Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/YdJKJ77YC9bj6-D1OUI9lR6GUoc.roa
File:                     YdJKJ77YC9bj6-D1OUI9lR6GUoc.roa (raw, json)
Hash identifier:          y2XYRSOF5HozzUJMwEx6ctxVfnoBzpbVCUNaV85Y0kY=
Subject key identifier:   61:D2:4A:27:BE:D8:0B:D6:E3:EB:E0:F5:39:42:3D:95:1E:86:52:87
Certificate issuer:       /CN=dc327af32a98492757b200ea040db24ec3136592
Certificate serial:       0190D9664E907A9DD070BBFDF4045C733BE8
Authority key identifier: DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/YdJKJ77YC9bj6-D1OUI9lR6GUoc.roa
Signing time:             Mon 22 Jul 2024 07:44:38 +0000
ROA not before:           Mon 22 Jul 2024 07:44:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.241.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:66:4e:90:7a:9d:d0:70:bb:fd:f4:04:5c:73:3b:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc327af32a98492757b200ea040db24ec3136592
        Validity
            Not Before: Jul 22 07:44:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61d24a27bed80bd6e3ebe0f539423d951e865287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9e:f7:c2:ae:5d:f9:70:2b:94:8c:1b:81:c5:
                    46:5c:86:4c:97:eb:db:5a:66:db:42:ff:5a:9b:46:
                    bd:9d:1d:df:b3:c7:49:61:71:00:b9:17:f5:81:b8:
                    3b:75:70:55:c4:76:c7:48:fe:f1:cd:dd:60:23:5d:
                    44:97:ae:77:a7:4d:05:16:65:94:61:12:b6:44:f3:
                    cf:ed:76:12:b2:6f:86:64:4c:c0:a3:32:a0:15:b1:
                    f8:ed:2e:ee:ff:fc:4f:51:3f:9b:b4:90:d5:bd:53:
                    7a:92:01:ec:3f:15:c3:b2:e2:3a:78:b6:b9:32:e9:
                    71:55:4f:15:c4:6a:d5:37:10:0e:cb:38:78:6c:d3:
                    9e:d1:f2:01:4d:58:9f:fb:35:b9:02:ec:e8:be:b2:
                    a3:6d:f4:74:33:9f:e2:e0:4a:2a:36:c3:6d:0a:30:
                    93:69:67:65:e9:c0:a7:12:fa:c2:0d:c7:d9:14:eb:
                    dd:46:ec:24:9f:b2:67:98:2b:38:bc:c1:b5:28:bb:
                    08:8a:93:69:30:b3:df:d3:76:d6:a2:f2:6a:2b:c5:
                    af:5a:69:63:9b:40:ac:ba:40:e0:9d:f3:2f:44:07:
                    92:57:6d:61:03:5a:f0:10:62:ec:03:37:bd:d9:25:
                    8a:f7:24:7f:88:b7:f7:c7:a2:7f:65:34:42:6a:ac:
                    2e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D2:4A:27:BE:D8:0B:D6:E3:EB:E0:F5:39:42:3D:95:1E:86:52:87
            X509v3 Authority Key Identifier:
                keyid:DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/YdJKJ77YC9bj6-D1OUI9lR6GUoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:65:c2:da:52:47:17:6d:c4:31:51:59:c4:5d:ce:16:f4:84:
         ef:6d:18:ac:7b:ef:81:f5:6e:39:5c:47:65:b0:59:86:c0:bb:
         2f:8f:10:8d:37:ff:07:3c:9c:f8:7e:10:69:ca:8a:99:c2:b2:
         c1:2e:cb:a2:59:e6:40:5e:af:10:f3:7b:96:60:4d:1b:d2:d5:
         34:43:65:48:42:fe:63:e9:21:66:07:68:df:3a:2f:dd:6e:dd:
         62:bd:74:d9:a7:1c:61:e3:bb:7d:c9:f9:29:72:fc:f5:9d:55:
         53:90:ac:d4:0f:f6:03:83:6d:51:7b:8b:83:ce:08:69:ff:91:
         de:46:ea:31:c5:57:43:64:41:87:e9:3e:08:96:7d:0b:9b:7c:
         18:38:2b:77:07:1f:a2:c5:98:a7:64:ad:41:65:e7:c1:23:b8:
         89:72:aa:eb:26:e2:e3:47:e9:ec:a9:93:54:81:b8:3e:0d:7d:
         42:4c:d3:e5:ae:c9:81:c3:7c:bd:f4:da:87:41:b2:91:b3:87:
         22:f2:c4:8f:ce:33:7e:60:0f:97:6a:5b:31:97:dd:de:6d:16:
         bd:c8:36:ac:3e:fc:a8:90:4f:1b:1c:f6:ae:34:14:9a:10:d8:
         7f:01:e5:07:1a:4c:8b:05:d1:19:f4:6e:88:b8:2d:aa:9f:17:
         a4:06:b4:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZZk6Qep3QcLv99ARcczvoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzI3YWYzMmE5ODQ5Mjc1N2IyMDBlYTA0MGRiMjRlYzMx
MzY1OTIwHhcNMjQwNzIyMDc0NDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWQyNGEyN2JlZDgwYmQ2ZTNlYmUwZjUzOTQyM2Q5NTFlODY1Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0p73wq5d+XArlIwbgcVGXIZMl+vb
WmbbQv9am0a9nR3fs8dJYXEAuRf1gbg7dXBVxHbHSP7xzd1gI11El653p00FFmWU
YRK2RPPP7XYSsm+GZEzAozKgFbH47S7u//xPUT+btJDVvVN6kgHsPxXDsuI6eLa5
MulxVU8VxGrVNxAOyzh4bNOe0fIBTVif+zW5AuzovrKjbfR0M5/i4EoqNsNtCjCT
aWdl6cCnEvrCDcfZFOvdRuwkn7JnmCs4vMG1KLsIipNpMLPf03bWovJqK8WvWmlj
m0CsukDgnfMvRAeSV21hA1rwEGLsAze92SWK9yR/iLf3x6J/ZTRCaqwulQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHSSie+2AvW4+vg9TlCPZUehlKHMB8GA1UdIwQY
MBaAFNwyevMqmEknV7IA6gQNsk7DE2WSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMt
MTYyMTllMTQwZmE3LzEvWWRKS0o3N1lDOWJqNi1EMU9VSTlsUjZHVW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMtMTYyMTllMTQwZmE3
LzEvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEIMA0G
CSqGSIb3DQEBCwUAA4IBAQBGZcLaUkcXbcQxUVnEXc4W9ITvbRise++B9W45XEdl
sFmGwLsvjxCNN/8HPJz4fhBpyoqZwrLBLsuiWeZAXq8Q83uWYE0b0tU0Q2VIQv5j
6SFmB2jfOi/dbt1ivXTZpxxh47t9yfkpcvz1nVVTkKzUD/YDg21Re4uDzghp/5He
RuoxxVdDZEGH6T4Iln0Lm3wYOCt3Bx+ixZinZK1BZefBI7iJcqrrJuLjR+nsqZNU
gbg+DX1CTNPlrsmBw3y99NqHQbKRs4ci8sSPzjN+YA+Xalsxl93ebRa9yDasPvyo
kE8bHPauNBSaENh/AeUHGkyLBdEZ9G6IuC2qnxekBrR/
-----END CERTIFICATE-----