Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YY6NhvfE2RKZPgVUHqigB_3LVpI.roa
File:                     YY6NhvfE2RKZPgVUHqigB_3LVpI.roa (raw, json)
Hash identifier:          BPSzlLWIr5ISZw33fFrViYaocvi6vKgZinPB6rUjxaU=
Subject key identifier:   61:8E:8D:86:F7:C4:D9:12:99:3E:05:54:1E:A8:A0:07:FD:CB:56:92
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428277A82EA4FE67DFC319A042437E0AD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YY6NhvfE2RKZPgVUHqigB_3LVpI.roa
Signing time:             Thu 02 Jan 2025 17:54:23 +0000
ROA not before:           Thu 02 Jan 2025 17:54:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400304
IP address blocks:        86.107.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:7a:82:ea:4f:e6:7d:fc:31:9a:04:24:37:e0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=618e8d86f7c4d912993e05541ea8a007fdcb5692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:44:3b:ea:11:50:12:34:24:9f:1c:42:98:3c:
                    ec:fb:45:bd:2d:bf:b0:02:38:d6:93:04:58:8c:a6:
                    66:d0:37:77:0d:f7:04:9b:e8:79:29:bf:3f:e4:8b:
                    01:28:48:5f:9f:64:32:eb:63:bc:da:03:8d:24:90:
                    f3:6d:68:ff:40:04:b6:17:88:78:82:78:26:bd:45:
                    9f:dd:0d:d5:3e:c3:07:2e:97:70:b2:41:a3:45:87:
                    96:fd:10:cd:b2:51:c3:9a:fe:e1:34:10:b3:1c:33:
                    52:e7:b8:80:70:ed:07:33:b8:32:0b:2f:be:f4:08:
                    d2:b6:59:8b:71:b2:7e:b6:10:4a:cb:e8:45:67:03:
                    19:4a:7f:0d:43:d1:f3:d4:0c:d1:a0:0a:9e:48:93:
                    e4:9a:fd:b8:6c:46:9c:3e:83:ea:9b:0a:38:84:71:
                    16:42:a7:77:c8:f3:db:d7:f5:1f:19:b0:b8:2b:c0:
                    bd:fd:08:64:88:89:b2:f1:4d:58:be:c7:f4:d7:bd:
                    e6:85:03:4f:8f:d7:de:f1:8f:ba:66:e6:07:99:5a:
                    97:c4:b3:eb:41:be:e1:96:51:d3:20:63:de:3a:e4:
                    48:11:4b:e6:34:7d:ca:20:42:ae:8c:08:f5:fd:3e:
                    b0:b6:67:71:04:ac:36:bc:e3:8d:23:ad:5e:50:46:
                    43:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:8E:8D:86:F7:C4:D9:12:99:3E:05:54:1E:A8:A0:07:FD:CB:56:92
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/YY6NhvfE2RKZPgVUHqigB_3LVpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:7a:72:52:62:17:6c:ad:49:0f:f4:92:c6:af:8b:1a:53:7c:
         d7:2e:8b:24:a4:25:36:9c:5d:69:f9:3c:19:eb:4f:5d:6c:c4:
         2c:60:5b:4a:1e:79:ea:3d:81:ac:9b:c9:18:fd:3c:45:88:bb:
         58:96:5c:66:1f:48:7b:96:2e:9b:18:c7:0e:3e:86:2a:cd:5f:
         60:40:4c:1e:82:a7:98:22:38:bd:83:cf:87:7a:f5:30:d6:fb:
         03:65:80:7d:d1:b2:f0:18:08:25:76:c2:9d:84:73:84:5a:8b:
         80:9b:56:bb:02:d6:1d:d5:c5:e0:9f:34:54:e7:58:65:03:27:
         d2:7d:db:26:60:3d:f4:a6:35:d7:fb:a9:8c:69:f7:05:99:f9:
         26:33:20:16:64:76:bf:fd:1f:77:06:70:9c:27:33:7a:df:26:
         f5:90:81:f8:39:28:a5:57:b7:39:b6:16:91:2f:49:41:d9:c4:
         fd:1b:d3:aa:b0:3c:a0:9e:9c:03:ea:3c:cb:a5:2e:c7:d4:5e:
         f8:37:eb:61:6a:15:1b:75:33:3e:42:11:f8:3f:99:4c:21:55:
         c1:16:65:03:4f:3a:0c:c4:76:24:b9:6d:e4:8f:05:eb:32:47:
         4e:e0:73:c8:f7:77:a0:7d:ab:72:3a:20:af:f4:8c:67:95:f4:
         cd:5f:a2:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3qC6k/mffwxmgQkN+CtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MThlOGQ4NmY3YzRkOTEyOTkzZTA1NTQxZWE4YTAwN2ZkY2I1NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UQ76hFQEjQknxxCmDzs+0W9Lb+w
AjjWkwRYjKZm0Dd3DfcEm+h5Kb8/5IsBKEhfn2Qy62O82gONJJDzbWj/QAS2F4h4
gngmvUWf3Q3VPsMHLpdwskGjRYeW/RDNslHDmv7hNBCzHDNS57iAcO0HM7gyCy++
9AjStlmLcbJ+thBKy+hFZwMZSn8NQ9Hz1AzRoAqeSJPkmv24bEacPoPqmwo4hHEW
Qqd3yPPb1/UfGbC4K8C9/QhkiImy8U1Yvsf0173mhQNPj9fe8Y+6ZuYHmVqXxLPr
Qb7hllHTIGPeOuRIEUvmNH3KIEKujAj1/T6wtmdxBKw2vOONI61eUEZD9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGOjYb3xNkSmT4FVB6ooAf9y1aSMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvWVk2Tmh2ZkUyUktaUGdWVUhxaWdCXzNMVnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmtlMA0G
CSqGSIb3DQEBCwUAA4IBAQB+enJSYhdsrUkP9JLGr4saU3zXLoskpCU2nF1p+TwZ
609dbMQsYFtKHnnqPYGsm8kY/TxFiLtYllxmH0h7li6bGMcOPoYqzV9gQEwegqeY
Iji9g8+HevUw1vsDZYB90bLwGAgldsKdhHOEWouAm1a7AtYd1cXgnzRU51hlAyfS
fdsmYD30pjXX+6mMafcFmfkmMyAWZHa//R93BnCcJzN63yb1kIH4OSilV7c5thaR
L0lB2cT9G9OqsDygnpwD6jzLpS7H1F74N+thahUbdTM+QhH4P5lMIVXBFmUDTzoM
xHYkuW3kjwXrMkdO4HPI93egfatyOiCv9IxnlfTNX6Ly
-----END CERTIFICATE-----