Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/YuwvJBtWxlM8vAk90hOVeC7JLiw.roa
File:                     YuwvJBtWxlM8vAk90hOVeC7JLiw.roa (raw, json)
Hash identifier:          12qmS/l0gtLMTPx3S8FR8/By4/iazu1cUPgDGrEXIvc=
Subject key identifier:   62:EC:2F:24:1B:56:C6:53:3C:BC:09:3D:D2:13:95:78:2E:C9:2E:2C
Certificate issuer:       /CN=3a5d3ce819a08150500a8f4a2df79eb70145d158
Certificate serial:       019349FEB7373E2658D5C66CD922B0B62B95
Authority key identifier: 3A:5D:3C:E8:19:A0:81:50:50:0A:8F:4A:2D:F7:9E:B7:01:45:D1:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ol086BmggVBQCo9KLfeetwFF0Vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/YuwvJBtWxlM8vAk90hOVeC7JLiw.roa
Signing time:             Wed 20 Nov 2024 14:34:09 +0000
ROA not before:           Wed 20 Nov 2024 14:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215025
IP address blocks:        185.226.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/Ol086BmggVBQCo9KLfeetwFF0Vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/Ol086BmggVBQCo9KLfeetwFF0Vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ol086BmggVBQCo9KLfeetwFF0Vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:fe:b7:37:3e:26:58:d5:c6:6c:d9:22:b0:b6:2b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a5d3ce819a08150500a8f4a2df79eb70145d158
        Validity
            Not Before: Nov 20 14:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62ec2f241b56c6533cbc093dd21395782ec92e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a3:35:ea:fd:d0:28:c6:fe:99:34:cc:52:67:
                    2b:f5:9f:89:8b:c0:45:d6:32:fc:9d:01:ec:65:80:
                    b0:61:65:f5:92:9d:b0:be:fe:47:aa:0d:2e:d2:84:
                    a5:71:96:4a:75:46:99:c1:79:30:eb:2f:41:91:fe:
                    15:20:fc:1c:8f:57:c5:e0:9f:e3:08:a7:f3:53:55:
                    40:cd:78:0b:52:97:5e:c9:39:d3:d4:b6:f8:d2:8a:
                    83:af:74:17:08:ad:32:2d:0d:16:18:e7:33:7c:84:
                    fe:b7:96:71:f7:cb:4f:56:e7:f1:e8:96:dd:73:1a:
                    68:af:64:d7:f4:ef:f4:0a:d2:78:3b:be:72:83:fe:
                    b0:df:fd:f1:c1:db:af:98:6d:20:15:8f:ff:39:9a:
                    67:58:d2:c0:d3:69:47:24:85:64:11:af:d6:e2:ea:
                    9c:b6:4a:1e:c5:e3:c5:7d:d6:62:b8:bc:de:86:d2:
                    50:31:24:34:22:14:f7:79:7c:2c:90:80:7e:62:db:
                    ab:1a:1d:6d:ff:7a:c7:96:0d:98:9f:9b:6d:d4:d0:
                    4b:a4:1b:f8:e7:d3:4a:cb:85:37:64:f5:3d:36:44:
                    74:94:2b:16:7e:d4:6a:04:9f:9e:0f:26:73:69:1f:
                    78:0e:82:9b:31:1a:7f:e8:5f:8d:e6:2e:a6:c3:e9:
                    72:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:EC:2F:24:1B:56:C6:53:3C:BC:09:3D:D2:13:95:78:2E:C9:2E:2C
            X509v3 Authority Key Identifier:
