Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/ycDMFlnjHeu50QW54O197qCAAvM.roa
File:                     ycDMFlnjHeu50QW54O197qCAAvM.roa (raw, json)
Hash identifier:          3dS05EpJKvuwZyOBqzPGFddvq12lTXYCDv/+JN6g44I=
Subject key identifier:   C9:C0:CC:16:59:E3:1D:EB:B9:D1:05:B9:E0:ED:7D:EE:A0:80:02:F3
Certificate issuer:       /CN=8df893edf33208d7a2cf62268613769fb4967c66
Certificate serial:       018CC8DCED43E67E9786B0D400A1D4ED9AD1
Authority key identifier: 8D:F8:93:ED:F3:32:08:D7:A2:CF:62:26:86:13:76:9F:B4:96:7C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/ycDMFlnjHeu50QW54O197qCAAvM.roa
Signing time:             Tue 02 Jan 2024 06:29:31 +0000
ROA not before:           Tue 02 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43108
IP address blocks:        91.228.4.0/22 maxlen: 22
                          195.28.26.0/23 maxlen: 23
                          91.194.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ed:43:e6:7e:97:86:b0:d4:00:a1:d4:ed:9a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8df893edf33208d7a2cf62268613769fb4967c66
        Validity
            Not Before: Jan  2 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9c0cc1659e31debb9d105b9e0ed7deea08002f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3c:44:c3:ab:0b:53:ae:55:2b:91:29:7d:65:
                    8e:0e:f2:9c:e2:e2:c9:1b:b0:ab:d8:bf:d4:c3:1a:
                    84:99:fd:21:06:5b:1f:ac:42:79:6d:da:c1:ec:fd:
                    73:69:84:d7:03:bc:6e:2d:e8:ef:ae:88:00:52:88:
                    01:3f:75:44:6c:b4:d9:39:ce:5d:46:35:ad:a5:64:
                    f5:f9:d3:f0:43:a6:a5:55:32:7b:d8:68:a9:42:ef:
                    be:e9:6d:1f:ea:19:eb:cd:af:cf:fd:41:21:e6:3f:
                    5d:ee:5f:a8:73:30:34:c9:74:20:bf:47:01:10:54:
                    9e:43:b0:f5:06:f8:a2:d7:ab:35:ad:9e:17:f7:1b:
                    52:fd:f8:7f:0c:26:2d:6b:d7:a1:fe:86:48:c5:73:
                    ce:05:6d:8d:35:0a:fc:84:34:df:f8:f3:0b:90:69:
                    d9:8c:82:08:fc:5a:9b:00:6b:07:49:55:92:05:76:
                    83:8a:1a:fa:79:fd:b1:33:c5:01:2e:31:cb:55:95:
                    7b:1b:c7:d0:f3:e6:49:f5:a8:ad:5c:f5:b3:a8:92:
                    c1:b1:85:70:09:f4:43:bf:d5:75:0a:59:c2:68:bd:
                    c5:16:45:1c:33:b8:5e:54:7c:d8:27:a1:84:0f:a8:
                    65:28:81:39:15:e6:59:5e:fa:c6:d1:15:7c:cf:2a:
                    d7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:C0:CC:16:59:E3:1D:EB:B9:D1:05:B9:E0:ED:7D:EE:A0:80:02:F3
            X509v3 Authority Key Identifier:
                keyid:8D:F8:93:ED:F3:32:08:D7:A2:CF:62:26:86:13:76:9F:B4:96:7C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jfiT7fMyCNeiz2ImhhN2n7SWfGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/ycDMFlnjHeu50QW54O197qCAAvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/00a95d-937c-473c-a85f-f87787b1d03c/1/jfiT7fMyCNeiz2ImhhN2n7SWfGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.76.0/23
