Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/YbJzPsGJ_O0XO9f0P0jX-j_hrdY.roa
File:                     YbJzPsGJ_O0XO9f0P0jX-j_hrdY.roa (raw, json)
Hash identifier:          i+Lli+jDPl9LVWSHyuYZJJ8Iy6VthPkatd3+3TIBCNM=
Subject key identifier:   61:B2:73:3E:C1:89:FC:ED:17:3B:D7:F4:3F:48:D7:FA:3F:E1:AD:D6
Certificate issuer:       /CN=66dfb43158d9ddb2f5b9f2923753bed3fb1173ca
Certificate serial:       018CC9BCC7007C74291C52779E30119C3709
Authority key identifier: 66:DF:B4:31:58:D9:DD:B2:F5:B9:F2:92:37:53:BE:D3:FB:11:73:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/YbJzPsGJ_O0XO9f0P0jX-j_hrdY.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15721
IP address blocks:        217.21.160.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c7:00:7c:74:29:1c:52:77:9e:30:11:9c:37:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66dfb43158d9ddb2f5b9f2923753bed3fb1173ca
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61b2733ec189fced173bd7f43f48d7fa3fe1add6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3d:b7:1b:4c:72:8e:19:10:9e:ec:83:25:76:
                    cc:4a:ab:9e:a5:59:b5:0e:5a:00:0d:55:f0:62:08:
                    29:93:30:21:98:3c:7b:8b:43:1e:45:8b:b7:45:9f:
                    0a:2d:6a:0c:cb:21:e2:e6:92:48:0b:9b:52:42:a4:
                    78:66:df:a6:fe:89:57:a9:84:b2:39:0a:75:23:9d:
                    6b:7d:14:9f:1b:b9:f9:66:12:81:87:65:d0:9d:b7:
                    a3:10:d1:4e:df:e6:2b:b2:1e:6a:6c:96:71:94:e8:
                    52:6b:ea:10:ae:60:7a:17:9c:e3:fe:51:fc:b9:8e:
                    e3:11:7b:8e:7d:a8:61:17:09:a0:71:87:0d:4b:1e:
                    ac:d9:31:65:9b:bf:57:79:40:81:8d:06:33:52:a4:
                    84:b5:7e:58:d1:b1:f9:19:d8:38:c2:77:e6:0b:8c:
                    aa:12:a7:26:02:a2:19:16:47:ad:c6:f4:21:4d:7c:
                    b7:e2:1f:8f:f8:1d:1d:a6:57:fe:c2:f9:87:8e:9f:
                    63:6c:97:e7:a9:e0:84:27:0f:7f:1a:38:0f:7b:1e:
                    1e:34:66:80:d7:34:94:d9:41:30:bd:19:a9:74:16:
                    86:dd:e5:0d:9f:95:ad:04:be:9c:f8:aa:18:39:ad:
                    6e:7f:f9:d0:6e:83:f5:bb:e0:b1:d7:c5:cb:74:99:
                    5d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:B2:73:3E:C1:89:FC:ED:17:3B:D7:F4:3F:48:D7:FA:3F:E1:AD:D6
            X509v3 Authority Key Identifier:
                keyid:66:DF:B4:31:58:D9:DD:B2:F5:B9:F2:92:37:53:BE:D3:FB:11:73:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/YbJzPsGJ_O0XO9f0P0jX-j_hrdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/aef530-0c91-4c28-85ae-27cb1b026113/1/Zt-0MVjZ3bL1ufKSN1O-0_sRc8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.21.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         75:15:a1:48:b0:93:d6:8b:de:61:e6:1c:a1:e2:ff:be:22:94:
         ca:48:a0:a3:4b:de:60:33:4d:db:4b:ae:e9:cd:f2:c9:35:63:
         2f:9c:11:6f:d2:34:d7:07:b1:8f:20:73:76:7b:d3:7d:f7:81:
         cc:93:51:a8:1d:2a:ad:29:04:ca:3d:2a:69:15:54:02:21:6d:
         19:4e:8d:9c:92:99:0f:08:38:56:91:b6:11:22:95:80:ad:10:
         64:e1:89:4a:63:3f:4b:80:3b:b5:59:a7:67:ad:19:65:6a:98:
         30:87:65:60:ee:9b:df:b8:e5:62:20:e1:76:3e:e3:ef:00:35:
         38:b7:aa:5b:7b:8f:05:67:36:40:f4:d0:10:71:c6:0a:c3:a7:
         9a:65:43:3e:4c:4b:74:fb:de:48:02:cc:8b:03:71:eb:31:d4:
         12:26:08:3e:ef:35:8d:20:f8:cf:4f:df:ad:e5:f0:15:16:7e:
         7d:d2:87:6c:14:10:9a:ca:ca:7d:ef:fc:03:e9:80:1b:48:9a:
         ae:37:ce:cb:e5:73:4e:7b:4d:15:94:46:91:a6:63:b3:7d:10:
         1e:a2:b7:c0:b5:53:b0:59:8d:9f:df:e1:e4:8c:dc:c3:58:6a:
         d7:aa:2f:3c:28:25:28:7f:72:61:a2:36:cf:6f:8b:1c:9a:8f:
         ca:6a:3e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMcAfHQpHFJ3njARnDcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGZiNDMxNThkOWRkYjJmNWI5ZjI5MjM3NTNiZWQzZmIx
MTczY2EwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWIyNzMzZWMxODlmY2VkMTczYmQ3ZjQzZjQ4ZDdmYTNmZTFhZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj23G0xyjhkQnuyDJXbMSquepVm1
DloADVXwYggpkzAhmDx7i0MeRYu3RZ8KLWoMyyHi5pJIC5tSQqR4Zt+m/olXqYSy
OQp1I51rfRSfG7n5ZhKBh2XQnbejENFO3+Yrsh5qbJZxlOhSa+oQrmB6F5zj/lH8
uY7jEXuOfahhFwmgcYcNSx6s2TFlm79XeUCBjQYzUqSEtX5Y0bH5Gdg4wnfmC4yq
EqcmAqIZFketxvQhTXy34h+P+B0dplf+wvmHjp9jbJfnqeCEJw9/GjgPex4eNGaA
1zSU2UEwvRmpdBaG3eUNn5WtBL6c+KoYOa1uf/nQboP1u+Cx18XLdJldbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGycz7BifztFzvX9D9I1/o/4a3WMB8GA1UdIwQY
MBaAFGbftDFY2d2y9bnykjdTvtP7EXPKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQtME1WalozYkwxdWZLU04xTy0wX3NSYzhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9hZWY1MzAtMGM5MS00YzI4LTg1YWUt
MjdjYjFiMDI2MTEzLzEvWWJKelBzR0pfTzBYTzlmMFAwalgtal9ocmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9hZWY1MzAtMGM5MS00YzI4LTg1YWUtMjdjYjFiMDI2MTEz
LzEvWnQtME1WalozYkwxdWZLU04xTy0wX3NSYzhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RWgMA0G
CSqGSIb3DQEBCwUAA4IBAQB1FaFIsJPWi95h5hyh4v++IpTKSKCjS95gM03bS67p
zfLJNWMvnBFv0jTXB7GPIHN2e9N994HMk1GoHSqtKQTKPSppFVQCIW0ZTo2ckpkP
CDhWkbYRIpWArRBk4YlKYz9LgDu1WadnrRllapgwh2Vg7pvfuOViIOF2PuPvADU4
t6pbe48FZzZA9NAQccYKw6eaZUM+TEt0+95IAsyLA3HrMdQSJgg+7zWNIPjPT9+t
5fAVFn590odsFBCaysp97/wD6YAbSJquN87L5XNOe00VlEaRpmOzfRAeorfAtVOw
WY2f3+HkjNzDWGrXqi88KCUof3JhojbPb4scmo/Kaj7X
-----END CERTIFICATE-----