                keyid:3A:5D:3C:E8:19:A0:81:50:50:0A:8F:4A:2D:F7:9E:B7:01:45:D1:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol086BmggVBQCo9KLfeetwFF0Vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/YuwvJBtWxlM8vAk90hOVeC7JLiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d8fdcf-954f-4e72-8e2c-abaec82bd8bb/1/Ol086BmggVBQCo9KLfeetwFF0Vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:b6:66:33:94:2f:53:ac:7b:ed:14:77:34:70:40:0d:54:5b:
         a0:b3:ef:86:db:bb:ae:5d:bb:e5:03:8f:68:4f:9d:1d:cd:27:
         7d:87:93:a3:6f:d7:75:36:17:93:e3:51:22:5d:8e:0b:38:fd:
         27:b6:0b:4f:90:e4:bd:a8:d5:68:d2:22:4b:2f:81:f0:9a:32:
         10:aa:a9:e4:75:ac:21:5f:2b:08:c5:29:96:d7:b7:84:d2:8e:
         8f:7d:e2:32:0c:e5:fc:63:ed:09:50:86:57:4e:f3:ec:63:0c:
         3b:0a:de:8d:14:8e:0e:61:f2:2e:c5:8b:20:1b:7c:00:4b:03:
         7f:27:d7:97:9b:4f:f7:92:6f:ea:2c:a9:36:7a:e3:51:45:79:
         58:f4:65:6d:a1:57:2f:ba:6b:ff:29:e8:71:1d:63:41:5c:31:
         b2:b4:3e:72:3b:51:e7:b9:5b:82:4d:1b:47:87:5f:73:a1:2d:
         0a:4c:4b:7c:16:2d:85:aa:ec:70:e8:7b:a9:96:d4:cd:7d:a1:
         b3:d7:3e:2f:a3:d2:80:ce:58:d7:2b:bd:7a:f4:60:c0:5f:ca:
         0e:57:b0:08:9e:fe:c7:47:11:00:f1:d6:c8:c1:b7:33:b9:8d:
         f3:b0:9b:44:81:82:c9:43:e8:9a:cc:c7:75:b4:89:b1:8e:02:
         63:27:72:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNJ/rc3PiZY1cZs2SKwtiuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWQzY2U4MTlhMDgxNTA1MDBhOGY0YTJkZjc5ZWI3MDE0
NWQxNTgwHhcNMjQxMTIwMTQzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmVjMmYyNDFiNTZjNjUzM2NiYzA5M2RkMjEzOTU3ODJlYzkyZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6M16v3QKMb+mTTMUmcr9Z+Ji8BF
1jL8nQHsZYCwYWX1kp2wvv5Hqg0u0oSlcZZKdUaZwXkw6y9Bkf4VIPwcj1fF4J/j
CKfzU1VAzXgLUpdeyTnT1Lb40oqDr3QXCK0yLQ0WGOczfIT+t5Zx98tPVufx6Jbd
cxpor2TX9O/0CtJ4O75yg/6w3/3xwduvmG0gFY//OZpnWNLA02lHJIVkEa/W4uqc
tkoexePFfdZiuLzehtJQMSQ0IhT3eXwskIB+YturGh1t/3rHlg2Yn5tt1NBLpBv4
59NKy4U3ZPU9NkR0lCsWftRqBJ+eDyZzaR94DoKbMRp/6F+N5i6mw+lytQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLsLyQbVsZTPLwJPdITlXguyS4sMB8GA1UdIwQY
MBaAFDpdPOgZoIFQUAqPSi33nrcBRdFYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2wwODZCbWdnVkJRQ285S0xmZWV0d0ZGMFZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kOGZkY2YtOTU0Zi00ZTcyLThlMmMt
YWJhZWM4MmJkOGJiLzEvWXV3dkpCdFd4bE04dkFrOTBoT1ZlQzdKTGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kOGZkY2YtOTU0Zi00ZTcyLThlMmMtYWJhZWM4MmJkOGJi
LzEvT2wwODZCbWdnVkJRQ285S0xmZWV0d0ZGMFZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueJZMA0G
CSqGSIb3DQEBCwUAA4IBAQAWtmYzlC9TrHvtFHc0cEANVFugs++G27uuXbvlA49o
T50dzSd9h5Ojb9d1NheT41EiXY4LOP0ntgtPkOS9qNVo0iJLL4HwmjIQqqnkdawh
XysIxSmW17eE0o6PfeIyDOX8Y+0JUIZXTvPsYww7Ct6NFI4OYfIuxYsgG3wASwN/
J9eXm0/3km/qLKk2euNRRXlY9GVtoVcvumv/KehxHWNBXDGytD5yO1HnuVuCTRtH
h19zoS0KTEt8Fi2Fquxw6HupltTNfaGz1z4vo9KAzljXK7169GDAX8oOV7AInv7H
RxEA8dbIwbczuY3zsJtEgYLJQ+iazMd1tImxjgJjJ3KU
-----END CERTIFICATE-----