Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/yiu_YFfjdAW7ggLTpUbg9l9j5Cg.roa
File:                     yiu_YFfjdAW7ggLTpUbg9l9j5Cg.roa (raw, json)
Hash identifier:          F+x7lqP18xumjNNRoxUKJogVne1mU8tYoq/B/lp/IkY=
Subject key identifier:   CA:2B:BF:60:57:E3:74:05:BB:82:02:D3:A5:46:E0:F6:5F:63:E4:28
Certificate issuer:       /CN=25058f4d7fb3963ac2bea252830f697d1743ee9b
Certificate serial:       018CC801482C34D9E33A3B8CE5043C6427E3
Authority key identifier: 25:05:8F:4D:7F:B3:96:3A:C2:BE:A2:52:83:0F:69:7D:17:43:EE:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JQWPTX-zljrCvqJSgw9pfRdD7ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/yiu_YFfjdAW7ggLTpUbg9l9j5Cg.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25516
IP address blocks:        195.43.52.0/22 maxlen: 22
                          2001:67c:14e0::/45 maxlen: 45

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/JQWPTX-zljrCvqJSgw9pfRdD7ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/JQWPTX-zljrCvqJSgw9pfRdD7ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JQWPTX-zljrCvqJSgw9pfRdD7ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:2c:34:d9:e3:3a:3b:8c:e5:04:3c:64:27:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25058f4d7fb3963ac2bea252830f697d1743ee9b
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca2bbf6057e37405bb8202d3a546e0f65f63e428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e2:8b:2e:87:e1:7f:08:43:14:8f:c1:7a:d4:
                    e2:c7:d2:6e:91:5e:a9:be:30:bd:32:09:ab:d5:d1:
                    2f:a0:82:a9:b2:4a:2b:16:59:24:96:81:a8:d5:61:
                    4b:53:67:b7:95:42:5c:a0:c0:bc:cb:0e:91:29:e2:
                    98:b8:3f:04:dd:e2:34:66:7e:58:94:f8:15:a4:01:
                    7a:0e:f7:65:82:47:22:68:be:6d:28:a3:88:12:60:
                    2e:96:74:bc:23:ec:e8:74:67:08:66:9b:aa:73:5e:
                    9a:10:a2:c0:02:62:16:49:a1:3c:c3:19:3b:6f:35:
                    92:cf:74:aa:f4:c7:72:87:2e:f9:92:f9:78:58:29:
                    47:fe:0e:74:76:ee:f9:28:c3:7f:23:68:22:97:4d:
                    35:e2:7c:17:5a:43:95:9c:a0:b2:6d:f0:d7:6d:a2:
                    27:3e:b5:2a:a9:77:4c:2d:cc:e8:51:4c:83:bc:51:
                    37:5b:b8:35:2c:87:74:7f:f8:4d:4a:b1:2c:e5:bd:
                    74:1b:d5:1d:be:bb:bd:e0:20:46:62:63:a1:b2:84:
                    b7:c1:8e:21:c4:60:5e:dd:f3:e4:f4:86:e5:9d:f5:
                    33:32:79:81:cd:ee:02:ef:7b:3c:5f:35:bd:05:84:
                    2b:62:23:fc:27:97:80:a3:a2:12:02:28:e0:d1:fa:
                    b3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2B:BF:60:57:E3:74:05:BB:82:02:D3:A5:46:E0:F6:5F:63:E4:28
            X509v3 Authority Key Identifier:
                keyid:25:05:8F:4D:7F:B3:96:3A:C2:BE:A2:52:83:0F:69:7D:17:43:EE:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JQWPTX-zljrCvqJSgw9pfRdD7ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/yiu_YFfjdAW7ggLTpUbg9l9j5Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/684f9c-8bb7-4ac5-9b18-a32e6c7c97b1/1/JQWPTX-zljrCvqJSgw9pfRdD7ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.52.0/22
                IPv6:
                  2001:67c:14e0::/45

    Signature Algorithm: sha256WithRSAEncryption
         66:a6:82:0a:08:a1:34:e9:ee:4f:40:c7:59:f8:68:cf:76:cf:
         8b:31:cf:5b:b1:1f:7d:0a:e4:95:58:e0:2e:fa:ee:10:03:4b:
         81:ca:f0:d5:0b:12:e5:a8:b4:76:e0:cd:a4:ff:ec:2f:7a:2a:
         c0:fb:87:23:8e:fc:5c:ec:53:13:e7:87:2a:93:2a:0e:dc:b2:
         41:66:0f:87:6a:e5:08:d7:ef:83:f9:3d:a4:25:04:7e:22:69:
         88:37:22:62:74:64:a3:b7:4f:56:d8:a4:37:61:da:06:73:09:
         d0:79:ad:39:30:83:17:28:b4:53:7b:84:54:45:58:8c:d6:84:
         94:cb:3d:71:7f:b0:1d:bb:04:35:0a:e5:8e:5e:06:1c:58:ea:
         42:f5:65:bf:37:a5:4f:2c:98:6f:61:6a:ab:6b:cd:cb:1e:f6:
         05:ff:2a:4f:57:d8:aa:8d:a5:bf:a3:d1:9e:76:6c:04:a8:37:
         e3:36:70:ad:30:e3:37:c0:3c:36:f3:17:96:86:85:dc:e8:75:
         f5:db:eb:94:3c:7e:9e:f6:2f:59:aa:25:f2:18:f2:cc:6d:94:
         2c:37:f0:86:c4:68:f5:0d:1e:86:1e:1d:51:db:7a:40:1a:f6:
         ff:dc:73:f5:6a:71:e0:6e:37:91:2d:4c:98:e1:09:42:a9:97:
         2e:d2:2c:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAUgsNNnjOjuM5QQ8ZCfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MDU4ZjRkN2ZiMzk2M2FjMmJlYTI1MjgzMGY2OTdkMTc0
M2VlOWIwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJiYmY2MDU3ZTM3NDA1YmI4MjAyZDNhNTQ2ZTBmNjVmNjNlNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuKLLofhfwhDFI/BetTix9JukV6p
vjC9Mgmr1dEvoIKpskorFlkkloGo1WFLU2e3lUJcoMC8yw6RKeKYuD8E3eI0Zn5Y
lPgVpAF6DvdlgkciaL5tKKOIEmAulnS8I+zodGcIZpuqc16aEKLAAmIWSaE8wxk7
bzWSz3Sq9Mdyhy75kvl4WClH/g50du75KMN/I2gil0014nwXWkOVnKCybfDXbaIn
PrUqqXdMLczoUUyDvFE3W7g1LId0f/hNSrEs5b10G9Udvru94CBGYmOhsoS3wY4h
xGBe3fPk9IblnfUzMnmBze4C73s8XzW9BYQrYiP8J5eAo6ISAijg0fqzLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMorv2BX43QFu4IC06VG4PZfY+QoMB8GA1UdIwQY
MBaAFCUFj01/s5Y6wr6iUoMPaX0XQ+6bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlFXUFRYLXpsanJDdnFKU2d3OXBmUmREN3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ODRmOWMtOGJiNy00YWM1LTliMTgt
YTMyZTZjN2M5N2IxLzEveWl1X1lGZmpkQVc3Z2dMVHBVYmc5bDlqNUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ODRmOWMtOGJiNy00YWM1LTliMTgtYTMyZTZjN2M5N2Ix
LzEvSlFXUFRYLXpsanJDdnFKU2d3OXBmUmREN3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwys0MA8E
AgACMAkDBwMgAQZ8FOAwDQYJKoZIhvcNAQELBQADggEBAGamggoIoTTp7k9Ax1n4
aM92z4sxz1uxH30K5JVY4C767hADS4HK8NULEuWotHbgzaT/7C96KsD7hyOO/Fzs
UxPnhyqTKg7cskFmD4dq5QjX74P5PaQlBH4iaYg3ImJ0ZKO3T1bYpDdh2gZzCdB5
rTkwgxcotFN7hFRFWIzWhJTLPXF/sB27BDUK5Y5eBhxY6kL1Zb83pU8smG9haqtr
zcse9gX/Kk9X2KqNpb+j0Z52bASoN+M2cK0w4zfAPDbzF5aGhdzodfXb65Q8fp72
L1mqJfIY8sxtlCw38IbEaPUNHoYeHVHbekAa9v/cc/VqceBuN5EtTJjhCUKply7S
LPE=
-----END CERTIFICATE-----