Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/yfa_WQD3YpUEPvOqlipnQtZKTbU.roa
File:                     yfa_WQD3YpUEPvOqlipnQtZKTbU.roa (raw, json)
Hash identifier:          aUGBtF0Q+ZPDnjAMxIqBivvu5PiTIPwqlssloFoWyho=
Subject key identifier:   C9:F6:BF:59:00:F7:62:95:04:3E:F3:AA:96:2A:67:42:D6:4A:4D:B5
Certificate issuer:       /CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Certificate serial:       019427B5DA6EDEF191CFC7CC76A49F5F3E94
Authority key identifier: 25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/yfa_WQD3YpUEPvOqlipnQtZKTbU.roa
Signing time:             Thu 02 Jan 2025 15:50:16 +0000
ROA not before:           Thu 02 Jan 2025 15:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        2a0e:ec01::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:da:6e:de:f1:91:cf:c7:cc:76:a4:9f:5f:3e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=259490c5dbcfbf590da33bfbd37970a0763469c9
        Validity
            Not Before: Jan  2 15:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9f6bf5900f76295043ef3aa962a6742d64a4db5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:74:16:c5:36:a1:e1:0d:e2:92:22:23:d8:a6:
                    73:8f:50:5b:11:57:47:75:dc:a4:57:2b:a5:01:0b:
                    a6:b8:86:3b:c9:74:9f:ce:f3:f1:01:ec:1a:a9:d5:
                    6f:e1:b8:c2:6a:09:2f:37:9d:7a:94:1d:c7:7d:08:
                    41:d4:23:cd:f5:47:54:77:02:f9:47:dc:a7:f0:85:
                    58:a8:f0:51:16:5d:51:72:b2:46:3a:89:d3:6c:dd:
                    9b:e6:0b:6f:72:ce:c3:a1:88:4c:ca:ef:d5:8a:ed:
                    cc:27:69:20:dc:cd:f2:6c:bc:fa:b6:3d:99:b3:b6:
                    55:31:38:11:bb:d4:cb:b7:02:c4:5b:55:29:76:91:
                    5f:ec:b4:60:e3:f0:9d:6a:26:94:15:e0:44:5c:7a:
                    59:14:73:16:19:7f:ec:b3:49:ac:88:46:dc:59:67:
                    8e:80:2c:0c:34:5e:52:aa:73:cb:b4:db:f7:87:96:
                    df:d9:f6:77:60:3f:10:da:a4:de:ca:bd:ee:3c:48:
                    97:77:17:f2:88:2a:9c:ae:17:ae:f3:35:30:e2:65:
                    da:0b:8d:32:83:aa:ba:1e:ca:3c:77:6f:d4:9a:85:
                    64:65:6f:2a:8a:eb:a5:2e:f8:6c:5d:f1:9f:a6:2e:
                    2c:f5:21:01:88:70:8b:e6:66:b0:0b:71:0c:de:31:
                    80:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F6:BF:59:00:F7:62:95:04:3E:F3:AA:96:2A:67:42:D6:4A:4D:B5
            X509v3 Authority Key Identifier:
                keyid:25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/yfa_WQD3YpUEPvOqlipnQtZKTbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:ec01::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:81:88:9b:c6:91:54:36:c6:da:e5:d6:ee:d2:a2:d7:23:41:
         2b:5b:92:e9:72:1b:83:6f:02:33:e5:79:6e:dc:67:29:ef:b6:
         57:71:f5:1a:a6:f7:78:5b:7f:55:67:0d:20:ef:5a:53:c5:1b:
         b5:2d:ed:db:ca:5f:98:15:cc:03:fb:f8:38:06:30:06:d6:a2:
         de:df:89:4c:e3:fe:94:a6:55:04:98:f6:37:ee:04:f1:fa:80:
         99:64:da:c6:29:16:2c:9a:5a:07:5f:1a:42:6d:91:16:af:4f:
         d7:4d:d6:48:b5:77:bb:dc:65:89:cb:bd:fd:50:a7:ed:e8:65:
         40:e5:8c:85:f8:ab:5f:1f:12:b9:2f:62:5b:21:59:20:f9:fe:
         f8:0b:93:a5:e3:b7:a3:01:00:0d:20:a9:2f:0a:8a:8c:bd:da:
         f2:dd:25:25:2b:d7:2f:9a:dc:d5:07:66:c3:7e:de:b1:07:c3:
         8f:6a:a7:93:66:e9:2e:03:cb:26:71:55:48:a9:d8:83:69:83:
         2f:22:98:0d:a2:a6:95:18:0d:ca:ea:13:93:c9:a6:8a:17:a9:
         68:6e:98:8b:3d:3b:c1:ed:74:9e:13:95:a6:14:61:81:87:0a:
         b9:c5:e6:4b:15:e0:90:5a:88:e6:61:e1:bd:cc:87:ff:6c:07:
         65:07:d4:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntdpu3vGRz8fMdqSfXz6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTQ5MGM1ZGJjZmJmNTkwZGEzM2JmYmQzNzk3MGEwNzYz
NDY5YzkwHhcNMjUwMTAyMTU1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY2YmY1OTAwZjc2Mjk1MDQzZWYzYWE5NjJhNjc0MmQ2NGE0ZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnQWxTah4Q3ikiIj2KZzj1BbEVdH
ddykVyulAQumuIY7yXSfzvPxAewaqdVv4bjCagkvN516lB3HfQhB1CPN9UdUdwL5
R9yn8IVYqPBRFl1RcrJGOonTbN2b5gtvcs7DoYhMyu/Viu3MJ2kg3M3ybLz6tj2Z
s7ZVMTgRu9TLtwLEW1UpdpFf7LRg4/CdaiaUFeBEXHpZFHMWGX/ss0msiEbcWWeO
gCwMNF5SqnPLtNv3h5bf2fZ3YD8Q2qTeyr3uPEiXdxfyiCqcrheu8zUw4mXaC40y
g6q6Hso8d2/UmoVkZW8qiuulLvhsXfGfpi4s9SEBiHCL5mawC3EM3jGAawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMn2v1kA92KVBD7zqpYqZ0LWSk21MB8GA1UdIwQY
MBaAFCWUkMXbz79ZDaM7+9N5cKB2NGnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQt
M2NlM2NmOGIxYzQ5LzEveWZhX1dRRDNZcFVFUHZPcWxpcG5RdFpLVGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQtM2NlM2NmOGIxYzQ5
LzEvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7sATAN
BgkqhkiG9w0BAQsFAAOCAQEAmYGIm8aRVDbG2uXW7tKi1yNBK1uS6XIbg28CM+V5
btxnKe+2V3H1Gqb3eFt/VWcNIO9aU8UbtS3t28pfmBXMA/v4OAYwBtai3t+JTOP+
lKZVBJj2N+4E8fqAmWTaxikWLJpaB18aQm2RFq9P103WSLV3u9xlicu9/VCn7ehl
QOWMhfirXx8SuS9iWyFZIPn++AuTpeO3owEADSCpLwqKjL3a8t0lJSvXL5rc1Qdm
w37esQfDj2qnk2bpLgPLJnFVSKnYg2mDLyKYDaKmlRgNyuoTk8mmihepaG6Yiz07
we10nhOVphRhgYcKucXmSxXgkFqI5mHhvcyH/2wHZQfUgA==
-----END CERTIFICATE-----