Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/kaTgOas6Zj_x-YXPPghLyFGLwwE.roa
File:                     kaTgOas6Zj_x-YXPPghLyFGLwwE.roa (raw, json)
Hash identifier:          iajXAJPbEGVQUpJTtSg37dZggz5FXZLRCs0w7jbydrg=
Subject key identifier:   91:A4:E0:39:AB:3A:66:3F:F1:F9:85:CF:3E:08:4B:C8:51:8B:C3:01
Certificate issuer:       /CN=70de707d6c01006b2aca687eaab29cb4736b7668
Certificate serial:       018CC801C823319D1EC77B0C7A58F97AFEC0
Authority key identifier: 70:DE:70:7D:6C:01:00:6B:2A:CA:68:7E:AA:B2:9C:B4:73:6B:76:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/kaTgOas6Zj_x-YXPPghLyFGLwwE.roa
Signing time:             Tue 02 Jan 2024 02:30:09 +0000
ROA not before:           Tue 02 Jan 2024 02:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208357
IP address blocks:        185.54.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c8:23:31:9d:1e:c7:7b:0c:7a:58:f9:7a:fe:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70de707d6c01006b2aca687eaab29cb4736b7668
        Validity
            Not Before: Jan  2 02:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a4e039ab3a663ff1f985cf3e084bc8518bc301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:13:22:a4:30:cf:31:7f:d1:3e:64:52:80:de:
                    fd:58:f6:51:a9:b9:0a:9a:01:6f:1f:94:cb:f3:a6:
                    2e:a7:de:09:d5:73:f7:a4:de:74:b8:73:b4:62:e7:
                    ce:14:dc:83:b2:1a:6b:f3:e0:b9:85:83:1b:01:4e:
                    3f:2e:39:96:65:11:7e:3c:6d:28:9f:42:9d:3b:af:
                    77:a5:2c:ea:0f:14:b1:1c:fd:39:51:80:90:0e:c7:
                    d6:2f:dd:e4:af:e3:86:0b:98:4e:3b:de:76:7e:c5:
                    98:8a:4f:cf:db:29:ad:5e:f1:36:b2:84:3e:74:b2:
                    f2:fd:86:ea:80:84:7e:62:21:84:b8:f6:d2:26:7f:
                    6f:65:c5:d5:69:c4:7e:16:ca:47:a8:d1:7d:c0:cf:
                    9d:bb:22:c0:41:79:8c:1f:4c:3c:20:4e:e2:9f:4f:
                    ea:11:08:bf:c8:65:c8:92:66:01:b4:b9:72:80:4c:
                    35:da:d0:a3:55:be:60:2c:92:a2:6f:4e:d7:af:a9:
                    db:21:31:7f:1c:f4:2b:0d:20:02:93:ab:68:c7:de:
                    4d:30:5e:2c:b5:a6:b6:4f:3e:09:4d:74:cf:c8:df:
                    f4:31:98:5b:03:48:2b:39:c8:e2:04:c3:e6:73:a0:
                    92:97:73:3e:02:b5:e4:ba:33:83:e9:9f:63:8c:76:
                    80:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A4:E0:39:AB:3A:66:3F:F1:F9:85:CF:3E:08:4B:C8:51:8B:C3:01
            X509v3 Authority Key Identifier:
                keyid:70:DE:70:7D:6C:01:00:6B:2A:CA:68:7E:AA:B2:9C:B4:73:6B:76:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cN5wfWwBAGsqymh-qrKctHNrdmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/kaTgOas6Zj_x-YXPPghLyFGLwwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/6ce0c0-937c-4a43-9e84-18e5c537d51d/1/cN5wfWwBAGsqymh-qrKctHNrdmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d7:bc:9e:f7:17:a3:d4:69:12:c4:ec:0a:a2:df:8a:cb:1c:
         61:71:e9:50:7d:80:38:01:44:18:2f:8e:a0:cc:9e:59:46:1b:
         41:d7:ba:74:20:7c:40:4e:96:4d:6d:ae:1e:36:7d:1b:1e:4d:
         30:1f:11:d8:0f:9b:cf:84:76:3d:2a:9a:5d:fe:6a:6e:cc:e3:
         7b:d2:07:6e:1d:70:a7:86:cb:dc:ef:f4:05:e3:8b:28:c1:bd:
         cb:72:60:5c:77:5a:a6:d5:6c:8d:3d:67:83:4e:48:20:2f:55:
         e5:ad:7c:3f:f5:6c:88:b2:54:06:a1:5f:8f:94:b1:9e:cb:bb:
         5b:c2:1b:a2:b8:83:14:d9:8a:99:91:1d:02:61:1e:1b:a7:3d:
         b2:20:bd:d0:70:00:60:93:f5:dd:17:09:bc:0b:27:6b:3f:6d:
         56:cb:40:25:59:6b:19:95:43:b4:b5:54:c2:a1:eb:b1:a3:48:
         85:c0:57:fc:aa:af:c6:67:6d:78:a8:14:0d:b4:8c:2e:e5:85:
         67:86:54:a3:14:66:75:ce:54:cc:0f:b3:b3:86:88:8b:ac:ed:
         1d:86:59:18:a1:e4:f0:43:7d:2e:62:ba:ab:98:92:c2:e0:79:
         19:9b:2e:4d:68:27:77:b2:e3:05:df:aa:b2:e4:00:20:34:ec:
         e9:2f:50:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcgjMZ0ex3sMelj5ev7AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZGU3MDdkNmMwMTAwNmIyYWNhNjg3ZWFhYjI5Y2I0NzM2
Yjc2NjgwHhcNMjQwMTAyMDIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWE0ZTAzOWFiM2E2NjNmZjFmOTg1Y2YzZTA4NGJjODUxOGJjMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBMipDDPMX/RPmRSgN79WPZRqbkK
mgFvH5TL86Yup94J1XP3pN50uHO0YufOFNyDshpr8+C5hYMbAU4/LjmWZRF+PG0o
n0KdO693pSzqDxSxHP05UYCQDsfWL93kr+OGC5hOO952fsWYik/P2ymtXvE2soQ+
dLLy/YbqgIR+YiGEuPbSJn9vZcXVacR+FspHqNF9wM+duyLAQXmMH0w8IE7in0/q
EQi/yGXIkmYBtLlygEw12tCjVb5gLJKib07Xr6nbITF/HPQrDSACk6tox95NMF4s
taa2Tz4JTXTPyN/0MZhbA0grOcjiBMPmc6CSl3M+ArXkujOD6Z9jjHaA1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGk4DmrOmY/8fmFzz4IS8hRi8MBMB8GA1UdIwQY
MBaAFHDecH1sAQBrKspofqqynLRza3ZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY041d2ZXd0JBR3NxeW1oLXFyS2N0SE5yZG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82Y2UwYzAtOTM3Yy00YTQzLTllODQt
MThlNWM1MzdkNTFkLzEva2FUZ09hczZaal94LVlYUFBnaEx5RkdMd3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82Y2UwYzAtOTM3Yy00YTQzLTllODQtMThlNWM1MzdkNTFk
LzEvY041d2ZXd0JBR3NxeW1oLXFyS2N0SE5yZG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTaKMA0G
CSqGSIb3DQEBCwUAA4IBAQCT17ye9xej1GkSxOwKot+KyxxhcelQfYA4AUQYL46g
zJ5ZRhtB17p0IHxATpZNba4eNn0bHk0wHxHYD5vPhHY9Kppd/mpuzON70gduHXCn
hsvc7/QF44sowb3LcmBcd1qm1WyNPWeDTkggL1XlrXw/9WyIslQGoV+PlLGey7tb
whuiuIMU2YqZkR0CYR4bpz2yIL3QcABgk/XdFwm8CydrP21Wy0AlWWsZlUO0tVTC
oeuxo0iFwFf8qq/GZ214qBQNtIwu5YVnhlSjFGZ1zlTMD7OzhoiLrO0dhlkYoeTw
Q30uYrqrmJLC4HkZmy5NaCd3suMF36qy5AAgNOzpL1A+
-----END CERTIFICATE-----