Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/z8OuSCGJchVeCUpQYS1C9lyJdfQ.roa
File:                     z8OuSCGJchVeCUpQYS1C9lyJdfQ.roa (raw, json)
Hash identifier:          DpfwIon8LxlRlWc8oVUrCsq2KEdEj3C2oAT8Sfo35hk=
Subject key identifier:   CF:C3:AE:48:21:89:72:15:5E:09:4A:50:61:2D:42:F6:5C:89:75:F4
Certificate issuer:       /CN=27d8af7e56c80d18dc968f4dbcec813f85ea30a4
Certificate serial:       018CC3B6CAA9C0430480F0C228A5A13FDD7C
Authority key identifier: 27:D8:AF:7E:56:C8:0D:18:DC:96:8F:4D:BC:EC:81:3F:85:EA:30:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9ivflbIDRjclo9NvOyBP4XqMKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/z8OuSCGJchVeCUpQYS1C9lyJdfQ.roa
Signing time:             Mon 01 Jan 2024 06:29:45 +0000
ROA not before:           Mon 01 Jan 2024 06:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209026
IP address blocks:        185.253.236.0/22 maxlen: 24
                          2a0c:42c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/J9ivflbIDRjclo9NvOyBP4XqMKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/J9ivflbIDRjclo9NvOyBP4XqMKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9ivflbIDRjclo9NvOyBP4XqMKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ca:a9:c0:43:04:80:f0:c2:28:a5:a1:3f:dd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d8af7e56c80d18dc968f4dbcec813f85ea30a4
        Validity
            Not Before: Jan  1 06:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfc3ae48218972155e094a50612d42f65c8975f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:de:04:c7:e0:67:45:71:fb:07:3c:ca:17:9b:
                    2b:81:7a:fe:e5:32:93:5d:7b:38:7f:5d:56:e5:01:
                    67:65:b6:0d:59:f7:df:67:bf:a6:1f:6e:05:ce:56:
                    0d:b4:75:8b:6a:0a:14:b1:2d:b5:5a:cf:c8:88:c3:
                    1b:35:6f:2f:ce:8c:fa:15:24:34:79:82:26:eb:08:
                    39:a7:9f:f0:38:2d:93:2e:2c:92:8e:6a:3e:b7:fd:
                    c8:34:5c:9b:65:b9:a2:3e:7f:74:ab:fb:0a:7e:fc:
                    f9:65:f4:fc:91:7d:68:79:42:1f:03:a5:d6:1e:6f:
                    23:bb:4a:58:d4:16:aa:f5:df:7a:81:18:e5:40:1b:
                    99:3a:3a:7a:02:8b:05:c5:e0:5e:dc:07:1d:dd:7e:
                    8c:37:cb:07:b6:04:12:b5:36:a0:09:af:ee:99:61:
                    4c:73:77:5d:4c:42:87:c7:7d:95:9c:27:a2:4b:a1:
                    92:3d:2f:10:21:c9:08:5a:3d:87:b7:d9:fc:99:7d:
                    b9:fd:4c:d1:81:cd:76:7a:89:15:2d:65:e5:bc:2b:
                    e7:93:d7:03:bc:1c:fb:1d:18:43:cc:7c:3c:04:12:
                    a4:b6:e1:e7:41:ae:79:1d:ea:4e:02:c9:7b:1f:24:
                    34:47:42:52:89:52:5e:7b:1f:f3:e6:90:09:b2:9b:
                    1f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C3:AE:48:21:89:72:15:5E:09:4A:50:61:2D:42:F6:5C:89:75:F4
            X509v3 Authority Key Identifier:
                keyid:27:D8:AF:7E:56:C8:0D:18:DC:96:8F:4D:BC:EC:81:3F:85:EA:30:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9ivflbIDRjclo9NvOyBP4XqMKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/z8OuSCGJchVeCUpQYS1C9lyJdfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/d8b9f4-ad01-447c-a4de-0215aca1b909/1/J9ivflbIDRjclo9NvOyBP4XqMKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.236.0/22
                IPv6:
                  2a0c:42c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:4e:ab:c6:a6:f0:ed:29:a8:06:75:53:b9:c4:0c:29:72:b6:
         83:a5:6f:ca:15:18:8c:16:da:08:66:25:cd:86:69:e4:74:96:
         96:7c:6a:ef:6d:7c:01:97:ba:88:6b:ee:ee:8d:bc:f4:49:dc:
         02:41:cf:2e:4c:37:5b:d3:5f:33:83:dd:ad:d5:88:fb:41:7a:
         c8:bd:f9:e9:d6:b2:8a:01:23:71:76:d9:03:c6:1a:2b:6c:f5:
         6a:f3:c9:35:8d:bb:a1:2a:f3:94:e1:22:c8:b7:90:d6:76:f1:
         6c:e1:5a:a5:c3:83:8a:70:cd:17:2f:46:19:e3:40:6d:f0:fb:
         fc:11:9c:d5:c2:5e:f0:aa:ae:d9:4c:3e:47:41:bb:df:9e:50:
         18:7e:ec:bf:2b:82:51:d2:a6:f1:8e:ac:18:90:0a:a0:4e:fe:
         3a:af:5e:2d:14:ac:72:8b:55:45:7d:d5:c5:2f:15:7a:36:5d:
         8f:68:1b:91:2c:a3:50:06:c3:03:27:b3:e1:a1:18:fe:7e:90:
         0d:df:e0:95:50:62:91:4b:ef:86:dc:a6:59:f3:a1:b6:9b:0f:
         e2:92:af:85:53:e8:1d:af:e2:2f:21:f6:05:23:3c:a8:bb:8f:
         be:c7:19:c7:55:20:31:8c:02:a3:19:49:41:09:e7:2c:c8:12:
         83:e5:3b:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtsqpwEMEgPDCKKWhP918MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDhhZjdlNTZjODBkMThkYzk2OGY0ZGJjZWM4MTNmODVl
YTMwYTQwHhcNMjQwMTAxMDYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMzYWU0ODIxODk3MjE1NWUwOTRhNTA2MTJkNDJmNjVjODk3NWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd4Ex+BnRXH7BzzKF5srgXr+5TKT
XXs4f11W5QFnZbYNWfffZ7+mH24FzlYNtHWLagoUsS21Ws/IiMMbNW8vzoz6FSQ0
eYIm6wg5p5/wOC2TLiySjmo+t/3INFybZbmiPn90q/sKfvz5ZfT8kX1oeUIfA6XW
Hm8ju0pY1Baq9d96gRjlQBuZOjp6AosFxeBe3Acd3X6MN8sHtgQStTagCa/umWFM
c3ddTEKHx32VnCeiS6GSPS8QIckIWj2Ht9n8mX25/UzRgc12eokVLWXlvCvnk9cD
vBz7HRhDzHw8BBKktuHnQa55HepOAsl7HyQ0R0JSiVJeex/z5pAJspsflQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM/DrkghiXIVXglKUGEtQvZciXX0MB8GA1UdIwQY
MBaAFCfYr35WyA0Y3JaPTbzsgT+F6jCkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjlpdmZsYklEUmpjbG85TnZPeUJQNFhxTUtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9kOGI5ZjQtYWQwMS00NDdjLWE0ZGUt
MDIxNWFjYTFiOTA5LzEvejhPdVNDR0pjaFZlQ1VwUVlTMUM5bHlKZGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9kOGI5ZjQtYWQwMS00NDdjLWE0ZGUtMDIxNWFjYTFiOTA5
LzEvSjlpdmZsYklEUmpjbG85TnZPeUJQNFhxTUtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf3sMA0E
AgACMAcDBQMqDELAMA0GCSqGSIb3DQEBCwUAA4IBAQCLTqvGpvDtKagGdVO5xAwp
craDpW/KFRiMFtoIZiXNhmnkdJaWfGrvbXwBl7qIa+7ujbz0SdwCQc8uTDdb018z
g92t1Yj7QXrIvfnp1rKKASNxdtkDxhorbPVq88k1jbuhKvOU4SLIt5DWdvFs4Vql
w4OKcM0XL0YZ40Bt8Pv8EZzVwl7wqq7ZTD5HQbvfnlAYfuy/K4JR0qbxjqwYkAqg
Tv46r14tFKxyi1VFfdXFLxV6Nl2PaBuRLKNQBsMDJ7PhoRj+fpAN3+CVUGKRS++G
3KZZ86G2mw/ikq+FU+gdr+IvIfYFIzyou4++xxnHVSAxjAKjGUlBCecsyBKD5Tsb
-----END CERTIFICATE-----