Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/y-XlK5vh_MD0iEOpXvXxTC1_qcs.roa
File:                     y-XlK5vh_MD0iEOpXvXxTC1_qcs.roa (raw, json)
Hash identifier:          21D4PQ8ZE3gzDxqe3W2gS0RPTOxgF/ssScUbNyvS0J0=
Subject key identifier:   CB:E5:E5:2B:9B:E1:FC:C0:F4:88:43:A9:5E:F5:F1:4C:2D:7F:A9:CB
Certificate issuer:       /CN=fba0ed92ec94321dcb219d37f38d907e183244bd
Certificate serial:       018CC80165A040AC3CD0D42F2DF703AA7230
Authority key identifier: FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/y-XlK5vh_MD0iEOpXvXxTC1_qcs.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26114
IP address blocks:        62.115.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:a0:40:ac:3c:d0:d4:2f:2d:f7:03:aa:72:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fba0ed92ec94321dcb219d37f38d907e183244bd
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbe5e52b9be1fcc0f48843a95ef5f14c2d7fa9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:1c:d0:30:91:db:40:75:65:12:da:09:48:
                    32:02:79:f8:50:08:0f:11:eb:3a:d5:fb:bd:88:67:
                    6b:3a:26:06:4a:e1:39:d3:c0:f3:ed:02:80:ee:89:
                    d6:95:4b:f4:24:4a:68:87:fa:c2:cf:2f:74:c8:d7:
                    25:90:72:7a:70:9a:bc:28:fb:61:80:9c:e0:67:d9:
                    86:2e:3c:b2:e7:ff:98:0b:56:8e:b9:2b:79:04:dd:
                    f8:77:86:2c:fd:e1:ad:f7:0b:99:eb:ff:a1:6e:be:
                    8f:26:b2:67:c9:db:b9:2e:b2:20:59:ef:52:49:a6:
                    37:25:98:34:71:11:f6:fd:bd:23:fc:be:f6:d0:04:
                    2f:7c:ce:57:79:10:0f:ef:01:49:01:f7:94:45:74:
                    59:d1:5b:07:aa:57:ea:96:3a:8a:cc:5a:61:20:fc:
                    10:6a:4a:81:13:e0:f3:45:3e:ce:bb:1a:1d:d3:77:
                    97:a0:fd:30:4c:7a:f6:0d:d5:0e:8f:11:ea:21:9a:
                    25:c5:46:11:e3:a5:08:c0:d5:3f:ef:0b:cb:2e:45:
                    a5:54:3e:5f:cc:30:44:80:1b:24:70:20:b8:b2:ba:
                    48:1f:70:9a:40:f7:22:ba:d3:3f:c0:73:f1:df:43:
                    2b:84:93:b2:84:b7:9f:48:27:b4:0b:42:0f:fb:6c:
                    a6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E5:E5:2B:9B:E1:FC:C0:F4:88:43:A9:5E:F5:F1:4C:2D:7F:A9:CB
            X509v3 Authority Key Identifier:
                keyid:FB:A0:ED:92:EC:94:32:1D:CB:21:9D:37:F3:8D:90:7E:18:32:44:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6DtkuyUMh3LIZ03842QfhgyRL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/y-XlK5vh_MD0iEOpXvXxTC1_qcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/593482-d762-4409-b850-20c44a81f977/1/1-6DtkuyUMh3LIZ03842QfhgyRL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.115.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:de:61:b4:1e:62:a6:33:dd:46:63:26:86:b1:3e:18:4b:fd:
