Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/yil-i8cAnOl5qnTClU7qPnqdIuU.roa
File:                     yil-i8cAnOl5qnTClU7qPnqdIuU.roa (raw, json)
Hash identifier:          EymTDlfA1ToaMHTTSx0gGlKgcMeq9SrJOmk8zxrHtBY=
Subject key identifier:   CA:29:7E:8B:C7:00:9C:E9:79:AA:74:C2:95:4E:EA:3E:7A:9D:22:E5
Certificate issuer:       /CN=b360f0097be481c21bb1d51c85d44f6574158aa9
Certificate serial:       018D87D6C456BB36A9C61C78C04DBC71B420
Authority key identifier: B3:60:F0:09:7B:E4:81:C2:1B:B1:D5:1C:85:D4:4F:65:74:15:8A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/yil-i8cAnOl5qnTClU7qPnqdIuU.roa
Signing time:             Thu 08 Feb 2024 08:30:15 +0000
ROA not before:           Thu 08 Feb 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a14:2a00:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:d6:c4:56:bb:36:a9:c6:1c:78:c0:4d:bc:71:b4:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b360f0097be481c21bb1d51c85d44f6574158aa9
        Validity
            Not Before: Feb  8 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca297e8bc7009ce979aa74c2954eea3e7a9d22e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:d4:43:a8:c5:18:a1:9b:24:d3:48:3a:be:
                    fc:67:fe:e0:e4:51:48:f7:55:2b:99:26:0e:18:cd:
                    26:18:9c:c0:ef:5e:ba:20:02:80:15:70:9d:74:df:
                    7f:69:63:15:59:41:21:71:a2:98:f8:a7:89:1c:1a:
                    f2:17:e4:1c:80:66:40:f3:63:12:f3:75:84:1a:b7:
                    06:c9:45:b4:5f:7e:a4:e9:72:19:8a:52:22:04:49:
                    05:61:2e:ee:a8:1f:3f:ed:53:d2:80:7e:51:92:ee:
                    9f:a5:86:72:06:2d:38:ad:fe:0b:7d:7c:f1:73:8d:
                    71:9e:0c:94:4e:bd:ce:39:29:c4:ee:60:59:f6:f3:
                    fb:e9:a4:da:61:85:0a:8c:14:3c:19:bf:e6:22:eb:
                    bd:85:80:59:c0:36:02:73:bd:7c:ed:81:e8:7d:41:
                    1b:de:81:4c:41:0f:c3:a1:00:54:00:a1:b4:6a:65:
                    d2:33:31:11:cb:90:a0:02:b9:8e:1f:32:0c:e0:9c:
                    76:bc:7b:7c:4f:6e:28:2a:dc:86:f6:b8:d1:2e:4a:
                    e4:d7:4d:3a:66:ca:c9:fb:ba:98:c9:3f:4e:f0:4d:
                    20:f4:a1:8c:b0:3f:36:c4:e4:b2:cb:4f:c9:82:78:
                    74:08:1e:0e:58:26:90:9f:63:c5:23:09:35:25:c6:
                    0f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:29:7E:8B:C7:00:9C:E9:79:AA:74:C2:95:4E:EA:3E:7A:9D:22:E5
            X509v3 Authority Key Identifier:
                keyid:B3:60:F0:09:7B:E4:81:C2:1B:B1:D5:1C:85:D4:4F:65:74:15:8A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/yil-i8cAnOl5qnTClU7qPnqdIuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2a00:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:09:3a:be:eb:da:1d:c7:18:bd:7d:b2:0d:cc:6e:2d:d6:9b:
