Certificate issuer:       /CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
Certificate serial:       018CC56E527577CC1C616B7985FE536CC2A9
Authority key identifier: 66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/YChRu76esiXr8ukn9XgB5OZKvOA.roa
Signing time:             Mon 01 Jan 2024 14:29:50 +0000
ROA not before:           Mon 01 Jan 2024 14:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199894
IP address blocks:        91.187.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:52:75:77:cc:1c:61:6b:79:85:fe:53:6c:c2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
        Validity
            Not Before: Jan  1 14:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=602851bbbe9eb225ebf2e927f57801e4e64abce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:77:0a:1b:5a:62:85:bf:b9:c7:eb:17:fc:e4:
                    7b:73:fe:89:75:e9:7b:fe:5d:66:62:1b:00:04:7d:
                    6e:95:12:7d:b9:41:56:fc:be:59:c9:90:98:0c:8b:
                    e1:11:78:1f:3a:b9:cf:90:93:d2:0c:cf:68:78:d1:
                    d7:1f:ec:95:9c:22:c5:78:b7:07:d1:9d:13:84:34:
                    a4:4e:e5:7f:6d:1b:bc:5a:3e:7a:9a:92:ad:48:7f:
                    9d:ed:ef:35:0b:cc:31:3d:f6:b3:79:df:7b:1c:a4:
                    01:a1:02:99:32:72:1c:04:93:93:3b:bd:68:f4:d1:
                    29:cb:82:10:fe:84:02:13:64:fb:ae:c3:5a:58:53:
                    6a:20:b6:62:dd:27:d3:cf:1c:55:92:0c:24:a4:71:
                    f1:de:da:91:35:e5:60:be:d5:b9:5b:df:3b:78:1e:
                    64:b2:2e:4b:79:1a:bb:f7:a8:df:7c:99:02:6c:bd:
                    90:cc:24:e9:54:e7:2b:f6:6d:47:0b:6f:f8:27:2d:
                    c4:7a:1b:d5:ef:0a:2c:77:2c:11:07:b3:73:bf:31:
                    80:8e:15:93:40:1c:d2:2c:b5:b7:52:58:41:f5:04:
                    ce:1f:bf:e5:aa:f8:46:16:79:f1:fa:0c:fb:19:6c:
                    7a:45:fc:58:81:22:d3:96:bb:92:cd:8e:3b:1f:37:
                    2a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:28:51:BB:BE:9E:B2:25:EB:F2:E9:27:F5:78:01:E4:E6:4A:BC:E0
            X509v3 Authority Key Identifier:
                keyid:66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/YChRu76esiXr8ukn9XgB5OZKvOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.187.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e0:f5:0b:3b:52:bb:89:79:7e:f8:e3:80:dc:03:62:98:21:
         0b:e6:6a:c2:63:ea:83:75:e0:99:c6:a8:a0:33:88:75:2d:ef:
         f7:4b:d1:d0:26:cf:f8:e4:5e:68:3f:b0:41:bf:15:36:2c:39:
         92:8b:a2:9a:fa:72:1c:6b:a0:fd:3d:aa:80:6c:3e:06:20:4d:
         5a:04:3a:4f:e1:e8:6c:95:ad:1e:41:34:02:87:ce:52:15:27:
         e5:33:8b:d9:d6:09:0c:e6:74:d2:b9:ff:6b:fb:f6:1d:c0:08:
         d1:40:f6:bc:ee:34:5e:35:fc:98:b9:a4:9f:2c:cc:18:66:b1:
         e0:c3:55:e3:de:76:19:9d:d2:47:43:58:ba:d3:c1:40:a3:65:
         76:3f:a1:a1:91:5b:ea:d2:5d:d5:95:63:58:00:ba:01:e6:9d:
         98:c8:61:d6:a4:61:84:88:65:4b:b1:eb:e4:07:f9:73:88:26:
         b7:62:9e:ea:1d:bd:30:b3:59:1c:e8:8e:f6:92:89:b8:be:7c:
         50:75:84:fb:91:ff:03:55:19:37:da:6d:ea:ad:87:0a:f2:cd:
         d5:3a:9f:5d:bc:25:3b:e3:73:03:2e:49:bc:37:86:25:94:d3:
         25:60:71:21:10:d3:92:12:c0:4f:65:60:d1:77:53:b2:10:4c:
         1a:ff:2f:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblJ1d8wcYWt5hf5TbMKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODljMzk5NWUyNDYxZDVhNTJmZDRmMTAwMDc4MmY5OWE0
ZDQ4MjIwHhcNMjQwMTAxMTQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI4NTFiYmJlOWViMjI1ZWJmMmU5MjdmNTc4MDFlNGU2NGFiY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXcKG1pihb+5x+sX/OR7c/6Jdel7
/l1mYhsABH1ulRJ9uUFW/L5ZyZCYDIvhEXgfOrnPkJPSDM9oeNHXH+yVnCLFeLcH
0Z0ThDSkTuV/bRu8Wj56mpKtSH+d7e81C8wxPfazed97HKQBoQKZMnIcBJOTO71o
9NEpy4IQ/oQCE2T7rsNaWFNqILZi3SfTzxxVkgwkpHHx3tqRNeVgvtW5W987eB5k
si5LeRq796jffJkCbL2QzCTpVOcr9m1HC2/4Jy3EehvV7wosdywRB7NzvzGAjhWT
QBzSLLW3UlhB9QTOH7/lqvhGFnnx+gz7GWx6RfxYgSLTlruSzY47HzcqZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAoUbu+nrIl6/LpJ/V4AeTmSrzgMB8GA1UdIwQY
MBaAFGaJw5leJGHVpS/U8QAHgvmaTUgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMt
NDFlYWExZmRlMTFiLzEvWUNoUnU3NmVzaVhyOHVrbjlYZ0I1T1pLdk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMtNDFlYWExZmRlMTFi
LzEvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7viMA0G
CSqGSIb3DQEBCwUAA4IBAQBD4PULO1K7iXl++OOA3ANimCEL5mrCY+qDdeCZxqig
M4h1Le/3S9HQJs/45F5oP7BBvxU2LDmSi6Ka+nIca6D9PaqAbD4GIE1aBDpP4ehs
la0eQTQCh85SFSflM4vZ1gkM5nTSuf9r+/YdwAjRQPa87jReNfyYuaSfLMwYZrHg
w1Xj3nYZndJHQ1i608FAo2V2P6GhkVvq0l3VlWNYALoB5p2YyGHWpGGEiGVLsevk
B/lziCa3Yp7qHb0ws1kc6I72kom4vnxQdYT7kf8DVRk32m3qrYcK8s3VOp9dvCU7
43MDLkm8N4YllNMlYHEhENOSEsBPZWDRd1OyEEwa/y/7
-----END CERTIFICATE-----