Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TY-IB9ZVncfGcU2O8eJb7UrjOsI.roa
File:                     TY-IB9ZVncfGcU2O8eJb7UrjOsI.roa (raw, json)
Hash identifier:          Q88oi3M455i8e70pgS4DwOGsYMcs+PziJs3hGq1y4pM=
Subject key identifier:   4D:8F:88:07:D6:55:9D:C7:C6:71:4D:8E:F1:E2:5B:ED:4A:E3:3A:C2
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79556B09342C80C6901719CD1DB0D18
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TY-IB9ZVncfGcU2O8eJb7UrjOsI.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51626
IP address blocks:        89.40.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:56:b0:93:42:c8:0c:69:01:71:9c:d1:db:0d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d8f8807d6559dc7c6714d8ef1e25bed4ae33ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:de:11:2d:f9:f7:11:9e:db:96:6d:97:10:8b:
                    05:2d:3c:65:e4:c6:78:93:e1:af:d1:b1:97:2d:3e:
                    3f:da:af:a3:cf:b6:08:bd:6f:12:3a:09:c5:b2:fb:
                    37:71:df:2e:af:39:7e:b9:96:33:7a:66:db:0f:7d:
                    2b:a1:23:79:fa:da:93:14:5f:e0:07:1f:40:ca:16:
                    8a:e7:50:53:49:fc:5e:1e:1a:d7:7f:44:34:2f:5f:
                    0f:23:73:b0:07:54:b4:22:e9:cf:e8:79:e5:1d:3c:
                    a0:02:c3:38:2d:6a:19:c1:8c:45:50:db:70:ea:6f:
                    b3:fd:43:d7:c4:6f:83:2d:32:9e:13:2e:aa:45:93:
                    cb:b8:c4:57:d1:ba:3e:a7:37:81:90:8e:9a:de:1d:
                    c5:96:e8:25:9e:f0:48:d4:ce:32:27:c5:e0:1b:3d:
                    be:45:1f:53:b4:39:79:d5:de:e5:8e:50:63:fe:e5:
                    1b:09:02:f0:3f:66:fc:88:79:56:59:77:59:f1:48:
                    1d:15:3e:f5:b2:6a:a4:11:fe:29:c5:78:9b:0a:cf:
                    05:28:5b:7b:42:f6:a8:d7:10:d8:9a:58:fa:65:b5:
                    24:5f:70:1e:34:14:c8:09:4c:3d:71:63:df:3f:25:
                    a6:d1:9b:30:c8:90:3e:5f:04:f5:c3:80:10:90:96:
                    13:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:8F:88:07:D6:55:9D:C7:C6:71:4D:8E:F1:E2:5B:ED:4A:E3:3A:C2
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/TY-IB9ZVncfGcU2O8eJb7UrjOsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.40.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:4c:d6:49:21:10:79:c8:06:d2:44:28:d8:37:ae:70:9f:ca:
         3d:de:91:90:ba:cd:b8:24:b2:07:3b:ad:46:14:55:31:3f:d9:
         a8:7a:21:c5:0a:90:06:60:7c:f9:d6:8d:17:56:28:59:b5:20:
         4e:82:10:ad:a2:3f:7a:34:b4:a3:71:89:71:6a:e5:28:17:24:
         88:95:01:cf:6d:bb:68:fc:a2:e3:27:c0:eb:c3:6a:5f:f8:0f:
         9c:09:d0:7a:1d:98:78:6a:57:e3:de:15:c3:ae:39:95:5a:dc:
         e3:3a:20:de:86:38:26:3b:86:1f:4e:1e:c7:a8:89:1e:22:3b:
         49:b0:bd:1d:22:d0:b3:a0:b9:22:3f:ac:7d:58:47:3b:6f:0e:
         17:46:42:bc:b9:c5:03:60:3b:f1:69:cc:76:bf:cc:cf:3a:6d:
         49:67:16:e6:f8:32:41:2a:a7:94:93:9b:09:6f:00:65:65:da:
         aa:06:48:b0:f2:63:2a:0f:6a:31:db:35:db:d4:8d:99:90:db:
         3e:1b:87:44:e9:b9:85:8d:70:ab:5a:f5:1a:fa:46:53:ed:b4:
         22:99:b7:cb:02:0e:a9:10:4d:e6:f7:06:7e:b7:4d:1d:93:db:
         d3:01:18:40:5f:8e:34:39:09:78:5e:92:51:43:6a:c4:f3:81:
         e1:8e:aa:4c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVawk0LIDGkBcZzR2w0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDhmODgwN2Q2NTU5ZGM3YzY3MTRkOGVmMWUyNWJlZDRhZTMzYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut4RLfn3EZ7blm2XEIsFLTxl5MZ4
k+Gv0bGXLT4/2q+jz7YIvW8SOgnFsvs3cd8urzl+uZYzembbD30roSN5+tqTFF/g
Bx9AyhaK51BTSfxeHhrXf0Q0L18PI3OwB1S0IunP6HnlHTygAsM4LWoZwYxFUNtw
6m+z/UPXxG+DLTKeEy6qRZPLuMRX0bo+pzeBkI6a3h3FluglnvBI1M4yJ8XgGz2+
RR9TtDl51d7ljlBj/uUbCQLwP2b8iHlWWXdZ8UgdFT71smqkEf4pxXibCs8FKFt7
Qvao1xDYmlj6ZbUkX3AeNBTICUw9cWPfPyWm0ZswyJA+XwT1w4AQkJYTvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE2PiAfWVZ3HxnFNjvHiW+1K4zrCMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1RZLUlCOVpWbmNmR2NVMk84ZUpiN1Vyak9zSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJZKGQw
DQYJKoZIhvcNAQELBQADggEBAB1M1kkhEHnIBtJEKNg3rnCfyj3ekZC6zbgksgc7
rUYUVTE/2ah6IcUKkAZgfPnWjRdWKFm1IE6CEK2iP3o0tKNxiXFq5SgXJIiVAc9t
u2j8ouMnwOvDal/4D5wJ0HodmHhqV+PeFcOuOZVa3OM6IN6GOCY7hh9OHseoiR4i
O0mwvR0i0LOguSI/rH1YRztvDhdGQry5xQNgO/FpzHa/zM86bUlnFub4MkEqp5ST
mwlvAGVl2qoGSLDyYyoPajHbNdvUjZmQ2z4bh0TpuYWNcKta9Rr6RlPttCKZt8sC
DqkQTeb3Bn63TR2T29MBGEBfjjQ5CXheklFDasTzgeGOqkw=
-----END CERTIFICATE-----