Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/yfZuSgkc9RyUSshJyvEZlvFsBmo.roa
File:                     yfZuSgkc9RyUSshJyvEZlvFsBmo.roa (raw, json)
Hash identifier:          5h6NLwxEvQP6+rdzm9FQjN9lrPpy2F20ReICbCbBmzM=
Subject key identifier:   C9:F6:6E:4A:09:1C:F5:1C:94:4A:C8:49:CA:F1:19:96:F1:6C:06:6A
Certificate issuer:       /CN=bd2a6a2232c439f04620c82b4d7e14e9df721143
Certificate serial:       018CC9BC374807B7675B30F6D0C440846AEA
Authority key identifier: BD:2A:6A:22:32:C4:39:F0:46:20:C8:2B:4D:7E:14:E9:DF:72:11:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/yfZuSgkc9RyUSshJyvEZlvFsBmo.roa
Signing time:             Tue 02 Jan 2024 10:33:24 +0000
ROA not before:           Tue 02 Jan 2024 10:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        195.206.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:37:48:07:b7:67:5b:30:f6:d0:c4:40:84:6a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd2a6a2232c439f04620c82b4d7e14e9df721143
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9f66e4a091cf51c944ac849caf11996f16c066a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e9:d7:7b:cf:63:de:bb:35:a8:69:7a:75:a7:
                    f2:0e:69:a4:69:a7:64:7e:05:46:28:58:75:26:01:
                    59:b1:49:7e:2c:a4:f5:00:a2:f1:93:51:06:1a:7d:
                    0d:12:8b:ea:ac:91:2f:e8:0e:9a:fd:6e:42:2b:a7:
                    81:23:3d:f0:36:d1:b3:dc:31:08:da:27:f5:6b:15:
                    8e:68:f0:e4:1c:1e:fd:7b:ca:6e:8b:b8:ba:b1:36:
                    2d:a8:a5:68:9c:30:c2:d7:7b:88:cc:94:36:73:8b:
                    cc:1f:c0:75:bf:24:34:c2:61:1f:0d:f0:76:5e:de:
                    e3:28:53:f5:c7:8d:03:ca:de:b9:15:e7:6c:40:5d:
                    27:ef:56:b4:8a:e3:ee:d5:ae:a0:33:27:d5:9c:09:
                    4b:71:c5:7b:cc:e9:89:e3:e2:b8:20:76:45:4d:7b:
                    84:73:45:b8:23:3b:c0:4c:9d:e0:fe:7f:59:1e:ce:
                    a7:18:f8:07:ab:67:da:83:f0:ff:30:d1:9f:7c:29:
                    3a:c1:d0:51:22:d5:a2:ca:84:89:60:1e:66:f1:08:
                    3b:24:b9:3e:71:dc:15:38:00:07:1e:4f:22:5f:aa:
                    c7:ea:8d:08:7a:ed:8e:60:eb:37:1e:64:f1:55:1b:
                    e2:93:c9:4d:11:30:ac:27:93:c7:15:b4:09:f4:c3:
                    7b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F6:6E:4A:09:1C:F5:1C:94:4A:C8:49:CA:F1:19:96:F1:6C:06:6A
            X509v3 Authority Key Identifier:
                keyid:BD:2A:6A:22:32:C4:39:F0:46:20:C8:2B:4D:7E:14:E9:DF:72:11:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSpqIjLEOfBGIMgrTX4U6d9yEUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/yfZuSgkc9RyUSshJyvEZlvFsBmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6afd60-83e8-423d-878b-909b6ab85ee9/1/vSpqIjLEOfBGIMgrTX4U6d9yEUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:ed:49:4e:38:e4:ab:24:af:c2:30:77:6c:83:8d:04:87:d4:
         64:0b:8d:2c:70:10:15:45:97:bb:66:80:be:23:81:b2:d1:3c:
         b9:21:ff:77:bc:50:8c:89:99:50:dc:e1:16:44:52:8d:f2:ba:
         f5:ec:00:f0:d6:2e:cb:14:bd:9b:e6:49:19:66:85:fb:db:95:
         49:05:26:a0:cf:71:f3:6a:83:8e:e5:d8:87:21:28:2f:de:e7:
         e7:a8:ac:00:45:c9:d7:e5:cf:4e:eb:b2:ac:8d:40:72:7b:23:
         37:d5:57:6f:80:c9:91:be:bc:57:f0:b2:1b:36:07:f1:56:3d:
         8b:40:2c:b4:6c:b7:64:1b:c4:bd:de:b9:d1:30:1b:df:c3:cb:
         82:ff:07:34:41:5b:ef:7d:dd:20:e7:6b:a3:b2:52:6c:f8:0b:
         a6:f5:fc:cb:f6:c6:e8:db:a3:35:76:e6:88:1c:9f:af:1b:b3:
         a0:41:8b:8a:c6:f4:48:5d:f0:51:c6:f5:7f:45:f7:1c:ea:a8:
         f4:9b:c2:69:88:0e:fd:06:92:97:9e:41:62:4b:b2:09:b3:fc:
         fb:38:36:f0:04:2a:c8:f4:00:cb:56:4a:14:c7:99:7f:4e:49:
         bb:fb:1e:5c:9e:d0:9d:c9:10:8b:cc:34:0c:4d:22:96:27:12:
         3b:80:da:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDdIB7dnWzD20MRAhGrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMmE2YTIyMzJjNDM5ZjA0NjIwYzgyYjRkN2UxNGU5ZGY3
MjExNDMwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY2NmU0YTA5MWNmNTFjOTQ0YWM4NDljYWYxMTk5NmYxNmMwNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOnXe89j3rs1qGl6dafyDmmkaadk
fgVGKFh1JgFZsUl+LKT1AKLxk1EGGn0NEovqrJEv6A6a/W5CK6eBIz3wNtGz3DEI
2if1axWOaPDkHB79e8pui7i6sTYtqKVonDDC13uIzJQ2c4vMH8B1vyQ0wmEfDfB2
Xt7jKFP1x40Dyt65FedsQF0n71a0iuPu1a6gMyfVnAlLccV7zOmJ4+K4IHZFTXuE
c0W4IzvATJ3g/n9ZHs6nGPgHq2fag/D/MNGffCk6wdBRItWiyoSJYB5m8Qg7JLk+
cdwVOAAHHk8iX6rH6o0Ieu2OYOs3HmTxVRvik8lNETCsJ5PHFbQJ9MN7fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMn2bkoJHPUclErIScrxGZbxbAZqMB8GA1UdIwQY
MBaAFL0qaiIyxDnwRiDIK01+FOnfchFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNwcUlqTEVPZkJHSU1nclRYNFU2ZDl5RVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82YWZkNjAtODNlOC00MjNkLTg3OGIt
OTA5YjZhYjg1ZWU5LzEveWZadVNna2M5UnlVU3NoSnl2RVpsdkZzQm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82YWZkNjAtODNlOC00MjNkLTg3OGItOTA5YjZhYjg1ZWU5
LzEvdlNwcUlqTEVPZkJHSU1nclRYNFU2ZDl5RVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw87yMA0G
CSqGSIb3DQEBCwUAA4IBAQB77UlOOOSrJK/CMHdsg40Eh9RkC40scBAVRZe7ZoC+
I4Gy0Ty5If93vFCMiZlQ3OEWRFKN8rr17ADw1i7LFL2b5kkZZoX725VJBSagz3Hz
aoOO5diHISgv3ufnqKwARcnX5c9O67KsjUByeyM31VdvgMmRvrxX8LIbNgfxVj2L
QCy0bLdkG8S93rnRMBvfw8uC/wc0QVvvfd0g52ujslJs+Aum9fzL9sbo26M1duaI
HJ+vG7OgQYuKxvRIXfBRxvV/Rfcc6qj0m8JpiA79BpKXnkFiS7IJs/z7ODbwBCrI
9ADLVkoUx5l/Tkm7+x5cntCdyRCLzDQMTSKWJxI7gNoW
-----END CERTIFICATE-----