Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/yxGiU784Kvx7sGc0qz4oprZncJo.roa
File:                     yxGiU784Kvx7sGc0qz4oprZncJo.roa (raw, json)
Hash identifier:          kan6Nja8dgGu84V7vp0hSnAsT0IJ5Ic8CjnyLh8P7pg=
Subject key identifier:   CB:11:A2:53:BF:38:2A:FC:7B:B0:67:34:AB:3E:28:A6:B6:67:70:9A
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       0192710D0688774D58B4F5317ACA2AE2C452
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/yxGiU784Kvx7sGc0qz4oprZncJo.roa
Signing time:             Wed 09 Oct 2024 11:32:11 +0000
ROA not before:           Wed 09 Oct 2024 11:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34592
IP address blocks:        194.225.148.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:71:0d:06:88:77:4d:58:b4:f5:31:7a:ca:2a:e2:c4:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Oct  9 11:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb11a253bf382afc7bb06734ab3e28a6b667709a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f7:04:33:1c:a6:62:ba:fc:fe:18:bd:cf:82:
                    48:e9:68:0a:3a:cf:a9:d9:7a:95:9c:41:65:b9:18:
                    6c:fa:88:d7:e6:dc:dd:8c:d1:41:b0:e8:75:b2:d5:
                    e5:a0:f3:d8:6b:d4:02:9f:e7:84:4a:88:3e:0c:b2:
                    3a:2c:c6:52:8c:fc:54:a6:6b:18:0c:96:37:8c:22:
                    ce:0c:f1:b4:4e:0f:69:0a:e6:61:c0:61:26:40:b6:
                    b9:5b:10:b9:32:fd:6b:83:c9:83:e1:3e:41:7b:64:
                    51:da:ab:ce:93:2d:fc:2a:15:6e:05:6d:f1:e9:55:
                    bc:d0:d3:0e:50:9c:6b:ba:d1:54:28:27:cc:a0:db:
                    9e:bc:33:ee:e5:fb:0f:75:36:a3:f7:f0:87:44:ec:
                    a2:ea:3f:55:97:a8:a4:f2:92:99:10:3e:a2:48:82:
                    00:73:68:80:6f:89:3f:78:16:46:a3:ea:c1:a7:5f:
                    af:15:ac:4e:81:ed:f2:ef:c7:fb:5e:d8:a8:7a:f8:
                    d5:e6:ad:99:58:4a:2e:b0:ab:3d:39:3e:9d:4e:08:
                    2a:c5:5b:de:d4:e6:cb:1b:20:37:21:3b:b2:ea:2a:
                    f1:18:2f:3a:d4:e5:65:ed:8a:03:0d:5c:f5:48:eb:
                    e6:fe:d4:e5:bb:9e:1a:90:69:83:9a:74:73:60:33:
                    43:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:11:A2:53:BF:38:2A:FC:7B:B0:67:34:AB:3E:28:A6:B6:67:70:9A
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/yxGiU784Kvx7sGc0qz4oprZncJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:d6:6d:e0:b0:73:96:25:1c:fb:ea:4e:73:80:28:72:27:08:
         a9:62:cc:49:07:e3:73:c5:b6:65:ca:74:f0:dd:a5:66:42:07:
         5d:a4:b1:e8:9c:ce:8f:9d:8f:b3:66:dd:bc:fb:7d:92:9b:a2:
         3c:10:2f:7d:71:54:b8:f0:b7:4c:a0:a7:be:49:c1:24:48:71:
         e3:96:c6:63:c2:d4:a2:08:2e:ea:0a:0e:84:d7:7c:92:98:25:
         d4:cc:7c:10:aa:65:74:fc:0f:0f:96:b5:2a:be:4f:b4:76:1f:
         a3:98:9a:bf:0b:b8:1f:92:3f:7f:a1:bc:5c:69:0c:4e:b7:dd:
         7c:bc:96:61:4d:6a:ed:2e:a1:59:d7:9a:bd:8f:37:95:2a:d5:
         0d:f3:66:91:6b:ec:14:ba:74:41:f5:bf:b0:50:3d:87:7d:98:
         bf:20:d6:65:51:d1:2f:9e:fe:c0:25:25:32:8c:67:2f:cd:44:
         2e:7f:40:44:2f:7c:69:ee:9f:e1:3d:8c:08:ff:35:b3:cb:f2:
         a1:76:5d:c6:d0:c7:ec:77:92:22:65:0a:d3:d4:f6:53:39:a2:
         f6:f9:30:83:4c:32:ce:4d:ab:8a:01:8f:91:17:d5:e8:c4:b7:
         3b:d9:f3:4e:0c:71:fc:a5:5c:d9:a5:63:68:bc:8e:b0:7f:27:
         7f:82:1f:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJxDQaId01YtPUxesoq4sRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQxMDA5MTEzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjExYTI1M2JmMzgyYWZjN2JiMDY3MzRhYjNlMjhhNmI2Njc3MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fcEMxymYrr8/hi9z4JI6WgKOs+p
2XqVnEFluRhs+ojX5tzdjNFBsOh1stXloPPYa9QCn+eESog+DLI6LMZSjPxUpmsY
DJY3jCLODPG0Tg9pCuZhwGEmQLa5WxC5Mv1rg8mD4T5Be2RR2qvOky38KhVuBW3x
6VW80NMOUJxrutFUKCfMoNuevDPu5fsPdTaj9/CHROyi6j9Vl6ik8pKZED6iSIIA
c2iAb4k/eBZGo+rBp1+vFaxOge3y78f7XtioevjV5q2ZWEousKs9OT6dTggqxVve
1ObLGyA3ITuy6irxGC861OVl7YoDDVz1SOvm/tTlu54akGmDmnRzYDNDjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsRolO/OCr8e7BnNKs+KKa2Z3CaMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEveXhHaVU3ODRLdng3c0djMHF6NG9wclpuY0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwuGUMA0G
CSqGSIb3DQEBCwUAA4IBAQAs1m3gsHOWJRz76k5zgChyJwipYsxJB+NzxbZlynTw
3aVmQgddpLHonM6PnY+zZt28+32Sm6I8EC99cVS48LdMoKe+ScEkSHHjlsZjwtSi
CC7qCg6E13ySmCXUzHwQqmV0/A8PlrUqvk+0dh+jmJq/C7gfkj9/obxcaQxOt918
vJZhTWrtLqFZ15q9jzeVKtUN82aRa+wUunRB9b+wUD2HfZi/INZlUdEvnv7AJSUy
jGcvzUQuf0BEL3xp7p/hPYwI/zWzy/Khdl3G0Mfsd5IiZQrT1PZTOaL2+TCDTDLO
TauKAY+RF9XoxLc72fNODHH8pVzZpWNovI6wfyd/gh8m
-----END CERTIFICATE-----