Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/9_YiNW7fLxM2xl4RTGuHlD7bgQU.roa
File:                     9_YiNW7fLxM2xl4RTGuHlD7bgQU.roa (raw, json)
Hash identifier:          R2Xy7CQEGShLfmm0V/7Hl8oYZmpZneXnlQumj3A+m40=
Subject key identifier:   F7:F6:22:35:6E:DF:2F:13:36:C6:5E:11:4C:6B:87:94:3E:DB:81:05
Certificate issuer:       /CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
Certificate serial:       018CC94E29BF189266F04526181D8B2473CF
Authority key identifier: AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/9_YiNW7fLxM2xl4RTGuHlD7bgQU.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.142.145.0/24 maxlen: 24
                          185.142.144.0/24 maxlen: 24
                          185.142.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:29:bf:18:92:66:f0:45:26:18:1d:8b:24:73:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad2d38e20f24d0e30b86ccd8261ac0017f17a5a4
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7f622356edf2f1336c65e114c6b87943edb8105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:22:0a:c8:77:1b:76:ac:a1:ca:02:e7:da:6b:
                    88:27:9c:3c:24:3c:52:48:cc:1e:cd:94:7b:41:bc:
                    6e:64:10:3e:d4:73:df:17:20:e1:e2:27:3b:9a:bc:
                    9d:cd:db:94:6e:ab:5f:2c:23:b5:88:89:08:2d:2a:
                    95:3c:a7:6f:72:0d:5f:58:2d:d4:e2:9e:95:25:9c:
                    36:80:0c:d3:c8:60:59:6b:16:97:bb:f7:fa:f9:f2:
                    04:6b:6d:2c:1c:6c:27:c2:64:88:36:c3:a8:33:c0:
                    ed:96:57:39:58:14:b8:39:a8:8e:10:52:17:11:f9:
                    4e:af:c6:1e:1a:f1:07:f8:b7:c5:05:b9:be:40:f9:
                    e0:09:d3:af:e4:fc:d6:54:0d:3c:eb:58:de:23:e3:
                    af:af:0b:97:01:b7:89:40:18:69:9e:68:a7:80:73:
                    01:0f:d1:b1:c4:97:21:d2:79:5b:cb:77:8e:e5:89:
                    87:8a:07:9e:07:56:b4:77:4a:ec:bd:93:36:d4:40:
                    92:51:5b:5c:89:b3:f6:84:01:a0:cb:76:6e:19:8e:
                    6b:5f:78:06:4a:46:9f:a3:cb:f7:5f:ed:a1:b4:30:
                    23:13:25:08:3b:6f:60:d2:ce:78:a9:41:fb:51:80:
                    bb:8d:a1:57:f7:a8:de:0a:23:fb:6f:02:d0:a4:92:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F6:22:35:6E:DF:2F:13:36:C6:5E:11:4C:6B:87:94:3E:DB:81:05
            X509v3 Authority Key Identifier:
                keyid:AD:2D:38:E2:0F:24:D0:E3:0B:86:CC:D8:26:1A:C0:01:7F:17:A5:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rS044g8k0OMLhszYJhrAAX8XpaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/9_YiNW7fLxM2xl4RTGuHlD7bgQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2d8761-229f-4a37-87b1-42995323c03d/1/rS044g8k0OMLhszYJhrAAX8XpaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.144.0-185.142.146.255

