Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/yuPko35gnbRxX2xcJAk22MjaRfs.roa
File:                     yuPko35gnbRxX2xcJAk22MjaRfs.roa (raw, json)
Hash identifier:          f5YFiqDgKg/TMZWj6i2H8cQve7Ie0UoR/J/v+LWwy2A=
Subject key identifier:   CA:E3:E4:A3:7E:60:9D:B4:71:5F:6C:5C:24:09:36:D8:C8:DA:45:FB
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018EE1B173BD10D9F669ED2504E6A2C31038
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/yuPko35gnbRxX2xcJAk22MjaRfs.roa
Signing time:             Mon 15 Apr 2024 12:18:06 +0000
ROA not before:           Mon 15 Apr 2024 12:18:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        46.8.5.0/24 maxlen: 24
                          188.130.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:b1:73:bd:10:d9:f6:69:ed:25:04:e6:a2:c3:10:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 15 12:18:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae3e4a37e609db4715f6c5c240936d8c8da45fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:86:fe:9e:78:2e:04:c4:08:e0:b2:a2:95:8e:
                    d7:49:a1:6a:e0:21:8b:7f:2a:c2:27:47:76:05:bf:
                    42:a7:63:63:85:87:73:f2:4e:03:0d:46:30:f5:04:
                    b8:cd:5f:ae:8d:08:d8:44:95:18:f0:24:84:0f:e8:
                    57:80:eb:a5:b6:af:fd:6d:2c:bb:f9:4c:d1:59:6f:
                    39:2f:c4:94:c4:dd:04:40:34:a5:a9:22:5b:14:bb:
                    4a:72:4d:8b:ad:01:dc:81:c5:44:4c:2c:12:7d:e6:
                    b4:81:29:6f:29:87:3e:6e:9e:22:10:a1:44:d3:cb:
                    cc:2f:88:fa:9e:d4:e1:65:29:b2:c5:4d:ec:37:10:
                    70:8f:1e:00:d2:5b:c4:9a:dc:45:7b:83:90:f0:83:
                    85:ba:e0:3c:73:9c:9a:ed:22:33:81:c8:21:68:dd:
                    f9:bd:a4:38:fd:84:c3:92:e9:b7:3c:59:6e:ce:37:
                    00:32:c7:d2:2a:9f:4b:c2:eb:bb:fc:73:d0:3a:bb:
                    c7:22:f4:06:71:49:5b:cf:98:52:c0:4d:dc:3e:41:
                    5d:f6:cd:4c:a0:9b:b7:86:89:8d:23:2f:a5:06:1e:
                    f1:54:24:33:e0:75:e1:08:dd:2a:1b:94:16:f1:92:
                    82:39:ab:c1:47:99:e0:b0:11:7c:3d:6e:55:23:16:
                    f9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E3:E4:A3:7E:60:9D:B4:71:5F:6C:5C:24:09:36:D8:C8:DA:45:FB
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/yuPko35gnbRxX2xcJAk22MjaRfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.5.0/24
                  188.130.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:4e:ad:33:fa:99:13:e9:fb:f6:b4:9c:4a:2f:0b:65:4c:52:
         8e:3d:72:2a:63:8b:61:cd:c5:1a:b1:12:4b:46:c5:7d:db:89:
         b1:73:09:ae:ad:d9:d1:d2:5b:6e:ca:49:56:68:42:d6:eb:70:
         11:5d:50:30:c8:ad:e0:9c:c4:3e:9f:d8:8f:21:80:c5:fd:46:
         57:83:16:5d:ce:c2:bd:f4:a2:0a:e8:47:5f:6b:7d:72:72:21:
         8b:4e:c9:d0:21:7a:c0:d7:08:2f:38:6e:d8:18:8d:18:fa:95:
         85:d4:f0:75:bd:72:f4:d5:be:02:25:f6:a2:11:ee:ab:2e:d2:
         0b:12:fc:62:17:ef:94:a9:c8:ee:b9:ed:dd:e4:b2:e4:8d:63:
         01:72:0c:d7:1f:b2:0d:e0:51:fc:7e:71:6c:93:16:4b:89:03:
         29:3b:4a:19:60:67:1e:4d:23:39:2b:2a:12:6a:56:52:0f:00:
         2a:7d:95:3a:03:99:9f:eb:c9:2e:fa:a0:ad:b1:e4:76:a7:a0:
         c7:69:2a:2c:b9:18:90:0c:b3:da:c5:7e:6d:52:d3:36:8c:5d:
         77:00:a6:de:bf:9d:89:b2:6b:72:d3:b0:d7:b0:5a:12:f9:66:
         77:55:a6:20:82:e9:e7:60:0a:fc:41:16:f0:d4:3a:e6:18:ff:
         b7:c9:19:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7hsXO9ENn2ae0lBOaiwxA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwNDE1MTIxODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWUzZTRhMzdlNjA5ZGI0NzE1ZjZjNWMyNDA5MzZkOGM4ZGE0NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYb+nnguBMQI4LKilY7XSaFq4CGL
fyrCJ0d2Bb9Cp2NjhYdz8k4DDUYw9QS4zV+ujQjYRJUY8CSED+hXgOultq/9bSy7
+UzRWW85L8SUxN0EQDSlqSJbFLtKck2LrQHcgcVETCwSfea0gSlvKYc+bp4iEKFE
08vML4j6ntThZSmyxU3sNxBwjx4A0lvEmtxFe4OQ8IOFuuA8c5ya7SIzgcghaN35
vaQ4/YTDkum3PFluzjcAMsfSKp9Lwuu7/HPQOrvHIvQGcUlbz5hSwE3cPkFd9s1M
oJu3homNIy+lBh7xVCQz4HXhCN0qG5QW8ZKCOavBR5ngsBF8PW5VIxb5HwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMrj5KN+YJ20cV9sXCQJNtjI2kX7MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEveXVQa28zNWduYlJ4WDJ4Y0pBazIyTWphUmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALggFAwQA
vILNMA0GCSqGSIb3DQEBCwUAA4IBAQCeTq0z+pkT6fv2tJxKLwtlTFKOPXIqY4th
zcUasRJLRsV924mxcwmurdnR0ltuyklWaELW63ARXVAwyK3gnMQ+n9iPIYDF/UZX
gxZdzsK99KIK6Edfa31yciGLTsnQIXrA1wgvOG7YGI0Y+pWF1PB1vXL01b4CJfai
Ee6rLtILEvxiF++Uqcjuue3d5LLkjWMBcgzXH7IN4FH8fnFskxZLiQMpO0oZYGce
TSM5KyoSalZSDwAqfZU6A5mf68ku+qCtseR2p6DHaSosuRiQDLPaxX5tUtM2jF13
AKbev52Jsmty07DXsFoS+WZ3VaYggunnYAr8QRbw1DrmGP+3yRnF
-----END CERTIFICATE-----