Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ykHSENyvKsKefGWx6YSHS-1G_aI.roa
File:                     ykHSENyvKsKefGWx6YSHS-1G_aI.roa (raw, json)
Hash identifier:          Okno4VTba1jScYHmt3+cx2fkCKap6IogTXWe5uf1wVg=
Subject key identifier:   CA:41:D2:10:DC:AF:2A:C2:9E:7C:65:B1:E9:84:87:4B:ED:46:FD:A2
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE3B53B48843E775411BD299CAA8D
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ykHSENyvKsKefGWx6YSHS-1G_aI.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205990
IP address blocks:        81.15.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:b5:3b:48:84:3e:77:54:11:bd:29:9c:aa:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca41d210dcaf2ac29e7c65b1e984874bed46fda2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:41:f3:52:18:c4:5b:a3:cd:76:55:1e:4d:7b:
                    25:54:a5:2a:71:dc:82:71:21:58:7c:69:77:58:85:
                    cc:38:10:31:54:aa:f8:25:dd:b6:36:07:d8:3f:76:
                    9e:59:ba:1f:9d:c2:37:0e:65:1e:da:9d:44:5e:86:
                    04:39:5b:f7:2b:a9:08:d2:5d:0c:6f:42:78:23:43:
                    00:fa:f8:2e:1b:5a:c7:09:9b:98:06:cd:92:79:10:
                    04:70:e8:b0:d5:fb:ad:1b:17:07:35:fe:4e:2e:81:
                    70:7c:2f:7b:b8:4d:cb:c9:4a:8e:a0:08:a8:3e:0b:
                    36:e1:a3:87:57:b6:fc:76:f9:37:11:c6:8a:2e:5d:
                    ad:2e:dd:34:7e:3a:2f:e1:03:c7:f8:f0:dc:c8:ef:
                    1b:07:87:46:85:74:8a:9b:f2:07:c9:75:6f:56:10:
                    27:f6:a9:46:36:aa:ae:b7:82:49:73:af:47:72:fc:
                    d9:88:fd:fe:84:dd:34:28:9c:1d:33:aa:39:0e:b0:
                    8d:a0:a6:8c:d1:4f:97:46:40:a2:16:3d:f5:28:56:
                    de:f4:47:3d:ad:ab:4d:54:53:0e:c0:be:22:7d:ff:
                    2c:e7:7e:aa:f4:26:79:35:63:e4:91:d0:b6:1a:a0:
                    5c:32:82:28:ed:50:a5:07:d6:20:97:00:29:2d:8d:
                    93:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:41:D2:10:DC:AF:2A:C2:9E:7C:65:B1:E9:84:87:4B:ED:46:FD:A2
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/ykHSENyvKsKefGWx6YSHS-1G_aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:2c:79:62:ca:df:e6:84:f8:6d:2e:d3:c2:8a:37:d6:3b:f4:
         87:2e:ae:be:58:0e:aa:23:2d:0b:04:61:c4:e8:08:31:3f:ed:
         be:07:e3:d1:43:af:4f:a0:11:b6:d8:a1:9e:ad:65:f8:da:ac:
         eb:e5:68:bf:f7:86:41:94:c9:6a:88:b0:08:00:5b:bc:52:65:
         16:76:0c:23:be:2c:f8:5e:f1:77:42:67:f5:17:40:92:d7:cf:
         2d:19:23:1a:18:8f:ca:15:e6:a6:93:39:3d:ab:23:96:18:05:
         7b:85:46:d2:0d:a3:1b:5f:e5:75:11:90:91:ae:63:ab:fb:16:
         ed:4f:44:18:7e:34:a6:15:41:52:d9:cf:ca:47:0a:07:6e:68:
         6e:44:8b:47:c6:56:28:d1:de:09:92:c1:a0:99:5c:a8:b8:72:
         48:9d:ae:90:2e:99:42:77:63:6f:ae:79:b2:d8:98:3e:02:09:
         24:0c:05:34:e8:39:40:fe:d3:3c:ce:70:4f:5c:03:18:b0:58:
         77:07:6f:d5:f8:50:ce:a7:75:6b:e2:c0:92:63:42:a9:c6:8c:
         e9:30:c5:98:c0:75:ea:32:a1:44:0d:6d:86:59:60:36:63:63:
         89:0d:86:9f:f9:9e:54:f1:b6:59:90:ed:f8:7c:70:2f:db:99:
         4c:45:57:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uO1O0iEPndUEb0pnKqNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQxZDIxMGRjYWYyYWMyOWU3YzY1YjFlOTg0ODc0YmVkNDZmZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0HzUhjEW6PNdlUeTXslVKUqcdyC
cSFYfGl3WIXMOBAxVKr4Jd22NgfYP3aeWbofncI3DmUe2p1EXoYEOVv3K6kI0l0M
b0J4I0MA+vguG1rHCZuYBs2SeRAEcOiw1futGxcHNf5OLoFwfC97uE3LyUqOoAio
Pgs24aOHV7b8dvk3EcaKLl2tLt00fjov4QPH+PDcyO8bB4dGhXSKm/IHyXVvVhAn
9qlGNqqut4JJc69HcvzZiP3+hN00KJwdM6o5DrCNoKaM0U+XRkCiFj31KFbe9Ec9
ratNVFMOwL4iff8s536q9CZ5NWPkkdC2GqBcMoIo7VClB9YglwApLY2TUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMpB0hDcryrCnnxlsemEh0vtRv2iMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEveWtIU0VOeXZLc0tlZkdXeDZZU0hTLTFHX2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ/ZMA0G
CSqGSIb3DQEBCwUAA4IBAQB/LHliyt/mhPhtLtPCijfWO/SHLq6+WA6qIy0LBGHE
6AgxP+2+B+PRQ69PoBG22KGerWX42qzr5Wi/94ZBlMlqiLAIAFu8UmUWdgwjviz4
XvF3Qmf1F0CS188tGSMaGI/KFeamkzk9qyOWGAV7hUbSDaMbX+V1EZCRrmOr+xbt
T0QYfjSmFUFS2c/KRwoHbmhuRItHxlYo0d4JksGgmVyouHJIna6QLplCd2Nvrnmy
2Jg+AgkkDAU06DlA/tM8znBPXAMYsFh3B2/V+FDOp3Vr4sCSY0KpxozpMMWYwHXq
MqFEDW2GWWA2Y2OJDYaf+Z5U8bZZkO34fHAv25lMRVf2
-----END CERTIFICATE-----