         dd:4a:4d:69:67:64:6b:b1:cc:92:e1:fc:04:a2:7a:de:a6:27:
         85:a9:49:90:2f:27:c3:8a:93:d4:78:ee:e1:2a:ab:ea:a5:ad:
         8c:7f:77:75:a4:36:48:98:1b:de:0d:d3:82:da:37:c3:29:17:
         ac:02:f2:56:36:0a:77:01:2b:4a:72:bf:5a:43:cd:46:17:34:
         fc:15:c0:ef:89:7e:56:9c:ca:f3:09:8a:4d:81:a4:1f:aa:2e:
         c8:d8:0c:a4:98:83:17:35:b0:68:60:d9:c9:a8:cd:c8:31:e4:
         5f:c9:d9:d7:cd:bf:95:c1:24:b9:ef:d0:1f:7e:a2:8b:37:e2:
         4f:14:69:3a:ea:23:91:80:a4:9e:4a:be:b4:48:49:e5:96:4d:
         16:75:ae:28:6f:b8:bd:ff:28:c6:c4:7c:62:5d:cb:c6:21:c3:
         c9:72:8a:bb:59:4e:77:c6:69:fb:30:0f:9d:c2:2a:59:83:b0:
         f7:33:22:22:f6:32:bd:2a:7d:98:5a:d6:e4:a1:3b:fc:9b:a9:
         07:b7:2e:f1:f8:37:c1:23:0f:c3:3d:86:75:64:bb:a5:ab:dd:
         ca:63:76:e5:a1:80:b3:86:7e:28:fc:54:04:b1:5c:84:21:e1:
         8c:6f:4a:bb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY2H1sRWuzapxhx4wE28cbQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjBmMDA5N2JlNDgxYzIxYmIxZDUxYzg1ZDQ0ZjY1NzQx
NThhYTkwHhcNMjQwMjA4MDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI5N2U4YmM3MDA5Y2U5NzlhYTc0YzI5NTRlZWEzZTdhOWQyMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5HUQ6jFGKGbJNNIOr78Z/7g5FFI
91UrmSYOGM0mGJzA7166IAKAFXCddN9/aWMVWUEhcaKY+KeJHBryF+QcgGZA82MS
83WEGrcGyUW0X36k6XIZilIiBEkFYS7uqB8/7VPSgH5Rku6fpYZyBi04rf4LfXzx
c41xngyUTr3OOSnE7mBZ9vP76aTaYYUKjBQ8Gb/mIuu9hYBZwDYCc7187YHofUEb
3oFMQQ/DoQBUAKG0amXSMzERy5CgArmOHzIM4Jx2vHt8T24oKtyG9rjRLkrk1006
ZsrJ+7qYyT9O8E0g9KGMsD82xOSyy0/Jgnh0CB4OWCaQn2PFIwk1JcYP9QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMopfovHAJzpeap0wpVO6j56nSLlMB8GA1UdIwQY
MBaAFLNg8Al75IHCG7HVHIXUT2V0FYqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJEd0NYdmtnY0lic2RVY2hkUlBaWFFWaXFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80YWE1YTctOGJlYy00MjQ3LWExNWYt
NWEzNjEyMzUyYjM3LzEveWlsLWk4Y0FuT2w1cW5UQ2xVN3FQbnFkSXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80YWE1YTctOGJlYy00MjQ3LWExNWYtNWEzNjEyMzUyYjM3
LzEvczJEd0NYdmtnY0lic2RVY2hkUlBaWFFWaXFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhQqAAEw
DQYJKoZIhvcNAQELBQADggEBAHIJOr7r2h3HGL19sg3Mbi3Wm91KTWlnZGuxzJLh
/ASiet6mJ4WpSZAvJ8OKk9R47uEqq+qlrYx/d3WkNkiYG94N04LaN8MpF6wC8lY2
CncBK0pyv1pDzUYXNPwVwO+JflacyvMJik2BpB+qLsjYDKSYgxc1sGhg2cmozcgx
5F/J2dfNv5XBJLnv0B9+oos34k8UaTrqI5GApJ5KvrRISeWWTRZ1rihvuL3/KMbE
fGJdy8Yhw8lyirtZTnfGafswD53CKlmDsPczIiL2Mr0qfZha1uShO/ybqQe3LvH4
N8EjD8M9hnVku6Wr3cpjduWhgLOGfij8VASxXIQh4YxvSrs=
-----END CERTIFICATE-----