Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/YGeCV89GK6TmAkoUG7hhBJsH4_s.roa
File:                     YGeCV89GK6TmAkoUG7hhBJsH4_s.roa (raw, json)
Hash identifier:          vrHSjtYA1tqDbC3CuHAeotLz5nUfRH5gTDLgXueL1Y4=
Subject key identifier:   60:67:82:57:CF:46:2B:A4:E6:02:4A:14:1B:B8:61:04:9B:07:E3:FB
Certificate issuer:       /CN=570cdd1732e5643a15eed9ee77e1394b80242548
Certificate serial:       018CC64A0B3F1908284B5B930555D0277232
Authority key identifier: 57:0C:DD:17:32:E5:64:3A:15:EE:D9:EE:77:E1:39:4B:80:24:25:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VwzdFzLlZDoV7tnud-E5S4AkJUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/YGeCV89GK6TmAkoUG7hhBJsH4_s.roa
Signing time:             Mon 01 Jan 2024 18:29:50 +0000
ROA not before:           Mon 01 Jan 2024 18:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212693
IP address blocks:        185.175.89.0/24 maxlen: 24
                          2a10:4440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/VwzdFzLlZDoV7tnud-E5S4AkJUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/VwzdFzLlZDoV7tnud-E5S4AkJUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VwzdFzLlZDoV7tnud-E5S4AkJUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:0b:3f:19:08:28:4b:5b:93:05:55:d0:27:72:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570cdd1732e5643a15eed9ee77e1394b80242548
        Validity
            Not Before: Jan  1 18:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60678257cf462ba4e6024a141bb861049b07e3fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2b:7c:02:27:6e:7d:a2:26:5a:14:48:f6:10:
                    5f:70:3e:39:a4:1e:4e:00:5a:1f:98:67:54:0e:3f:
                    4d:88:71:d3:76:d6:f0:f1:91:2e:30:0c:b5:13:11:
                    07:aa:32:e8:f2:25:a6:88:2c:38:52:f3:dd:d2:81:
                    dc:ea:fc:94:37:09:7a:8a:f0:e8:be:6f:8c:2a:e4:
                    90:8f:1f:01:35:9b:db:73:90:e7:4b:fc:e2:e5:00:
                    ce:6f:3a:d0:44:f2:7f:8b:0b:01:d4:b0:09:ef:00:
                    ae:d1:3f:4b:06:c1:7d:d0:ed:f8:df:62:2c:58:a8:
                    07:a3:2b:9f:0a:be:07:87:4c:21:eb:53:ff:01:0d:
                    d7:bb:f3:5c:09:d6:ed:36:c9:5a:54:0f:9f:11:03:
                    a2:c4:2b:43:52:8a:d0:69:1d:69:86:8b:7e:c6:36:
                    cd:d4:d6:70:c0:45:5e:45:24:f8:77:db:6f:4f:a9:
                    64:f1:3d:6f:06:01:39:c2:d0:56:5f:4a:e6:02:b0:
                    b3:7d:0a:85:89:11:c8:10:1e:bd:cf:dd:2e:a0:08:
                    a4:4d:89:a4:9b:9c:8b:c2:3c:8d:dc:7d:b6:3c:28:
                    8f:07:31:84:78:f5:04:3c:06:9e:cf:8f:d7:38:48:
                    8c:7d:24:44:df:c3:2f:3b:5e:9d:21:02:9e:26:63:
                    92:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:67:82:57:CF:46:2B:A4:E6:02:4A:14:1B:B8:61:04:9B:07:E3:FB
            X509v3 Authority Key Identifier:
                keyid:57:0C:DD:17:32:E5:64:3A:15:EE:D9:EE:77:E1:39:4B:80:24:25:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VwzdFzLlZDoV7tnud-E5S4AkJUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/YGeCV89GK6TmAkoUG7hhBJsH4_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/64d313-644c-4b9f-811a-38a5c9105cc5/1/VwzdFzLlZDoV7tnud-E5S4AkJUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.89.0/24
                IPv6:
                  2a10:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:17:c2:ed:e3:11:d9:ab:9f:7b:6a:d1:84:9e:e9:90:d3:38:
         ed:d4:f1:90:d1:e3:c9:63:20:b9:7f:2a:0a:1e:49:87:47:0b:
         14:f6:ec:4f:38:04:91:45:7b:13:93:58:67:75:ff:cb:a4:3c:
         86:57:5f:33:05:60:c9:b1:56:8d:fa:bc:54:7c:3a:36:34:ae:
         dc:c4:c1:81:c7:44:60:57:22:c8:1f:8d:5d:89:8e:d8:18:12:
         6e:26:8d:46:b6:8d:7f:42:c2:38:c9:c7:5e:44:5f:87:84:77:
         07:ae:93:52:4f:d2:22:3b:a0:6c:0c:c4:dd:32:5d:9f:61:70:
         bb:74:c1:ff:2a:ce:17:20:63:fd:37:11:e1:66:2f:23:8f:e4:
         b1:0f:c9:75:d8:41:2e:e5:0e:48:9a:ca:69:c4:a6:ed:3b:d8:
         53:89:16:40:ef:42:93:f6:0f:6f:54:fe:45:76:47:f1:bb:94:
         d6:ba:27:a0:6a:62:39:4c:d5:bc:49:71:31:f6:45:2f:f5:7d:
         c4:4a:f0:e9:76:0f:de:65:de:91:e8:cf:99:8a:c7:20:8c:86:
         d3:ec:b6:4b:f5:9f:97:2d:c0:8c:14:ad:79:ed:94:ca:f5:6b:
         a8:ef:dc:3e:72:40:93:86:4a:2c:8a:7d:7b:e7:26:a3:6e:3e:
         4a:45:6a:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSgs/GQgoS1uTBVXQJ3IyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGNkZDE3MzJlNTY0M2ExNWVlZDllZTc3ZTEzOTRiODAy
NDI1NDgwHhcNMjQwMTAxMTgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDY3ODI1N2NmNDYyYmE0ZTYwMjRhMTQxYmI4NjEwNDliMDdlM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCt8AidufaImWhRI9hBfcD45pB5O
AFofmGdUDj9NiHHTdtbw8ZEuMAy1ExEHqjLo8iWmiCw4UvPd0oHc6vyUNwl6ivDo
vm+MKuSQjx8BNZvbc5DnS/zi5QDObzrQRPJ/iwsB1LAJ7wCu0T9LBsF90O3432Is
WKgHoyufCr4Hh0wh61P/AQ3Xu/NcCdbtNslaVA+fEQOixCtDUorQaR1phot+xjbN
1NZwwEVeRST4d9tvT6lk8T1vBgE5wtBWX0rmArCzfQqFiRHIEB69z90uoAikTYmk
m5yLwjyN3H22PCiPBzGEePUEPAaez4/XOEiMfSRE38MvO16dIQKeJmOS3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGBnglfPRiuk5gJKFBu4YQSbB+P7MB8GA1UdIwQY
MBaAFFcM3Rcy5WQ6Fe7Z7nfhOUuAJCVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnd6ZEZ6TGxaRG9WN3RudWQtRTVTNEFrSlVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82NGQzMTMtNjQ0Yy00YjlmLTgxMWEt
MzhhNWM5MTA1Y2M1LzEvWUdlQ1Y4OUdLNlRtQWtvVUc3aGhCSnNINF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82NGQzMTMtNjQ0Yy00YjlmLTgxMWEtMzhhNWM5MTA1Y2M1
LzEvVnd6ZEZ6TGxaRG9WN3RudWQtRTVTNEFrSlVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAua9ZMA0E
AgACMAcDBQMqEERAMA0GCSqGSIb3DQEBCwUAA4IBAQA0F8Lt4xHZq597atGEnumQ
0zjt1PGQ0ePJYyC5fyoKHkmHRwsU9uxPOASRRXsTk1hndf/LpDyGV18zBWDJsVaN
+rxUfDo2NK7cxMGBx0RgVyLIH41diY7YGBJuJo1Gto1/QsI4ycdeRF+HhHcHrpNS
T9IiO6BsDMTdMl2fYXC7dMH/Ks4XIGP9NxHhZi8jj+SxD8l12EEu5Q5ImsppxKbt
O9hTiRZA70KT9g9vVP5Fdkfxu5TWuiegamI5TNW8SXEx9kUv9X3ESvDpdg/eZd6R
6M+ZiscgjIbT7LZL9Z+XLcCMFK157ZTK9Wuo79w+ckCThkosin175yajbj5KRWoN
-----END CERTIFICATE-----