Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/yc-gqrsX0Dlayvck585FUtBbJrE.roa
File:                     yc-gqrsX0Dlayvck585FUtBbJrE.roa (raw, json)
Hash identifier:          Ks7WQxTUjzq6wrRJQNHa/tYNzP+1BfHd4p2Dur1U0Q0=
Subject key identifier:   C9:CF:A0:AA:BB:17:D0:39:5A:CA:F7:24:E7:CE:45:52:D0:5B:26:B1
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       01963D8E2F907B0A4E540D2C99260B3EE8B5
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/yc-gqrsX0Dlayvck585FUtBbJrE.roa
Signing time:             Wed 16 Apr 2025 07:44:10 +0000
ROA not before:           Wed 16 Apr 2025 07:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        84.1.236.0/24 maxlen: 24
                          84.2.54.0/24 maxlen: 24
                          195.56.199.0/24 maxlen: 24
                          195.228.4.0/24 maxlen: 24
                          195.228.31.0/24 maxlen: 24
                          195.228.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:8e:2f:90:7b:0a:4e:54:0d:2c:99:26:0b:3e:e8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Apr 16 07:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9cfa0aabb17d0395acaf724e7ce4552d05b26b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1f:3a:d2:4d:fa:6a:43:0c:24:b8:58:45:f6:
                    fc:fe:ce:b3:1f:28:84:9b:69:f0:d8:16:6d:1e:16:
                    61:6e:36:68:18:86:4f:4f:8f:cd:9f:35:2e:92:44:
                    b6:98:59:4b:f0:e5:20:53:28:c6:48:55:ac:f7:1f:
                    bb:75:4e:32:78:6f:31:28:f7:a4:bf:c6:65:be:2f:
                    c4:b2:80:65:57:f6:7a:85:ca:26:e0:3c:2d:d2:7f:
                    c2:ba:fc:21:8a:86:c5:f3:e5:3f:7d:02:be:58:cc:
                    0b:10:c5:ff:3a:b4:c9:3a:a7:0b:55:86:d4:f0:d4:
                    4b:2f:a7:81:dc:18:42:dd:49:be:46:fd:dd:2e:1d:
                    06:53:e4:fe:9e:72:41:44:2b:4b:58:bd:f6:64:ee:
                    fd:ed:2b:92:94:eb:fe:d8:0b:dc:d7:04:14:b9:54:
                    d9:ae:e0:b9:ad:d3:0d:7f:e6:bb:fe:30:47:d0:80:
                    04:23:07:ff:f4:b4:4b:9f:d4:27:eb:e7:7b:05:38:
                    97:42:ea:d1:d1:3e:e6:4b:e2:03:ea:9d:c1:f9:76:
                    9d:95:03:eb:04:25:68:13:f7:e5:90:4d:ac:c9:44:
                    f8:33:56:f2:ee:09:08:fe:0c:10:d0:96:d3:be:18:
                    e7:e9:0e:36:13:8a:e9:80:b7:e8:e0:53:f5:d4:62:
                    a6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CF:A0:AA:BB:17:D0:39:5A:CA:F7:24:E7:CE:45:52:D0:5B:26:B1
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/yc-gqrsX0Dlayvck585FUtBbJrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.1.236.0/24
                  84.2.54.0/24
                  195.56.199.0/24
                  195.228.4.0/24
                  195.228.31.0/24
                  195.228.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:fc:44:70:e0:53:2a:e8:c7:ff:4c:ed:82:3b:8f:3d:d2:a5:
         c7:7d:2a:2b:dd:59:ce:37:6f:1d:fa:01:fa:91:26:e1:0e:e6:
         d8:ca:f9:04:c8:43:43:80:7d:94:74:28:b2:f8:a5:d7:19:1a:
         3b:93:af:46:01:f8:07:c5:69:51:60:2a:03:94:67:81:b2:15:
         c0:40:96:15:5d:72:c0:e9:2b:f1:e8:a3:3c:e3:0c:fe:be:ce:
         e9:90:9d:f6:ac:68:2d:d2:ce:a4:f2:c5:74:75:e9:82:25:75:
         ed:97:25:1a:ea:40:11:9f:21:bd:3c:c1:e0:04:8e:5b:90:6e:
         7a:00:8c:a0:db:31:77:aa:98:df:83:b7:80:88:4d:16:99:fe:
         d2:b8:18:be:82:20:12:4e:8a:0a:51:1c:a3:c1:0b:9f:91:99:
         ab:e7:bb:47:95:41:ec:8d:dd:70:f0:f3:de:56:e5:0e:66:2b:
         55:7b:0e:f7:64:46:74:d1:3e:ea:4a:88:f7:42:52:10:72:f1:
         a4:42:35:95:ba:ba:00:85:55:ff:fd:69:27:09:45:d1:0f:48:
         8e:b3:d4:87:1d:3c:d1:46:98:6a:18:e0:86:e1:63:20:d0:9c:
         ea:6d:6e:34:1b:bd:ab:07:3c:ec:cd:63:6e:29:f7:56:c9:09:
         2c:a2:88:d3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZY9ji+QewpOVA0smSYLPui1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwNDE2MDc0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNmYTBhYWJiMTdkMDM5NWFjYWY3MjRlN2NlNDU1MmQwNWIyNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx860k36akMMJLhYRfb8/s6zHyiE
m2nw2BZtHhZhbjZoGIZPT4/NnzUukkS2mFlL8OUgUyjGSFWs9x+7dU4yeG8xKPek
v8Zlvi/EsoBlV/Z6hcom4Dwt0n/CuvwhiobF8+U/fQK+WMwLEMX/OrTJOqcLVYbU
8NRLL6eB3BhC3Um+Rv3dLh0GU+T+nnJBRCtLWL32ZO797SuSlOv+2Avc1wQUuVTZ
ruC5rdMNf+a7/jBH0IAEIwf/9LRLn9Qn6+d7BTiXQurR0T7mS+ID6p3B+XadlQPr
BCVoE/flkE2syUT4M1by7gkI/gwQ0JbTvhjn6Q42E4rpgLfo4FP11GKmzwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMnPoKq7F9A5Wsr3JOfORVLQWyaxMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEveWMtZ3Fyc1gwRGxheXZjazU4NUZVdEJiSnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVAHsAwQA
VAI2AwQAwzjHAwQAw+QEAwQAw+QfAwQAw+RwMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
/ERw4FMq6Mf/TO2CO4890qXHfSor3VnON28d+gH6kSbhDubYyvkEyENDgH2UdCiy
+KXXGRo7k69GAfgHxWlRYCoDlGeBshXAQJYVXXLA6Svx6KM84wz+vs7pkJ32rGgt
0s6k8sV0demCJXXtlyUa6kARnyG9PMHgBI5bkG56AIyg2zF3qpjfg7eAiE0Wmf7S
uBi+giASTooKURyjwQufkZmr57tHlUHsjd1w8PPeVuUOZitVew73ZEZ00T7qSoj3
QlIQcvGkQjWVuroAhVX//WknCUXRD0iOs9SHHTzRRphqGOCG4WMg0JzqbW40G72r
BzzszWNuKfdWyQksoojT
-----END CERTIFICATE-----
Generated at Sat Apr 26 14:59:06 2025 by rpki-client