         56:26:f0:bf:32:99:72:ed:c5:60:6f:44:ea:74:8b:18:41:a4:
         c4:76:ec:2a:11:6f:51:5d:53:f7:f1:15:6e:32:ef:a1:21:6c:
         fd:a8:39:c9:d9:1a:7e:4f:a8:be:24:3f:a5:0e:ec:cb:cd:80:
         e0:e8:9b:6c:99:d9:db:c3:32:6a:4e:95:b1:37:e4:7b:32:44:
         99:23:c1:5f:dc:12:b9:32:13:b5:29:29:01:62:89:7c:87:97:
         ba:08:d9:35:ad:3b:bb:f8:89:bf:f2:58:71:77:fd:0c:58:69:
         df:cc:f5:f0:e1:78:5d:90:be:f5:09:4f:08:26:74:e4:a2:93:
         9b:ba:3f:e8:ec:22:c8:15:16:4e:73:ee:c6:3d:f3:92:87:cf:
         8a:01:03:7a:e0:62:9b:d7:08:00:25:e2:14:2d:49:f9:d1:9d:
         6b:e3:81:46:31:0b:8c:57:92:a4:ab:41:07:0b:f5:cb:67:0c:
         f1:a7:ea:34:9e:e9:bc:fe:94:ec:2a:6e:31:8f:dc:cd:f1:62:
         0b:ab:b8:61:e9:55:15:79:cc:6b:fa:c3:ab:59:1a:99:06:40:
         ad:61:b5:05:c4:99:f8:2a:0e:a1:07:b9:0c:c5:0f:81:a4:1b:
         b3:1d:2c:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWWgQKw80NQvLfcDqnIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYTBlZDkyZWM5NDMyMWRjYjIxOWQzN2YzOGQ5MDdlMTgz
MjQ0YmQwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmU1ZTUyYjliZTFmY2MwZjQ4ODQzYTk1ZWY1ZjE0YzJkN2ZhOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2Uc0DCR20B1ZRLaCUgyAnn4UAgP
Ees61fu9iGdrOiYGSuE508Dz7QKA7onWlUv0JEpoh/rCzy90yNclkHJ6cJq8KPth
gJzgZ9mGLjyy5/+YC1aOuSt5BN34d4Ys/eGt9wuZ6/+hbr6PJrJnydu5LrIgWe9S
SaY3JZg0cRH2/b0j/L720AQvfM5XeRAP7wFJAfeURXRZ0VsHqlfqljqKzFphIPwQ
akqBE+DzRT7Ouxod03eXoP0wTHr2DdUOjxHqIZolxUYR46UIwNU/7wvLLkWlVD5f
zDBEgBskcCC4srpIH3CaQPciutM/wHPx30MrhJOyhLefSCe0C0IP+2ymOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMvl5Sub4fzA9IhDqV718Uwtf6nLMB8GA1UdIwQY
MBaAFPug7ZLslDIdyyGdN/ONkH4YMkS9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02RHRrdXlVTWgzTElaMDM4NDJRZmhneVJMMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUw
LTIwYzQ0YTgxZjk3Ny8xL3ktWGxLNXZoX01EMGlFT3BYdlh4VEMxX3Fjcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTQvNTkzNDgyLWQ3NjItNDQwOS1iODUwLTIwYzQ0YTgxZjk3
Ny8xLzEtNkR0a3V5VU1oM0xJWjAzODQyUWZoZ3lSTDAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA+c/Qw
DQYJKoZIhvcNAQELBQADggEBAGPeYbQeYqYz3UZjJoaxPhhL/VYm8L8ymXLtxWBv
ROp0ixhBpMR27CoRb1FdU/fxFW4y76EhbP2oOcnZGn5PqL4kP6UO7MvNgODom2yZ
2dvDMmpOlbE35HsyRJkjwV/cErkyE7UpKQFiiXyHl7oI2TWtO7v4ib/yWHF3/QxY
ad/M9fDheF2QvvUJTwgmdOSik5u6P+jsIsgVFk5z7sY985KHz4oBA3rgYpvXCAAl
4hQtSfnRnWvjgUYxC4xXkqSrQQcL9ctnDPGn6jSe6bz+lOwqbjGP3M3xYguruGHp
VRV5zGv6w6tZGpkGQK1htQXEmfgqDqEHuQzFD4GkG7MdLOI=
-----END CERTIFICATE-----