Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/YIYAWijDdGcg-Xv1ssKD3PMrVZY.roa
File:                     YIYAWijDdGcg-Xv1ssKD3PMrVZY.roa (raw, json)
Hash identifier:          V17ouooE117r5mmjKvDAljX+aEbSMgPuibbIebur+yo=
Subject key identifier:   60:86:00:5A:28:C3:74:67:20:F9:7B:F5:B2:C2:83:DC:F3:2B:55:96
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018CC727214EFC0D6793F42BB51C58CB28DC
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/YIYAWijDdGcg-Xv1ssKD3PMrVZY.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        31.169.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:21:4e:fc:0d:67:93:f4:2b:b5:1c:58:cb:28:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6086005a28c3746720f97bf5b2c283dcf32b5596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a0:46:64:66:9a:07:77:92:09:83:46:36:f4:
                    24:73:71:d3:06:cc:da:88:30:30:33:92:45:c4:00:
                    03:36:5c:5a:0c:de:69:40:c2:4c:9b:ec:ad:16:32:
                    39:69:45:48:11:8e:86:d5:df:69:7b:bd:da:93:a2:
                    c0:60:b8:cb:2c:f0:eb:d7:54:88:b0:c8:17:a9:cf:
                    8a:d7:0e:9a:3b:f3:93:4c:e2:c6:a4:ed:2b:2d:a4:
                    3a:f3:16:45:d8:d2:d4:3c:e7:2f:19:f4:c2:0e:1a:
                    ae:3b:99:cb:31:9d:36:44:8f:3c:8b:2b:8f:30:f5:
                    0f:7e:ed:88:54:5a:d3:d3:fc:40:3c:91:ab:ad:f1:
                    a5:79:64:58:81:b5:ce:ac:34:99:c8:ef:d8:d0:ed:
                    b6:67:36:43:24:b4:7f:22:3e:a0:f0:45:09:ec:72:
                    c3:2e:6c:12:8f:a9:00:5d:bf:19:47:07:36:24:df:
                    a1:83:33:cb:15:51:6e:72:84:4f:9a:95:35:d3:ac:
                    25:b1:f5:b9:1e:ab:06:6d:6f:f7:84:36:2a:77:14:
                    8c:ec:b1:69:a7:5c:15:75:66:f8:fc:79:da:88:31:
                    d6:8b:a2:45:8b:7f:1e:0e:5e:0c:24:0d:23:9d:51:
                    2f:a8:f2:4a:c4:4b:7b:80:f3:01:d8:3d:76:58:e1:
                    e0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:86:00:5A:28:C3:74:67:20:F9:7B:F5:B2:C2:83:DC:F3:2B:55:96
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/YIYAWijDdGcg-Xv1ssKD3PMrVZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:3a:5d:84:0a:e2:ab:db:ea:dc:b9:70:27:42:34:2f:3e:47:
         6c:28:6c:4a:b1:0f:0f:39:95:b7:ea:e8:1a:6d:85:18:8b:c9:
         2a:97:e5:f7:d3:4a:f7:cd:26:f8:20:24:58:92:65:99:d3:a2:
         6b:87:9e:0c:80:d7:09:13:a5:12:21:e3:c5:2a:fa:d7:f0:88:
         41:1d:a5:b7:0a:32:81:c5:bc:f5:b6:63:e1:2b:8e:a2:42:e3:
         44:1d:97:c6:09:b6:cd:2c:e9:64:5b:50:c6:4c:fe:9b:73:b6:
         0d:7c:77:59:2a:79:0b:29:02:be:dc:b1:f2:f1:c9:16:27:f9:
         eb:c7:9a:19:9f:41:4b:83:30:95:e2:3b:d9:28:93:d2:0f:a0:
         28:26:fe:90:43:f4:77:6d:31:96:30:99:ea:4c:85:f6:7a:ad:
         02:82:59:39:bd:1c:ed:cc:52:a6:5a:84:5b:29:f3:77:8e:6a:
         ab:d4:d5:ac:38:88:43:f0:e0:37:c7:a9:90:27:a0:93:b2:d4:
         65:66:76:79:76:87:de:0f:d6:c6:53:9a:9b:03:5f:65:a0:6b:
         f5:0a:06:bf:38:25:08:7b:ed:04:84:c5:6d:d3:a9:d1:0d:89:
         80:86:a4:5b:7a:12:b4:b7:50:49:bc:07:12:22:42:6b:d0:5a:
         16:b2:49:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyFO/A1nk/QrtRxYyyjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg2MDA1YTI4YzM3NDY3MjBmOTdiZjViMmMyODNkY2YzMmI1NTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaBGZGaaB3eSCYNGNvQkc3HTBsza
iDAwM5JFxAADNlxaDN5pQMJMm+ytFjI5aUVIEY6G1d9pe73ak6LAYLjLLPDr11SI
sMgXqc+K1w6aO/OTTOLGpO0rLaQ68xZF2NLUPOcvGfTCDhquO5nLMZ02RI88iyuP
MPUPfu2IVFrT0/xAPJGrrfGleWRYgbXOrDSZyO/Y0O22ZzZDJLR/Ij6g8EUJ7HLD
LmwSj6kAXb8ZRwc2JN+hgzPLFVFucoRPmpU106wlsfW5HqsGbW/3hDYqdxSM7LFp
p1wVdWb4/HnaiDHWi6JFi38eDl4MJA0jnVEvqPJKxEt7gPMB2D12WOHgDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCGAFoow3RnIPl79bLCg9zzK1WWMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvWUlZQVdpakRkR2NnLVh2MXNzS0QzUE1yVlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH6lPMA0G
CSqGSIb3DQEBCwUAA4IBAQBROl2ECuKr2+rcuXAnQjQvPkdsKGxKsQ8POZW36uga
bYUYi8kql+X300r3zSb4ICRYkmWZ06Jrh54MgNcJE6USIePFKvrX8IhBHaW3CjKB
xbz1tmPhK46iQuNEHZfGCbbNLOlkW1DGTP6bc7YNfHdZKnkLKQK+3LHy8ckWJ/nr
x5oZn0FLgzCV4jvZKJPSD6AoJv6QQ/R3bTGWMJnqTIX2eq0Cglk5vRztzFKmWoRb
KfN3jmqr1NWsOIhD8OA3x6mQJ6CTstRlZnZ5dofeD9bGU5qbA19loGv1Cga/OCUI
e+0EhMVt06nRDYmAhqRbehK0t1BJvAcSIkJr0FoWsklH
-----END CERTIFICATE-----