Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yIwnVeCKoLe28XF4DcFyF59V9Go.roa
File:                     yIwnVeCKoLe28XF4DcFyF59V9Go.roa (raw, json)
Hash identifier:          JOsfBh1+jHGSy+MXxqzKGAh2QQBkLcJewYTnoIcrjrw=
Subject key identifier:   C8:8C:27:55:E0:8A:A0:B7:B6:F1:71:78:0D:C1:72:17:9F:55:F4:6A
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       018F110766136836A94A5266A966A5DEC72B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yIwnVeCKoLe28XF4DcFyF59V9Go.roa
Signing time:             Wed 24 Apr 2024 16:54:08 +0000
ROA not before:           Wed 24 Apr 2024 16:54:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17675
IP address blocks:        50.20.224.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:11:07:66:13:68:36:a9:4a:52:66:a9:66:a5:de:c7:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Apr 24 16:54:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c88c2755e08aa0b7b6f171780dc172179f55f46a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:e8:93:26:ac:b5:b5:ff:ae:15:f9:14:f1:
                    3b:0d:5b:63:0c:77:60:4b:55:b2:db:69:7a:b3:54:
                    e6:ad:28:4e:4a:10:37:6b:1f:02:ff:45:d5:9f:71:
                    63:46:f5:3a:6b:9a:33:2b:3b:fd:e8:06:5c:a0:a3:
                    84:9d:14:a2:55:c3:b9:6d:c8:5f:1a:2d:04:17:5f:
                    ac:5f:e2:da:03:f9:29:c0:39:39:df:28:0d:ba:44:
                    91:73:02:39:83:af:66:23:e1:38:dd:f9:93:3e:f5:
                    9d:7c:0a:62:0e:01:cf:df:6d:12:76:65:93:df:49:
                    58:5a:02:a1:a1:91:30:6c:53:54:dc:a7:ae:fd:95:
                    31:9f:a0:37:d9:c8:9f:a0:57:ad:f9:9b:40:2a:df:
                    1e:fb:34:9a:be:5b:e3:11:fd:29:00:61:ac:a4:11:
                    cf:6b:0e:59:e2:88:8d:d3:2d:58:14:9c:48:ee:3a:
                    ff:53:e6:e4:4d:42:5b:6c:c7:c1:0d:4a:19:4b:af:
                    8a:98:3c:06:89:6c:25:92:a9:c5:51:f6:7d:b3:56:
                    ed:7b:49:43:cc:1b:07:c5:ba:d6:8b:15:30:1a:cf:
                    97:7c:da:8b:6b:78:09:e5:97:4d:74:63:5c:9b:17:
                    da:8e:9e:db:14:eb:b8:c7:d0:0e:4a:5c:08:08:7b:
                    64:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8C:27:55:E0:8A:A0:B7:B6:F1:71:78:0D:C1:72:17:9F:55:F4:6A
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yIwnVeCKoLe28XF4DcFyF59V9Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.20.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:be:5a:e7:bc:7a:4a:06:14:74:2f:75:4b:be:be:15:48:d2:
         83:eb:e0:45:2d:7b:c5:ce:45:b2:25:91:22:ff:21:40:c3:8a:
         d0:bf:1d:0a:84:fe:4b:78:3f:d6:1a:41:f4:74:b6:43:48:65:
         93:a2:aa:49:13:cf:c6:70:d7:2f:46:25:eb:2e:12:0a:ea:a6:
         fa:32:8c:a9:d3:2b:89:58:36:b2:45:8a:45:4a:39:9d:23:35:
         9e:47:e2:4f:68:fc:b0:49:61:f0:71:19:c0:e2:28:74:72:fa:
         23:31:41:9b:44:65:f6:5c:23:37:61:a0:2f:d5:5d:0a:4f:42:
         b3:fa:41:ab:6e:87:b1:9f:1a:5a:f4:46:a6:22:91:9a:e4:79:
         ce:74:f9:75:ab:d4:99:ed:63:2a:bd:0c:05:5b:c2:99:cf:3a:
         32:b2:cd:77:58:44:28:44:4a:72:01:c3:2e:df:8e:a7:52:fa:
         f4:3a:69:7b:db:43:c8:02:0d:f1:7a:72:d6:63:2b:70:10:1e:
         83:2e:be:3b:eb:2e:64:5a:a3:2a:03:22:8a:03:71:53:83:55:
         1c:36:68:c0:92:7f:99:fd:8c:a9:fe:7b:82:5d:ed:46:3f:a8:
         ca:b2:b0:f6:a3:80:95:dc:a6:c2:ac:4e:cb:9a:d4:ce:12:f6:
         7f:b3:99:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8RB2YTaDapSlJmqWal3scrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNDI0MTY1NDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhjMjc1NWUwOGFhMGI3YjZmMTcxNzgwZGMxNzIxNzlmNTVmNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1nokyastbX/rhX5FPE7DVtjDHdg
S1Wy22l6s1TmrShOShA3ax8C/0XVn3FjRvU6a5ozKzv96AZcoKOEnRSiVcO5bchf
Gi0EF1+sX+LaA/kpwDk53ygNukSRcwI5g69mI+E43fmTPvWdfApiDgHP320SdmWT
30lYWgKhoZEwbFNU3Keu/ZUxn6A32cifoFet+ZtAKt8e+zSavlvjEf0pAGGspBHP
aw5Z4oiN0y1YFJxI7jr/U+bkTUJbbMfBDUoZS6+KmDwGiWwlkqnFUfZ9s1bte0lD
zBsHxbrWixUwGs+XfNqLa3gJ5ZdNdGNcmxfajp7bFOu4x9AOSlwICHtk9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiMJ1XgiqC3tvFxeA3BchefVfRqMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEveUl3blZlQ0tvTGUyOFhGNERjRnlGNTlWOUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDMhTgMA0G
CSqGSIb3DQEBCwUAA4IBAQAvvlrnvHpKBhR0L3VLvr4VSNKD6+BFLXvFzkWyJZEi
/yFAw4rQvx0KhP5LeD/WGkH0dLZDSGWToqpJE8/GcNcvRiXrLhIK6qb6Moyp0yuJ
WDayRYpFSjmdIzWeR+JPaPywSWHwcRnA4ih0cvojMUGbRGX2XCM3YaAv1V0KT0Kz
+kGrboexnxpa9EamIpGa5HnOdPl1q9SZ7WMqvQwFW8KZzzoyss13WEQoREpyAcMu
346nUvr0Oml720PIAg3xenLWYytwEB6DLr476y5kWqMqAyKKA3FTg1UcNmjAkn+Z
/Yyp/nuCXe1GP6jKsrD2o4CV3KbCrE7LmtTOEvZ/s5lB
-----END CERTIFICATE-----