Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/yNYGsIX16ErQConJ0hs8_BQEcj8.roa
File:                     yNYGsIX16ErQConJ0hs8_BQEcj8.roa (raw, json)
Hash identifier:          rL1SGvKKJ3s22yCmAOpLs67iotUs/W34Q3zyhKECNGE=
Subject key identifier:   C8:D6:06:B0:85:F5:E8:4A:D0:0A:89:C9:D2:1B:3C:FC:14:04:72:3F
Certificate issuer:       /CN=cc0072da98114193c104ce1a609d92a6976f9c40
Certificate serial:       018CC8708E1D6D111D2A3F1040ED070FFABD
Authority key identifier: CC:00:72:DA:98:11:41:93:C1:04:CE:1A:60:9D:92:A6:97:6F:9C:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zABy2pgRQZPBBM4aYJ2SppdvnEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/yNYGsIX16ErQConJ0hs8_BQEcj8.roa
Signing time:             Tue 02 Jan 2024 04:31:08 +0000
ROA not before:           Tue 02 Jan 2024 04:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        193.163.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/zABy2pgRQZPBBM4aYJ2SppdvnEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/zABy2pgRQZPBBM4aYJ2SppdvnEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zABy2pgRQZPBBM4aYJ2SppdvnEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:8e:1d:6d:11:1d:2a:3f:10:40:ed:07:0f:fa:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc0072da98114193c104ce1a609d92a6976f9c40
        Validity
            Not Before: Jan  2 04:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8d606b085f5e84ad00a89c9d21b3cfc1404723f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fd:65:00:3d:74:a6:1b:fb:2c:61:fd:52:c8:
                    b1:fc:3b:da:3b:ae:d2:26:52:96:05:d3:c5:2d:53:
                    4c:75:41:80:98:d7:63:70:58:b0:6d:ad:63:d9:90:
                    cd:ea:85:fa:42:6f:7a:39:9a:45:c7:29:90:c7:3b:
                    79:cc:de:b1:1d:55:2c:a2:21:7a:01:d9:7a:45:0c:
                    c3:e9:4d:f0:8d:2a:f8:5d:d6:12:5d:0f:4f:d4:3d:
                    0f:3a:69:38:7f:21:5e:d7:8d:aa:bc:e0:99:a7:b1:
                    d9:93:ac:19:05:9e:bc:8f:ed:b7:f6:42:9b:ee:1d:
                    8e:b7:b5:17:f5:f1:ed:c3:c6:ed:0d:a7:9d:10:32:
                    be:ee:65:84:e7:f5:b1:72:3c:8b:3d:b2:d1:b0:19:
                    b4:37:20:8e:62:b9:ff:39:41:5c:f6:06:66:67:99:
                    65:4c:1a:00:7b:e7:25:ef:24:05:33:d7:e7:9e:54:
                    7b:15:e7:91:be:25:4c:bf:21:ed:14:b9:fa:d6:d1:
                    fe:a6:0b:3a:34:cf:5d:d6:b1:b3:04:a4:62:cf:80:
                    a7:6a:6d:e5:3a:03:09:11:e3:be:19:d2:64:16:4b:
                    00:63:80:6c:3b:73:2d:d7:f6:dd:9a:6e:d1:59:82:
                    35:41:cf:9b:a2:f8:84:e1:79:51:38:dd:e0:03:1d:
                    07:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D6:06:B0:85:F5:E8:4A:D0:0A:89:C9:D2:1B:3C:FC:14:04:72:3F
            X509v3 Authority Key Identifier:
