Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YilJ926oabpcpC9P7qYo-5FvPAM.roa
File:                     YilJ926oabpcpC9P7qYo-5FvPAM.roa (raw, json)
Hash identifier:          TewUHlybBqnQx1v0HJfgy/2IUg4qhW/iQu2Kvyy0oW8=
Subject key identifier:   62:29:49:F7:6E:A8:69:BA:5C:A4:2F:4F:EE:A6:28:FB:91:6F:3C:03
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8028BD7AF559C0852A9B907B3985C40
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YilJ926oabpcpC9P7qYo-5FvPAM.roa
Signing time:             Tue 02 Jan 2024 02:30:59 +0000
ROA not before:           Tue 02 Jan 2024 02:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203758
IP address blocks:        185.36.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:8b:d7:af:55:9c:08:52:a9:b9:07:b3:98:5c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=622949f76ea869ba5ca42f4feea628fb916f3c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cb:7d:de:cd:40:de:97:47:86:79:9f:18:d8:
                    9a:49:32:8e:2e:3b:e2:cc:b8:46:0b:95:f4:1a:03:
                    c9:ba:fa:40:af:cd:8c:26:bd:1e:ef:10:4c:af:03:
                    ea:b0:25:b9:90:ae:6c:15:1e:15:74:90:de:64:3c:
                    47:67:62:fb:b2:db:43:5d:ec:be:db:f1:b1:b9:88:
                    ff:5c:3a:75:dd:dd:94:14:25:df:ac:7e:f8:f4:82:
                    ce:d4:00:fa:5f:8d:fd:c7:52:fa:eb:52:91:d5:8e:
                    3e:7f:c9:b3:4f:10:13:2e:8f:1e:af:fa:d4:e3:45:
                    8c:3e:12:25:ec:89:e4:0a:43:7d:f2:c1:51:b9:2c:
                    62:0b:ff:89:8c:9a:4b:1d:44:3a:51:ca:f4:4b:31:
                    1f:2b:f5:ca:c1:8b:75:79:ac:3d:a9:e5:d7:27:de:
                    e7:ae:8b:85:a8:f3:d3:9b:a1:1e:e6:29:d9:cd:7b:
                    c5:03:1d:d3:67:75:ff:bd:b8:b7:7b:93:17:5c:8b:
                    70:4f:b7:da:ba:55:c8:dc:e5:dd:7f:7c:45:6d:43:
                    1a:9e:67:8f:a1:0f:9d:51:b3:07:2b:6f:ff:e2:06:
                    42:93:c1:45:d6:8a:2c:17:e5:8b:43:bd:4f:95:77:
                    76:d3:31:66:3d:e3:c7:95:d1:55:c4:98:27:ea:4c:
                    77:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:29:49:F7:6E:A8:69:BA:5C:A4:2F:4F:EE:A6:28:FB:91:6F:3C:03
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YilJ926oabpcpC9P7qYo-5FvPAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c6:c2:2c:fd:64:e1:6d:a4:2e:a2:56:72:11:86:23:1d:6a:
         52:62:a9:9c:57:da:17:a2:50:f1:dc:1e:16:6e:09:19:ca:0d:
         7c:9e:b5:f8:1d:d8:cf:ac:95:ce:67:7d:4e:8e:7a:2b:8a:13:
         55:85:ea:f3:b2:af:22:55:3b:80:cb:ef:09:81:0d:3c:31:d6:
         49:d0:a2:55:91:69:08:5f:c0:20:4c:6c:af:a1:b1:72:4f:93:
         5d:bf:96:39:59:59:62:99:b5:9d:43:91:02:93:40:57:c0:25:
         3c:fd:78:71:c0:41:68:84:09:a4:dd:03:62:c1:24:f8:97:9f:
         b6:30:f2:14:74:4c:f8:97:eb:b0:57:90:08:01:28:74:0b:41:
         2c:ed:1d:a1:bd:d7:c2:b0:4e:d8:92:e1:fc:9f:42:48:7b:00:
         66:e5:12:8f:0c:50:27:b5:4e:26:16:44:38:c1:26:08:b9:a9:
         a1:e1:34:91:ed:56:25:c6:52:50:ee:93:ab:75:35:be:d7:24:
         b5:6d:74:f7:39:bc:42:41:27:a8:ea:76:3d:f3:13:21:fa:bf:
         a0:90:5a:a3:09:49:b4:10:91:64:d5:5f:c7:0f:cc:56:c0:06:
         10:1a:61:93:0f:2d:3a:c8:7c:f5:3b:c9:30:61:1a:ed:d3:c4:
         b8:aa:93:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAovXr1WcCFKpuQezmFxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjI5NDlmNzZlYTg2OWJhNWNhNDJmNGZlZWE2MjhmYjkxNmYzYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAict93s1A3pdHhnmfGNiaSTKOLjvi
zLhGC5X0GgPJuvpAr82MJr0e7xBMrwPqsCW5kK5sFR4VdJDeZDxHZ2L7sttDXey+
2/GxuYj/XDp13d2UFCXfrH749ILO1AD6X439x1L661KR1Y4+f8mzTxATLo8er/rU
40WMPhIl7InkCkN98sFRuSxiC/+JjJpLHUQ6Ucr0SzEfK/XKwYt1eaw9qeXXJ97n
rouFqPPTm6Ee5inZzXvFAx3TZ3X/vbi3e5MXXItwT7faulXI3OXdf3xFbUManmeP
oQ+dUbMHK2//4gZCk8FF1oosF+WLQ71PlXd20zFmPePHldFVxJgn6kx3rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIpSfduqGm6XKQvT+6mKPuRbzwDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWWlsSjkyNm9hYnBjcEM5UDdxWW8tNUZ2UEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSTNMA0G
CSqGSIb3DQEBCwUAA4IBAQA9xsIs/WThbaQuolZyEYYjHWpSYqmcV9oXolDx3B4W
bgkZyg18nrX4HdjPrJXOZ31OjnorihNVherzsq8iVTuAy+8JgQ08MdZJ0KJVkWkI
X8AgTGyvobFyT5Ndv5Y5WVlimbWdQ5ECk0BXwCU8/XhxwEFohAmk3QNiwST4l5+2
MPIUdEz4l+uwV5AIASh0C0Es7R2hvdfCsE7YkuH8n0JIewBm5RKPDFAntU4mFkQ4
wSYIuamh4TSR7VYlxlJQ7pOrdTW+1yS1bXT3ObxCQSeo6nY98xMh+r+gkFqjCUm0
EJFk1V/HD8xWwAYQGmGTDy06yHz1O8kwYRrt08S4qpPD
-----END CERTIFICATE-----