Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/YuT9XvZbNzVgU3qpJAOc8pzMdJ4.roa
File:                     YuT9XvZbNzVgU3qpJAOc8pzMdJ4.roa (raw, json)
Hash identifier:          GkdfdBUJkYe6TX6mUIC8It+svxqUEvj4SwAQ6SOn+Z8=
Subject key identifier:   62:E4:FD:5E:F6:5B:37:35:60:53:7A:A9:24:03:9C:F2:9C:CC:74:9E
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EF50800D01FEACD474B7B862CF2D2C839
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/YuT9XvZbNzVgU3qpJAOc8pzMdJ4.roa
Signing time:             Fri 19 Apr 2024 06:25:26 +0000
ROA not before:           Fri 19 Apr 2024 06:25:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34205
IP address blocks:        81.89.112.0/20 maxlen: 20
                          212.14.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:08:00:d0:1f:ea:cd:47:4b:7b:86:2c:f2:d2:c8:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 19 06:25:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62e4fd5ef65b373560537aa924039cf29ccc749e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:09:38:b0:91:f2:f2:03:89:ed:09:0c:21:f4:
                    53:22:30:14:f4:00:83:43:76:3b:ba:7b:dc:24:43:
                    6d:56:5f:ea:b1:91:eb:41:09:0a:b8:5d:31:cc:a2:
                    86:55:12:bd:69:cc:cd:98:d7:d6:ff:8b:b1:54:87:
                    cd:4a:06:20:64:f4:26:69:25:3f:a3:f1:a0:9b:98:
                    a9:82:74:58:85:7c:39:57:eb:3f:d5:4b:62:64:c5:
                    cd:d6:be:bd:71:1d:cc:f6:45:b7:db:de:31:87:78:
                    79:92:6c:9a:7c:9e:21:08:3d:55:35:7d:71:48:a9:
                    fc:31:b1:8c:cc:1c:88:8a:40:0e:f2:d2:10:70:2e:
                    a7:80:94:c4:cd:be:b9:c7:72:a1:1e:7b:f1:89:11:
                    f8:24:c1:20:8a:d4:4a:88:00:12:83:88:19:e0:6b:
                    f9:22:4c:06:b3:ca:d6:08:c5:9f:e8:e2:c2:15:06:
                    c6:b1:94:b3:ca:a4:07:0e:a2:a1:12:94:ec:1a:3f:
                    4b:3f:a6:ac:a3:34:17:39:74:9c:0d:9f:7a:b6:d3:
                    1e:e9:b1:d7:53:f5:63:4c:9f:14:d4:7a:ec:49:de:
                    55:56:b0:33:18:fd:93:73:39:88:92:d5:88:66:b5:
                    02:d0:25:fa:b2:c3:04:80:62:9b:97:b5:e8:ed:36:
                    a3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E4:FD:5E:F6:5B:37:35:60:53:7A:A9:24:03:9C:F2:9C:CC:74:9E
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/YuT9XvZbNzVgU3qpJAOc8pzMdJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.112.0/20
                  212.14.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         86:0a:16:ed:33:b3:e9:b0:00:82:3e:11:3b:89:be:77:ac:cd:
         cf:98:85:a0:9f:8f:ae:d9:eb:72:73:d6:a4:d4:75:3e:83:3b:
         16:fb:7e:c5:5d:b3:89:ed:94:70:c2:f2:f4:81:a0:a8:1d:b7:
         59:f4:37:f7:4b:60:cb:ec:84:08:42:51:9c:85:33:46:da:00:
         72:2a:78:85:46:f2:17:46:91:bc:38:88:16:88:a1:f8:e4:2d:
         8a:65:5a:89:ec:bc:be:fd:d9:28:55:fe:dc:5d:cc:04:03:20:
         c6:36:c9:ad:40:07:2b:ff:a0:ec:b1:44:29:80:f7:66:18:8b:
         fd:ec:c5:21:08:98:50:4e:9f:e8:88:9f:d5:c1:b9:a4:99:00:
         cf:5f:02:4a:0a:3c:06:5a:3a:43:25:30:de:49:9f:32:25:33:
         55:4b:9b:d8:a4:47:30:67:76:4a:b9:25:96:fb:4f:2f:a9:54:
         d9:67:4e:82:01:1e:50:2d:fc:3d:15:22:89:ab:01:2f:96:af:
         e1:73:f4:e7:30:0c:b4:76:99:7f:63:ac:b5:bd:f2:3c:77:29:
         75:3d:bb:05:25:dc:46:91:47:79:f1:a5:8f:8c:6d:63:bb:f7:
         2c:35:e7:a7:ae:1c:2f:7f:f5:ca:7a:30:4b:3e:38:ca:11:bb:
         ec:88:fa:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY71CADQH+rNR0t7hizy0sg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDE5MDYyNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmU0ZmQ1ZWY2NWIzNzM1NjA1MzdhYTkyNDAzOWNmMjljY2M3NDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQk4sJHy8gOJ7QkMIfRTIjAU9ACD
Q3Y7unvcJENtVl/qsZHrQQkKuF0xzKKGVRK9aczNmNfW/4uxVIfNSgYgZPQmaSU/
o/Ggm5ipgnRYhXw5V+s/1UtiZMXN1r69cR3M9kW3294xh3h5kmyafJ4hCD1VNX1x
SKn8MbGMzByIikAO8tIQcC6ngJTEzb65x3KhHnvxiRH4JMEgitRKiAASg4gZ4Gv5
IkwGs8rWCMWf6OLCFQbGsZSzyqQHDqKhEpTsGj9LP6asozQXOXScDZ96ttMe6bHX
U/VjTJ8U1HrsSd5VVrAzGP2TczmIktWIZrUC0CX6ssMEgGKbl7Xo7TajxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGLk/V72Wzc1YFN6qSQDnPKczHSeMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWXVUOVh2WmJOelZnVTNxcEpBT2M4cHpNZEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUVlwAwQF
1A7AMA0GCSqGSIb3DQEBCwUAA4IBAQCGChbtM7PpsACCPhE7ib53rM3PmIWgn4+u
2etyc9ak1HU+gzsW+37FXbOJ7ZRwwvL0gaCoHbdZ9Df3S2DL7IQIQlGchTNG2gBy
KniFRvIXRpG8OIgWiKH45C2KZVqJ7Ly+/dkoVf7cXcwEAyDGNsmtQAcr/6DssUQp
gPdmGIv97MUhCJhQTp/oiJ/VwbmkmQDPXwJKCjwGWjpDJTDeSZ8yJTNVS5vYpEcw
Z3ZKuSWW+08vqVTZZ06CAR5QLfw9FSKJqwEvlq/hc/TnMAy0dpl/Y6y1vfI8dyl1
PbsFJdxGkUd58aWPjG1ju/csNeenrhwvf/XKejBLPjjKEbvsiPqQ
-----END CERTIFICATE-----