Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/YTrCa9l5vP3dQlEy3g4e738RGCc.roa
File:                     YTrCa9l5vP3dQlEy3g4e738RGCc.roa (raw, json)
Hash identifier:          7QjYk31Rz2LLsB0LYuegGouh51+CsDDyqSFe7Sy9+c8=
Subject key identifier:   61:3A:C2:6B:D9:79:BC:FD:DD:42:51:32:DE:0E:1E:EF:7F:11:18:27
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1DE7489A14313A92850027DAF1BE4
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/YTrCa9l5vP3dQlEy3g4e738RGCc.roa
Signing time:             Wed 01 Jan 2025 11:48:12 +0000
ROA not before:           Wed 01 Jan 2025 11:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204494
IP address blocks:        84.2.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:de:74:89:a1:43:13:a9:28:50:02:7d:af:1b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=613ac26bd979bcfddd425132de0e1eef7f111827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4a:12:a8:57:16:a0:d4:b3:0e:7d:d2:1a:a2:
                    3a:3f:d2:27:3f:0a:d8:d6:23:7b:a9:47:b8:41:9f:
                    a5:ab:bc:4b:01:78:be:77:d6:90:37:9f:06:bd:43:
                    16:77:ba:00:63:8d:c7:1e:1a:ad:f8:05:62:6e:27:
                    79:ad:be:76:e2:7f:6a:0d:48:82:78:1f:4b:d0:e4:
                    43:51:ef:3a:ad:3a:f3:68:5d:5c:10:33:f7:4c:01:
                    76:ff:2a:f0:32:e4:20:d4:22:a2:e5:99:d0:f6:3b:
                    3e:b2:b0:3f:cc:70:d4:22:0a:a6:fc:97:18:57:00:
                    95:e9:05:5e:55:d1:82:85:7c:fe:92:12:53:a7:1d:
                    10:72:7d:0c:2c:80:53:2c:ed:7e:8e:25:8e:43:77:
                    10:a6:d7:ca:15:82:2a:1d:20:66:af:6c:8d:4c:ea:
                    01:8d:a7:f9:08:83:f4:8f:43:18:50:97:2d:c9:fe:
                    80:c6:ca:b1:a3:c7:a0:c1:3c:cf:e8:1b:a7:f6:16:
                    e5:27:4c:06:d7:37:6f:21:1d:8c:80:8f:60:9a:ec:
                    c7:8c:9b:c1:0e:aa:1d:54:cb:ae:28:70:f3:17:be:
                    74:c2:46:0c:0e:c7:b0:82:5e:6b:15:d5:73:48:06:
                    73:cb:e1:3f:e1:9a:9a:80:ab:1a:43:e3:b7:05:7e:
                    c2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3A:C2:6B:D9:79:BC:FD:DD:42:51:32:DE:0E:1E:EF:7F:11:18:27
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/YTrCa9l5vP3dQlEy3g4e738RGCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.2.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ed:98:41:88:f3:f5:36:31:83:f1:a2:42:9d:ae:31:5f:05:
         de:db:86:49:12:a8:1a:95:c7:d3:60:38:82:bb:ba:a8:04:10:
         8b:be:4b:59:f6:61:66:b3:2c:1f:d9:a3:d8:9c:a7:76:a0:75:
         92:3c:06:3a:98:58:6b:4c:10:b6:06:6f:65:44:a7:09:6b:bf:
         21:3a:c7:76:d4:9a:41:4e:7b:84:29:62:36:8b:0e:0e:db:f0:
         0c:aa:f0:c3:8e:d2:5f:bf:82:c5:d0:68:16:7e:8d:c5:b5:54:
         cd:8c:f3:b6:00:ba:f3:af:a1:18:b4:5b:99:53:f8:ce:7e:ca:
         79:b5:29:dc:e3:77:aa:c2:49:dd:d7:a2:ab:c8:d3:b8:3c:9f:
         85:ad:9f:f3:9a:ae:0a:44:89:97:af:ea:37:65:72:05:3d:9a:
         03:05:44:a6:5c:77:8f:ce:43:5e:f5:e8:67:d3:63:98:0d:75:
         a5:60:e0:76:ec:0f:b8:d8:65:17:cc:4d:74:61:db:3e:44:c8:
         fe:04:fe:f5:b6:60:24:21:2b:cb:74:c6:5a:6f:ae:d7:6b:59:
         43:e5:9d:6f:11:f8:42:48:9b:c3:08:67:d4:3a:d5:84:4d:22:
         fa:d9:f5:97:49:69:b9:bd:0d:ac:5f:a0:72:5f:55:30:eb:14:
         01:d5:16:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsd50iaFDE6koUAJ9rxvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTNhYzI2YmQ5NzliY2ZkZGQ0MjUxMzJkZTBlMWVlZjdmMTExODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkoSqFcWoNSzDn3SGqI6P9InPwrY
1iN7qUe4QZ+lq7xLAXi+d9aQN58GvUMWd7oAY43HHhqt+AVibid5rb524n9qDUiC
eB9L0ORDUe86rTrzaF1cEDP3TAF2/yrwMuQg1CKi5ZnQ9js+srA/zHDUIgqm/JcY
VwCV6QVeVdGChXz+khJTpx0Qcn0MLIBTLO1+jiWOQ3cQptfKFYIqHSBmr2yNTOoB
jaf5CIP0j0MYUJctyf6Axsqxo8egwTzP6Bun9hblJ0wG1zdvIR2MgI9gmuzHjJvB
DqodVMuuKHDzF750wkYMDsewgl5rFdVzSAZzy+E/4ZqagKsaQ+O3BX7CawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGE6wmvZebz93UJRMt4OHu9/ERgnMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvWVRyQ2E5bDV2UDNkUWxFeTNnNGU3MzhSR0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVAI3MA0G
CSqGSIb3DQEBCwUAA4IBAQCL7ZhBiPP1NjGD8aJCna4xXwXe24ZJEqgalcfTYDiC
u7qoBBCLvktZ9mFmsywf2aPYnKd2oHWSPAY6mFhrTBC2Bm9lRKcJa78hOsd21JpB
TnuEKWI2iw4O2/AMqvDDjtJfv4LF0GgWfo3FtVTNjPO2ALrzr6EYtFuZU/jOfsp5
tSnc43eqwknd16KryNO4PJ+FrZ/zmq4KRImXr+o3ZXIFPZoDBUSmXHePzkNe9ehn
02OYDXWlYOB27A+42GUXzE10Yds+RMj+BP71tmAkISvLdMZab67Xa1lD5Z1vEfhC
SJvDCGfUOtWETSL62fWXSWm5vQ2sX6ByX1Uw6xQB1RZV
-----END CERTIFICATE-----