Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa
File:                     YPQU-3qwY6DOW_4HT7svDHCbZMA.roa (raw, json)
Hash identifier:          G/hTKQ5Kk/0ApVunFkNQwIid1LB2D3Zy5iMYI0GC/QQ=
Subject key identifier:   60:F4:14:FB:7A:B0:63:A0:CE:5B:FE:07:4F:BB:2F:0C:70:9B:64:C0
Certificate issuer:       /CN=284e5eb112e13a42703dbb387ba577a2e793ac3a
Certificate serial:       018CC8DD366311B984FA9B774A7497997F05
Authority key identifier: 28:4E:5E:B1:12:E1:3A:42:70:3D:BB:38:7B:A5:77:A2:E7:93:AC:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KE5esRLhOkJwPbs4e6V3oueTrDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa
Signing time:             Tue 02 Jan 2024 06:29:49 +0000
ROA not before:           Tue 02 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60475
IP address blocks:        5.253.196.0/24 maxlen: 24
                          5.253.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/KE5esRLhOkJwPbs4e6V3oueTrDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/KE5esRLhOkJwPbs4e6V3oueTrDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KE5esRLhOkJwPbs4e6V3oueTrDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:36:63:11:b9:84:fa:9b:77:4a:74:97:99:7f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=284e5eb112e13a42703dbb387ba577a2e793ac3a
        Validity
            Not Before: Jan  2 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60f414fb7ab063a0ce5bfe074fbb2f0c709b64c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0e:cf:e6:11:19:34:c4:39:42:de:93:3e:99:
                    e0:95:eb:d7:4e:93:1b:5b:a7:1c:31:68:f6:0c:da:
                    d7:f3:15:90:f7:96:cd:1b:bb:32:23:da:be:6f:7e:
                    40:44:8d:ec:87:0f:eb:b2:d0:6a:0b:a8:ac:4e:2c:
                    1a:b0:23:57:9e:42:b8:c4:48:e9:a7:75:36:7c:5d:
                    92:69:d4:cc:be:68:3a:1f:28:bf:e7:ee:e0:bd:ca:
                    fb:7e:2a:7d:a6:3d:10:d3:79:53:40:03:ee:b8:f8:
                    b8:f7:e5:ce:b4:86:39:38:ba:03:73:af:25:c1:7f:
                    34:cf:8a:7b:73:1d:83:5d:07:04:32:47:80:e1:ef:
                    31:44:ff:b4:f9:11:6f:76:b3:da:0d:53:e7:14:8e:
                    66:be:67:c3:ff:d3:2f:9e:8b:6c:82:48:35:94:c9:
                    42:d2:55:cb:99:c9:65:28:62:1e:1b:06:19:b6:5a:
                    cf:87:5c:75:7e:96:c5:c9:86:e3:e6:2c:7b:d5:94:
                    16:9d:fe:9b:0c:03:02:b0:dc:37:5a:7f:b8:58:7d:
                    5d:31:fb:7f:77:62:56:9a:3e:e2:1b:29:50:19:f5:
                    18:fe:de:4c:b2:67:2a:5c:3b:11:4a:d0:fb:eb:1e:
                    af:b2:64:55:15:1c:b8:07:3c:d9:ef:98:bf:96:5e:
                    23:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F4:14:FB:7A:B0:63:A0:CE:5B:FE:07:4F:BB:2F:0C:70:9B:64:C0
            X509v3 Authority Key Identifier:
                keyid:28:4E:5E:B1:12:E1:3A:42:70:3D:BB:38:7B:A5:77:A2:E7:93:AC:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KE5esRLhOkJwPbs4e6V3oueTrDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/KE5esRLhOkJwPbs4e6V3oueTrDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:fc:0d:e0:30:6c:cd:1b:01:56:df:25:f3:12:4f:68:de:8c:
         21:00:47:9c:91:2e:fb:0b:76:e5:26:e3:5f:d5:d0:c0:dc:e2:
         51:92:3a:bb:9c:55:83:a8:d7:52:b8:44:ba:82:c0:46:72:d6:
         8f:3e:84:97:3a:2e:55:4a:cc:1c:aa:25:e4:26:57:92:da:da:
         6f:f9:95:f6:e5:77:f4:a3:b1:f7:f4:60:73:f3:9e:31:50:c8:
         7f:59:5f:4a:8d:b8:5a:89:dd:d4:ae:20:d2:19:55:1b:e2:53:
         f6:38:7f:33:3e:56:0e:c4:bb:1a:15:45:3a:b5:5a:fe:1f:ad:
         f3:51:59:53:ec:06:ed:69:b2:6d:9e:37:a5:4e:11:66:6b:c1:
         0f:c6:1e:3d:29:4e:9c:2a:cf:3a:fb:e9:fd:16:46:0d:25:e8:
         b6:ca:4a:b5:76:0f:bc:6a:b2:82:5a:af:bb:5c:10:b0:07:53:
         48:cf:8a:72:72:24:15:10:2f:ac:ee:7b:48:6d:a9:08:11:24:
         51:71:59:ea:01:7f:a7:45:b1:dc:26:ae:f7:c4:7d:ca:ec:f5:
         74:5a:25:d8:7e:de:3d:7e:90:44:6f:2c:33:58:8f:94:df:ed:
         70:16:4b:ee:c9:fc:2f:a6:5d:78:43:68:44:9f:0a:c3:52:8a:
         ca:06:8d:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3TZjEbmE+pt3SnSXmX8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NGU1ZWIxMTJlMTNhNDI3MDNkYmIzODdiYTU3N2EyZTc5
M2FjM2EwHhcNMjQwMTAyMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY0MTRmYjdhYjA2M2EwY2U1YmZlMDc0ZmJiMmYwYzcwOWI2NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4A7P5hEZNMQ5Qt6TPpnglevXTpMb
W6ccMWj2DNrX8xWQ95bNG7syI9q+b35ARI3shw/rstBqC6isTiwasCNXnkK4xEjp
p3U2fF2SadTMvmg6Hyi/5+7gvcr7fip9pj0Q03lTQAPuuPi49+XOtIY5OLoDc68l
wX80z4p7cx2DXQcEMkeA4e8xRP+0+RFvdrPaDVPnFI5mvmfD/9Mvnotsgkg1lMlC
0lXLmcllKGIeGwYZtlrPh1x1fpbFyYbj5ix71ZQWnf6bDAMCsNw3Wn+4WH1dMft/
d2JWmj7iGylQGfUY/t5MsmcqXDsRStD76x6vsmRVFRy4BzzZ75i/ll4jnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGD0FPt6sGOgzlv+B0+7Lwxwm2TAMB8GA1UdIwQY
MBaAFChOXrES4TpCcD27OHuld6Lnk6w6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0U1ZXNSTGhPa0p3UGJzNGU2VjNvdWVUckRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hNmRlZjEtZjQyNS00OWE1LWFhYWYt
MDdjYmVkZGQ2NDE4LzEvWVBRVS0zcXdZNkRPV180SFQ3c3ZESENiWk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hNmRlZjEtZjQyNS00OWE1LWFhYWYtMDdjYmVkZGQ2NDE4
LzEvS0U1ZXNSTGhPa0p3UGJzNGU2VjNvdWVUckRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf3EMA0G
CSqGSIb3DQEBCwUAA4IBAQC0/A3gMGzNGwFW3yXzEk9o3owhAEeckS77C3blJuNf
1dDA3OJRkjq7nFWDqNdSuES6gsBGctaPPoSXOi5VSswcqiXkJleS2tpv+ZX25Xf0
o7H39GBz854xUMh/WV9Kjbhaid3UriDSGVUb4lP2OH8zPlYOxLsaFUU6tVr+H63z
UVlT7AbtabJtnjelThFma8EPxh49KU6cKs86++n9FkYNJei2ykq1dg+8arKCWq+7
XBCwB1NIz4pyciQVEC+s7ntIbakIESRRcVnqAX+nRbHcJq73xH3K7PV0WiXYft49
fpBEbywzWI+U3+1wFkvuyfwvpl14Q2hEnwrDUorKBo1Z
-----END CERTIFICATE-----