Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/YZ1RQhjkJeyLkRNC_h9-gxrMM1k.roa
File:                     YZ1RQhjkJeyLkRNC_h9-gxrMM1k.roa (raw, json)
Hash identifier:          pVPdaeghC2xOKtafSpmkvpPgiNuvrhX7WLXED7z5fcc=
Subject key identifier:   61:9D:51:42:18:E4:25:EC:8B:91:13:42:FE:1F:7E:83:1A:CC:33:59
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CE902ED86DECF40C4B575EAC35AB2BC5C
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/YZ1RQhjkJeyLkRNC_h9-gxrMM1k.roa
Signing time:             Mon 08 Jan 2024 12:18:52 +0000
ROA not before:           Mon 08 Jan 2024 12:18:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265561
IP address blocks:        201.77.60.0/24 maxlen: 24
                          201.77.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:02:ed:86:de:cf:40:c4:b5:75:ea:c3:5a:b2:bc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  8 12:18:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=619d514218e425ec8b911342fe1f7e831acc3359
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3d:2c:1c:e8:f1:31:21:90:d5:34:fb:dc:53:
                    17:9f:7f:cc:bb:f1:d1:7a:01:bd:42:bc:0e:a2:a3:
                    70:e5:12:bd:74:b1:df:07:9f:69:43:f6:cd:f7:27:
                    1e:e4:51:95:45:16:5a:30:1c:25:4d:a5:8d:b0:90:
                    ae:e8:5e:c9:87:a0:74:f9:9b:45:6d:8a:1b:f3:ea:
                    23:29:e7:0c:2d:c0:36:41:78:3a:fa:0a:5a:42:3f:
                    e7:22:66:f7:dc:f3:3b:af:7c:4d:fb:b2:a5:1d:93:
                    b3:26:8e:b4:27:3d:f3:65:b8:d3:1d:44:57:36:86:
                    dc:ad:23:b4:d3:b6:ee:95:3f:fa:b4:f9:89:2a:28:
                    55:d1:63:53:03:72:0c:af:6c:bd:aa:dc:52:f4:1e:
                    ea:4f:88:a7:ae:38:29:58:19:5c:39:c0:d0:c4:e6:
                    39:28:c0:1f:a6:8f:70:71:e5:d9:4a:b9:75:9b:10:
                    8c:02:6e:81:b6:dc:20:7d:49:c2:af:22:39:53:3a:
                    ee:9a:0c:b1:c7:e8:2e:a8:7c:87:11:a4:1a:93:77:
                    5a:f7:30:64:a4:cf:ca:93:2a:bf:63:ec:74:36:72:
                    57:64:46:9f:9d:5e:09:9a:bc:2e:c8:b5:b3:25:fc:
                    6b:a2:7f:41:00:fa:75:af:83:ff:ef:40:08:7c:26:
                    8a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:9D:51:42:18:E4:25:EC:8B:91:13:42:FE:1F:7E:83:1A:CC:33:59
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/YZ1RQhjkJeyLkRNC_h9-gxrMM1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.77.59.0-201.77.60.255

    Signature Algorithm: sha256WithRSAEncryption
         58:0e:8f:7f:3e:5d:6e:66:0d:d2:1f:0d:fa:6d:86:19:7f:c4:
         36:7d:ec:82:04:af:9a:5d:91:ae:27:a5:3f:91:df:9e:b5:de:
         07:a7:b6:38:3c:b8:40:48:a5:fc:cb:b7:37:68:11:d0:f0:0d:
         3a:3e:f9:d8:ad:44:eb:b0:d6:ae:5c:db:15:a7:2e:a0:ef:93:
         69:d6:06:97:65:6e:93:75:86:f3:16:d8:c7:06:59:5c:39:15:
         72:c8:56:db:f7:34:02:69:7e:6b:e0:4f:8b:8a:00:86:96:b1:
         07:7b:5b:c1:2e:e9:b8:e1:0a:2e:16:d3:ab:12:eb:91:fc:72:
         9b:83:80:2f:20:0b:be:77:01:06:3e:1c:29:25:95:a9:47:a4:
         32:92:d4:ef:12:54:c5:ee:42:75:00:e3:3b:f7:dc:3a:48:0a:
         59:5b:0e:4b:d3:a0:d3:36:2f:7f:e4:bc:b8:a4:98:0d:5d:d8:
         c4:75:fb:bf:dc:bf:66:28:fc:3d:47:f2:f4:78:40:9f:7d:c4:
         af:76:bd:27:5f:83:d4:16:a9:d3:17:9e:26:9f:8f:6d:ea:73:
         05:f4:a1:02:7d:22:f6:28:0c:1a:aa:8d:a4:cc:02:1b:eb:98:
         f0:55:05:3b:1b:08:fb:cb:1c:77:5a:d6:06:bb:67:58:15:51:
         cf:4a:2c:f1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzpAu2G3s9AxLV16sNasrxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTA4MTIxODUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTlkNTE0MjE4ZTQyNWVjOGI5MTEzNDJmZTFmN2U4MzFhY2MzMzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz0sHOjxMSGQ1TT73FMXn3/Mu/HR
egG9QrwOoqNw5RK9dLHfB59pQ/bN9yce5FGVRRZaMBwlTaWNsJCu6F7Jh6B0+ZtF
bYob8+ojKecMLcA2QXg6+gpaQj/nImb33PM7r3xN+7KlHZOzJo60Jz3zZbjTHURX
NobcrSO007bulT/6tPmJKihV0WNTA3IMr2y9qtxS9B7qT4inrjgpWBlcOcDQxOY5
KMAfpo9wceXZSrl1mxCMAm6BttwgfUnCryI5Uzrumgyxx+guqHyHEaQak3da9zBk
pM/Kkyq/Y+x0NnJXZEafnV4JmrwuyLWzJfxron9BAPp1r4P/70AIfCaKAQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGGdUUIY5CXsi5ETQv4ffoMazDNZMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWVoxUlFoamtKZXlMa1JOQ19oOS1neHJNTTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADJTTsD
BADJTTwwDQYJKoZIhvcNAQELBQADggEBAFgOj38+XW5mDdIfDfpthhl/xDZ97IIE
r5pdka4npT+R35613gentjg8uEBIpfzLtzdoEdDwDTo++ditROuw1q5c2xWnLqDv
k2nWBpdlbpN1hvMW2McGWVw5FXLIVtv3NAJpfmvgT4uKAIaWsQd7W8Eu6bjhCi4W
06sS65H8cpuDgC8gC753AQY+HCkllalHpDKS1O8SVMXuQnUA4zv33DpICllbDkvT
oNM2L3/kvLikmA1d2MR1+7/cv2Yo/D1H8vR4QJ99xK92vSdfg9QWqdMXniafj23q
cwX0oQJ9IvYoDBqqjaTMAhvrmPBVBTsbCPvLHHda1ga7Z1gVUc9KLPE=
-----END CERTIFICATE-----