Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/k_YLzrIDg1YjbhtkHDo-PlVafSM.roa
File:                     k_YLzrIDg1YjbhtkHDo-PlVafSM.roa (raw, json)
Hash identifier:          WO6bkBCOUYF0Y5QVbrbH+REs3tEwVP3m41SaulZv0cQ=
Subject key identifier:   93:F6:0B:CE:B2:03:83:56:23:6E:1B:64:1C:3A:3E:3E:55:5A:7D:23
Certificate issuer:       /CN=b6ed62055a5191c02ec5112e95181a89ac060ceb
Certificate serial:       018FCA1FBA22EA2DFE1EF40ECA04EE303ED0
Authority key identifier: B6:ED:62:05:5A:51:91:C0:2E:C5:11:2E:95:18:1A:89:AC:06:0C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/k_YLzrIDg1YjbhtkHDo-PlVafSM.roa
Signing time:             Thu 30 May 2024 15:30:27 +0000
ROA not before:           Thu 30 May 2024 15:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47242
IP address blocks:        185.73.136.0/24 maxlen: 24
                          185.73.137.0/24 maxlen: 24
                          185.73.138.0/24 maxlen: 24
                          185.73.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ca:1f:ba:22:ea:2d:fe:1e:f4:0e:ca:04:ee:30:3e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ed62055a5191c02ec5112e95181a89ac060ceb
        Validity
            Not Before: May 30 15:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93f60bceb2038356236e1b641c3a3e3e555a7d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:8c:46:f5:d5:fb:52:41:5b:11:7a:a4:a1:
                    bd:ba:45:4e:b0:4b:14:92:9f:38:78:f2:64:c1:98:
                    48:e0:d3:6a:62:c8:22:c8:e5:40:54:90:ee:04:38:
                    f6:cb:2f:0e:40:fc:50:66:a9:20:b9:b6:60:a8:77:
                    53:b3:21:d5:be:b6:b8:cb:65:b4:2b:5c:9e:5e:78:
                    a6:c6:4d:ce:e3:45:26:a8:7c:71:30:cf:87:39:0a:
                    38:82:33:e9:96:37:02:4c:ec:1e:c3:de:42:e5:95:
                    58:08:62:b6:07:3b:37:d0:9e:64:0b:ee:ad:2c:c5:
                    03:f7:2c:29:0e:61:47:b4:50:e1:f8:05:76:67:71:
                    52:70:82:43:91:02:28:c7:cd:fe:2f:6c:b6:c1:1e:
                    28:71:ee:13:f3:a9:9e:0d:2b:08:c6:c1:40:2c:c5:
                    9a:bc:ad:db:0e:7c:d6:85:c6:79:d7:2e:e4:a9:e6:
                    6c:1b:15:df:19:19:5f:fc:c7:30:04:77:83:65:3b:
                    e1:df:b9:f4:f4:28:a3:fa:a8:f3:7b:dd:3b:36:6a:
                    22:2a:67:25:80:1c:dc:34:e2:84:e9:a7:09:1b:19:
                    ac:62:1f:ae:b9:db:1f:14:b4:03:ee:20:b8:bb:99:
                    5f:87:8b:51:9a:d4:dc:99:6d:35:e2:23:ac:50:e7:
                    24:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F6:0B:CE:B2:03:83:56:23:6E:1B:64:1C:3A:3E:3E:55:5A:7D:23
            X509v3 Authority Key Identifier:
                keyid:B6:ED:62:05:5A:51:91:C0:2E:C5:11:2E:95:18:1A:89:AC:06:0C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/k_YLzrIDg1YjbhtkHDo-PlVafSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:d6:34:2b:e8:e9:a7:ae:07:52:9e:5f:1d:d5:48:18:21:ac:
         ce:6f:59:97:f1:e9:c4:24:66:c1:14:48:47:45:b5:a8:29:79:
         50:1d:e2:e5:c8:e4:33:e2:36:27:9e:23:d2:b3:62:3b:21:cd:
         be:85:f8:51:45:20:32:de:ed:12:07:d5:4e:cc:7e:79:b6:39:
         b4:e6:d8:53:af:f6:44:87:1b:00:d2:66:ef:14:6f:c3:7b:2c:
         5a:56:98:83:e5:e1:31:8c:5c:af:e1:2c:35:da:5d:81:68:98:
         b9:51:7c:9d:5e:61:bc:04:a7:69:75:de:1c:70:e0:d5:89:e3:
         66:15:6c:51:ad:dc:68:4f:0e:8a:09:2c:54:5e:8a:a3:19:65:
         8b:42:1e:6a:97:d0:d8:69:03:17:3e:f0:f6:72:9b:0d:ab:9d:
         5f:0a:cc:05:fb:d8:9e:d4:83:59:fc:7a:37:1d:df:b8:be:9e:
         12:65:54:65:5d:ee:e6:76:fe:f7:b1:b5:96:8e:14:04:4b:fa:
         41:d1:15:89:aa:a5:91:07:ae:01:a7:a4:b8:5f:44:23:24:7a:
         63:a9:7f:f1:aa:29:d7:cf:f3:c1:24:af:0f:e9:82:1a:20:4a:
         d7:31:42:c8:1e:fe:43:5a:f7:27:38:42:12:ea:43:62:e6:54:
         79:eb:25:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/KH7oi6i3+HvQOygTuMD7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZWQ2MjA1NWE1MTkxYzAyZWM1MTEyZTk1MTgxYTg5YWMw
NjBjZWIwHhcNMjQwNTMwMTUzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2Y2MGJjZWIyMDM4MzU2MjM2ZTFiNjQxYzNhM2UzZTU1NWE3ZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLuMRvXV+1JBWxF6pKG9ukVOsEsU
kp84ePJkwZhI4NNqYsgiyOVAVJDuBDj2yy8OQPxQZqkgubZgqHdTsyHVvra4y2W0
K1yeXnimxk3O40UmqHxxMM+HOQo4gjPpljcCTOwew95C5ZVYCGK2Bzs30J5kC+6t
LMUD9ywpDmFHtFDh+AV2Z3FScIJDkQIox83+L2y2wR4oce4T86meDSsIxsFALMWa
vK3bDnzWhcZ51y7kqeZsGxXfGRlf/McwBHeDZTvh37n09Cij+qjze907NmoiKmcl
gBzcNOKE6acJGxmsYh+uudsfFLQD7iC4u5lfh4tRmtTcmW014iOsUOckVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJP2C86yA4NWI24bZBw6Pj5VWn0jMB8GA1UdIwQY
MBaAFLbtYgVaUZHALsURLpUYGomsBgzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHUxaUJWcFJrY0F1eFJFdWxSZ2FpYXdHRE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kYzEzYzEtZGU1Ni00NDlmLTljMjkt
YzgxMjY2YjdjNDllLzEva19ZTHpySURnMVlqYmh0a0hEby1QbFZhZlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kYzEzYzEtZGU1Ni00NDlmLTljMjktYzgxMjY2YjdjNDll
LzEvdHUxaUJWcFJrY0F1eFJFdWxSZ2FpYXdHRE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUmIMA0G
CSqGSIb3DQEBCwUAA4IBAQAa1jQr6OmnrgdSnl8d1UgYIazOb1mX8enEJGbBFEhH
RbWoKXlQHeLlyOQz4jYnniPSs2I7Ic2+hfhRRSAy3u0SB9VOzH55tjm05thTr/ZE
hxsA0mbvFG/DeyxaVpiD5eExjFyv4Sw12l2BaJi5UXydXmG8BKdpdd4ccODVieNm
FWxRrdxoTw6KCSxUXoqjGWWLQh5ql9DYaQMXPvD2cpsNq51fCswF+9ie1INZ/Ho3
Hd+4vp4SZVRlXe7mdv73sbWWjhQES/pB0RWJqqWRB64Bp6S4X0QjJHpjqX/xqinX
z/PBJK8P6YIaIErXMULIHv5DWvcnOEIS6kNi5lR56yVz
-----END CERTIFICATE-----