Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/YCSiiJtYafj-0MWI9aDxVE5hhSk.roa
File:                     YCSiiJtYafj-0MWI9aDxVE5hhSk.roa (raw, json)
Hash identifier:          oRD3MzXYiTSmL/B/VD4skkof1cteTcfXaxTYQ5xHm7U=
Subject key identifier:   60:24:A2:88:9B:58:69:F8:FE:D0:C5:88:F5:A0:F1:54:4E:61:85:29
Certificate issuer:       /CN=08b3fb401967b06f841bc6a1e9d492a9a75f9268
Certificate serial:       01916F5DEDB2B301C55D8E13BFC90F214507
Authority key identifier: 08:B3:FB:40:19:67:B0:6F:84:1B:C6:A1:E9:D4:92:A9:A7:5F:92:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLP7QBlnsG-EG8ah6dSSqadfkmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/YCSiiJtYafj-0MWI9aDxVE5hhSk.roa
Signing time:             Tue 20 Aug 2024 10:38:32 +0000
ROA not before:           Tue 20 Aug 2024 10:38:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34907
IP address blocks:        185.62.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/CLP7QBlnsG-EG8ah6dSSqadfkmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/CLP7QBlnsG-EG8ah6dSSqadfkmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLP7QBlnsG-EG8ah6dSSqadfkmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:5d:ed:b2:b3:01:c5:5d:8e:13:bf:c9:0f:21:45:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b3fb401967b06f841bc6a1e9d492a9a75f9268
        Validity
            Not Before: Aug 20 10:38:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6024a2889b5869f8fed0c588f5a0f1544e618529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:73:d0:de:e8:30:15:13:99:b9:3f:8e:de:ff:
                    bd:9d:6f:5e:49:ae:8e:4d:70:f0:a4:b6:01:04:67:
                    af:97:81:2a:49:31:32:43:37:99:9f:85:67:f9:0c:
                    19:46:33:7d:72:64:fa:2f:a6:c3:1e:ad:04:ee:4d:
                    8a:52:3d:a0:a3:44:cc:23:8f:00:56:b6:3a:d7:5a:
                    8a:b1:62:b2:0d:20:0d:4c:8a:c2:b8:59:fd:2b:7d:
                    38:52:8b:f5:f2:ed:1b:a4:d9:de:41:ca:a2:bf:94:
                    05:20:f7:bf:29:d7:08:4f:3e:89:6b:25:ed:c0:5a:
                    9b:07:27:5c:6a:f3:6d:c4:9d:ff:0f:4c:95:5e:32:
                    61:0f:21:14:85:af:08:fd:01:68:91:92:22:a4:9b:
                    df:37:07:d3:5f:46:77:13:b3:9d:ab:5d:b9:39:e1:
                    bb:93:27:28:2d:32:65:9b:37:40:10:a7:26:6b:cf:
                    8f:4f:6a:2d:e5:86:16:81:8c:49:15:c7:33:17:97:
                    7e:2d:62:27:d5:bc:f3:bb:fc:8b:19:fc:05:bb:48:
                    d2:3f:7c:82:bd:db:6e:ff:88:75:4d:a1:c9:75:b6:
                    50:b0:60:af:08:d4:9b:0d:fd:c0:68:30:5e:6b:02:
                    bf:bb:82:50:20:e7:ea:a1:a1:e0:0a:12:3a:38:98:
                    4e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:24:A2:88:9B:58:69:F8:FE:D0:C5:88:F5:A0:F1:54:4E:61:85:29
            X509v3 Authority Key Identifier:
