Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/YFKyoofxckxFDQyh2KYl_5mL0HU.roa
File:                     YFKyoofxckxFDQyh2KYl_5mL0HU.roa (raw, json)
Hash identifier:          PVHYiV3rEU/mDZQf2BQjb0PDBN1mGFCq+gjDCGz3R5Y=
Subject key identifier:   60:52:B2:A2:87:F1:72:4C:45:0D:0C:A1:D8:A6:25:FF:99:8B:D0:75
Certificate issuer:       /CN=71cec269f84d5641ff63a63d1f3997c8cfd4fe28
Certificate serial:       018CC64B265FB87DE4E38F076D6BA3908AC5
Authority key identifier: 71:CE:C2:69:F8:4D:56:41:FF:63:A6:3D:1F:39:97:C8:CF:D4:FE:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/YFKyoofxckxFDQyh2KYl_5mL0HU.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        185.228.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:26:5f:b8:7d:e4:e3:8f:07:6d:6b:a3:90:8a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71cec269f84d5641ff63a63d1f3997c8cfd4fe28
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6052b2a287f1724c450d0ca1d8a625ff998bd075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c9:99:9c:f1:63:5c:05:7d:58:4c:bb:3f:a6:
                    d9:28:c8:64:b2:f8:2b:c3:4c:df:9b:2f:5d:d9:05:
                    d3:97:d5:fe:ef:df:b5:12:4d:1d:49:89:9b:b7:61:
                    c9:c6:0a:22:ca:9b:a9:70:9f:0c:2a:a2:27:b5:9b:
                    f0:7d:cc:84:f3:72:d4:11:5a:0d:a9:a8:98:75:ab:
                    eb:10:ac:98:e2:04:3c:f1:f5:40:37:c7:87:17:4f:
                    f9:61:9e:a2:8e:d7:eb:32:83:2d:aa:33:5c:77:bb:
                    8d:d5:fc:76:57:13:ea:40:4c:ed:20:f0:ea:8e:9e:
                    83:c6:4d:22:fd:1a:3d:7a:5d:45:74:7f:c9:44:c7:
                    31:a2:27:7b:0f:49:c2:82:70:29:00:89:b5:b1:4f:
                    57:0a:02:de:8c:df:97:8c:24:ee:2c:9f:fb:f2:f1:
                    e0:33:a0:c3:c7:1f:c1:2e:e7:b1:8f:b0:fc:1c:a8:
                    48:0f:4b:84:37:80:b5:9c:86:5f:4f:7b:4d:02:a7:
                    b2:7f:05:dc:55:6b:a1:41:74:27:ad:9b:f8:84:a0:
                    93:dd:25:4a:b7:d1:f6:12:15:a7:a4:fb:cc:73:fd:
                    c9:62:bb:e3:5c:a0:14:0c:5d:7a:75:a3:6c:a3:ce:
                    81:51:ae:72:98:a8:05:5a:b3:40:b1:94:3c:cd:e2:
                    eb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:52:B2:A2:87:F1:72:4C:45:0D:0C:A1:D8:A6:25:FF:99:8B:D0:75
            X509v3 Authority Key Identifier:
                keyid:71:CE:C2:69:F8:4D:56:41:FF:63:A6:3D:1F:39:97:C8:CF:D4:FE:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/YFKyoofxckxFDQyh2KYl_5mL0HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/8f551f-2425-434d-afb5-a762e9c0dd32/1/cc7CafhNVkH_Y6Y9HzmXyM_U_ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:a4:3b:8e:a0:30:41:f6:f1:2a:00:24:2a:d7:d2:4e:0a:d1:
         cd:15:ca:52:5c:dd:33:9b:7f:c2:a3:b9:62:14:32:51:e4:b7:
         41:3c:0a:cf:07:c4:19:23:0d:11:3b:3e:56:c0:41:8a:d8:bc:
         6c:36:8f:23:51:b1:e8:b8:2d:ee:f7:7c:1c:7c:5f:b6:8d:af:
         11:30:a1:3b:14:d0:f9:15:51:62:82:84:6a:68:61:71:e2:a1:
         b2:91:e1:a3:ab:0f:cc:92:5e:d0:83:36:4f:cb:2b:4d:0d:76:
         01:5a:b0:99:ce:ce:d5:81:df:cd:f6:9b:a9:78:cb:f9:04:b2:
         d0:46:f8:3f:5a:38:3f:12:4a:f9:d0:2e:b8:74:06:01:32:80:
         b8:ed:05:0c:82:29:2e:2c:37:53:fb:2b:2e:c6:0b:fc:ef:30:
         da:18:c4:bb:cd:f7:83:a4:94:10:a4:90:96:5c:fb:f8:34:fb:
         d8:3a:80:1c:6f:45:cc:01:16:bd:83:87:7f:16:1f:b2:0f:b8:
         c4:44:92:f7:1c:75:5f:78:47:2f:59:d6:6d:a8:c4:7b:bd:74:
         af:c8:fd:bb:14:40:48:c3:d9:5d:a6:f1:19:dc:81:b0:92:bd:
         f0:a0:bd:6f:b3:f9:82:44:f5:d7:12:9d:f5:5e:7b:d7:62:bc:
         13:06:c4:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyZfuH3k448HbWujkIrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxY2VjMjY5Zjg0ZDU2NDFmZjYzYTYzZDFmMzk5N2M4Y2Zk
NGZlMjgwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDUyYjJhMjg3ZjE3MjRjNDUwZDBjYTFkOGE2MjVmZjk5OGJkMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMmZnPFjXAV9WEy7P6bZKMhksvgr
w0zfmy9d2QXTl9X+79+1Ek0dSYmbt2HJxgoiypupcJ8MKqIntZvwfcyE83LUEVoN
qaiYdavrEKyY4gQ88fVAN8eHF0/5YZ6ijtfrMoMtqjNcd7uN1fx2VxPqQEztIPDq
jp6Dxk0i/Ro9el1FdH/JRMcxoid7D0nCgnApAIm1sU9XCgLejN+XjCTuLJ/78vHg
M6DDxx/BLuexj7D8HKhID0uEN4C1nIZfT3tNAqeyfwXcVWuhQXQnrZv4hKCT3SVK
t9H2EhWnpPvMc/3JYrvjXKAUDF16daNso86BUa5ymKgFWrNAsZQ8zeLrmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBSsqKH8XJMRQ0ModimJf+Zi9B1MB8GA1UdIwQY
MBaAFHHOwmn4TVZB/2OmPR85l8jP1P4oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2M3Q2FmaE5Wa0hfWTZZOUh6bVh5TV9VX2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84ZjU1MWYtMjQyNS00MzRkLWFmYjUt
YTc2MmU5YzBkZDMyLzEvWUZLeW9vZnhja3hGRFF5aDJLWWxfNW1MMEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84ZjU1MWYtMjQyNS00MzRkLWFmYjUtYTc2MmU5YzBkZDMy
LzEvY2M3Q2FmaE5Wa0hfWTZZOUh6bVh5TV9VX2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueTAMA0G
CSqGSIb3DQEBCwUAA4IBAQAzpDuOoDBB9vEqACQq19JOCtHNFcpSXN0zm3/Co7li
FDJR5LdBPArPB8QZIw0ROz5WwEGK2LxsNo8jUbHouC3u93wcfF+2ja8RMKE7FND5
FVFigoRqaGFx4qGykeGjqw/Mkl7QgzZPyytNDXYBWrCZzs7Vgd/N9pupeMv5BLLQ
Rvg/Wjg/Ekr50C64dAYBMoC47QUMgikuLDdT+ysuxgv87zDaGMS7zfeDpJQQpJCW
XPv4NPvYOoAcb0XMARa9g4d/Fh+yD7jERJL3HHVfeEcvWdZtqMR7vXSvyP27FEBI
w9ldpvEZ3IGwkr3woL1vs/mCRPXXEp31XnvXYrwTBsT5
-----END CERTIFICATE-----