Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/YAv5pWEwOLyH2oGPHw8dUQcupnA.roa
File:                     YAv5pWEwOLyH2oGPHw8dUQcupnA.roa (raw, json)
Hash identifier:          k92wmwhWcvmQNjjbmhUZgaQuUWAn1qHcFenx66sLV9Y=
Subject key identifier:   60:0B:F9:A5:61:30:38:BC:87:DA:81:8F:1F:0F:1D:51:07:2E:A6:70
Certificate issuer:       /CN=1cecefd9eadb2d5284d713b94b56d3abbc10e9e5
Certificate serial:       01910757906A58F08E55B476EB2ABA53589D
Authority key identifier: 1C:EC:EF:D9:EA:DB:2D:52:84:D7:13:B9:4B:56:D3:AB:BC:10:E9:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/YAv5pWEwOLyH2oGPHw8dUQcupnA.roa
Signing time:             Wed 31 Jul 2024 05:51:04 +0000
ROA not before:           Wed 31 Jul 2024 05:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4766
IP address blocks:        185.119.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:57:90:6a:58:f0:8e:55:b4:76:eb:2a:ba:53:58:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cecefd9eadb2d5284d713b94b56d3abbc10e9e5
        Validity
            Not Before: Jul 31 05:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=600bf9a5613038bc87da818f1f0f1d51072ea670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:98:09:13:b7:e6:4a:8b:82:fa:9d:f8:0e:15:
                    f2:b9:6e:52:59:27:90:71:7e:f4:17:6d:df:ce:eb:
                    ac:d0:2a:53:09:cd:e7:7e:2d:01:b7:17:53:32:c5:
                    75:42:a8:a2:a1:19:fa:bc:10:30:26:f6:2d:df:b6:
                    f1:18:1a:b5:9a:0e:8e:ba:8e:5a:c8:50:7e:ee:a3:
                    1d:c1:ad:3a:64:1e:51:a6:40:f5:ee:c1:e0:5a:2c:
                    09:6a:50:5b:cd:a9:14:b8:27:d8:2e:2b:8a:cb:19:
                    86:37:43:04:54:41:27:da:97:67:aa:6d:49:17:32:
                    83:14:87:cb:de:de:23:ab:d2:a5:8e:8d:3f:89:e9:
                    b3:60:1e:dc:f7:a9:f8:c8:f9:36:16:e5:53:5f:1b:
                    31:8b:ea:33:a9:c3:78:00:23:95:3e:7c:44:7a:37:
                    39:50:c5:81:8a:d2:d2:ea:4c:5e:8d:d9:ab:3d:4e:
                    74:ec:56:42:45:fd:96:a4:f0:07:fb:55:3c:a3:e4:
                    42:60:5b:82:56:99:44:07:76:fe:2f:f9:80:a7:ea:
                    dc:a9:99:e3:44:5e:32:5a:84:88:5d:ad:29:db:66:
                    64:b7:dd:bc:47:1f:e9:ff:bc:4d:95:59:d2:8b:01:
                    90:d4:1a:01:ba:96:0f:ca:28:c2:86:74:d8:77:91:
                    20:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0B:F9:A5:61:30:38:BC:87:DA:81:8F:1F:0F:1D:51:07:2E:A6:70
            X509v3 Authority Key Identifier:
                keyid:1C:EC:EF:D9:EA:DB:2D:52:84:D7:13:B9:4B:56:D3:AB:BC:10:E9:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HOzv2erbLVKE1xO5S1bTq7wQ6eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/YAv5pWEwOLyH2oGPHw8dUQcupnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1eeba8-7399-4bca-9341-ce882a5054c6/1/HOzv2erbLVKE1xO5S1bTq7wQ6eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:c3:ed:55:48:02:c0:b0:82:d5:c9:13:d6:56:18:1b:86:58:
