Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/ygW18UF2_lT1k3jdcInthdT_Cyc.roa
File:                     ygW18UF2_lT1k3jdcInthdT_Cyc.roa (raw, json)
Hash identifier:          ywbAxfVk+uoPaWesPHysfzb+MCU5enbXqbGdS+Uv2jU=
Subject key identifier:   CA:05:B5:F1:41:76:FE:54:F5:93:78:DD:70:89:ED:85:D4:FF:0B:27
Certificate issuer:       /CN=189947a9a5d88cc62cc898268f2bcafd6a7ffc5b
Certificate serial:       018CC79419372F6FF1B09BBF264DC03E33C6
Authority key identifier: 18:99:47:A9:A5:D8:8C:C6:2C:C8:98:26:8F:2B:CA:FD:6A:7F:FC:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/ygW18UF2_lT1k3jdcInthdT_Cyc.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208849
IP address blocks:        45.82.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:19:37:2f:6f:f1:b0:9b:bf:26:4d:c0:3e:33:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189947a9a5d88cc62cc898268f2bcafd6a7ffc5b
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca05b5f14176fe54f59378dd7089ed85d4ff0b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3e:d2:12:fe:0d:66:5f:2b:ab:df:e4:77:a8:
                    bd:8a:6e:d4:5c:58:7d:7a:8a:10:96:52:3c:57:29:
                    40:85:cc:4b:eb:a7:3a:0a:84:a5:6a:71:c6:9d:4c:
                    96:3d:63:4a:ba:b8:54:1b:76:37:d0:4c:91:d1:54:
                    46:60:02:83:e9:e1:bb:fc:3b:b6:04:d9:8e:bd:91:
                    f1:31:3e:f3:89:e0:e9:3e:bf:15:e2:2b:5d:1a:f1:
                    f4:25:28:7c:dd:93:19:20:e9:a3:a5:1f:cb:f0:45:
                    bb:eb:e2:ac:e4:8e:2b:bc:14:7f:37:6e:86:be:8d:
                    fb:bb:f1:c5:7e:aa:3b:a2:aa:f6:90:36:af:91:7c:
                    db:84:5d:f0:03:3b:76:d8:43:d1:4f:0d:17:8a:d0:
                    c1:a1:c5:8f:b7:52:0a:c5:25:d3:07:96:8b:52:19:
                    fa:d3:46:2e:b1:dc:ec:1e:07:08:6f:2f:f8:9c:b3:
                    72:db:04:4b:92:91:ef:6e:06:45:23:e3:ad:90:df:
                    f8:25:88:35:ca:ab:e5:77:40:b0:05:4e:a7:d2:5f:
                    5a:c6:46:3a:d5:25:0e:e6:b2:1c:4f:b4:5c:98:1f:
                    96:e3:f3:92:39:6e:0a:60:55:08:0b:56:74:a9:e1:
                    74:54:23:6d:99:1d:5d:10:d2:a0:85:21:0a:4e:57:
                    dc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:05:B5:F1:41:76:FE:54:F5:93:78:DD:70:89:ED:85:D4:FF:0B:27
            X509v3 Authority Key Identifier:
                keyid:18:99:47:A9:A5:D8:8C:C6:2C:C8:98:26:8F:2B:CA:FD:6A:7F:FC:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/ygW18UF2_lT1k3jdcInthdT_Cyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/729f92-5f03-4158-90ac-6d428f1c15fd/1/GJlHqaXYjMYsyJgmjyvK_Wp__Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:fb:5b:0b:fe:52:e2:e0:b8:da:90:d4:76:6d:74:43:1b:22:
         9c:38:52:3c:44:68:9f:b8:99:1f:fa:98:97:57:95:66:db:91:
         f1:dd:22:bf:3a:96:af:15:93:90:8f:12:36:f3:55:7b:ac:cc:
         da:a1:b0:1c:ba:88:69:65:90:8e:78:71:39:b9:e4:44:0d:f9:
         d0:9a:09:b9:35:28:a6:d3:d2:1b:aa:a6:60:3d:b5:5f:02:f1:
         d2:a1:52:2e:0b:ee:05:18:86:5d:66:09:49:54:63:7c:0e:ec:
         53:f9:b8:6f:b5:30:58:56:01:2d:8b:2d:38:a9:2b:f2:74:23:
         54:f4:59:4a:42:28:09:99:95:ba:f4:70:80:18:e0:bf:89:41:
         b3:76:ce:35:9d:bf:c8:d3:4e:db:27:09:25:43:e5:be:cf:bd:
         2d:c9:1b:6c:09:0b:8c:ba:4c:2c:65:fb:54:1b:ed:d3:e9:f9:
         f0:74:84:a0:a1:6d:9c:50:3f:b0:71:f0:d0:14:9c:02:51:aa:
         70:bf:d5:76:a0:08:65:15:b1:3f:d6:46:9e:2e:29:2f:a1:66:
         91:a9:24:d0:62:53:b9:60:0f:77:59:b9:19:3d:ad:ec:35:f7:
         8f:52:ea:64:51:bb:45:0b:a1:5a:d8:4c:4a:0f:db:85:2c:71:
         0d:c3:60:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBk3L2/xsJu/Jk3APjPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OTk0N2E5YTVkODhjYzYyY2M4OTgyNjhmMmJjYWZkNmE3
ZmZjNWIwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA1YjVmMTQxNzZmZTU0ZjU5Mzc4ZGQ3MDg5ZWQ4NWQ0ZmYwYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD7SEv4NZl8rq9/kd6i9im7UXFh9
eooQllI8VylAhcxL66c6CoSlanHGnUyWPWNKurhUG3Y30EyR0VRGYAKD6eG7/Du2
BNmOvZHxMT7zieDpPr8V4itdGvH0JSh83ZMZIOmjpR/L8EW76+Ks5I4rvBR/N26G
vo37u/HFfqo7oqr2kDavkXzbhF3wAzt22EPRTw0XitDBocWPt1IKxSXTB5aLUhn6
00YusdzsHgcIby/4nLNy2wRLkpHvbgZFI+OtkN/4JYg1yqvld0CwBU6n0l9axkY6
1SUO5rIcT7RcmB+W4/OSOW4KYFUIC1Z0qeF0VCNtmR1dENKghSEKTlfccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoFtfFBdv5U9ZN43XCJ7YXU/wsnMB8GA1UdIwQY
MBaAFBiZR6ml2IzGLMiYJo8ryv1qf/xbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0psSHFhWFlqTVlzeUpnbWp5dktfV3BfX0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS83MjlmOTItNWYwMy00MTU4LTkwYWMt
NmQ0MjhmMWMxNWZkLzEveWdXMThVRjJfbFQxazNqZGNJbnRoZFRfQ3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS83MjlmOTItNWYwMy00MTU4LTkwYWMtNmQ0MjhmMWMxNWZk
LzEvR0psSHFhWFlqTVlzeUpnbWp5dktfV3BfX0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVLUMA0G
CSqGSIb3DQEBCwUAA4IBAQAd+1sL/lLi4LjakNR2bXRDGyKcOFI8RGifuJkf+piX
V5Vm25Hx3SK/OpavFZOQjxI281V7rMzaobAcuohpZZCOeHE5ueREDfnQmgm5NSim
09IbqqZgPbVfAvHSoVIuC+4FGIZdZglJVGN8DuxT+bhvtTBYVgEtiy04qSvydCNU
9FlKQigJmZW69HCAGOC/iUGzds41nb/I007bJwklQ+W+z70tyRtsCQuMukwsZftU
G+3T6fnwdISgoW2cUD+wcfDQFJwCUapwv9V2oAhlFbE/1kaeLikvoWaRqSTQYlO5
YA93WbkZPa3sNfePUupkUbtFC6Fa2ExKD9uFLHENw2AL
-----END CERTIFICATE-----