Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/6aHdWIUoGcOLVcv1Xbh7YHINXEc.roa
File:                     6aHdWIUoGcOLVcv1Xbh7YHINXEc.roa (raw, json)
Hash identifier:          cYxWrU++XN4BSniFwa+wgO2KitRSjG1PeY+brPyTIeg=
Subject key identifier:   E9:A1:DD:58:85:28:19:C3:8B:55:CB:F5:5D:B8:7B:60:72:0D:5C:47
Certificate issuer:       /CN=2a8c588951260a11a3efbd6d816bd56f82f2fc34
Certificate serial:       018CC7933C164A70390FE9061E1743EE3EBB
Authority key identifier: 2A:8C:58:89:51:26:0A:11:A3:EF:BD:6D:81:6B:D5:6F:82:F2:FC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/6aHdWIUoGcOLVcv1Xbh7YHINXEc.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199328
IP address blocks:        185.20.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3c:16:4a:70:39:0f:e9:06:1e:17:43:ee:3e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8c588951260a11a3efbd6d816bd56f82f2fc34
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9a1dd58852819c38b55cbf55db87b60720d5c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:19:fb:90:33:0c:bc:17:57:ff:4d:29:bc:de:
                    c3:61:89:e6:e3:50:63:0a:e1:f9:4f:2c:9b:b0:98:
                    3a:70:86:25:3d:2b:91:c5:f8:73:b3:10:6d:b0:da:
                    7c:ce:0f:bf:93:73:43:0d:35:a9:83:8f:bf:ac:5e:
                    91:c7:fd:4a:d5:67:c9:99:81:01:9a:28:d4:fc:c0:
                    89:3d:0f:c3:21:54:3d:87:02:a8:99:3d:51:3c:81:
                    db:b0:2f:c1:6e:c1:0d:d1:2e:a1:6c:d1:51:69:9e:
                    13:d9:73:8d:14:8f:8e:41:bd:f7:7f:75:99:5d:ab:
                    0e:6c:dc:c1:03:ca:f8:86:fc:bb:34:28:fb:cb:ab:
                    90:e2:42:58:00:64:0f:a4:bc:79:4d:62:6c:48:82:
                    3e:f6:70:fd:5f:7e:5d:14:58:ac:ae:22:7a:98:c7:
                    33:17:2a:65:16:a2:92:c1:9c:aa:04:32:c5:ea:02:
                    5e:50:82:43:c9:97:b9:eb:e7:bd:64:11:da:2d:fe:
                    77:81:c2:e0:5c:3b:1b:f9:f2:e8:c4:ec:d8:de:d4:
                    7a:20:7b:e8:88:84:79:dd:a4:41:83:98:1b:d2:1e:
                    0d:59:d3:75:7c:7b:f0:80:19:98:80:89:13:08:b1:
                    60:8a:b3:c4:42:f2:60:a7:4f:e1:78:f0:a4:5f:b7:
                    61:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A1:DD:58:85:28:19:C3:8B:55:CB:F5:5D:B8:7B:60:72:0D:5C:47
            X509v3 Authority Key Identifier:
                keyid:2A:8C:58:89:51:26:0A:11:A3:EF:BD:6D:81:6B:D5:6F:82:F2:FC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/6aHdWIUoGcOLVcv1Xbh7YHINXEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:59:96:f2:c9:15:1e:4b:4c:39:30:d8:ef:76:fa:78:a7:2f:
