Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Ywpy-FaOmAeQlsQ6pnhRndMQKWg.roa
File:                     Ywpy-FaOmAeQlsQ6pnhRndMQKWg.roa (raw, json)
Hash identifier:          4xCDoOKdZL71EeycktMEX5ja8LcTZpBTEDWIUg2V2Dw=
Subject key identifier:   63:0A:72:F8:56:8E:98:07:90:96:C4:3A:A6:78:51:9D:D3:10:29:68
Certificate issuer:       /CN=15286f0225c141d95857fe74646949e75dd96f28
Certificate serial:       018CC26D2EF490098535E87EC0A974A3E975
Authority key identifier: 15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Ywpy-FaOmAeQlsQ6pnhRndMQKWg.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34397
IP address blocks:        193.8.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:f4:90:09:85:35:e8:7e:c0:a9:74:a3:e9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15286f0225c141d95857fe74646949e75dd96f28
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=630a72f8568e98079096c43aa678519dd3102968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d6:f8:90:16:7d:66:eb:9b:d0:80:f2:a5:34:
                    2e:7a:2d:d4:87:f7:fa:98:3e:e1:2f:ed:c4:8b:b5:
                    bf:1f:c4:b3:96:d4:88:61:f6:38:e1:c5:62:bd:12:
                    4e:8a:b1:87:dd:c4:10:c1:61:20:fd:27:48:70:ad:
                    d6:75:3b:d2:7b:3f:b7:ce:03:f2:e9:aa:08:de:ab:
                    a4:07:c0:f9:9e:fb:98:d9:b9:e1:cc:5a:cf:3f:f1:
                    7d:41:93:c9:d0:8e:cd:2d:a2:d3:9e:1e:31:b9:cb:
                    96:29:4a:b9:45:4d:b0:7e:8d:5b:5a:fc:11:10:11:
                    bf:17:c0:6c:21:96:d7:d1:da:b2:d3:5c:7f:87:c9:
                    16:00:dc:e4:ba:33:3f:6e:1a:bb:e8:51:da:92:e7:
                    46:d3:e0:06:b2:18:e2:32:21:3f:1f:d9:39:4b:59:
                    26:f6:83:26:40:c3:dd:3d:7d:3e:6d:38:db:41:03:
                    e7:82:2a:43:8c:99:64:08:2c:1b:9e:8a:8f:97:fd:
                    42:84:48:a9:85:b2:4e:a5:20:04:0a:fe:17:84:35:
                    87:b3:da:d6:07:33:8c:c0:95:40:4d:03:23:7c:1a:
                    ac:10:ab:71:34:27:a0:49:f5:49:ad:c6:2b:c6:8e:
                    dc:fd:c6:2b:ca:5c:33:d5:d1:f3:0e:9c:35:45:61:
                    d3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0A:72:F8:56:8E:98:07:90:96:C4:3A:A6:78:51:9D:D3:10:29:68
            X509v3 Authority Key Identifier:
                keyid:15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Ywpy-FaOmAeQlsQ6pnhRndMQKWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9e:0a:76:23:e3:e9:4d:c7:1f:3f:ed:23:bb:1c:53:d5:be:
         14:62:3f:ef:af:65:de:21:eb:f6:24:ed:fe:cb:39:46:b4:f3:
         7a:1f:ef:ec:a5:8f:b6:ca:78:bf:1f:12:0e:aa:dc:e3:36:01:
         21:99:ef:c6:83:f4:86:26:46:fa:8b:f1:0f:fc:2a:ac:0a:69:
         48:f9:13:e6:2e:e8:a6:29:d0:41:00:0a:22:df:c7:31:f8:62:
         f1:a1:be:2c:51:05:cc:09:1a:53:7f:8c:33:52:d6:13:42:60:
         e8:88:f7:23:7b:cf:4b:88:de:31:a3:03:a6:5e:9c:3d:37:d4:
         03:d0:de:00:f6:d4:80:74:f9:fb:5c:18:3d:6c:77:96:2f:6a:
         28:3b:03:ef:c8:cd:e4:89:cb:0f:5e:dd:7b:bc:0b:e6:bd:03:
         97:96:06:dd:a4:6c:0b:5d:47:81:ab:83:0a:dd:1f:ec:ab:00:
         cc:91:70:9b:8f:be:99:7f:d9:39:10:5e:f2:cf:9d:da:e8:91:
         92:7e:64:7a:cf:ad:fc:73:28:f4:43:32:9e:d7:57:0d:04:e5:
         47:7b:fd:9a:cd:9d:4b:a5:51:ca:00:3d:52:91:2f:84:be:5d:
         f3:dd:32:bc:64:bb:93:f3:a7:34:4e:24:7a:1a:ba:e5:81:fb:
         aa:44:c6:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS70kAmFNeh+wKl0o+l1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjg2ZjAyMjVjMTQxZDk1ODU3ZmU3NDY0Njk0OWU3NWRk
OTZmMjgwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBhNzJmODU2OGU5ODA3OTA5NmM0M2FhNjc4NTE5ZGQzMTAyOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitb4kBZ9Zuub0IDypTQuei3Uh/f6
mD7hL+3Ei7W/H8SzltSIYfY44cVivRJOirGH3cQQwWEg/SdIcK3WdTvSez+3zgPy
6aoI3qukB8D5nvuY2bnhzFrPP/F9QZPJ0I7NLaLTnh4xucuWKUq5RU2wfo1bWvwR
EBG/F8BsIZbX0dqy01x/h8kWANzkujM/bhq76FHakudG0+AGshjiMiE/H9k5S1km
9oMmQMPdPX0+bTjbQQPngipDjJlkCCwbnoqPl/1ChEiphbJOpSAECv4XhDWHs9rW
BzOMwJVATQMjfBqsEKtxNCegSfVJrcYrxo7c/cYrylwz1dHzDpw1RWHT5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMKcvhWjpgHkJbEOqZ4UZ3TECloMB8GA1UdIwQY
MBaAFBUobwIlwUHZWFf+dGRpSedd2W8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUt
MDIxZjUwOTMyMTU2LzEvWXdweS1GYU9tQWVRbHNRNnBuaFJuZE1RS1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUtMDIxZjUwOTMyMTU2
LzEvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj6MA0G
CSqGSIb3DQEBCwUAA4IBAQBNngp2I+PpTccfP+0juxxT1b4UYj/vr2XeIev2JO3+
yzlGtPN6H+/spY+2yni/HxIOqtzjNgEhme/Gg/SGJkb6i/EP/CqsCmlI+RPmLuim
KdBBAAoi38cx+GLxob4sUQXMCRpTf4wzUtYTQmDoiPcje89LiN4xowOmXpw9N9QD
0N4A9tSAdPn7XBg9bHeWL2ooOwPvyM3kicsPXt17vAvmvQOXlgbdpGwLXUeBq4MK
3R/sqwDMkXCbj76Zf9k5EF7yz53a6JGSfmR6z638cyj0QzKe11cNBOVHe/2azZ1L
pVHKAD1SkS+Evl3z3TK8ZLuT86c0TiR6GrrlgfuqRMb9
-----END CERTIFICATE-----