Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/ydY7qszxEAcWukTyY1abi1XkWiU.roa
File:                     ydY7qszxEAcWukTyY1abi1XkWiU.roa (raw, json)
Hash identifier:          5H3xbxoUlAO1rkWR9Ml6fk2ysYVAiajgdLVGpheSWZ0=
Subject key identifier:   C9:D6:3B:AA:CC:F1:10:07:16:BA:44:F2:63:56:9B:8B:55:E4:5A:25
Certificate issuer:       /CN=3b477a62607fb94c8e23b5a062c78d93df9cbd69
Certificate serial:       018CC26D00E075EFD5D94F2389147AB7B68A
Authority key identifier: 3B:47:7A:62:60:7F:B9:4C:8E:23:B5:A0:62:C7:8D:93:DF:9C:BD:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0d6YmB_uUyOI7WgYseNk9-cvWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/ydY7qszxEAcWukTyY1abi1XkWiU.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34469
IP address blocks:        85.158.222.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/O0d6YmB_uUyOI7WgYseNk9-cvWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/O0d6YmB_uUyOI7WgYseNk9-cvWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0d6YmB_uUyOI7WgYseNk9-cvWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:00:e0:75:ef:d5:d9:4f:23:89:14:7a:b7:b6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b477a62607fb94c8e23b5a062c78d93df9cbd69
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9d63baaccf1100716ba44f263569b8b55e45a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:88:19:c3:76:a1:e6:7c:d8:26:f1:f3:f9:1c:
                    2f:d6:90:d0:4b:83:0c:c7:b3:ee:2e:a7:62:d1:ee:
                    72:85:70:9c:6a:c3:f4:20:33:96:db:d8:ce:8f:c1:
                    1a:9f:32:e3:1f:37:bb:c1:49:1f:b1:50:2b:51:b0:
                    9e:63:9f:33:92:af:b2:01:47:23:35:1f:67:df:e7:
                    88:9c:d6:ff:75:ff:69:7f:7e:db:76:37:47:0b:d0:
                    4b:52:b1:af:fc:4c:d7:1b:5d:18:d5:09:9f:ec:99:
                    d8:22:2a:10:d2:98:a7:c0:57:13:2f:63:1a:ad:4e:
                    74:a6:8d:0d:9b:45:50:b9:d3:21:79:d1:37:20:e9:
                    d8:6d:70:aa:72:e1:18:ca:3a:c7:59:d0:c3:9e:d6:
                    64:e5:fe:15:23:6f:52:33:75:2e:35:cb:60:b6:9b:
                    3c:31:88:ef:f7:e6:4f:b6:82:6d:42:9b:f7:13:ce:
                    94:c5:6b:84:80:2b:d0:6f:da:7f:56:22:03:bc:e7:
                    4c:a7:0b:83:29:15:bf:a0:82:a6:60:0e:89:c4:c8:
                    03:86:b5:b7:4c:36:4c:4d:7a:6c:10:a0:17:25:97:
                    e4:0d:11:3c:a1:73:c9:f0:35:c3:26:6a:ae:c2:25:
                    fb:40:f4:da:b9:17:54:75:53:68:5e:5f:93:f3:98:
                    35:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D6:3B:AA:CC:F1:10:07:16:BA:44:F2:63:56:9B:8B:55:E4:5A:25
            X509v3 Authority Key Identifier:
                keyid:3B:47:7A:62:60:7F:B9:4C:8E:23:B5:A0:62:C7:8D:93:DF:9C:BD:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0d6YmB_uUyOI7WgYseNk9-cvWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/ydY7qszxEAcWukTyY1abi1XkWiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/f33379-63d9-4f2b-8e65-30a6c3af9095/1/O0d6YmB_uUyOI7WgYseNk9-cvWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:33:fc:1e:8e:54:fe:10:50:d6:a5:6d:8c:43:cc:56:8d:9c:
         b3:9f:68:72:f4:8c:29:8a:11:d2:b8:1a:35:19:e7:e4:69:a9:
         1a:41:01:48:4f:c4:4a:67:95:fa:34:24:e2:38:4e:ac:62:d2:
         a6:3f:1e:53:c9:79:64:fb:27:59:90:c1:13:80:ea:f2:7f:d8:
         b2:b7:06:82:27:31:8c:8b:03:ae:3c:a0:43:44:1c:b9:63:73:
         b9:b9:57:14:42:4e:c3:24:55:c5:51:75:dd:d3:c0:55:d0:b1:
         d2:f8:46:42:a1:82:a7:a8:ec:c6:f1:b3:04:41:36:2a:64:86:
         5d:68:f5:1a:7b:46:c4:82:77:d5:a2:a0:c7:27:ed:a1:9e:a8:
         e9:1b:9e:d1:f6:43:82:5f:e5:fb:23:f3:d2:d4:a8:c0:f3:c5:
         50:59:50:f6:0c:fc:d9:ae:dc:45:84:4e:e5:b8:4d:99:28:74:
         00:30:43:85:4c:14:89:e3:8e:2a:ce:ad:4d:d7:16:48:a9:92:
         24:1e:28:6f:d2:6a:18:11:b6:95:16:d6:d0:68:fe:a4:57:a2:
         cd:a3:c4:1b:08:5d:06:8e:be:a2:07:db:5c:6e:db:1b:ae:3c:
         df:34:e3:ab:b9:67:6c:42:5e:e8:7a:09:96:13:80:e8:c6:c4:
         bb:c2:1c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQDgde/V2U8jiRR6t7aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc3YTYyNjA3ZmI5NGM4ZTIzYjVhMDYyYzc4ZDkzZGY5
Y2JkNjkwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ2M2JhYWNjZjExMDA3MTZiYTQ0ZjI2MzU2OWI4YjU1ZTQ1YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYgZw3ah5nzYJvHz+Rwv1pDQS4MM
x7PuLqdi0e5yhXCcasP0IDOW29jOj8EanzLjHze7wUkfsVArUbCeY58zkq+yAUcj
NR9n3+eInNb/df9pf37bdjdHC9BLUrGv/EzXG10Y1Qmf7JnYIioQ0pinwFcTL2Ma
rU50po0Nm0VQudMhedE3IOnYbXCqcuEYyjrHWdDDntZk5f4VI29SM3UuNctgtps8
MYjv9+ZPtoJtQpv3E86UxWuEgCvQb9p/ViIDvOdMpwuDKRW/oIKmYA6JxMgDhrW3
TDZMTXpsEKAXJZfkDRE8oXPJ8DXDJmquwiX7QPTauRdUdVNoXl+T85g1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnWO6rM8RAHFrpE8mNWm4tV5FolMB8GA1UdIwQY
MBaAFDtHemJgf7lMjiO1oGLHjZPfnL1pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkNlltQl91VXlPSTdXZ1lzZU5rOS1jdldrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9mMzMzNzktNjNkOS00ZjJiLThlNjUt
MzBhNmMzYWY5MDk1LzEveWRZN3FzenhFQWNXdWtUeVkxYWJpMVhrV2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9mMzMzNzktNjNkOS00ZjJiLThlNjUtMzBhNmMzYWY5MDk1
LzEvTzBkNlltQl91VXlPSTdXZ1lzZU5rOS1jdldrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVZ7eMA0G
CSqGSIb3DQEBCwUAA4IBAQCAM/wejlT+EFDWpW2MQ8xWjZyzn2hy9IwpihHSuBo1
GefkaakaQQFIT8RKZ5X6NCTiOE6sYtKmPx5TyXlk+ydZkMETgOryf9iytwaCJzGM
iwOuPKBDRBy5Y3O5uVcUQk7DJFXFUXXd08BV0LHS+EZCoYKnqOzG8bMEQTYqZIZd
aPUae0bEgnfVoqDHJ+2hnqjpG57R9kOCX+X7I/PS1KjA88VQWVD2DPzZrtxFhE7l
uE2ZKHQAMEOFTBSJ444qzq1N1xZIqZIkHihv0moYEbaVFtbQaP6kV6LNo8QbCF0G
jr6iB9tcbtsbrjzfNOOruWdsQl7oegmWE4DoxsS7whyr
-----END CERTIFICATE-----