         c6:dc:f5:58:11:77:b2:78:34:87:99:18:90:c3:05:e4:8e:56:
         0b:ab:3c:5d:c8:3f:48:7d:e3:29:a6:2d:a5:f4:5e:19:24:58:
         50:2b:ad:4c:d5:9e:11:99:3a:b7:87:60:ac:c3:1e:b4:b1:6d:
         47:f8:ea:7a:86:09:20:0b:df:15:cb:24:0d:68:a6:f3:b2:87:
         41:17:35:2e:77:c2:69:73:4d:5b:45:6c:8a:17:3c:43:2b:c1:
         de:c3:d4:2f:c7:82:81:81:26:0d:9f:37:d3:59:74:9a:2e:e3:
         9b:ca:2d:7a:31:c9:f8:a0:bc:cf:f0:73:c8:c3:4a:8d:87:04:
         54:e4:b1:48:ef:8a:ca:f2:3e:17:37:06:b5:04:ff:fa:8b:22:
         05:d0:1d:cf:9a:0b:b6:9f:e1:06:fd:0e:5f:02:75:ce:2c:71:
         62:6b:ae:b8:e9:6d:7e:b1:2a:c7:08:b9:eb:72:10:e5:3f:f4:
         a8:5d:a1:6d:58:24:ec:f8:3b:9a:5d:77:53:05:af:40:6d:4a:
         6b:26:71:f1:3e:02:ef:80:8a:be:58:c4:0c:c0:7a:7c:f1:90:
         d2:4e:79:3a:1e:43:6f:32:5b:a5:13:41:75:21:2e:2b:de:64:
         fb:f0:d7:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzwWSnA5D+kGHhdD7j67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGM1ODg5NTEyNjBhMTFhM2VmYmQ2ZDgxNmJkNTZmODJm
MmZjMzQwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWExZGQ1ODg1MjgxOWMzOGI1NWNiZjU1ZGI4N2I2MDcyMGQ1YzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBn7kDMMvBdX/00pvN7DYYnm41Bj
CuH5TyybsJg6cIYlPSuRxfhzsxBtsNp8zg+/k3NDDTWpg4+/rF6Rx/1K1WfJmYEB
mijU/MCJPQ/DIVQ9hwKomT1RPIHbsC/BbsEN0S6hbNFRaZ4T2XONFI+OQb33f3WZ
XasObNzBA8r4hvy7NCj7y6uQ4kJYAGQPpLx5TWJsSII+9nD9X35dFFisriJ6mMcz
FyplFqKSwZyqBDLF6gJeUIJDyZe56+e9ZBHaLf53gcLgXDsb+fLoxOzY3tR6IHvo
iIR53aRBg5gb0h4NWdN1fHvwgBmYgIkTCLFgirPEQvJgp0/hePCkX7dh+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmh3ViFKBnDi1XL9V24e2ByDVxHMB8GA1UdIwQY
MBaAFCqMWIlRJgoRo++9bYFr1W+C8vw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS294WWlWRW1DaEdqNzcxdGdXdlZiNEx5X0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80ZGU0OWMtYWE1OC00NGFmLWIwMmEt
MWU4ZDIxOWY4N2FmLzEvNmFIZFdJVW9HY09MVmN2MVhiaDdZSElOWEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80ZGU0OWMtYWE1OC00NGFmLWIwMmEtMWU4ZDIxOWY4N2Fm
LzEvS294WWlWRW1DaEdqNzcxdGdXdlZiNEx5X0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRRkMA0G
CSqGSIb3DQEBCwUAA4IBAQARWZbyyRUeS0w5MNjvdvp4py/G3PVYEXeyeDSHmRiQ
wwXkjlYLqzxdyD9IfeMppi2l9F4ZJFhQK61M1Z4RmTq3h2Cswx60sW1H+Op6hgkg
C98VyyQNaKbzsodBFzUud8Jpc01bRWyKFzxDK8Hew9Qvx4KBgSYNnzfTWXSaLuOb
yi16Mcn4oLzP8HPIw0qNhwRU5LFI74rK8j4XNwa1BP/6iyIF0B3Pmgu2n+EG/Q5f
AnXOLHFia6646W1+sSrHCLnrchDlP/SoXaFtWCTs+DuaXXdTBa9AbUprJnHxPgLv
gIq+WMQMwHp88ZDSTnk6HkNvMlulE0F1IS4r3mT78NcE
-----END CERTIFICATE-----