Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/bYBKhHCiSSIGPSMNDFik3XLy-lc.roa
File:                     bYBKhHCiSSIGPSMNDFik3XLy-lc.roa (raw, json)
Hash identifier:          g+9eARrDhRmaqVfaFZR7sJETELT8hoFeLucPvGkveP4=
Subject key identifier:   6D:80:4A:84:70:A2:49:22:06:3D:23:0D:0C:58:A4:DD:72:F2:FA:57
Certificate issuer:       /CN=367465ffdba3c05c21be5b15f0d915efccb069e5
Certificate serial:       018CCA2A84C96B4019BFA62B78AED3BE6BE9
Authority key identifier: 36:74:65:FF:DB:A3:C0:5C:21:BE:5B:15:F0:D9:15:EF:CC:B0:69:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NnRl_9ujwFwhvlsV8NkV78ywaeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/bYBKhHCiSSIGPSMNDFik3XLy-lc.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199802
IP address blocks:        193.8.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/NnRl_9ujwFwhvlsV8NkV78ywaeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/NnRl_9ujwFwhvlsV8NkV78ywaeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NnRl_9ujwFwhvlsV8NkV78ywaeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:84:c9:6b:40:19:bf:a6:2b:78:ae:d3:be:6b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=367465ffdba3c05c21be5b15f0d915efccb069e5
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d804a8470a24922063d230d0c58a4dd72f2fa57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:24:bc:a3:72:fe:df:db:6f:8e:c4:a8:70:60:
                    61:0a:02:18:46:68:1e:ed:2c:32:b6:69:49:3e:01:
                    aa:25:e5:4b:c6:f1:cd:60:90:94:6f:c8:44:36:5b:
                    7c:4d:b4:b1:e9:6f:98:49:7f:d0:6f:71:46:d7:dc:
                    21:0e:6f:80:e6:96:30:5b:d1:bf:cd:0f:8d:49:6d:
                    b7:fc:a7:3d:bb:52:33:80:e5:55:e3:84:7b:94:8d:
                    bb:b4:5a:a3:ea:9e:ef:b2:f4:75:e0:49:19:e2:53:
                    2c:f4:d5:34:ca:21:60:c2:02:1a:e4:9d:43:3d:cf:
                    45:00:4e:94:15:fd:7f:3a:18:6e:32:1d:b1:44:f5:
                    2f:e1:c3:e6:9b:66:84:38:ab:0a:50:e0:7c:98:f2:
                    13:ac:66:03:8d:7b:2b:fe:dc:c7:65:60:69:a0:dd:
                    a4:c5:42:c9:ab:03:ba:d4:9d:72:ae:48:ae:d6:73:
                    10:52:10:0e:4f:9f:36:ca:91:b3:b8:66:69:33:3a:
                    da:6f:e4:4f:b8:5f:bd:74:d3:94:88:cf:e1:2b:ed:
                    20:fc:42:7f:53:54:d6:06:ec:0a:c1:44:46:c6:01:
                    9b:db:c5:86:d8:1e:e2:5e:12:3b:24:58:26:07:55:
                    55:22:96:e6:5a:6b:c2:7a:db:ad:f5:ae:50:47:86:
                    d3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:80:4A:84:70:A2:49:22:06:3D:23:0D:0C:58:A4:DD:72:F2:FA:57
            X509v3 Authority Key Identifier:
                keyid:36:74:65:FF:DB:A3:C0:5C:21:BE:5B:15:F0:D9:15:EF:CC:B0:69:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NnRl_9ujwFwhvlsV8NkV78ywaeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/bYBKhHCiSSIGPSMNDFik3XLy-lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/75ca1a-6828-4e6d-9fea-5e47cf199dff/1/NnRl_9ujwFwhvlsV8NkV78ywaeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ab:74:2b:2f:38:4e:fa:3c:a7:83:e9:b3:67:d7:83:91:df:
         08:19:d7:57:43:61:b2:e1:b0:05:cd:4d:73:30:26:28:0b:f6:
         52:06:72:c6:6d:b0:1f:94:bd:3b:c6:1a:ea:0a:b1:4b:c1:61:
         b2:26:44:32:ee:74:07:d1:65:92:f4:db:a9:26:f6:0d:92:eb:
         e0:5a:1b:33:09:a5:c8:8f:a4:c0:d3:cd:b8:ca:11:0e:d7:92:
         88:c8:c9:22:11:99:e4:37:c4:0a:cd:77:a9:31:dc:63:2d:ce:
         28:ec:0d:b1:6a:c4:94:1c:56:fc:17:87:d1:70:02:87:f8:ee:
         5e:47:bb:53:2c:59:a0:6c:72:6c:ca:05:d9:17:09:80:9c:4b:
         72:50:0a:d2:40:47:85:0e:4b:be:be:13:8a:03:85:f8:ae:8a:
         9f:d3:9e:13:08:ff:4e:75:30:88:32:cc:4e:6b:ff:95:48:6a:
         eb:02:89:ef:d9:16:98:59:9b:aa:cb:3e:51:ee:5e:7e:2c:a0:
         18:95:db:84:ee:13:78:df:eb:47:56:2b:b4:83:18:97:b2:76:
         3d:d8:51:9b:63:47:82:a8:97:ee:91:21:3f:32:af:dd:db:c2:
         dc:0e:07:b9:ff:fd:7d:6b:20:94:c5:73:99:65:1f:24:fe:ee:
         2a:d0:6a:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoTJa0AZv6YreK7TvmvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NzQ2NWZmZGJhM2MwNWMyMWJlNWIxNWYwZDkxNWVmY2Ni
MDY5ZTUwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDgwNGE4NDcwYTI0OTIyMDYzZDIzMGQwYzU4YTRkZDcyZjJmYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyS8o3L+39tvjsSocGBhCgIYRmge
7SwytmlJPgGqJeVLxvHNYJCUb8hENlt8TbSx6W+YSX/Qb3FG19whDm+A5pYwW9G/
zQ+NSW23/Kc9u1IzgOVV44R7lI27tFqj6p7vsvR14EkZ4lMs9NU0yiFgwgIa5J1D
Pc9FAE6UFf1/OhhuMh2xRPUv4cPmm2aEOKsKUOB8mPITrGYDjXsr/tzHZWBpoN2k
xULJqwO61J1yrkiu1nMQUhAOT582ypGzuGZpMzrab+RPuF+9dNOUiM/hK+0g/EJ/
U1TWBuwKwURGxgGb28WG2B7iXhI7JFgmB1VVIpbmWmvCetut9a5QR4bTjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2ASoRwokkiBj0jDQxYpN1y8vpXMB8GA1UdIwQY
MBaAFDZ0Zf/bo8BcIb5bFfDZFe/MsGnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm5SbF85dWp3RndodmxzVjhOa1Y3OHl3YWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NWNhMWEtNjgyOC00ZTZkLTlmZWEt
NWU0N2NmMTk5ZGZmLzEvYllCS2hIQ2lTU0lHUFNNTkRGaWszWEx5LWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NWNhMWEtNjgyOC00ZTZkLTlmZWEtNWU0N2NmMTk5ZGZm
LzEvTm5SbF85dWp3RndodmxzVjhOa1Y3OHl3YWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQiuMA0G
CSqGSIb3DQEBCwUAA4IBAQBXq3QrLzhO+jyng+mzZ9eDkd8IGddXQ2Gy4bAFzU1z
MCYoC/ZSBnLGbbAflL07xhrqCrFLwWGyJkQy7nQH0WWS9NupJvYNkuvgWhszCaXI
j6TA0824yhEO15KIyMkiEZnkN8QKzXepMdxjLc4o7A2xasSUHFb8F4fRcAKH+O5e
R7tTLFmgbHJsygXZFwmAnEtyUArSQEeFDku+vhOKA4X4roqf054TCP9OdTCIMsxO
a/+VSGrrAonv2RaYWZuqyz5R7l5+LKAYlduE7hN43+tHViu0gxiXsnY92FGbY0eC
qJfukSE/Mq/d28LcDge5//19ayCUxXOZZR8k/u4q0GoS
-----END CERTIFICATE-----