Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/yv08EH90nRPgnJ4aLVioWHP74iI.roa
File:                     yv08EH90nRPgnJ4aLVioWHP74iI.roa (raw, json)
Hash identifier:          wfa+cbtIfXj/VcabZ84otkiskAuSmrS6+55fqOkIL+o=
Subject key identifier:   CA:FD:3C:10:7F:74:9D:13:E0:9C:9E:1A:2D:58:A8:58:73:FB:E2:22
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BD61A644B8F323A2AA8614DD32A3
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/yv08EH90nRPgnJ4aLVioWHP74iI.roa
Signing time:             Wed 01 Jan 2025 19:48:39 +0000
ROA not before:           Wed 01 Jan 2025 19:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23352
IP address blocks:        81.199.24.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:bd:61:a6:44:b8:f3:23:a2:aa:86:14:dd:32:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cafd3c107f749d13e09c9e1a2d58a85873fbe222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:53:27:6c:a7:c8:73:69:ee:e3:43:e4:3c:52:
                    a3:0a:83:4a:e1:86:aa:b6:1f:6d:37:d8:94:4d:31:
                    3c:a9:dd:66:a1:55:01:b3:a7:e9:2d:3b:c6:19:9b:
                    20:15:23:38:ba:d7:18:03:e0:fe:64:a4:ef:80:fe:
                    f4:69:1a:0e:29:ca:a7:1d:29:90:21:38:da:b7:aa:
                    d0:38:dd:39:36:bf:6c:88:87:1f:f7:a4:78:4d:9c:
                    5a:19:d1:93:4b:2c:7c:d9:37:da:fb:7d:7a:69:48:
                    22:50:b9:1a:af:da:3c:ea:ab:c7:fa:84:ca:b1:46:
                    91:4a:91:b8:86:6b:10:22:50:ed:a2:3e:58:fe:c5:
                    0e:d1:1b:ed:94:2c:a2:ca:78:ae:12:e4:3b:f2:5c:
                    1b:7f:63:6e:45:ee:98:5c:ab:33:08:7b:f3:d6:22:
                    8f:32:e2:60:9a:b4:22:1b:9f:59:b7:0b:48:10:4c:
                    e7:95:a4:67:67:73:11:98:b4:02:73:6a:56:0a:45:
                    33:de:1f:37:4d:1b:78:dd:79:1a:e9:1b:e5:42:25:
                    d3:c9:69:17:b3:e2:dc:e0:19:d2:e4:27:fd:c6:77:
                    5a:7d:6a:88:b4:e5:00:9c:c6:ab:6c:ad:f5:b6:51:
                    78:20:6e:6e:8d:fb:f2:1a:8e:51:75:6a:53:a3:68:
                    b6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FD:3C:10:7F:74:9D:13:E0:9C:9E:1A:2D:58:A8:58:73:FB:E2:22
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/yv08EH90nRPgnJ4aLVioWHP74iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:aa:b0:2d:ff:70:01:fb:d6:e7:35:8e:e8:c3:d0:f0:be:4a:
         1b:7d:7c:9b:da:bd:5b:15:7d:93:ab:6b:ee:a5:6c:0d:df:16:
         ce:3f:35:96:00:30:7f:80:79:b6:de:d6:28:41:b8:0e:95:59:
         22:dd:22:f7:8a:44:46:c6:da:19:cd:de:3c:ba:42:22:f8:98:
         0b:04:2c:71:a3:c9:89:90:b1:97:e9:48:ea:d8:89:70:de:45:
         7a:19:ac:5e:ba:68:9c:24:10:19:91:1f:32:39:c5:18:91:32:
         c4:45:4a:51:ab:ff:57:a9:3a:67:f5:0a:4a:2d:ef:2d:a9:b1:
         a3:8d:c5:a5:02:be:46:1c:f0:87:7b:a4:66:14:c8:0f:0b:c9:
         8e:62:65:c4:14:f4:65:04:d0:84:cd:52:48:ac:5b:37:e8:c0:
         94:49:bd:bc:a7:40:27:8e:21:9f:1e:cd:a1:f8:10:b4:09:46:
         e2:58:bf:10:e9:c1:37:67:7f:f0:ca:0c:c5:5b:9d:45:3c:78:
         85:a4:86:d6:e7:21:06:e5:4f:3d:47:c7:67:c5:ce:4c:69:ee:
         35:2a:55:de:c3:08:ab:c0:cd:e4:9e:ae:30:65:47:b0:3f:3e:
         cd:4e:43:90:0f:b3:98:0c:3b:67:9a:f2:34:c1:7e:2f:41:a9:
         05:62:4a:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjab1hpkS48yOiqoYU3TKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZkM2MxMDdmNzQ5ZDEzZTA5YzllMWEyZDU4YTg1ODczZmJlMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1MnbKfIc2nu40PkPFKjCoNK4Yaq
th9tN9iUTTE8qd1moVUBs6fpLTvGGZsgFSM4utcYA+D+ZKTvgP70aRoOKcqnHSmQ
ITjat6rQON05Nr9siIcf96R4TZxaGdGTSyx82Tfa+316aUgiULkar9o86qvH+oTK
sUaRSpG4hmsQIlDtoj5Y/sUO0RvtlCyiyniuEuQ78lwbf2NuRe6YXKszCHvz1iKP
MuJgmrQiG59ZtwtIEEznlaRnZ3MRmLQCc2pWCkUz3h83TRt43Xka6RvlQiXTyWkX
s+Lc4BnS5Cf9xndafWqItOUAnMarbK31tlF4IG5ujfvyGo5RdWpTo2i2OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMr9PBB/dJ0T4JyeGi1YqFhz++IiMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEveXYwOEVIOTBuUlBnbko0YUxWaW9XSFA3NGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUccYMA0G
CSqGSIb3DQEBCwUAA4IBAQB+qrAt/3AB+9bnNY7ow9DwvkobfXyb2r1bFX2Tq2vu
pWwN3xbOPzWWADB/gHm23tYoQbgOlVki3SL3ikRGxtoZzd48ukIi+JgLBCxxo8mJ
kLGX6Ujq2Ilw3kV6GaxeumicJBAZkR8yOcUYkTLERUpRq/9XqTpn9QpKLe8tqbGj
jcWlAr5GHPCHe6RmFMgPC8mOYmXEFPRlBNCEzVJIrFs36MCUSb28p0AnjiGfHs2h
+BC0CUbiWL8Q6cE3Z3/wygzFW51FPHiFpIbW5yEG5U89R8dnxc5Mae41KlXewwir
wM3knq4wZUewPz7NTkOQD7OYDDtnmvI0wX4vQakFYkp9
-----END CERTIFICATE-----