Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/yZ3Po0hR1ZJyc1rv39YH9NNWuXs.roa
File:                     yZ3Po0hR1ZJyc1rv39YH9NNWuXs.roa (raw, json)
Hash identifier:          22bouj/6xCSX/ZXyHrbVMTQvQervlfTwQaA97vYRHBU=
Subject key identifier:   C9:9D:CF:A3:48:51:D5:92:72:73:5A:EF:DF:D6:07:F4:D3:56:B9:7B
Certificate issuer:       /CN=e7478550068bf78220408c25d612bc2fb02460c1
Certificate serial:       019420D6003911508199A556525454614299
Authority key identifier: E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/yZ3Po0hR1ZJyc1rv39YH9NNWuXs.roa
Signing time:             Wed 01 Jan 2025 07:48:02 +0000
ROA not before:           Wed 01 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16253
IP address blocks:        217.142.0.0/20 maxlen: 20
                          2a03:f0c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:00:39:11:50:81:99:a5:56:52:54:54:61:42:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7478550068bf78220408c25d612bc2fb02460c1
        Validity
            Not Before: Jan  1 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c99dcfa34851d59272735aefdfd607f4d356b97b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7e:4a:c5:11:d0:b7:c9:67:0e:c0:dd:36:be:
                    31:4c:f0:c6:12:8c:76:81:67:4b:4d:7e:38:0a:08:
                    c9:9d:92:9b:26:12:09:a4:e5:aa:5c:af:78:e2:91:
                    43:3a:0b:83:f0:7a:38:ca:5e:15:54:23:83:7a:26:
                    f3:56:e3:8a:51:60:a3:24:20:f7:77:0b:a7:ab:43:
                    e1:bc:e2:ba:00:f2:de:17:31:94:42:d4:b1:6f:19:
                    a5:99:41:e2:ca:93:60:9f:ef:91:1c:51:f1:ef:71:
                    fe:38:6b:db:98:25:fd:39:db:d9:35:03:08:4a:ea:
                    90:6c:da:8f:0b:cd:85:c5:7a:8b:e2:0c:c3:69:f8:
                    78:77:bf:20:74:b7:e2:03:7e:56:c6:da:5a:55:15:
                    24:8d:29:4f:46:50:a6:6e:e5:f1:6e:73:c6:c0:c2:
                    7a:d7:a8:a6:51:ba:6b:6a:15:b6:92:30:6d:9e:8d:
                    88:09:3d:56:ba:25:ef:64:b1:5f:bb:de:2c:4f:a3:
                    fa:67:5b:ca:2b:a9:9b:ec:8b:94:9f:26:fc:34:df:
                    32:69:b9:bc:7f:1e:1a:1a:b8:c2:bc:44:9a:53:e7:
                    58:fc:44:3a:5c:14:41:80:09:c9:49:de:f2:9f:a2:
                    84:eb:e6:66:57:aa:e3:4e:d2:5e:61:7c:e5:46:ef:
                    0f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9D:CF:A3:48:51:D5:92:72:73:5A:EF:DF:D6:07:F4:D3:56:B9:7B
            X509v3 Authority Key Identifier:
                keyid:E7:47:85:50:06:8B:F7:82:20:40:8C:25:D6:12:BC:2F:B0:24:60:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50eFUAaL94IgQIwl1hK8L7AkYME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/yZ3Po0hR1ZJyc1rv39YH9NNWuXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/635511-71f3-4f57-9139-7da3cd253bf6/1/50eFUAaL94IgQIwl1hK8L7AkYME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.142.0.0/20
