Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/YP5k89mh7bLmDj0D5bp7x_mHaxU.roa
File:                     YP5k89mh7bLmDj0D5bp7x_mHaxU.roa (raw, json)
Hash identifier:          lXk0U+g4kfLftgkyRO93w0ZPKsq3J49U/dva9AkRGE8=
Subject key identifier:   60:FE:64:F3:D9:A1:ED:B2:E6:0E:3D:03:E5:BA:7B:C7:F9:87:6B:15
Certificate issuer:       /CN=09dcf1e897e598ec3f1ab60bd443328726dedae4
Certificate serial:       01929F86614B3D0582BE2C6DFB2819B3F48F
Authority key identifier: 09:DC:F1:E8:97:E5:98:EC:3F:1A:B6:0B:D4:43:32:87:26:DE:DA:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cdzx6JflmOw_GrYL1EMyhybe2uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/YP5k89mh7bLmDj0D5bp7x_mHaxU.roa
Signing time:             Fri 18 Oct 2024 12:07:16 +0000
ROA not before:           Fri 18 Oct 2024 12:07:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205510
IP address blocks:        185.215.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/Cdzx6JflmOw_GrYL1EMyhybe2uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/Cdzx6JflmOw_GrYL1EMyhybe2uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cdzx6JflmOw_GrYL1EMyhybe2uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:86:61:4b:3d:05:82:be:2c:6d:fb:28:19:b3:f4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09dcf1e897e598ec3f1ab60bd443328726dedae4
        Validity
            Not Before: Oct 18 12:07:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60fe64f3d9a1edb2e60e3d03e5ba7bc7f9876b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c1:0b:57:18:f6:57:8f:e5:e2:97:29:4a:17:
                    dc:96:6b:cb:f7:d4:f9:6e:ea:29:5e:b8:95:f1:ee:
                    4c:be:04:6f:62:37:b4:1f:63:8b:5a:03:7f:3c:4a:
                    77:46:e4:73:8f:5e:aa:ea:b0:b3:21:bd:7a:49:12:
                    91:fb:89:ef:f6:d3:61:d8:fb:bc:9f:89:3a:86:88:
                    d6:d7:dd:1e:0e:50:0e:43:8b:0a:2a:05:ef:af:fa:
                    c0:57:f6:7b:44:4b:46:10:0b:9e:cb:b8:78:f1:9b:
                    2b:a2:d9:e9:24:99:6b:64:5b:76:f8:e8:b1:9e:99:
                    30:58:5f:ba:f2:a9:f4:e5:82:a0:58:ad:67:d8:ba:
                    69:db:5c:62:ba:18:fa:3a:a7:2b:06:df:1c:5b:2f:
                    61:72:f1:d5:ce:94:1f:7a:09:09:bc:e0:44:18:7e:
                    e6:e6:b6:ed:e3:2f:fe:c8:2e:c8:04:e0:f0:3e:b0:
                    ff:79:9c:3e:af:d7:63:42:26:7f:00:bd:32:90:ae:
                    73:57:2e:08:b2:ff:75:30:e8:2f:4a:c5:90:98:f2:
                    cf:9f:75:43:86:1b:b3:cc:ab:b1:7e:91:ec:88:be:
                    07:b7:33:e3:98:9d:6b:dd:b7:9d:b5:65:a6:cd:ab:
                    e7:db:db:cd:04:f1:b4:ee:20:0c:37:a7:85:30:d4:
                    cb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FE:64:F3:D9:A1:ED:B2:E6:0E:3D:03:E5:BA:7B:C7:F9:87:6B:15
            X509v3 Authority Key Identifier:
                keyid:09:DC:F1:E8:97:E5:98:EC:3F:1A:B6:0B:D4:43:32:87:26:DE:DA:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cdzx6JflmOw_GrYL1EMyhybe2uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/YP5k89mh7bLmDj0D5bp7x_mHaxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/Cdzx6JflmOw_GrYL1EMyhybe2uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:bd:39:31:64:0e:7f:d7:ae:93:91:b2:b1:59:03:c2:50:a1:
         93:98:0f:d8:2f:f4:a4:d6:62:05:a1:26:6b:31:15:12:0a:9b:
         54:54:0a:d9:12:3b:c7:88:33:36:c9:4c:e3:f4:83:a9:59:54:
         dd:41:0b:75:3a:7d:b4:c4:5c:94:c7:db:0b:f0:33:e2:8b:65:
         3d:5a:6f:0f:e6:3c:43:b5:1e:63:ae:9d:60:86:ae:da:a4:c1:
         c9:ba:25:94:8b:d5:fe:8c:c6:78:dd:da:7f:7f:b5:0d:06:1b:
         cd:1d:ec:b3:87:07:26:53:21:58:2e:23:e5:8c:55:7a:ac:b4:
         85:fd:b9:99:70:fd:49:ab:97:47:e7:4a:2d:e5:d1:dd:3b:1a:
         e7:56:7f:2b:e0:0f:00:f4:99:2c:f7:59:50:be:0a:1a:86:2e:
         d1:68:00:35:a7:bf:42:b0:fb:eb:ea:12:34:84:6d:92:26:cb:
         52:84:3b:b2:66:6c:6d:c9:12:21:78:3d:39:36:49:a3:dc:a4:
         63:dc:cd:45:67:8d:d6:40:52:a6:a7:ad:5f:10:ba:7f:1a:d7:
         e1:ec:48:46:4c:4a:55:eb:e7:ae:a4:ed:d5:65:f0:06:24:c0:
         a2:56:5e:97:4e:af:97:55:f7:68:1b:c0:1b:3a:2a:9a:97:e0:
         22:66:50:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKfhmFLPQWCvixt+ygZs/SPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZGNmMWU4OTdlNTk4ZWMzZjFhYjYwYmQ0NDMzMjg3MjZk
ZWRhZTQwHhcNMjQxMDE4MTIwNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZlNjRmM2Q5YTFlZGIyZTYwZTNkMDNlNWJhN2JjN2Y5ODc2YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksELVxj2V4/l4pcpShfclmvL99T5
buopXriV8e5MvgRvYje0H2OLWgN/PEp3RuRzj16q6rCzIb16SRKR+4nv9tNh2Pu8
n4k6hojW190eDlAOQ4sKKgXvr/rAV/Z7REtGEAuey7h48ZsrotnpJJlrZFt2+Oix
npkwWF+68qn05YKgWK1n2Lpp21xiuhj6OqcrBt8cWy9hcvHVzpQfegkJvOBEGH7m
5rbt4y/+yC7IBODwPrD/eZw+r9djQiZ/AL0ykK5zVy4Isv91MOgvSsWQmPLPn3VD
hhuzzKuxfpHsiL4HtzPjmJ1r3bedtWWmzavn29vNBPG07iAMN6eFMNTLIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGD+ZPPZoe2y5g49A+W6e8f5h2sVMB8GA1UdIwQY
MBaAFAnc8eiX5ZjsPxq2C9RDMocm3trkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2R6eDZKZmxtT3dfR3JZTDFFTXloeWJlMnVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85YmM0Y2MtYjY0Ni00NzAxLTg5NzUt
NjIzZTE5OWZkYmU5LzEvWVA1azg5bWg3YkxtRGowRDVicDd4X21IYXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85YmM0Y2MtYjY0Ni00NzAxLTg5NzUtNjIzZTE5OWZkYmU5
LzEvQ2R6eDZKZmxtT3dfR3JZTDFFTXloeWJlMnVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudf4MA0G
CSqGSIb3DQEBCwUAA4IBAQCvvTkxZA5/166TkbKxWQPCUKGTmA/YL/Sk1mIFoSZr
MRUSCptUVArZEjvHiDM2yUzj9IOpWVTdQQt1On20xFyUx9sL8DPii2U9Wm8P5jxD
tR5jrp1ghq7apMHJuiWUi9X+jMZ43dp/f7UNBhvNHeyzhwcmUyFYLiPljFV6rLSF
/bmZcP1Jq5dH50ot5dHdOxrnVn8r4A8A9Jks91lQvgoahi7RaAA1p79CsPvr6hI0
hG2SJstShDuyZmxtyRIheD05Nkmj3KRj3M1FZ43WQFKmp61fELp/Gtfh7EhGTEpV
6+eupO3VZfAGJMCiVl6XTq+XVfdoG8AbOiqal+AiZlCN
-----END CERTIFICATE-----