Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/YWvt1TktZkQceRuPqkgBJIt06G4.roa
File:                     YWvt1TktZkQceRuPqkgBJIt06G4.roa (raw, json)
Hash identifier:          a3KOfoC0tHLYoO4Ui0MOoVaiFp/Kj7liM9IOa2PuF/w=
Subject key identifier:   61:6B:ED:D5:39:2D:66:44:1C:79:1B:8F:AA:48:01:24:8B:74:E8:6E
Certificate issuer:       /CN=10bda8ca86948d9fe029da111a0c9e70d3046a5a
Certificate serial:       018CC8DF92E340AF5CF93EBFD1B4FFACD4E5
Authority key identifier: 10:BD:A8:CA:86:94:8D:9F:E0:29:DA:11:1A:0C:9E:70:D3:04:6A:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EL2oyoaUjZ_gKdoRGgyecNMEalo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/YWvt1TktZkQceRuPqkgBJIt06G4.roa
Signing time:             Tue 02 Jan 2024 06:32:24 +0000
ROA not before:           Tue 02 Jan 2024 06:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15995
IP address blocks:        185.97.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/EL2oyoaUjZ_gKdoRGgyecNMEalo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/EL2oyoaUjZ_gKdoRGgyecNMEalo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EL2oyoaUjZ_gKdoRGgyecNMEalo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:92:e3:40:af:5c:f9:3e:bf:d1:b4:ff:ac:d4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10bda8ca86948d9fe029da111a0c9e70d3046a5a
        Validity
            Not Before: Jan  2 06:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=616bedd5392d66441c791b8faa4801248b74e86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3c:f9:02:51:e8:96:7f:bd:f6:3a:e1:6e:26:
                    20:18:53:25:c1:92:05:a6:08:7e:e0:70:85:07:f3:
                    1e:5f:62:6e:7b:c8:99:a9:15:f8:31:c2:26:c6:a1:
                    7a:d0:30:15:d5:50:26:df:1e:75:19:e0:21:06:c5:
                    c7:03:81:15:c6:30:1a:20:12:a3:5a:82:14:a3:f1:
                    07:b8:5a:3d:34:43:7d:5c:be:e3:56:33:2e:76:08:
                    b1:59:c8:f5:b7:18:8d:b0:65:9e:1e:7e:97:27:9a:
                    a8:85:8f:e3:bb:7e:96:9e:17:b4:b9:59:da:ed:d3:
                    7f:ff:31:b2:64:28:6a:76:11:17:43:8e:a9:9b:20:
                    b9:3a:5c:34:ec:64:7b:c4:66:14:46:86:a5:e6:9f:
                    08:cd:fe:32:6f:61:d8:3d:0e:65:cf:8d:9f:e0:c1:
                    15:a7:69:fe:f7:51:9d:15:7f:09:35:71:bb:03:99:
                    cf:6e:5c:24:4f:4f:7e:bf:0b:b6:da:8d:cf:73:66:
                    5a:f1:36:cc:1b:e8:6f:bb:ea:84:7d:fb:f8:49:d8:
                    af:d6:82:73:18:60:03:40:cd:4c:5e:a6:8e:0b:30:
                    19:0f:14:15:75:6e:0c:fd:df:e1:31:8f:6d:db:98:
                    03:ae:13:f6:79:7e:30:0a:13:7c:ad:ea:60:8c:de:
                    e2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:6B:ED:D5:39:2D:66:44:1C:79:1B:8F:AA:48:01:24:8B:74:E8:6E
            X509v3 Authority Key Identifier:
                keyid:10:BD:A8:CA:86:94:8D:9F:E0:29:DA:11:1A:0C:9E:70:D3:04:6A:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EL2oyoaUjZ_gKdoRGgyecNMEalo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/YWvt1TktZkQceRuPqkgBJIt06G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/c0a790-4ed9-44c3-8dfd-0bef9a3baba8/1/EL2oyoaUjZ_gKdoRGgyecNMEalo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:80:5e:94:68:a7:70:db:a0:db:bb:ce:1f:14:44:2c:4f:06:
         48:f9:f2:d6:1d:bd:34:03:d6:15:ba:49:b4:f1:78:12:9d:07:
         1a:5b:21:6d:14:0b:62:47:66:c1:f4:08:62:23:04:e6:65:5f:
         79:c2:24:93:f3:ca:66:e2:d0:40:92:40:e3:5d:c4:55:82:c6:
         e3:e2:e6:76:a6:77:3d:cd:47:20:29:ca:5d:8c:48:61:97:7e:
         e6:b0:d5:22:10:af:02:fb:f0:88:70:2a:7f:d2:8e:2d:38:65:
         1b:b1:7e:3d:51:49:53:d3:a3:bb:14:56:ed:cd:46:9f:2d:50:
         f1:01:91:e5:d7:e7:b9:54:8c:02:36:8e:e0:30:ad:f2:13:e3:
         4b:5b:db:35:d3:e5:a0:f5:7e:6b:91:58:11:8c:15:cc:d8:16:
         81:c9:f2:64:d8:c5:f2:18:58:a0:62:06:9b:50:88:ac:2c:85:
         5e:81:b8:bb:d8:e7:b9:6a:c1:9a:0e:80:bb:a3:9e:ce:ca:86:
         79:c4:8e:f7:77:73:65:5c:80:4f:d4:08:86:fd:43:3b:37:71:
         9f:3d:6d:0e:a2:74:5c:9c:2d:63:d2:00:2e:f6:7a:3d:c6:19:
         2d:1f:da:79:0c:8a:f7:88:a4:8f:0b:df:4b:b0:16:03:24:8a:
         5c:25:9a:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35LjQK9c+T6/0bT/rNTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYmRhOGNhODY5NDhkOWZlMDI5ZGExMTFhMGM5ZTcwZDMw
NDZhNWEwHhcNMjQwMTAyMDYzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTZiZWRkNTM5MmQ2NjQ0MWM3OTFiOGZhYTQ4MDEyNDhiNzRlODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjz5AlHoln+99jrhbiYgGFMlwZIF
pgh+4HCFB/MeX2Jue8iZqRX4McImxqF60DAV1VAm3x51GeAhBsXHA4EVxjAaIBKj
WoIUo/EHuFo9NEN9XL7jVjMudgixWcj1txiNsGWeHn6XJ5qohY/ju36Wnhe0uVna
7dN//zGyZChqdhEXQ46pmyC5Olw07GR7xGYURoal5p8Izf4yb2HYPQ5lz42f4MEV
p2n+91GdFX8JNXG7A5nPblwkT09+vwu22o3Pc2Za8TbMG+hvu+qEffv4Sdiv1oJz
GGADQM1MXqaOCzAZDxQVdW4M/d/hMY9t25gDrhP2eX4wChN8repgjN7i6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFr7dU5LWZEHHkbj6pIASSLdOhuMB8GA1UdIwQY
MBaAFBC9qMqGlI2f4CnaERoMnnDTBGpaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUwyb3lvYVVqWl9nS2RvUkdneWVjTk1FYWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9jMGE3OTAtNGVkOS00NGMzLThkZmQt
MGJlZjlhM2JhYmE4LzEvWVd2dDFUa3Raa1FjZVJ1UHFrZ0JKSXQwNkc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9jMGE3OTAtNGVkOS00NGMzLThkZmQtMGJlZjlhM2JhYmE4
LzEvRUwyb3lvYVVqWl9nS2RvUkdneWVjTk1FYWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWEsMA0G
CSqGSIb3DQEBCwUAA4IBAQBigF6UaKdw26Dbu84fFEQsTwZI+fLWHb00A9YVukm0
8XgSnQcaWyFtFAtiR2bB9AhiIwTmZV95wiST88pm4tBAkkDjXcRVgsbj4uZ2pnc9
zUcgKcpdjEhhl37msNUiEK8C+/CIcCp/0o4tOGUbsX49UUlT06O7FFbtzUafLVDx
AZHl1+e5VIwCNo7gMK3yE+NLW9s10+Wg9X5rkVgRjBXM2BaByfJk2MXyGFigYgab
UIisLIVegbi72Oe5asGaDoC7o57OyoZ5xI73d3NlXIBP1AiG/UM7N3GfPW0OonRc
nC1j0gAu9no9xhktH9p5DIr3iKSPC99LsBYDJIpcJZq0
-----END CERTIFICATE-----