    Signature Algorithm: sha256WithRSAEncryption
         50:81:95:b8:c3:1e:21:dc:f3:68:0f:94:b9:93:66:3c:fd:88:
         61:ff:a8:a9:fa:00:cb:cc:96:51:a9:db:75:73:92:76:7f:bc:
         a1:cc:48:a4:bd:5a:4d:8f:3e:78:ae:b6:f5:0c:17:6f:90:10:
         67:75:c6:fa:e1:59:4a:cd:05:3e:e4:61:ee:e1:6e:1e:88:ae:
         dd:29:ad:70:dc:a1:d2:76:02:e1:0f:4b:d0:19:b8:88:8f:6e:
         08:7a:21:65:66:4c:68:44:21:aa:a4:c3:c9:7d:ed:96:14:e6:
         2b:ea:da:84:1c:2b:f2:59:fb:d1:0d:6e:88:7d:73:00:59:0a:
         1e:4c:2c:03:4b:46:19:c7:13:a1:6b:d7:fa:81:a9:4a:b3:ba:
         65:6d:d0:f4:ad:78:98:37:42:43:69:71:33:45:f5:55:ac:c9:
         03:40:38:cd:fc:d6:d4:6c:f6:f0:cb:0d:fb:33:22:15:c0:71:
         c5:b9:bb:64:76:64:4a:62:ca:9a:6e:5a:c3:b7:27:78:5d:89:
         2c:3f:73:f7:ae:d2:0d:da:c2:a3:09:60:16:6f:e9:6e:1e:19:
         27:c4:42:3f:3d:47:0a:3d:48:a7:11:2e:55:9c:24:72:90:0a:
         4c:ae:47:f5:d8:bf:5b:11:aa:73:35:5b:bb:2c:df:5f:49:6b:
         6e:32:05:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTim/GJJm8EUmGB2LJHPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMmQzOGUyMGYyNGQwZTMwYjg2Y2NkODI2MWFjMDAxN2Yx
N2E1YTQwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y2MjIzNTZlZGYyZjEzMzZjNjVlMTE0YzZiODc5NDNlZGI4MTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyIKyHcbdqyhygLn2muIJ5w8JDxS
SMwezZR7QbxuZBA+1HPfFyDh4ic7mrydzduUbqtfLCO1iIkILSqVPKdvcg1fWC3U
4p6VJZw2gAzTyGBZaxaXu/f6+fIEa20sHGwnwmSINsOoM8Dtllc5WBS4OaiOEFIX
EflOr8YeGvEH+LfFBbm+QPngCdOv5PzWVA0861jeI+OvrwuXAbeJQBhpnmingHMB
D9GxxJch0nlby3eO5YmHigeeB1a0d0rsvZM21ECSUVtcibP2hAGgy3ZuGY5rX3gG
Skafo8v3X+2htDAjEyUIO29g0s54qUH7UYC7jaFX96jeCiP7bwLQpJLWcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPf2IjVu3y8TNsZeEUxrh5Q+24EFMB8GA1UdIwQY
MBaAFK0tOOIPJNDjC4bM2CYawAF/F6WkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEt
NDI5OTUzMjNjMDNkLzEvOV9ZaU5XN2ZMeE0yeGw0UlRHdUhsRDdiZ1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yZDg3NjEtMjI5Zi00YTM3LTg3YjEtNDI5OTUzMjNjMDNk
LzEvclMwNDRnOGswT01MaHN6WUpockFBWDhYcGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS5jpAD
BAC5jpIwDQYJKoZIhvcNAQELBQADggEBAFCBlbjDHiHc82gPlLmTZjz9iGH/qKn6
AMvMllGp23VzknZ/vKHMSKS9Wk2PPniutvUMF2+QEGd1xvrhWUrNBT7kYe7hbh6I
rt0prXDcodJ2AuEPS9AZuIiPbgh6IWVmTGhEIaqkw8l97ZYU5ivq2oQcK/JZ+9EN
boh9cwBZCh5MLANLRhnHE6Fr1/qBqUqzumVt0PSteJg3QkNpcTNF9VWsyQNAOM38
1tRs9vDLDfszIhXAccW5u2R2ZEpiyppuWsO3J3hdiSw/c/eu0g3awqMJYBZv6W4e
GSfEQj89Rwo9SKcRLlWcJHKQCkyuR/XYv1sRqnM1W7ss319Ja24yBYs=
-----END CERTIFICATE-----