Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Y_r1-1MjdSHPT_cCNbLl-DcVmBU.roa
File:                     Y_r1-1MjdSHPT_cCNbLl-DcVmBU.roa (raw, json)
Hash identifier:          bHUVMHINdyRlefMuYcdWWEA0yqNlsVFdXVyKXFILNBg=
Subject key identifier:   63:FA:F5:FB:53:23:75:21:CF:4F:F7:02:35:B2:E5:F8:37:15:98:15
Certificate issuer:       /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial:       018EF6CA7011242F5AAF3B5288BE63BA25D0
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Y_r1-1MjdSHPT_cCNbLl-DcVmBU.roa
Signing time:             Fri 19 Apr 2024 14:37:25 +0000
ROA not before:           Fri 19 Apr 2024 14:37:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210541
IP address blocks:        31.42.112.0/21 maxlen: 23
                          31.42.116.0/23 maxlen: 23
                          31.42.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:ca:70:11:24:2f:5a:af:3b:52:88:be:63:ba:25:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
        Validity
            Not Before: Apr 19 14:37:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63faf5fb53237521cf4ff70235b2e5f837159815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:06:63:7d:7c:90:e1:11:37:44:47:72:f5:
                    8c:67:56:18:07:77:24:f8:2c:12:80:5e:8a:21:f0:
                    d7:75:ec:f2:9f:0b:b5:a5:f3:67:f2:ea:5f:c1:f1:
                    7d:e0:04:09:49:db:3f:fe:6e:3f:59:cb:c0:a0:5a:
                    e6:dc:56:3d:fd:68:8c:0d:7c:c4:f7:e2:ee:6a:f3:
                    d7:10:e8:97:62:9b:bc:c7:b9:2d:a9:9d:67:23:28:
                    1a:6d:86:c7:0e:ab:90:80:43:7b:1a:0e:22:1f:5f:
                    ae:7b:9b:0d:d8:64:3e:76:10:51:67:8b:76:9d:6d:
                    b3:e1:39:99:3f:14:12:49:6c:d1:25:95:98:ca:c4:
                    02:e6:bc:6f:fd:bd:16:c6:b7:5f:48:ba:cb:0c:c0:
                    09:11:10:22:0f:03:cb:85:ab:3e:12:fc:06:37:da:
                    8a:2f:cd:b6:46:fd:38:59:1c:53:e4:ef:22:0c:de:
                    6d:8c:44:d6:25:d8:42:5a:a2:7e:de:51:20:d5:9e:
                    1b:fb:05:c6:44:b7:ac:f4:c2:24:6f:7a:b7:2c:b4:
                    4c:76:19:05:82:7f:9d:1b:3d:b5:cf:6c:cd:fc:48:
                    f2:8c:80:b4:7d:d5:f2:5e:e6:b3:ca:6f:3d:cb:2a:
                    27:fe:95:43:42:5f:65:bc:64:84:af:c6:98:38:df:
                    e3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FA:F5:FB:53:23:75:21:CF:4F:F7:02:35:B2:E5:F8:37:15:98:15
            X509v3 Authority Key Identifier:
                keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Y_r1-1MjdSHPT_cCNbLl-DcVmBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a2:0a:47:07:04:89:2a:11:3b:9d:82:5d:71:5e:91:0e:cc:9b:
         83:a6:c0:bb:d1:6c:2b:2f:b9:86:11:76:c0:b8:38:e9:f2:dd:
         48:99:9a:8c:9c:6b:12:0a:f1:41:79:27:25:cf:6f:66:f8:08:
         e1:51:70:60:c4:ee:b3:fe:0d:e6:5d:0f:74:51:44:0a:78:c3:
         d8:ad:6f:2d:51:06:f4:5a:d8:09:a9:8e:ec:ee:8f:9f:fa:ef:
         69:1b:9e:b0:32:a4:5f:1d:67:e2:12:70:83:ae:75:e0:52:28:
         10:55:9d:4e:82:5e:90:5b:74:8f:36:91:db:dc:13:fb:8d:3e:
         18:87:3c:6e:b6:aa:e4:66:69:71:5e:6c:d6:55:5f:16:fd:6c:
         72:92:67:8d:86:b7:df:f3:2a:67:30:18:4a:45:f4:4b:dd:5b:
         6e:71:2a:b8:10:82:2b:0f:f9:75:25:90:69:97:b6:8e:9b:52:
         42:d6:fc:9e:ca:d1:e0:33:7e:48:43:63:74:d2:c5:cc:b1:e1:
         c4:9d:dd:e8:66:94:4a:f7:f1:ee:ab:e3:9d:c8:b7:9b:df:b4:
         53:9f:ce:0f:94:5a:0a:70:da:0b:e0:6b:cc:26:05:ec:d7:25:
         0a:e9:c2:63:93:c7:d3:58:c8:2d:fa:85:21:be:af:d9:c2:d6:
         9a:b9:5a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72ynARJC9arztSiL5juiXQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwNDE5MTQzNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ZhZjVmYjUzMjM3NTIxY2Y0ZmY3MDIzNWIyZTVmODM3MTU5ODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszcGY318kOERN0RHcvWMZ1YYB3ck
+CwSgF6KIfDXdezynwu1pfNn8upfwfF94AQJSds//m4/WcvAoFrm3FY9/WiMDXzE
9+LuavPXEOiXYpu8x7ktqZ1nIygabYbHDquQgEN7Gg4iH1+ue5sN2GQ+dhBRZ4t2
nW2z4TmZPxQSSWzRJZWYysQC5rxv/b0WxrdfSLrLDMAJERAiDwPLhas+EvwGN9qK
L822Rv04WRxT5O8iDN5tjETWJdhCWqJ+3lEg1Z4b+wXGRLes9MIkb3q3LLRMdhkF
gn+dGz21z2zN/EjyjIC0fdXyXuazym89yyon/pVDQl9lvGSEr8aYON/jCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGP69ftTI3Uhz0/3AjWy5fg3FZgVMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvWV9yMS0xTWpkU0hQVF9jQ05iTGwtRGNWbUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHypwMA0G
CSqGSIb3DQEBCwUAA4IBAQCiCkcHBIkqETudgl1xXpEOzJuDpsC70WwrL7mGEXbA
uDjp8t1ImZqMnGsSCvFBeSclz29m+AjhUXBgxO6z/g3mXQ90UUQKeMPYrW8tUQb0
WtgJqY7s7o+f+u9pG56wMqRfHWfiEnCDrnXgUigQVZ1Ogl6QW3SPNpHb3BP7jT4Y
hzxutqrkZmlxXmzWVV8W/WxykmeNhrff8ypnMBhKRfRL3VtucSq4EIIrD/l1JZBp
l7aOm1JC1vyeytHgM35IQ2N00sXMseHEnd3oZpRK9/Huq+OdyLeb37RTn84PlFoK
cNoL4GvMJgXs1yUK6cJjk8fTWMgt+oUhvq/ZwtaauVpK
-----END CERTIFICATE-----