Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YDSbhUJS34wcW7m6rawPlxi2Dok.roa
File:                     YDSbhUJS34wcW7m6rawPlxi2Dok.roa (raw, json)
Hash identifier:          ZihpgAvk/MwAXi4GFOu5euNT7wlJZ8jUuEVochSYHkg=
Subject key identifier:   60:34:9B:85:42:52:DF:8C:1C:5B:B9:BA:AD:AC:0F:97:18:B6:0E:89
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018CC8011D158117FD61D4A534A69EF44AB3
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YDSbhUJS34wcW7m6rawPlxi2Dok.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        84.246.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1d:15:81:17:fd:61:d4:a5:34:a6:9e:f4:4a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60349b854252df8c1c5bb9baadac0f9718b60e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5d:c5:67:e4:3c:18:48:58:23:4f:72:fb:92:
                    8c:f1:fe:1b:18:30:86:04:c0:c4:79:14:db:d7:1d:
                    57:cf:f1:2a:73:65:d6:a4:af:36:ef:4b:21:1f:36:
                    59:47:c1:f9:d4:fe:1f:ff:31:3d:0e:39:32:41:da:
                    7b:d5:78:0e:32:fb:9f:cd:11:8d:71:26:2e:8c:48:
                    d3:e0:c3:72:73:72:fe:1a:c3:a0:1a:cb:08:a5:9d:
                    9a:f3:09:3d:fe:49:d6:b6:b6:1d:3e:fc:c5:f9:82:
                    c4:f4:92:1b:5c:98:25:1e:00:3b:5b:b8:bf:36:58:
                    04:61:10:04:21:fc:b5:f0:df:2e:db:d9:b2:93:c2:
                    fa:a4:ab:0a:5f:24:24:f2:a6:74:da:7d:e8:0f:45:
                    52:d9:f9:29:6e:b9:a7:2f:49:76:45:46:8e:6f:fc:
                    8d:70:c4:6b:00:c0:c4:da:a5:e4:d0:f4:16:50:1a:
                    82:f8:e6:bf:da:71:7e:37:3d:e8:0a:f7:c6:f3:7f:
                    71:04:85:d6:e5:1f:d8:29:92:17:d0:52:3f:f4:8f:
                    cb:19:33:b3:82:67:f4:19:cd:e1:66:47:d7:a2:df:
                    e9:60:e4:43:51:ee:52:32:96:80:5f:87:6f:ac:09:
                    ab:56:7a:6f:41:57:b6:c4:bd:67:7f:0c:7f:9e:8f:
                    ee:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:34:9B:85:42:52:DF:8C:1C:5B:B9:BA:AD:AC:0F:97:18:B6:0E:89
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/YDSbhUJS34wcW7m6rawPlxi2Dok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:cf:27:36:e9:d5:de:8e:45:da:0a:a2:0d:b0:2b:23:d1:ab:
         ba:e8:93:94:5c:1a:09:38:e6:4f:d2:32:36:ea:4e:dc:1e:cb:
         17:1c:39:69:a0:38:70:e5:77:9d:6a:24:9e:ff:ad:fd:d3:af:
         b1:08:f6:1e:31:03:4e:53:a4:84:85:a6:f2:44:b9:cd:42:2e:
         03:47:d9:a7:68:2a:34:d7:b8:f2:f2:30:c3:e0:c2:35:7e:21:
         46:ae:b8:1a:6d:fd:47:8f:41:68:85:fa:51:74:17:31:58:68:
         fb:ff:4c:59:e8:8d:c5:55:a0:11:14:c7:e4:b9:f4:74:9b:1f:
         1e:00:e4:68:2d:99:16:1a:7c:4d:ff:54:94:12:bb:ef:aa:25:
         1f:d8:b4:ac:cf:9a:5b:38:53:97:68:56:00:41:b7:34:9a:90:
         f0:82:60:20:d6:cc:7d:b3:fd:dc:95:41:2c:38:54:20:3d:63:
         61:b9:9a:03:87:ef:ce:5d:89:67:5a:6f:36:52:13:4c:7c:10:
         20:bd:e2:8c:cd:e2:fb:e9:32:50:39:d7:a7:29:e4:e3:f0:f3:
         3a:53:ae:38:4a:f2:61:c9:12:b2:87:23:c2:ff:8a:2a:5b:ca:
         3f:b3:08:99:9f:e7:f7:1f:b0:43:da:0c:88:e6:39:8f:15:dd:
         ec:66:a0:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAR0VgRf9YdSlNKae9EqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDM0OWI4NTQyNTJkZjhjMWM1YmI5YmFhZGFjMGY5NzE4YjYwZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh13FZ+Q8GEhYI09y+5KM8f4bGDCG
BMDEeRTb1x1Xz/Eqc2XWpK8270shHzZZR8H51P4f/zE9DjkyQdp71XgOMvufzRGN
cSYujEjT4MNyc3L+GsOgGssIpZ2a8wk9/knWtrYdPvzF+YLE9JIbXJglHgA7W7i/
NlgEYRAEIfy18N8u29myk8L6pKsKXyQk8qZ02n3oD0VS2fkpbrmnL0l2RUaOb/yN
cMRrAMDE2qXk0PQWUBqC+Oa/2nF+Nz3oCvfG839xBIXW5R/YKZIX0FI/9I/LGTOz
gmf0Gc3hZkfXot/pYORDUe5SMpaAX4dvrAmrVnpvQVe2xL1nfwx/no/uAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGA0m4VCUt+MHFu5uq2sD5cYtg6JMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvWURTYmhVSlMzNHdjVzdtNnJhd1BseGkyRG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPZ9MA0G
CSqGSIb3DQEBCwUAA4IBAQBLzyc26dXejkXaCqINsCsj0au66JOUXBoJOOZP0jI2
6k7cHssXHDlpoDhw5XedaiSe/63906+xCPYeMQNOU6SEhabyRLnNQi4DR9mnaCo0
17jy8jDD4MI1fiFGrrgabf1Hj0FohfpRdBcxWGj7/0xZ6I3FVaARFMfkufR0mx8e
AORoLZkWGnxN/1SUErvvqiUf2LSsz5pbOFOXaFYAQbc0mpDwgmAg1sx9s/3clUEs
OFQgPWNhuZoDh+/OXYlnWm82UhNMfBAgveKMzeL76TJQOdenKeTj8PM6U644SvJh
yRKyhyPC/4oqW8o/swiZn+f3H7BD2gyI5jmPFd3sZqA4
-----END CERTIFICATE-----