                  91.228.4.0/22
                  195.28.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:f0:68:a0:8d:29:fa:d0:fa:94:c6:69:f6:3f:2e:b5:69:b5:
         3b:34:8c:91:4c:6a:36:fa:40:2c:2c:7d:19:8f:5b:81:ce:99:
         24:31:c3:58:f5:c4:7b:dc:42:66:ef:64:fd:d0:ab:a3:c0:35:
         42:66:b4:96:48:27:4d:39:34:d2:eb:f8:2e:6e:77:e3:15:20:
         fb:1c:2d:c7:25:ae:f8:ed:72:3c:7f:9f:f6:6c:bb:80:7d:d5:
         93:86:d9:1a:09:da:0d:62:fa:73:64:a3:b1:c5:af:ee:b6:8f:
         5e:dc:d3:f8:4d:7b:e3:a3:3d:8f:d8:5a:26:81:4f:9a:1b:dd:
         08:d2:ca:b4:2c:c4:87:b0:e9:2a:bc:9e:e8:0e:eb:81:59:09:
         0d:ea:7f:ed:fc:e9:1b:c6:24:3a:2b:cd:9a:2e:f1:84:ee:4f:
         76:4c:18:ed:c8:32:4a:1c:c0:2b:d5:3b:51:e3:26:25:54:8f:
         e7:37:cd:f5:47:74:dd:b1:82:c1:b6:ad:0f:bf:33:5a:a0:cb:
         56:60:b5:3e:f7:8e:48:1d:c8:f0:35:ad:8f:ce:04:41:e5:fd:
         5b:63:28:64:81:4d:c0:37:c9:4f:4c:f8:68:a0:5a:27:6e:bd:
         3c:51:73:51:41:75:21:a7:d3:03:aa:fe:47:bb:cf:4d:e1:e7:
         be:fd:3f:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3O1D5n6XhrDUAKHU7ZrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZjg5M2VkZjMzMjA4ZDdhMmNmNjIyNjg2MTM3NjlmYjQ5
NjdjNjYwHhcNMjQwMTAyMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWMwY2MxNjU5ZTMxZGViYjlkMTA1YjllMGVkN2RlZWEwODAwMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzxEw6sLU65VK5EpfWWODvKc4uLJ
G7Cr2L/UwxqEmf0hBlsfrEJ5bdrB7P1zaYTXA7xuLejvrogAUogBP3VEbLTZOc5d
RjWtpWT1+dPwQ6alVTJ72GipQu++6W0f6hnrza/P/UEh5j9d7l+oczA0yXQgv0cB
EFSeQ7D1Bvii16s1rZ4X9xtS/fh/DCYta9eh/oZIxXPOBW2NNQr8hDTf+PMLkGnZ
jIII/FqbAGsHSVWSBXaDihr6ef2xM8UBLjHLVZV7G8fQ8+ZJ9aitXPWzqJLBsYVw
CfRDv9V1ClnCaL3FFkUcM7heVHzYJ6GED6hlKIE5FeZZXvrG0RV8zyrXdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMnAzBZZ4x3rudEFueDtfe6ggALzMB8GA1UdIwQY
MBaAFI34k+3zMgjXos9iJoYTdp+0lnxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamZpVDdmTXlDTmVpejJJbWhoTjJuN1NXZkdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wMGE5NWQtOTM3Yy00NzNjLWE4NWYt
Zjg3Nzg3YjFkMDNjLzEveWNETUZsbmpIZXU1MFFXNTRPMTk3cUNBQXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wMGE5NWQtOTM3Yy00NzNjLWE4NWYtZjg3Nzg3YjFkMDNj
LzEvamZpVDdmTXlDTmVpejJJbWhoTjJuN1NXZkdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW8JMAwQC
W+QEAwQBwxwaMA0GCSqGSIb3DQEBCwUAA4IBAQCG8GigjSn60PqUxmn2Py61abU7
NIyRTGo2+kAsLH0Zj1uBzpkkMcNY9cR73EJm72T90KujwDVCZrSWSCdNOTTS6/gu
bnfjFSD7HC3HJa747XI8f5/2bLuAfdWThtkaCdoNYvpzZKOxxa/uto9e3NP4TXvj
oz2P2FomgU+aG90I0sq0LMSHsOkqvJ7oDuuBWQkN6n/t/OkbxiQ6K82aLvGE7k92
TBjtyDJKHMAr1TtR4yYlVI/nN831R3TdsYLBtq0PvzNaoMtWYLU+945IHcjwNa2P
zgRB5f1bYyhkgU3AN8lPTPhooFonbr08UXNRQXUhp9MDqv5Hu89N4ee+/T9k
-----END CERTIFICATE-----