Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/0ZG6b6TNVo5DhfNUl_T7x6pBRo8.roa
File:                     0ZG6b6TNVo5DhfNUl_T7x6pBRo8.roa (raw, json)
Hash identifier:          V4n/9IlJu6H+rthurkAQAFBm8T2t5GYskf5Ngb0P8zw=
Subject key identifier:   D1:91:BA:6F:A4:CD:56:8E:43:85:F3:54:97:F4:FB:C7:AA:41:46:8F
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018CC727058C9FCC49072427BBAF1756D242
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/0ZG6b6TNVo5DhfNUl_T7x6pBRo8.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        185.189.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:05:8c:9f:cc:49:07:24:27:bb:af:17:56:d2:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d191ba6fa4cd568e4385f35497f4fbc7aa41468f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ce:99:59:58:d2:6d:3d:b4:13:d6:31:3e:bf:
                    94:c1:c6:fb:b4:ef:24:15:f4:fb:9d:26:c1:ab:a9:
                    45:c2:54:3e:9b:af:fb:c9:5d:07:08:f8:fd:0c:b1:
                    a9:bf:49:0a:b1:77:7a:73:0f:70:37:78:fa:f5:0a:
                    35:86:ad:f0:75:42:3d:5d:4e:15:d5:3d:51:5e:7c:
                    bf:40:71:c4:93:18:db:fa:3a:4f:83:1c:b6:5f:d3:
                    f0:5c:77:70:2c:6f:d9:cf:78:e8:13:d0:92:f0:52:
                    4a:d9:65:1d:83:4e:b3:79:15:0a:c9:4a:e2:4a:dc:
                    cb:99:a8:7e:9c:4d:89:36:e8:44:0d:bb:14:4a:e3:
                    f1:20:f7:9a:f2:4f:7b:ab:d3:cc:b7:9f:4f:4d:77:
                    86:8b:a3:68:57:cc:bb:77:2d:9c:c2:2c:dc:f2:cf:
                    99:f2:b1:cd:1e:0e:f9:aa:d3:48:b1:7e:4b:9d:f6:
                    98:3f:bc:79:70:89:c7:60:c4:c3:b1:52:dd:09:9e:
                    ed:41:6e:cb:26:d3:9a:7f:74:7f:52:7d:cd:45:ae:
                    88:10:04:fa:53:a9:85:c1:c9:fc:06:74:2c:90:73:
                    64:9a:0b:8d:b7:6e:e7:d6:e7:46:50:0c:4f:5c:1b:
                    66:9a:e1:2f:a2:a8:7b:b2:61:d4:ee:24:59:32:a7:
                    71:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:91:BA:6F:A4:CD:56:8E:43:85:F3:54:97:F4:FB:C7:AA:41:46:8F
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/0ZG6b6TNVo5DhfNUl_T7x6pBRo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:37:4b:31:32:d4:fc:35:f4:4d:e9:2d:86:8e:c5:a9:1b:4a:
         46:e1:75:43:5f:b2:3e:21:3d:61:ca:b3:27:d4:ec:b1:50:f3:
         32:6f:00:0b:5c:bf:bb:53:bc:10:7c:d5:db:81:d5:17:98:a3:
         81:cd:d2:7b:db:0e:4e:d8:5f:0b:11:a8:ba:8a:9d:cd:a6:5a:
         bb:45:af:13:f7:6b:6c:61:f6:71:af:48:54:f3:f8:2e:69:75:
         4b:86:08:e9:35:c3:6d:6f:a2:3e:ad:ac:e5:c5:e2:74:15:5e:
         d0:19:bc:96:83:ed:dc:24:0f:23:86:67:10:29:7a:ef:48:1f:
         07:c1:20:86:88:28:28:01:5e:d1:ab:b9:90:59:61:4c:37:30:
         98:11:5f:c8:98:21:c0:8f:d8:7d:97:6b:fc:a7:09:db:e9:fc:
         23:33:61:4f:16:a5:d7:3d:91:72:95:d5:3a:ed:1d:60:7a:79:
         74:bf:a4:c0:e6:31:7c:33:19:4b:0e:01:0d:99:78:57:bc:24:
         24:3f:ed:87:73:51:73:94:aa:3e:10:68:f0:28:b0:c6:e7:d4:
         3a:d0:a0:71:a1:2d:4e:45:34:94:3d:96:66:20:24:1f:34:06:
         97:31:38:58:39:87:97:35:3a:97:f6:85:ac:ab:47:41:0e:b2:
         21:32:2e:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwWMn8xJByQnu68XVtJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTkxYmE2ZmE0Y2Q1NjhlNDM4NWYzNTQ5N2Y0ZmJjN2FhNDE0NjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg86ZWVjSbT20E9YxPr+Uwcb7tO8k
FfT7nSbBq6lFwlQ+m6/7yV0HCPj9DLGpv0kKsXd6cw9wN3j69Qo1hq3wdUI9XU4V
1T1RXny/QHHEkxjb+jpPgxy2X9PwXHdwLG/Zz3joE9CS8FJK2WUdg06zeRUKyUri
StzLmah+nE2JNuhEDbsUSuPxIPea8k97q9PMt59PTXeGi6NoV8y7dy2cwizc8s+Z
8rHNHg75qtNIsX5LnfaYP7x5cInHYMTDsVLdCZ7tQW7LJtOaf3R/Un3NRa6IEAT6
U6mFwcn8BnQskHNkmguNt27n1udGUAxPXBtmmuEvoqh7smHU7iRZMqdxiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGRum+kzVaOQ4XzVJf0+8eqQUaPMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvMFpHNmI2VE5WbzVEaGZOVWxfVDd4NnBCUm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub0gMA0G
CSqGSIb3DQEBCwUAA4IBAQBJN0sxMtT8NfRN6S2GjsWpG0pG4XVDX7I+IT1hyrMn
1OyxUPMybwALXL+7U7wQfNXbgdUXmKOBzdJ72w5O2F8LEai6ip3Nplq7Ra8T92ts
YfZxr0hU8/guaXVLhgjpNcNtb6I+razlxeJ0FV7QGbyWg+3cJA8jhmcQKXrvSB8H
wSCGiCgoAV7Rq7mQWWFMNzCYEV/ImCHAj9h9l2v8pwnb6fwjM2FPFqXXPZFyldU6
7R1genl0v6TA5jF8MxlLDgENmXhXvCQkP+2Hc1FzlKo+EGjwKLDG59Q60KBxoS1O
RTSUPZZmICQfNAaXMThYOYeXNTqX9oWsq0dBDrIhMi7G
-----END CERTIFICATE-----