                keyid:08:B3:FB:40:19:67:B0:6F:84:1B:C6:A1:E9:D4:92:A9:A7:5F:92:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLP7QBlnsG-EG8ah6dSSqadfkmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/YCSiiJtYafj-0MWI9aDxVE5hhSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/42ff05-4ac6-4cec-b5d4-f6c16aca175e/1/CLP7QBlnsG-EG8ah6dSSqadfkmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ca:15:51:9f:91:ab:27:ed:83:c2:e4:82:72:3a:aa:4f:9d:
         c6:74:a2:50:8a:f9:f9:b0:09:c2:ae:f0:3d:87:a5:b1:4b:55:
         ef:2a:50:f2:64:1f:f6:d2:c6:bb:de:3a:d1:12:84:8a:92:40:
         bb:6a:48:fd:67:cf:5d:66:f1:f7:ff:2a:42:3e:91:08:fc:93:
         4d:52:98:32:a5:e4:04:2b:a2:87:04:bf:fb:25:c4:04:aa:c1:
         64:c3:ae:71:3d:e4:87:cd:56:13:5b:9a:8b:10:69:2c:7d:bc:
         6b:00:3c:61:78:a1:1b:f9:4c:4e:f3:62:1e:07:7a:4b:43:08:
         fc:41:a3:3f:5a:00:74:06:1e:f3:8f:31:91:94:7d:1f:c0:74:
         94:c4:f9:df:90:6b:77:41:26:d5:9d:d9:8c:8d:e7:95:94:56:
         b3:b7:41:75:39:88:1a:9b:2a:48:84:73:fc:e5:9c:24:ee:1e:
         8d:56:8d:16:8e:e8:9f:74:ea:a2:9b:10:e2:3a:f2:77:e4:d2:
         4c:64:5e:c6:8d:fb:f6:40:fc:e2:26:8a:4e:7f:c7:00:e3:38:
         18:f1:88:f5:36:bb:e4:d0:ef:58:8a:3d:83:2c:3a:bb:f8:37:
         78:ad:a6:8b:68:78:14:16:a7:78:1e:22:d3:a8:d7:d5:3a:b2:
         d0:78:73:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFvXe2yswHFXY4Tv8kPIUUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjNmYjQwMTk2N2IwNmY4NDFiYzZhMWU5ZDQ5MmE5YTc1
ZjkyNjgwHhcNMjQwODIwMTAzODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDI0YTI4ODliNTg2OWY4ZmVkMGM1ODhmNWEwZjE1NDRlNjE4NTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3PQ3ugwFROZuT+O3v+9nW9eSa6O
TXDwpLYBBGevl4EqSTEyQzeZn4Vn+QwZRjN9cmT6L6bDHq0E7k2KUj2go0TMI48A
VrY611qKsWKyDSANTIrCuFn9K304Uov18u0bpNneQcqiv5QFIPe/KdcITz6JayXt
wFqbBydcavNtxJ3/D0yVXjJhDyEUha8I/QFokZIipJvfNwfTX0Z3E7Odq125OeG7
kycoLTJlmzdAEKcma8+PT2ot5YYWgYxJFcczF5d+LWIn1bzzu/yLGfwFu0jSP3yC
vdtu/4h1TaHJdbZQsGCvCNSbDf3AaDBeawK/u4JQIOfqoaHgChI6OJhO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAkooibWGn4/tDFiPWg8VROYYUpMB8GA1UdIwQY
MBaAFAiz+0AZZ7BvhBvGoenUkqmnX5JoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xQN1FCbG5zRy1FRzhhaDZkU1NxYWRma21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80MmZmMDUtNGFjNi00Y2VjLWI1ZDQt
ZjZjMTZhY2ExNzVlLzEvWUNTaWlKdFlhZmotME1XSTlhRHhWRTVoaFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS80MmZmMDUtNGFjNi00Y2VjLWI1ZDQtZjZjMTZhY2ExNzVl
LzEvQ0xQN1FCbG5zRy1FRzhhaDZkU1NxYWRma21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT4BMA0G
CSqGSIb3DQEBCwUAA4IBAQBUyhVRn5GrJ+2DwuSCcjqqT53GdKJQivn5sAnCrvA9
h6WxS1XvKlDyZB/20sa73jrREoSKkkC7akj9Z89dZvH3/ypCPpEI/JNNUpgypeQE
K6KHBL/7JcQEqsFkw65xPeSHzVYTW5qLEGksfbxrADxheKEb+UxO82IeB3pLQwj8
QaM/WgB0Bh7zjzGRlH0fwHSUxPnfkGt3QSbVndmMjeeVlFazt0F1OYgamypIhHP8
5Zwk7h6NVo0WjuifdOqimxDiOvJ35NJMZF7Gjfv2QPziJopOf8cA4zgY8Yj1Nrvk
0O9Yij2DLDq7+Dd4raaLaHgUFqd4HiLTqNfVOrLQeHOR
-----END CERTIFICATE-----