Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YmbAp04IiC7UpMW1SFVPcyAiiBQ.roa
File:                     YmbAp04IiC7UpMW1SFVPcyAiiBQ.roa (raw, json)
Hash identifier:          y+ZutVsJPYaomEPGEWtwSfP1rv2jlNPGcBGUe545rZo=
Subject key identifier:   62:66:C0:A7:4E:08:88:2E:D4:A4:C5:B5:48:55:4F:73:20:22:88:14
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190A2E01B36828E51C65020A6AEE3BBBBF1
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YmbAp04IiC7UpMW1SFVPcyAiiBQ.roa
Signing time:             Thu 11 Jul 2024 17:38:34 +0000
ROA not before:           Thu 11 Jul 2024 17:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214549
IP address blocks:        2a0f:7805::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a2:e0:1b:36:82:8e:51:c6:50:20:a6:ae:e3:bb:bb:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 11 17:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6266c0a74e08882ed4a4c5b548554f7320228814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:95:45:9a:f2:f3:71:ef:82:58:5e:26:06:34:
                    8f:47:09:83:d3:bc:6c:50:f5:b5:ad:f3:e2:66:d2:
                    dd:fc:3e:12:b8:8d:af:47:e5:91:ed:18:66:54:2b:
                    d1:60:69:40:f7:a4:12:8e:d0:e5:e4:01:d9:e3:ee:
                    d3:60:0b:90:f8:1e:1e:d3:2c:ab:01:8a:42:26:75:
                    4b:c5:29:7c:f1:3e:32:e0:fa:2c:05:3a:ee:7b:56:
                    3d:93:4c:d9:c1:57:37:2e:a3:3a:4f:c1:cf:91:00:
                    aa:6d:97:dd:58:16:de:b4:93:2c:d4:d4:bf:e4:56:
                    d1:11:88:d6:fa:c1:b3:82:2f:92:ae:b1:5e:64:68:
                    ea:58:4d:6d:6c:c5:4d:6c:21:03:ae:9a:14:2a:d6:
                    00:de:4e:50:fa:10:3d:15:ce:5c:a2:4b:f1:59:9d:
                    b8:9c:e7:b0:61:7f:29:11:6c:da:32:80:8b:4c:f9:
                    57:94:34:93:44:53:10:d9:2c:c4:9b:45:f8:ab:4d:
                    06:c8:b9:b6:0b:26:81:35:e9:8a:a3:ff:b0:56:7f:
                    f8:3f:a0:c7:53:4d:c5:01:20:c2:ee:5e:3a:06:9d:
                    d5:a0:46:24:41:b0:78:19:95:02:a7:df:37:7c:b3:
                    cf:20:89:e6:1c:7b:b0:32:6b:b6:a1:cd:78:44:16:
                    7e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:66:C0:A7:4E:08:88:2E:D4:A4:C5:B5:48:55:4F:73:20:22:88:14
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/YmbAp04IiC7UpMW1SFVPcyAiiBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7805::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:c5:99:58:ea:63:cb:bf:6d:89:d8:8f:10:1c:54:db:29:1b:
         a1:93:52:18:80:4a:ef:1c:51:2c:d3:27:61:78:b3:a7:9e:9b:
         48:ee:f3:82:b7:13:5d:d2:25:bc:81:0d:39:62:5f:d4:55:be:
         22:49:7a:b3:f9:ce:96:11:8a:21:be:9b:4e:22:33:39:a5:c2:
         7d:c1:e9:b5:7d:2c:18:66:85:51:23:1b:94:16:56:b5:92:d2:
         2f:b0:2f:47:ec:38:87:88:93:80:d9:58:d5:63:25:f5:01:5e:
         9f:cc:ca:1e:a4:ca:80:5f:8d:1e:22:df:15:28:47:4d:a9:20:
         ae:75:44:c8:33:3e:5d:3f:bf:cd:6c:96:72:1b:b6:d6:6d:5e:
         24:d8:25:42:5a:1b:d1:ec:98:1d:4e:65:ce:02:51:0d:0e:00:
         4d:96:58:6f:22:af:84:03:0e:2d:5b:d7:89:85:6b:7e:c5:a8:
         7c:82:30:08:97:f9:18:80:37:80:60:3b:82:df:6a:74:b1:b5:
         01:35:ea:e9:20:ca:54:e6:b1:55:a7:d1:99:da:e6:97:a9:58:
         bd:54:6f:07:8c:31:9f:ca:24:47:61:0a:e3:8d:bc:0a:0d:29:
         52:bb:a7:75:7a:97:23:e9:63:8b:2b:72:44:f9:3e:40:e7:d6:
         52:5f:82:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCi4Bs2go5RxlAgpq7ju7vxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzExMTczODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjY2YzBhNzRlMDg4ODJlZDRhNGM1YjU0ODU1NGY3MzIwMjI4ODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZVFmvLzce+CWF4mBjSPRwmD07xs
UPW1rfPiZtLd/D4SuI2vR+WR7RhmVCvRYGlA96QSjtDl5AHZ4+7TYAuQ+B4e0yyr
AYpCJnVLxSl88T4y4PosBTrue1Y9k0zZwVc3LqM6T8HPkQCqbZfdWBbetJMs1NS/
5FbREYjW+sGzgi+SrrFeZGjqWE1tbMVNbCEDrpoUKtYA3k5Q+hA9Fc5cokvxWZ24
nOewYX8pEWzaMoCLTPlXlDSTRFMQ2SzEm0X4q00GyLm2CyaBNemKo/+wVn/4P6DH
U03FASDC7l46Bp3VoEYkQbB4GZUCp983fLPPIInmHHuwMmu2oc14RBZ+CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGJmwKdOCIgu1KTFtUhVT3MgIogUMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvWW1iQXAwNElpQzdVcE1XMVNGVlBjeUFpaUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg94BTAN
BgkqhkiG9w0BAQsFAAOCAQEAjsWZWOpjy79tidiPEBxU2ykboZNSGIBK7xxRLNMn
YXizp56bSO7zgrcTXdIlvIENOWJf1FW+Ikl6s/nOlhGKIb6bTiIzOaXCfcHptX0s
GGaFUSMblBZWtZLSL7AvR+w4h4iTgNlY1WMl9QFen8zKHqTKgF+NHiLfFShHTakg
rnVEyDM+XT+/zWyWchu21m1eJNglQlob0eyYHU5lzgJRDQ4ATZZYbyKvhAMOLVvX
iYVrfsWofIIwCJf5GIA3gGA7gt9qdLG1ATXq6SDKVOaxVafRmdrml6lYvVRvB4wx
n8okR2EK4428Cg0pUrundXqXI+ljiytyRPk+QOfWUl+CXg==
-----END CERTIFICATE-----