Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/YvuniYG0LrMg6_6qfcXketXGbPw.roa
File:                     YvuniYG0LrMg6_6qfcXketXGbPw.roa (raw, json)
Hash identifier:          95EDDIPqr3Ht4uCmiiEUeJb2jFycTN8NuDErf0tDp88=
Subject key identifier:   62:FB:A7:89:81:B4:2E:B3:20:EB:FE:AA:7D:C5:E4:7A:D5:C6:6C:FC
Certificate issuer:       /CN=64c5fd1dc0c457d9ec113d23bd4935c723e9ecf4
Certificate serial:       018CCA994A8B77BC05EA0A5B3BF8B74D7FEB
Authority key identifier: 64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/YvuniYG0LrMg6_6qfcXketXGbPw.roa
Signing time:             Tue 02 Jan 2024 14:34:52 +0000
ROA not before:           Tue 02 Jan 2024 14:34:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211465
IP address blocks:        194.42.126.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:4a:8b:77:bc:05:ea:0a:5b:3b:f8:b7:4d:7f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64c5fd1dc0c457d9ec113d23bd4935c723e9ecf4
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62fba78981b42eb320ebfeaa7dc5e47ad5c66cfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8b:a3:71:81:35:09:a6:7d:f9:a0:9e:02:cc:
                    3a:70:a1:06:c1:d7:2f:9d:88:ab:41:85:be:e6:8e:
                    da:75:7c:52:49:b0:d6:70:34:98:ce:53:88:6a:37:
                    0b:55:73:4f:21:dc:e3:70:22:81:c2:89:f5:63:ee:
                    72:94:9e:64:79:80:f2:2c:68:ee:b8:46:04:01:9b:
                    d5:4f:05:13:56:04:aa:10:13:98:f1:11:bc:65:a9:
                    db:e2:31:3a:00:51:e0:21:e6:c6:e4:90:ba:c9:0c:
                    a3:a5:80:bc:eb:bc:df:70:24:3e:37:aa:a0:98:df:
                    f9:64:2f:31:47:14:f7:37:a8:ef:d0:ea:6a:54:c1:
                    ce:ab:6e:f8:0c:86:62:e0:49:26:c5:88:21:27:95:
                    9d:22:43:33:71:de:bd:4a:c6:47:0e:ea:3c:dd:91:
                    bd:e0:25:10:0e:44:5d:a1:8a:16:4c:ab:bb:46:05:
                    13:8a:1e:38:45:59:6d:7f:7f:e3:17:2e:f3:4b:7e:
                    ca:6b:96:98:c5:80:4c:93:c1:12:3c:83:03:aa:7d:
                    fb:d5:d1:cb:45:76:c5:eb:83:8f:82:66:2f:d8:a5:
                    52:06:69:6e:54:1f:f8:91:0c:5f:7b:93:c9:90:8d:
                    a8:7c:28:8b:79:11:69:39:41:3c:5d:72:6a:51:34:
                    75:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:FB:A7:89:81:B4:2E:B3:20:EB:FE:AA:7D:C5:E4:7A:D5:C6:6C:FC
            X509v3 Authority Key Identifier:
                keyid:64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/YvuniYG0LrMg6_6qfcXketXGbPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:4c:2b:f6:7b:de:61:df:1f:6e:75:bb:0a:bc:bb:65:d4:be:
         db:9c:44:c5:99:f5:70:9c:36:d4:10:24:5d:bc:27:d6:89:83:
         ff:6b:08:c4:75:19:19:63:29:b4:27:1d:c8:b0:8d:bd:7b:1b:
         59:7f:4f:4e:c3:8d:ce:50:c8:f0:75:fa:3b:fd:d6:95:ae:71:
         32:2b:38:c8:fe:f0:b5:ef:64:dd:6c:c6:e5:cf:fb:1c:4a:2c:
         2b:99:9c:ef:5b:48:fc:37:33:b5:47:43:f0:9b:4a:dc:0f:39:
         fc:51:40:e5:dc:bf:ad:d7:0c:60:fa:cf:58:5c:04:7e:b5:9e:
         49:3c:44:d7:14:9b:ee:d4:a4:08:7a:da:34:43:67:a6:df:7d:
         e8:f9:9a:85:94:08:db:51:13:a1:10:0b:9f:ce:78:15:18:57:
         0c:e7:16:00:6b:64:4e:f2:c0:c7:e8:63:16:46:11:eb:9d:2d:
         50:08:80:25:58:40:88:9e:a1:fc:ca:9a:bd:ee:80:b8:7b:0a:
         21:b1:68:01:90:74:7a:0a:d1:cb:03:a8:16:95:ba:25:ed:34:
         03:14:47:d8:ab:f6:8c:10:ef:62:90:11:f3:53:24:65:84:b5:
         84:c6:4e:1d:9f:e7:2e:83:0a:0c:fd:8c:44:f1:0e:ca:68:2a:
         be:7c:ad:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmUqLd7wF6gpbO/i3TX/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YzVmZDFkYzBjNDU3ZDllYzExM2QyM2JkNDkzNWM3MjNl
OWVjZjQwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmZiYTc4OTgxYjQyZWIzMjBlYmZlYWE3ZGM1ZTQ3YWQ1YzY2Y2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYujcYE1CaZ9+aCeAsw6cKEGwdcv
nYirQYW+5o7adXxSSbDWcDSYzlOIajcLVXNPIdzjcCKBwon1Y+5ylJ5keYDyLGju
uEYEAZvVTwUTVgSqEBOY8RG8Zanb4jE6AFHgIebG5JC6yQyjpYC867zfcCQ+N6qg
mN/5ZC8xRxT3N6jv0OpqVMHOq274DIZi4EkmxYghJ5WdIkMzcd69SsZHDuo83ZG9
4CUQDkRdoYoWTKu7RgUTih44RVltf3/jFy7zS37Ka5aYxYBMk8ESPIMDqn371dHL
RXbF64OPgmYv2KVSBmluVB/4kQxfe5PJkI2ofCiLeRFpOUE8XXJqUTR19wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGL7p4mBtC6zIOv+qn3F5HrVxmz8MB8GA1UdIwQY
MBaAFGTF/R3AxFfZ7BE9I71JNccj6ez0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk1YOUhjREVWOW5zRVQwanZVazF4eVBwN1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hNDY0MGMtZTY5YS00MzM3LWIxYWEt
NGNiMDY3OWFjZTdmLzEvWXZ1bmlZRzBMck1nNl82cWZjWGtldFhHYlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hNDY0MGMtZTY5YS00MzM3LWIxYWEtNGNiMDY3OWFjZTdm
LzEvWk1YOUhjREVWOW5zRVQwanZVazF4eVBwN1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwip+MA0G
CSqGSIb3DQEBCwUAA4IBAQC6TCv2e95h3x9udbsKvLtl1L7bnETFmfVwnDbUECRd
vCfWiYP/awjEdRkZYym0Jx3IsI29extZf09Ow43OUMjwdfo7/daVrnEyKzjI/vC1
72TdbMblz/scSiwrmZzvW0j8NzO1R0Pwm0rcDzn8UUDl3L+t1wxg+s9YXAR+tZ5J
PETXFJvu1KQIeto0Q2em333o+ZqFlAjbUROhEAufzngVGFcM5xYAa2RO8sDH6GMW
RhHrnS1QCIAlWECInqH8ypq97oC4ewohsWgBkHR6CtHLA6gWlbol7TQDFEfYq/aM
EO9ikBHzUyRlhLWExk4dn+cugwoM/YxE8Q7KaCq+fK0T
-----END CERTIFICATE-----