Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/Yh2w87X9_4_PUo2N-6ks7CqIj2U.roa
File:                     Yh2w87X9_4_PUo2N-6ks7CqIj2U.roa (raw, json)
Hash identifier:          jTU0Zen/z9iwpKOe5UlkWgQaSNVGxP1Hc14XBN6EOfk=
Subject key identifier:   62:1D:B0:F3:B5:FD:FF:8F:CF:52:8D:8D:FB:A9:2C:EC:2A:88:8F:65
Certificate issuer:       /CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
Certificate serial:       018CC3495E9E5E3F5E177F79BB1D2724D4CF
Authority key identifier: 8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/Yh2w87X9_4_PUo2N-6ks7CqIj2U.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        185.110.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5e:9e:5e:3f:5e:17:7f:79:bb:1d:27:24:d4:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a3ec0537242f44ce7d5933e9b32204b3f85e99f
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=621db0f3b5fdff8fcf528d8dfba92cec2a888f65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0f:47:50:0e:df:b0:ca:4a:d8:4a:73:0c:68:
                    08:27:fe:7b:f9:60:36:51:0a:13:1c:a6:f6:ff:9a:
                    f4:42:71:f7:ee:e0:b0:92:ad:a5:95:8d:9a:3f:e3:
                    80:0d:9e:a9:35:63:d5:0f:cf:54:d1:4f:c8:cc:cf:
                    88:38:cb:86:ba:7c:7e:b7:04:b7:68:d8:c9:8c:7a:
                    00:c6:a0:35:70:c1:1f:0f:69:48:af:7c:8a:06:62:
                    08:78:ed:94:ad:60:c3:ba:b2:16:4e:19:f2:0a:fb:
                    fe:b3:a6:da:90:3f:23:86:9c:da:3f:20:34:f5:d7:
                    25:fa:97:83:a1:c3:d6:f2:5e:4c:4a:2b:e7:99:e6:
                    d4:d5:ad:fb:54:95:98:50:f5:fe:a1:14:3b:4f:e7:
                    ad:77:a9:d9:9e:8d:51:cc:0f:09:35:2e:ab:7e:a0:
                    fc:75:b6:a4:1b:4c:7a:d4:67:71:1a:92:40:bc:ee:
                    e8:8f:e3:db:36:74:e3:6e:e0:9d:98:37:9c:76:0a:
                    5f:ff:18:af:40:35:01:31:b8:65:b3:8d:07:5d:d1:
                    12:5f:69:c8:1e:fb:41:07:68:2c:61:ee:eb:26:81:
                    22:d7:bf:4d:73:10:3e:4c:ba:d8:d9:ed:8e:4b:c5:
                    65:e6:8c:61:ba:86:1a:08:61:8d:52:fe:41:2a:37:
                    c3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1D:B0:F3:B5:FD:FF:8F:CF:52:8D:8D:FB:A9:2C:EC:2A:88:8F:65
            X509v3 Authority Key Identifier:
                keyid:8A:3E:C0:53:72:42:F4:4C:E7:D5:93:3E:9B:32:20:4B:3F:85:E9:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/Yh2w87X9_4_PUo2N-6ks7CqIj2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/9eb002-d26a-46d6-9d87-84093061e9ff/1/ij7AU3JC9Ezn1ZM-mzIgSz-F6Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:6b:4a:e3:17:e3:39:51:5b:21:47:7d:c7:b4:11:7d:01:
         5b:84:16:60:fa:3c:9a:32:5f:1c:70:7a:ef:c9:0f:70:d2:24:
         22:97:84:88:56:79:39:6e:80:a6:fc:da:f2:ae:b8:a0:44:d8:
         c5:02:5f:af:46:c7:f1:c1:4b:8f:89:61:b4:d3:5e:12:8d:c5:
         96:f3:38:8f:1f:04:43:d9:60:83:86:f9:fb:98:b1:01:02:00:
         d5:71:d0:57:56:bb:1c:14:c6:02:83:54:4f:d1:ff:bc:f6:78:
         33:90:7b:fd:fd:b8:2c:fd:6c:e7:84:a7:40:4a:64:83:27:92:
         3d:d9:4a:f4:79:f8:3c:6f:e7:79:0e:a6:bd:00:97:81:6f:a5:
         ca:0f:c8:4c:e3:4c:cb:da:7b:0e:80:38:a2:28:db:76:9a:13:
         0f:9f:9c:4a:66:fe:70:09:fc:b6:97:88:63:15:c6:b5:e9:fa:
         b3:05:15:87:78:5c:b3:4f:01:47:32:9e:8a:bf:17:c7:0a:19:
         18:da:cb:3b:61:f3:47:ee:74:43:c7:9c:ed:ca:72:fa:c4:d6:
         f7:3e:67:b2:63:90:ab:80:1f:79:bf:d9:40:00:0b:cf:20:8c:
         54:aa:82:a4:e9:a1:37:58:0a:56:fc:10:33:8f:92:2d:f9:9c:
         51:d4:8b:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSV6eXj9eF395ux0nJNTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhM2VjMDUzNzI0MmY0NGNlN2Q1OTMzZTliMzIyMDRiM2Y4
NWU5OWYwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjFkYjBmM2I1ZmRmZjhmY2Y1MjhkOGRmYmE5MmNlYzJhODg4ZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ9HUA7fsMpK2EpzDGgIJ/57+WA2
UQoTHKb2/5r0QnH37uCwkq2llY2aP+OADZ6pNWPVD89U0U/IzM+IOMuGunx+twS3
aNjJjHoAxqA1cMEfD2lIr3yKBmIIeO2UrWDDurIWThnyCvv+s6bakD8jhpzaPyA0
9dcl+peDocPW8l5MSivnmebU1a37VJWYUPX+oRQ7T+etd6nZno1RzA8JNS6rfqD8
dbakG0x61GdxGpJAvO7oj+PbNnTjbuCdmDecdgpf/xivQDUBMbhls40HXdESX2nI
HvtBB2gsYe7rJoEi179NcxA+TLrY2e2OS8Vl5oxhuoYaCGGNUv5BKjfDOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIdsPO1/f+Pz1KNjfupLOwqiI9lMB8GA1UdIwQY
MBaAFIo+wFNyQvRM59WTPpsyIEs/hemfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODct
ODQwOTMwNjFlOWZmLzEvWWgydzg3WDlfNF9QVW8yTi02a3M3Q3FJajJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS85ZWIwMDItZDI2YS00NmQ2LTlkODctODQwOTMwNjFlOWZm
LzEvaWo3QVUzSkM5RXpuMVpNLW16SWdTei1GNlo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5jMA0G
CSqGSIb3DQEBCwUAA4IBAQBVdGtK4xfjOVFbIUd9x7QRfQFbhBZg+jyaMl8ccHrv
yQ9w0iQil4SIVnk5boCm/NryrrigRNjFAl+vRsfxwUuPiWG0014SjcWW8ziPHwRD
2WCDhvn7mLEBAgDVcdBXVrscFMYCg1RP0f+89ngzkHv9/bgs/WznhKdASmSDJ5I9
2Ur0efg8b+d5Dqa9AJeBb6XKD8hM40zL2nsOgDiiKNt2mhMPn5xKZv5wCfy2l4hj
Fca16fqzBRWHeFyzTwFHMp6KvxfHChkY2ss7YfNH7nRDx5ztynL6xNb3PmeyY5Cr
gB95v9lAAAvPIIxUqoKk6aE3WApW/BAzj5It+ZxR1Iv9
-----END CERTIFICATE-----