                keyid:CC:00:72:DA:98:11:41:93:C1:04:CE:1A:60:9D:92:A6:97:6F:9C:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zABy2pgRQZPBBM4aYJ2SppdvnEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/yNYGsIX16ErQConJ0hs8_BQEcj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/607caa-8f49-459b-aa74-c0ec8b95ab77/1/zABy2pgRQZPBBM4aYJ2SppdvnEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:10:43:97:1f:de:8e:6a:e6:b6:5d:36:07:89:01:8d:56:83:
         a8:00:2d:51:9f:93:24:9a:d7:04:47:94:79:a6:f8:f5:cc:40:
         db:bb:76:af:92:9c:54:ec:ce:a2:ee:aa:cf:98:34:00:11:58:
         ac:81:b5:23:9f:81:29:cc:cc:91:80:fc:24:24:a8:da:cc:72:
         81:f1:e9:37:b0:5b:29:a1:4e:cf:6a:74:f2:36:ac:e4:ce:44:
         56:ae:24:a6:32:60:bb:0b:80:e4:7c:d3:ae:7f:84:b8:39:10:
         d6:d9:b8:af:c5:57:c8:e3:99:52:51:a6:e5:dd:fa:2e:ae:79:
         fd:cb:e8:a6:af:fe:a3:c8:61:9e:98:76:63:1b:54:a0:61:a7:
         35:0e:65:93:21:29:2d:e9:6d:12:74:83:b8:1a:7f:68:e9:cd:
         27:8c:cf:d0:a5:70:23:ab:77:a1:bb:93:e3:19:91:1e:ea:cf:
         b0:80:af:9d:a3:4c:a4:08:27:f4:03:fc:ff:22:88:91:a0:cc:
         a7:ff:df:b8:a8:00:98:72:d8:4e:3d:c1:c7:3a:75:53:e4:9e:
         19:48:c8:7b:12:54:7b:3e:61:c2:16:50:21:9e:c5:c5:00:e0:
         52:ad:37:39:ef:90:ce:ad:37:6e:12:33:d4:86:e2:2d:25:f6:
         b4:79:d6:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcI4dbREdKj8QQO0HD/q9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMDA3MmRhOTgxMTQxOTNjMTA0Y2UxYTYwOWQ5MmE2OTc2
ZjljNDAwHhcNMjQwMTAyMDQzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQ2MDZiMDg1ZjVlODRhZDAwYTg5YzlkMjFiM2NmYzE0MDQ3MjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/1lAD10phv7LGH9Usix/DvaO67S
JlKWBdPFLVNMdUGAmNdjcFiwba1j2ZDN6oX6Qm96OZpFxymQxzt5zN6xHVUsoiF6
Adl6RQzD6U3wjSr4XdYSXQ9P1D0POmk4fyFe142qvOCZp7HZk6wZBZ68j+239kKb
7h2Ot7UX9fHtw8btDaedEDK+7mWE5/WxcjyLPbLRsBm0NyCOYrn/OUFc9gZmZ5ll
TBoAe+cl7yQFM9fnnlR7FeeRviVMvyHtFLn61tH+pgs6NM9d1rGzBKRiz4Cnam3l
OgMJEeO+GdJkFksAY4BsO3Mt1/bdmm7RWYI1Qc+boviE4XlRON3gAx0H+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjWBrCF9ehK0AqJydIbPPwUBHI/MB8GA1UdIwQY
MBaAFMwActqYEUGTwQTOGmCdkqaXb5xAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekFCeTJwZ1JRWlBCQk00YVlKMlNwcGR2bkVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82MDdjYWEtOGY0OS00NTliLWFhNzQt
YzBlYzhiOTVhYjc3LzEveU5ZR3NJWDE2RXJRQ29uSjBoczhfQlFFY2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82MDdjYWEtOGY0OS00NTliLWFhNzQtYzBlYzhiOTVhYjc3
LzEvekFCeTJwZ1JRWlBCQk00YVlKMlNwcGR2bkVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMNMA0G
CSqGSIb3DQEBCwUAA4IBAQClEEOXH96Oaua2XTYHiQGNVoOoAC1Rn5MkmtcER5R5
pvj1zEDbu3avkpxU7M6i7qrPmDQAEVisgbUjn4EpzMyRgPwkJKjazHKB8ek3sFsp
oU7PanTyNqzkzkRWriSmMmC7C4DkfNOuf4S4ORDW2bivxVfI45lSUabl3fournn9
y+imr/6jyGGemHZjG1SgYac1DmWTISkt6W0SdIO4Gn9o6c0njM/QpXAjq3ehu5Pj
GZEe6s+wgK+do0ykCCf0A/z/IoiRoMyn/9+4qACYcthOPcHHOnVT5J4ZSMh7ElR7
PmHCFlAhnsXFAOBSrTc575DOrTduEjPUhuItJfa0edal
-----END CERTIFICATE-----