Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/YF1Q-M1OrtGkM0pvahia4y554So.roa
File:                     YF1Q-M1OrtGkM0pvahia4y554So.roa (raw, json)
Hash identifier:          M1yHB9xY028rXdQIZ/6twwaOcVAbgAmQjfMjq7hFaRE=
Subject key identifier:   60:5D:50:F8:CD:4E:AE:D1:A4:33:4A:6F:6A:18:9A:E3:2E:79:E1:2A
Certificate issuer:       /CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
Certificate serial:       018D5EE9D6ED760D5452601E63F680B89FA5
Authority key identifier: 49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/YF1Q-M1OrtGkM0pvahia4y554So.roa
Signing time:             Wed 31 Jan 2024 09:46:39 +0000
ROA not before:           Wed 31 Jan 2024 09:46:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        178.211.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:e9:d6:ed:76:0d:54:52:60:1e:63:f6:80:b8:9f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
        Validity
            Not Before: Jan 31 09:46:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=605d50f8cd4eaed1a4334a6f6a189ae32e79e12a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:17:b4:98:04:2d:af:eb:f9:a1:46:df:80:1d:
                    40:5e:54:de:33:f6:1d:c7:0a:62:1e:43:15:aa:5d:
                    d3:a7:49:47:36:24:bd:0f:43:f1:17:5e:de:c3:7f:
                    f9:94:69:76:ce:86:50:11:6f:f8:c1:cc:f1:af:a8:
                    a9:0d:07:25:a8:5b:e9:51:a3:3d:5b:28:83:19:19:
                    3f:4d:47:9c:bd:2f:7a:47:2b:b2:af:6a:6a:c3:e2:
                    aa:f1:ba:44:82:1f:a7:48:24:2e:ce:4f:c8:9b:eb:
                    a9:3a:d1:88:f5:0c:c6:c9:df:ed:50:74:e3:45:64:
                    59:23:93:03:de:67:78:be:b2:d3:fd:d3:fd:be:c4:
                    ad:13:65:50:9a:2c:a2:f2:02:9f:55:3d:30:a7:14:
                    e6:a2:7e:97:9d:12:1b:69:38:27:36:0a:ac:91:99:
                    e6:70:08:f7:c4:b3:2c:9b:8a:12:a3:f0:b3:c1:87:
                    21:81:be:b4:1f:53:b8:5b:bf:f7:1a:fa:16:38:98:
                    35:e4:32:42:00:33:47:98:16:b7:8c:e0:ce:02:c6:
                    f3:24:5b:78:74:96:5e:a1:d8:dd:b1:f7:a1:e4:0a:
                    5f:0c:e9:6d:f8:72:be:4e:37:01:ad:69:fa:ce:ef:
                    3d:97:8a:d8:a2:d5:4c:d7:ce:09:b7:06:fb:18:92:
                    a4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5D:50:F8:CD:4E:AE:D1:A4:33:4A:6F:6A:18:9A:E3:2E:79:E1:2A
            X509v3 Authority Key Identifier:
                keyid:49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/YF1Q-M1OrtGkM0pvahia4y554So.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:1e:61:76:b0:b9:d4:45:28:db:c8:aa:6a:fd:b5:27:35:c1:
         68:00:6b:e4:90:77:20:bb:ae:5f:dd:15:73:07:e5:a3:70:49:
         08:f1:ee:2f:e0:0e:10:ea:0d:ef:2e:7c:1c:26:14:a0:7f:6e:
         0a:2f:26:9d:af:24:ba:28:a5:18:1c:37:db:59:36:5f:b0:54:
         c0:80:be:ab:ef:d8:dd:18:e2:18:9a:fb:84:a7:f3:f6:ab:d3:
         e9:19:e9:b6:c4:e4:32:06:a9:78:c4:78:3f:4d:83:a5:7f:51:
         db:04:45:08:45:69:4d:2f:0f:fc:d9:61:08:ae:ac:09:dd:98:
         ba:21:12:95:1b:19:c4:83:3e:20:e0:ec:96:79:2e:ca:8f:7f:
         36:39:9a:d1:ce:e1:79:d1:e1:eb:0f:7f:5a:0b:e9:44:3e:d1:
         82:a8:81:27:81:63:9d:a5:68:40:6f:90:f2:ec:d7:56:de:7b:
         37:ba:59:32:f1:0d:66:f6:15:de:62:86:fe:c7:34:1a:6b:90:
         f1:95:98:52:61:01:0c:03:77:5f:9b:16:51:46:d2:9e:b1:e0:
         f0:21:5a:e4:0f:23:6d:b1:8c:5c:8f:ca:e2:8a:39:99:76:20:
         95:6a:17:c6:cd:71:05:60:f4:67:5e:76:c8:0b:63:a9:fc:61:
         34:c3:5b:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1e6dbtdg1UUmAeY/aAuJ+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTE0YmY3NmY0MmRhNGYyYWMwMDNhNmM2OWQ2MWMyMzIw
ZTJjZDgwHhcNMjQwMTMxMDk0NjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDVkNTBmOGNkNGVhZWQxYTQzMzRhNmY2YTE4OWFlMzJlNzllMTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxe0mAQtr+v5oUbfgB1AXlTeM/Yd
xwpiHkMVql3Tp0lHNiS9D0PxF17ew3/5lGl2zoZQEW/4wczxr6ipDQclqFvpUaM9
WyiDGRk/TUecvS96Ryuyr2pqw+Kq8bpEgh+nSCQuzk/Im+upOtGI9QzGyd/tUHTj
RWRZI5MD3md4vrLT/dP9vsStE2VQmiyi8gKfVT0wpxTmon6XnRIbaTgnNgqskZnm
cAj3xLMsm4oSo/CzwYchgb60H1O4W7/3GvoWOJg15DJCADNHmBa3jODOAsbzJFt4
dJZeodjdsfeh5ApfDOlt+HK+TjcBrWn6zu89l4rYotVM184Jtwb7GJKk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBdUPjNTq7RpDNKb2oYmuMueeEqMB8GA1UdIwQY
MBaAFEnhS/dvQtpPKsADpsadYcIyDizYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEt
M2JlY2NhYWUzMzZkLzEvWUYxUS1NMU9ydEdrTTBwdmFoaWE0eTU1NFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEtM2JlY2NhYWUzMzZk
LzEvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOWMA0G
CSqGSIb3DQEBCwUAA4IBAQAKHmF2sLnURSjbyKpq/bUnNcFoAGvkkHcgu65f3RVz
B+WjcEkI8e4v4A4Q6g3vLnwcJhSgf24KLyadryS6KKUYHDfbWTZfsFTAgL6r79jd
GOIYmvuEp/P2q9PpGem2xOQyBql4xHg/TYOlf1HbBEUIRWlNLw/82WEIrqwJ3Zi6
IRKVGxnEgz4g4OyWeS7Kj382OZrRzuF50eHrD39aC+lEPtGCqIEngWOdpWhAb5Dy
7NdW3ns3ulky8Q1m9hXeYob+xzQaa5DxlZhSYQEMA3dfmxZRRtKeseDwIVrkDyNt
sYxcj8riijmZdiCVahfGzXEFYPRnXnbIC2Op/GE0w1su
-----END CERTIFICATE-----