         19:e1:43:fb:d4:a1:04:eb:42:ca:fe:ff:23:fd:95:b2:2a:c4:
         8e:22:94:c1:ae:bb:21:76:88:57:e9:73:a6:79:e1:c8:ed:f1:
         66:32:a2:ea:fd:dd:e7:72:92:c5:75:89:09:d2:47:62:4f:9b:
         d1:80:94:19:1d:83:a6:1f:84:b6:9e:30:fe:d7:bf:a7:f1:d4:
         56:0c:c1:36:44:d9:ea:34:7c:db:c7:06:3e:b0:c0:d9:6f:40:
         03:fc:c7:b5:c1:c5:76:03:00:d4:3e:b8:8d:b8:02:82:e8:ef:
         0a:a6:6a:73:4a:03:44:e2:f5:25:23:d0:4e:c0:5b:4b:b1:29:
         a6:e7:d9:3f:5e:07:a5:d0:d6:a3:1a:81:57:cf:54:76:2c:02:
         7c:35:1e:20:7e:ab:65:1c:09:8b:71:2e:1f:d0:4a:b6:9d:54:
         2f:9a:aa:9d:e9:96:e2:83:c4:6d:ed:e6:13:1a:cd:d9:9f:e9:
         61:c7:46:fe:fb:f6:b3:61:d8:c9:26:35:c3:ad:e6:73:cc:e4:
         28:22:f9:11:f1:f5:16:5f:e6:b7:c6:57:4e:8b:25:bd:04:6f:
         70:56:fd:9a:8a:2b:6e:3b:b8:d6:d6:88:d4:97:39:21:8f:1c:
         d3:da:53:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEHV5BqWPCOVbR26yq6U1idMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWNlZmQ5ZWFkYjJkNTI4NGQ3MTNiOTRiNTZkM2FiYmMx
MGU5ZTUwHhcNMjQwNzMxMDU1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBiZjlhNTYxMzAzOGJjODdkYTgxOGYxZjBmMWQ1MTA3MmVhNjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJgJE7fmSouC+p34DhXyuW5SWSeQ
cX70F23fzuus0CpTCc3nfi0BtxdTMsV1QqiioRn6vBAwJvYt37bxGBq1mg6Ouo5a
yFB+7qMdwa06ZB5RpkD17sHgWiwJalBbzakUuCfYLiuKyxmGN0MEVEEn2pdnqm1J
FzKDFIfL3t4jq9Kljo0/iemzYB7c96n4yPk2FuVTXxsxi+ozqcN4ACOVPnxEejc5
UMWBitLS6kxejdmrPU507FZCRf2WpPAH+1U8o+RCYFuCVplEB3b+L/mAp+rcqZnj
RF4yWoSIXa0p22Zkt928Rx/p/7xNlVnSiwGQ1BoBupYPyijChnTYd5EgkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAL+aVhMDi8h9qBjx8PHVEHLqZwMB8GA1UdIwQY
MBaAFBzs79nq2y1ShNcTuUtW06u8EOnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE96djJlcmJMVktFMXhPNVMxYlRxN3dRNmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xZWViYTgtNzM5OS00YmNhLTkzNDEt
Y2U4ODJhNTA1NGM2LzEvWUF2NXBXRXdPTHlIMm9HUEh3OGRVUWN1cG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xZWViYTgtNzM5OS00YmNhLTkzNDEtY2U4ODJhNTA1NGM2
LzEvSE96djJlcmJMVktFMXhPNVMxYlRxN3dRNmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXfFMA0G
CSqGSIb3DQEBCwUAA4IBAQBNw+1VSALAsILVyRPWVhgbhlgZ4UP71KEE60LK/v8j
/ZWyKsSOIpTBrrshdohX6XOmeeHI7fFmMqLq/d3ncpLFdYkJ0kdiT5vRgJQZHYOm
H4S2njD+17+n8dRWDME2RNnqNHzbxwY+sMDZb0AD/Me1wcV2AwDUPriNuAKC6O8K
pmpzSgNE4vUlI9BOwFtLsSmm59k/Xgel0NajGoFXz1R2LAJ8NR4gfqtlHAmLcS4f
0Eq2nVQvmqqd6Zbig8Rt7eYTGs3Zn+lhx0b++/azYdjJJjXDreZzzOQoIvkR8fUW
X+a3xldOiyW9BG9wVv2aiituO7jW1ojUlzkhjxzT2lMN
-----END CERTIFICATE-----