Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YBEWrf_Ea1YwvqO6CqFs50BYRl8.roa
File:                     YBEWrf_Ea1YwvqO6CqFs50BYRl8.roa (raw, json)
Hash identifier:          TZg31OEZWdnEuE2eHA2+oG4sSem6abvJXvpBSY37Cao=
Subject key identifier:   60:11:16:AD:FF:C4:6B:56:30:BE:A3:BA:0A:A1:6C:E7:40:58:46:5F
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EF1A31A8C2A23DB2594BC75D37087
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YBEWrf_Ea1YwvqO6CqFs50BYRl8.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269070
IP address blocks:        130.185.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f1:a3:1a:8c:2a:23:db:25:94:bc:75:d3:70:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=601116adffc46b5630bea3ba0aa16ce74058465f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f4:84:6c:bb:3a:4e:c5:1a:92:cb:30:6a:83:
                    41:ea:91:1e:e7:97:82:e9:29:57:13:39:85:6d:de:
                    ce:a8:68:b2:f8:1e:e1:0e:1d:c9:f8:01:2a:29:e1:
                    42:26:e2:78:60:56:3a:2a:d8:80:ea:03:20:10:bd:
                    df:03:a7:a8:30:ab:51:52:d7:c1:c6:a3:e7:cb:5a:
                    6b:0b:03:8e:d0:7f:74:10:7f:67:a3:54:78:47:71:
                    fb:fd:f3:b2:5c:6c:70:b7:73:51:70:36:82:63:e5:
                    c8:7c:67:4c:40:a0:62:5c:b3:c2:12:4e:b3:67:5c:
                    16:89:5d:2e:92:35:8e:68:f1:31:29:8d:86:b0:b9:
                    eb:62:98:d5:77:9d:1e:60:8e:cb:b6:a0:b9:ba:48:
                    45:74:a4:2a:c9:19:4e:37:2a:34:42:99:e4:15:54:
                    2c:c6:f5:d3:20:56:46:7c:36:59:74:27:45:7f:ab:
                    4d:16:be:0e:b8:02:9f:94:79:5a:b9:7e:94:48:ee:
                    9b:a5:07:ac:73:b1:00:2f:58:23:92:5c:16:c1:f5:
                    e4:11:a6:5d:59:90:7c:26:0a:de:9e:04:a7:eb:e0:
                    57:32:22:32:07:5c:9e:c9:ee:1e:97:cd:cf:bb:d6:
                    fb:10:19:63:2b:80:b4:4e:04:f8:29:af:f0:3b:a8:
                    ed:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:11:16:AD:FF:C4:6B:56:30:BE:A3:BA:0A:A1:6C:E7:40:58:46:5F
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YBEWrf_Ea1YwvqO6CqFs50BYRl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:5e:b1:92:1c:07:c6:e9:7c:e3:d0:f1:0a:7c:e7:19:2d:48:
         90:ba:f7:ed:ac:e3:d0:97:af:c9:38:e3:25:1a:d2:39:fb:49:
         7c:25:e0:8f:b4:9e:06:9f:32:1d:6b:9d:90:1b:60:ae:a6:51:
         05:94:75:e2:53:15:2a:63:59:e4:d3:4e:68:24:cf:7b:ac:6d:
         a5:9e:6d:77:8e:aa:53:2f:b1:0a:b5:2a:0d:70:45:42:68:dc:
         f7:ef:e0:5f:30:67:31:fe:80:ab:13:53:67:af:20:f4:49:98:
         c4:58:f8:ec:9b:af:8e:71:56:73:08:8a:b7:56:58:66:9b:f8:
         27:75:8e:61:4b:5b:e1:7e:f7:ef:ff:af:8b:68:15:d2:0a:a9:
         13:5b:41:74:7e:ac:31:39:e1:48:fb:18:a2:65:01:47:36:df:
         72:a6:33:76:89:88:f3:57:77:1e:a7:c0:5f:b8:6d:19:ab:7f:
         87:38:c9:05:60:b9:f6:10:9a:b6:2a:e2:b7:21:c4:65:bb:f6:
         41:21:ce:1f:72:d9:77:c8:40:af:98:ff:b3:4e:35:4d:c8:ac:
         95:ac:84:e4:05:22:34:60:d7:5c:b7:55:9a:cd:a1:a6:75:94:
         2f:c4:2c:18:52:5a:bb:3c:fb:6d:04:a8:36:86:e5:96:e6:8f:
         d7:81:c6:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvGjGowqI9sllLx103CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDExMTZhZGZmYzQ2YjU2MzBiZWEzYmEwYWExNmNlNzQwNTg0NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fSEbLs6TsUaksswaoNB6pEe55eC
6SlXEzmFbd7OqGiy+B7hDh3J+AEqKeFCJuJ4YFY6KtiA6gMgEL3fA6eoMKtRUtfB
xqPny1prCwOO0H90EH9no1R4R3H7/fOyXGxwt3NRcDaCY+XIfGdMQKBiXLPCEk6z
Z1wWiV0ukjWOaPExKY2GsLnrYpjVd50eYI7LtqC5ukhFdKQqyRlONyo0QpnkFVQs
xvXTIFZGfDZZdCdFf6tNFr4OuAKflHlauX6USO6bpQesc7EAL1gjklwWwfXkEaZd
WZB8JgrengSn6+BXMiIyB1yeye4el83Pu9b7EBljK4C0TgT4Ka/wO6jtBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGARFq3/xGtWML6jugqhbOdAWEZfMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWUJFV3JmX0VhMVl3dnFPNkNxRnM1MEJZUmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrnuMA0G
CSqGSIb3DQEBCwUAA4IBAQCKXrGSHAfG6Xzj0PEKfOcZLUiQuvftrOPQl6/JOOMl
GtI5+0l8JeCPtJ4GnzIda52QG2CuplEFlHXiUxUqY1nk005oJM97rG2lnm13jqpT
L7EKtSoNcEVCaNz37+BfMGcx/oCrE1NnryD0SZjEWPjsm6+OcVZzCIq3Vlhmm/gn
dY5hS1vhfvfv/6+LaBXSCqkTW0F0fqwxOeFI+xiiZQFHNt9ypjN2iYjzV3cep8Bf
uG0Zq3+HOMkFYLn2EJq2KuK3IcRlu/ZBIc4fctl3yECvmP+zTjVNyKyVrITkBSI0
YNdct1WazaGmdZQvxCwYUlq7PPttBKg2huWW5o/XgcaW
-----END CERTIFICATE-----