Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/yySu_F27fY9R333IwDkAdjdsJxE.roa
File:                     yySu_F27fY9R333IwDkAdjdsJxE.roa (raw, json)
Hash identifier:          HgN30qZE8bgClwiryRIWKau+8YL0IxPBp+aXjpONRLY=
Subject key identifier:   CB:24:AE:FC:5D:BB:7D:8F:51:DF:7D:C8:C0:39:00:76:37:6C:27:11
Certificate issuer:       /CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
Certificate serial:       018CC8015B137456B29A4B25F39047E96DF5
Authority key identifier: 5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/yySu_F27fY9R333IwDkAdjdsJxE.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.152.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:13:74:56:b2:9a:4b:25:f3:90:47:e9:6d:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b2dd9fe628b6bc10141de0241766a1b7a63193f
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb24aefc5dbb7d8f51df7dc8c0390076376c2711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1c:50:a9:84:5a:3b:75:7c:3c:99:3c:d7:3e:
                    4b:79:69:15:d4:64:d5:eb:29:35:aa:55:f9:0b:95:
                    f9:1f:c6:64:0e:c9:93:91:e7:82:1a:be:79:15:eb:
                    17:4f:8a:85:3b:87:11:61:16:ca:ee:08:76:52:df:
                    c5:ce:10:38:b3:0b:7e:3e:53:a2:3e:a4:2e:0e:72:
                    d3:a7:a2:14:ee:73:b9:44:91:21:a6:3e:57:ba:31:
                    12:e2:e3:48:23:06:40:ea:7b:2a:15:ee:db:94:6b:
                    5a:26:c8:0e:a5:91:aa:f5:84:3f:ee:31:af:36:ff:
                    70:d7:b7:84:ad:47:71:73:94:1e:1d:fd:bf:dd:18:
                    01:69:5b:99:c4:70:26:c3:08:8c:aa:6e:2d:3c:be:
                    3f:3a:79:eb:f0:fc:81:32:9c:aa:07:17:48:8b:27:
                    bc:37:68:49:db:af:f4:37:75:e0:7d:ec:8b:95:4f:
                    62:44:cc:53:fe:1f:d1:72:27:c6:01:1a:22:fe:b3:
                    44:d3:d9:96:07:6e:6c:ad:91:cf:17:96:a9:5f:c6:
                    70:1c:c4:cc:a7:02:5c:12:1a:08:ce:a4:97:56:81:
                    b5:96:8e:2e:8d:90:54:26:87:35:4d:c8:4c:2b:24:
                    13:9e:67:f3:80:f0:f4:29:64:ea:bf:10:42:b8:8d:
                    44:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:24:AE:FC:5D:BB:7D:8F:51:DF:7D:C8:C0:39:00:76:37:6C:27:11
            X509v3 Authority Key Identifier:
                keyid:5B:2D:D9:FE:62:8B:6B:C1:01:41:DE:02:41:76:6A:1B:7A:63:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/yySu_F27fY9R333IwDkAdjdsJxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4de889-dc9d-41e5-b3aa-0d7b551f828c/1/Wy3Z_mKLa8EBQd4CQXZqG3pjGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:53:f7:5f:83:29:9a:22:32:3d:02:d3:3b:d3:63:5f:09:9e:
         5f:a8:c0:25:a6:88:b0:50:04:85:8e:31:71:83:70:f4:24:d3:
         15:de:80:77:e8:12:3d:c3:fc:9b:22:c4:de:7b:ed:11:e3:69:
         82:92:90:7f:7e:2a:aa:da:5b:8d:73:fa:61:87:69:1b:0f:9e:
         ab:d7:78:11:c5:3d:28:37:d2:69:3f:db:df:12:9e:87:26:b1:
         ad:4e:da:79:eb:6e:3e:01:79:21:7e:bc:44:9e:d4:c9:34:c5:
         17:63:1d:e0:4b:37:ad:85:d6:85:0d:da:1c:e0:2a:fc:e1:0f:
         87:ed:ea:f8:1a:2d:a6:08:26:02:1a:f2:8e:38:80:43:77:4c:
         a0:41:4a:f7:b6:53:5f:08:72:1c:58:a1:de:01:5f:90:b0:b9:
         72:63:4a:bb:86:13:fa:47:65:47:2e:db:76:0a:73:a3:80:95:
         42:eb:b9:60:86:bb:21:16:a5:d7:5b:8d:71:7c:00:a8:2d:78:
         9e:58:f3:c6:db:1e:08:53:24:55:b8:82:29:32:43:b1:0e:9f:
         f6:a6:62:9d:69:af:16:7b:90:bd:af:15:9f:88:90:b2:38:d6:
         74:5f:58:6a:61:43:0b:fa:08:a5:ae:86:c5:3c:c2:6d:db:db:
         19:74:7a:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVsTdFaymksl85BH6W31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMmRkOWZlNjI4YjZiYzEwMTQxZGUwMjQxNzY2YTFiN2E2
MzE5M2YwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjI0YWVmYzVkYmI3ZDhmNTFkZjdkYzhjMDM5MDA3NjM3NmMyNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRxQqYRaO3V8PJk81z5LeWkV1GTV
6yk1qlX5C5X5H8ZkDsmTkeeCGr55FesXT4qFO4cRYRbK7gh2Ut/FzhA4swt+PlOi
PqQuDnLTp6IU7nO5RJEhpj5XujES4uNIIwZA6nsqFe7blGtaJsgOpZGq9YQ/7jGv
Nv9w17eErUdxc5QeHf2/3RgBaVuZxHAmwwiMqm4tPL4/Onnr8PyBMpyqBxdIiye8
N2hJ26/0N3XgfeyLlU9iRMxT/h/RcifGARoi/rNE09mWB25srZHPF5apX8ZwHMTM
pwJcEhoIzqSXVoG1lo4ujZBUJoc1TchMKyQTnmfzgPD0KWTqvxBCuI1E+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMskrvxdu32PUd99yMA5AHY3bCcRMB8GA1UdIwQY
MBaAFFst2f5ii2vBAUHeAkF2aht6Yxk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEt
MGQ3YjU1MWY4MjhjLzEveXlTdV9GMjdmWTlSMzMzSXdEa0FkamRzSnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80ZGU4ODktZGM5ZC00MWU1LWIzYWEtMGQ3YjU1MWY4Mjhj
LzEvV3kzWl9tS0xhOEVCUWQ0Q1FYWnFHM3BqR1Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZixMA0G
CSqGSIb3DQEBCwUAA4IBAQBjU/dfgymaIjI9AtM702NfCZ5fqMAlpoiwUASFjjFx
g3D0JNMV3oB36BI9w/ybIsTee+0R42mCkpB/fiqq2luNc/phh2kbD56r13gRxT0o
N9JpP9vfEp6HJrGtTtp5624+AXkhfrxEntTJNMUXYx3gSzethdaFDdoc4Cr84Q+H
7er4Gi2mCCYCGvKOOIBDd0ygQUr3tlNfCHIcWKHeAV+QsLlyY0q7hhP6R2VHLtt2
CnOjgJVC67lghrshFqXXW41xfACoLXieWPPG2x4IUyRVuIIpMkOxDp/2pmKdaa8W
e5C9rxWfiJCyONZ0X1hqYUML+gilrobFPMJt29sZdHpF
-----END CERTIFICATE-----