Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/__YojAHP6uPOFX_8J04NcXQ1puc.roa
File:                     __YojAHP6uPOFX_8J04NcXQ1puc.roa (raw, json)
Hash identifier:          iTQsPDnr+NdSZ2bSC58zYUJnaNO7TKIR5V5MqZT5lFw=
Subject key identifier:   FF:F6:28:8C:01:CF:EA:E3:CE:15:7F:FC:27:4E:0D:71:74:35:A6:E7
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6940EC9FC991D89481A239A8B0B8
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/__YojAHP6uPOFX_8J04NcXQ1puc.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13259
IP address blocks:        149.126.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:69:40:ec:9f:c9:91:d8:94:81:a2:39:a8:b0:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fff6288c01cfeae3ce157ffc274e0d717435a6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:75:d1:f6:87:9e:06:ef:0d:db:60:f2:2f:99:
                    a4:42:55:33:95:c4:ce:dc:1b:d9:a0:61:5d:ee:c4:
                    60:db:3e:42:6f:2c:92:39:3f:3a:01:96:69:1a:4d:
                    57:a4:65:bd:1c:e3:e8:84:9a:4a:b6:c7:64:53:07:
                    4e:41:a3:13:49:f2:84:f6:35:5b:1a:9b:8a:be:ce:
                    8e:a2:ca:cc:f7:54:cf:8e:a3:88:fd:24:f4:66:c0:
                    18:4d:26:1b:fb:da:ab:40:4b:dc:da:9f:b9:01:5c:
                    06:8a:78:1d:44:ec:fb:c6:52:e0:e6:b0:9b:ba:40:
                    5c:7c:66:82:8a:af:7a:65:da:44:2a:02:42:08:07:
                    b9:5f:ee:c8:23:f8:6a:ab:5b:1b:21:a3:70:17:d7:
                    f7:88:8d:7f:ad:a6:e6:4f:8b:35:47:d2:77:23:1b:
                    59:cf:60:f0:24:ee:db:1b:eb:ac:c4:6f:eb:85:ea:
                    c9:24:98:49:32:dc:2e:be:5a:89:ef:f1:aa:b5:f0:
                    11:5a:51:81:cf:a3:09:85:16:d7:83:cd:b2:a1:69:
                    60:e6:eb:f0:fe:88:c9:3f:39:4f:38:3d:84:ce:e2:
                    2c:3e:5d:05:bf:d9:e9:ff:d1:38:0a:7f:f8:5d:a3:
                    82:34:2d:5f:1c:5f:b2:77:73:8f:f0:63:29:5e:3e:
                    05:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F6:28:8C:01:CF:EA:E3:CE:15:7F:FC:27:4E:0D:71:74:35:A6:E7
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/__YojAHP6uPOFX_8J04NcXQ1puc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:9f:b1:e3:f4:e6:1b:3c:55:78:83:91:b7:3e:d1:f8:2e:d9:
         bc:b8:17:74:6e:10:7a:b8:5e:eb:d0:ab:ae:72:ba:e4:f1:ea:
         01:22:9b:2c:a2:7d:53:03:51:47:cd:39:a8:35:b7:dd:b8:1c:
         a3:ee:90:5b:f5:4a:68:f6:b3:82:59:6a:60:ce:d4:a0:86:58:
         e3:19:95:6c:00:02:48:f1:97:7f:b4:00:a1:1a:d6:51:d1:fa:
         32:3c:a6:9a:97:8d:f9:da:f8:c1:6f:a2:7d:cd:d9:aa:f5:80:
         19:f0:a3:ab:b7:30:a8:da:85:fe:52:de:5c:6d:b6:a4:1c:05:
         a3:90:8c:5b:42:4b:e8:32:30:9b:44:b7:33:73:35:1c:67:71:
         95:df:fb:36:f8:4e:80:2b:cd:53:96:d0:0f:70:75:d9:d3:bb:
         dd:5f:f7:b7:88:87:77:cf:ec:cf:fe:6e:7f:8c:d6:2a:20:ca:
         fb:cd:13:dc:a9:b3:6e:f4:21:ca:f7:13:00:e2:63:62:5a:66:
         6e:87:77:22:56:33:93:cd:5d:e0:e6:d4:17:bb:20:9f:20:14:
         03:92:6f:40:a1:8e:e1:e2:73:c4:26:a8:3f:41:c3:8b:7c:88:
         b5:70:51:b4:0b:ad:8b:11:0e:d5:6e:f6:98:72:80:47:42:09:
         86:ee:5b:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmlA7J/JkdiUgaI5qLC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY2Mjg4YzAxY2ZlYWUzY2UxNTdmZmMyNzRlMGQ3MTc0MzVhNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3XR9oeeBu8N22DyL5mkQlUzlcTO
3BvZoGFd7sRg2z5CbyySOT86AZZpGk1XpGW9HOPohJpKtsdkUwdOQaMTSfKE9jVb
GpuKvs6OosrM91TPjqOI/ST0ZsAYTSYb+9qrQEvc2p+5AVwGingdROz7xlLg5rCb
ukBcfGaCiq96ZdpEKgJCCAe5X+7II/hqq1sbIaNwF9f3iI1/rabmT4s1R9J3IxtZ
z2DwJO7bG+usxG/rherJJJhJMtwuvlqJ7/GqtfARWlGBz6MJhRbXg82yoWlg5uvw
/ojJPzlPOD2EzuIsPl0Fv9np/9E4Cn/4XaOCNC1fHF+yd3OP8GMpXj4FhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/2KIwBz+rjzhV//CdODXF0NabnMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvX19Zb2pBSFA2dVBPRlhfOEowNE5jWFExcHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQElX7wMA0G
CSqGSIb3DQEBCwUAA4IBAQCHn7Hj9OYbPFV4g5G3PtH4Ltm8uBd0bhB6uF7r0Kuu
crrk8eoBIpsson1TA1FHzTmoNbfduByj7pBb9Upo9rOCWWpgztSghljjGZVsAAJI
8Zd/tAChGtZR0foyPKaal4352vjBb6J9zdmq9YAZ8KOrtzCo2oX+Ut5cbbakHAWj
kIxbQkvoMjCbRLczczUcZ3GV3/s2+E6AK81TltAPcHXZ07vdX/e3iId3z+zP/m5/
jNYqIMr7zRPcqbNu9CHK9xMA4mNiWmZuh3ciVjOTzV3g5tQXuyCfIBQDkm9AoY7h
4nPEJqg/QcOLfIi1cFG0C62LEQ7VbvaYcoBHQgmG7lt5
-----END CERTIFICATE-----