                IPv6:
                  2a03:f0c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:76:69:f1:54:4f:2a:6e:0c:11:c3:4f:7a:13:7e:91:85:dc:
         a3:64:b5:f6:17:06:3d:bf:97:42:3a:d0:ea:63:21:a1:a1:15:
         35:49:c4:8c:5d:b9:5d:8e:9f:2f:15:87:ce:63:0e:21:6a:b4:
         de:ff:fd:09:d8:68:33:99:f6:0c:44:b4:9e:d2:8f:2d:9f:46:
         d5:bc:83:7e:dd:41:df:1e:e5:82:cf:f1:95:24:32:7c:8f:e7:
         21:91:52:8e:17:00:a5:78:30:4d:74:24:9c:a0:e0:84:6a:be:
         b1:85:6d:55:25:1d:5e:2f:73:40:de:b2:59:d4:5c:c5:96:18:
         2b:47:d0:ab:51:61:08:a6:17:f7:8f:c5:ea:69:a7:32:7d:17:
         23:c0:99:78:ea:75:d9:e6:12:a6:e1:f6:7d:ef:87:b5:1c:ce:
         3e:00:78:8c:b2:cf:18:1a:3f:02:a0:8c:2b:29:89:6e:f5:05:
         d7:79:7a:a5:43:24:91:b5:f3:3a:c2:3e:58:56:09:c0:8d:33:
         22:38:54:49:d9:bd:c6:14:5c:ac:86:49:49:5b:4b:ba:20:b6:
         b5:1e:6f:03:dc:64:7e:52:a8:22:ca:b3:93:3e:3a:ea:f9:dc:
         8a:1d:18:50:a0:99:8b:3f:bb:52:9d:99:8f:88:2d:57:15:e9:
         3d:90:92:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1gA5EVCBmaVWUlRUYUKZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NDc4NTUwMDY4YmY3ODIyMDQwOGMyNWQ2MTJiYzJmYjAy
NDYwYzEwHhcNMjUwMTAxMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTlkY2ZhMzQ4NTFkNTkyNzI3MzVhZWZkZmQ2MDdmNGQzNTZiOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX5KxRHQt8lnDsDdNr4xTPDGEox2
gWdLTX44CgjJnZKbJhIJpOWqXK944pFDOguD8Ho4yl4VVCODeibzVuOKUWCjJCD3
dwunq0PhvOK6APLeFzGUQtSxbxmlmUHiypNgn++RHFHx73H+OGvbmCX9OdvZNQMI
SuqQbNqPC82FxXqL4gzDafh4d78gdLfiA35WxtpaVRUkjSlPRlCmbuXxbnPGwMJ6
16imUbprahW2kjBtno2ICT1WuiXvZLFfu94sT6P6Z1vKK6mb7IuUnyb8NN8yabm8
fx4aGrjCvESaU+dY/EQ6XBRBgAnJSd7yn6KE6+ZmV6rjTtJeYXzlRu8PZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMmdz6NIUdWScnNa79/WB/TTVrl7MB8GA1UdIwQY
MBaAFOdHhVAGi/eCIECMJdYSvC+wJGDBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzkt
N2RhM2NkMjUzYmY2LzEveVozUG8waFIxWkp5YzFydjM5WUg5Tk5XdVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82MzU1MTEtNzFmMy00ZjU3LTkxMzktN2RhM2NkMjUzYmY2
LzEvNTBlRlVBYUw5NElnUUl3bDFoSzhMN0FrWU1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2Y4AMA0E
AgACMAcDBQAqA/DAMA0GCSqGSIb3DQEBCwUAA4IBAQApdmnxVE8qbgwRw096E36R
hdyjZLX2FwY9v5dCOtDqYyGhoRU1ScSMXbldjp8vFYfOYw4harTe//0J2GgzmfYM
RLSe0o8tn0bVvIN+3UHfHuWCz/GVJDJ8j+chkVKOFwCleDBNdCScoOCEar6xhW1V
JR1eL3NA3rJZ1FzFlhgrR9CrUWEIphf3j8XqaacyfRcjwJl46nXZ5hKm4fZ974e1
HM4+AHiMss8YGj8CoIwrKYlu9QXXeXqlQySRtfM6wj5YVgnAjTMiOFRJ2b3GFFys
hklJW0u6ILa1Hm8D3GR+UqgiyrOTPjrq+dyKHRhQoJmLP7tSnZmPiC1XFek9kJJC
-----END CERTIFICATE-----