Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/06ukvyRztavkR5su_k4I6V6jka8.roa
File:                     06ukvyRztavkR5su_k4I6V6jka8.roa (raw, json)
Hash identifier:          zrzOYFEX9IzrfQq5Rv4ROoveCzj1i9PTLPg8h2Q1rDw=
Subject key identifier:   D3:AB:A4:BF:24:73:B5:AB:E4:47:9B:2E:FE:4E:08:E9:5E:A3:91:AF
Certificate issuer:       /CN=f58df2c469c978895f8458024c506e801c8fb21a
Certificate serial:       018CC793E27D164A3AE03E5F38D22BBE3CB8
Authority key identifier: F5:8D:F2:C4:69:C9:78:89:5F:84:58:02:4C:50:6E:80:1C:8F:B2:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y3yxGnJeIlfhFgCTFBugByPsho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/06ukvyRztavkR5su_k4I6V6jka8.roa
Signing time:             Tue 02 Jan 2024 00:30:06 +0000
ROA not before:           Tue 02 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201127
IP address blocks:        185.189.60.0/22 maxlen: 24
                          2a0b:d680::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/9Y3yxGnJeIlfhFgCTFBugByPsho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/9Y3yxGnJeIlfhFgCTFBugByPsho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y3yxGnJeIlfhFgCTFBugByPsho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e2:7d:16:4a:3a:e0:3e:5f:38:d2:2b:be:3c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58df2c469c978895f8458024c506e801c8fb21a
        Validity
            Not Before: Jan  2 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3aba4bf2473b5abe4479b2efe4e08e95ea391af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5d:4a:a1:1e:7e:36:ab:20:8c:1d:17:1d:79:
                    69:06:1f:f5:53:b4:62:1b:90:5e:15:a8:44:3c:cb:
                    2f:85:b8:9c:fd:21:4c:7c:f2:79:6d:b2:37:f8:47:
                    01:9f:18:26:08:8c:d4:89:00:f1:57:d5:d6:44:d5:
                    08:64:4d:e4:55:ac:24:cc:27:9b:b6:c1:bb:c7:13:
                    fe:3a:2d:01:16:1c:ac:6a:5d:72:e8:ca:c2:99:51:
                    50:f0:48:2b:43:d0:75:82:6f:2d:f1:2c:d0:b9:91:
                    44:7d:d6:2c:b9:a5:d5:ae:7b:c2:55:a3:04:69:83:
                    0d:17:df:e0:75:94:1e:6f:52:fd:b4:f1:68:a9:c7:
                    36:40:69:83:28:1a:72:c1:14:2a:d5:ac:8d:3d:62:
                    80:40:a0:9f:ae:f7:d9:d8:99:8c:7b:d8:32:65:48:
                    a2:7a:4d:6b:fa:b9:db:70:61:48:2b:44:cd:41:8a:
                    d9:7c:1b:f6:37:c3:5a:88:f6:d9:93:ea:91:93:0e:
                    9f:c8:93:0d:34:5a:6d:62:5c:bf:90:75:30:c2:5e:
                    5c:5c:1a:d2:1f:79:98:69:2f:3b:30:cf:85:8c:b0:
                    ca:b8:9b:17:c3:6f:c1:c8:b0:d3:db:c3:15:66:cb:
                    b4:46:fb:52:3e:98:85:f6:fa:8b:ae:48:e5:6b:fc:
                    f3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:AB:A4:BF:24:73:B5:AB:E4:47:9B:2E:FE:4E:08:E9:5E:A3:91:AF
            X509v3 Authority Key Identifier:
                keyid:F5:8D:F2:C4:69:C9:78:89:5F:84:58:02:4C:50:6E:80:1C:8F:B2:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y3yxGnJeIlfhFgCTFBugByPsho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/06ukvyRztavkR5su_k4I6V6jka8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/1e9621-626e-4032-9b54-76e3349c97c2/1/9Y3yxGnJeIlfhFgCTFBugByPsho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.60.0/22
                IPv6:
                  2a0b:d680::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:32:55:b9:c2:44:a9:d9:19:73:d2:d5:aa:e2:a1:dc:dc:00:
         d0:5d:15:06:d6:56:2a:a6:c1:f2:a1:1a:97:23:0b:21:b7:1c:
         f1:63:e8:4a:9c:ad:bd:d5:82:50:a3:92:22:64:01:f0:8c:83:
         e8:df:11:f4:0e:53:7a:4c:66:78:51:12:96:8c:be:74:85:d4:
         47:fa:ca:aa:39:bd:cf:06:f8:d9:16:a0:46:90:17:dc:88:2a:
         86:4d:47:46:a7:4d:40:5f:0d:9d:99:29:4c:e4:c3:ed:9d:b2:
         29:02:a5:f3:f2:e5:75:1a:c4:78:4b:b4:bc:df:9b:d8:bb:ff:
         cc:12:0c:2b:4b:40:bb:1b:c6:ea:ed:f0:8c:41:65:c7:a2:46:
         b3:20:85:ab:8e:6c:f0:e1:2a:22:1e:0d:c4:eb:44:fb:b5:7a:
         25:91:be:64:ff:b2:bd:9d:33:d3:04:ae:6d:1a:e3:9a:eb:02:
         0a:61:9f:a5:78:6c:9f:46:0f:f8:99:68:45:f5:64:bc:41:5e:
         d7:dc:80:2c:e3:f4:e2:e3:e7:39:d1:56:ea:53:4c:2d:2b:07:
         5b:d0:b5:13:b0:c3:42:da:16:b5:b8:f8:dc:a9:c7:9c:bb:5f:
         91:a6:7f:64:80:6d:09:4b:a7:f3:58:f6:62:af:e2:26:07:64:
         35:ae:30:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk+J9Fko64D5fONIrvjy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGRmMmM0NjljOTc4ODk1Zjg0NTgwMjRjNTA2ZTgwMWM4
ZmIyMWEwHhcNMjQwMTAyMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2FiYTRiZjI0NzNiNWFiZTQ0NzliMmVmZTRlMDhlOTVlYTM5MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF1KoR5+NqsgjB0XHXlpBh/1U7Ri
G5BeFahEPMsvhbic/SFMfPJ5bbI3+EcBnxgmCIzUiQDxV9XWRNUIZE3kVawkzCeb
tsG7xxP+Oi0BFhysal1y6MrCmVFQ8EgrQ9B1gm8t8SzQuZFEfdYsuaXVrnvCVaME
aYMNF9/gdZQeb1L9tPFoqcc2QGmDKBpywRQq1ayNPWKAQKCfrvfZ2JmMe9gyZUii
ek1r+rnbcGFIK0TNQYrZfBv2N8NaiPbZk+qRkw6fyJMNNFptYly/kHUwwl5cXBrS
H3mYaS87MM+FjLDKuJsXw2/ByLDT28MVZsu0RvtSPpiF9vqLrkjla/zz2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNOrpL8kc7Wr5EebLv5OCOleo5GvMB8GA1UdIwQY
MBaAFPWN8sRpyXiJX4RYAkxQboAcj7IaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVkzeXhHbkplSWxmaEZnQ1RGQnVnQnlQc2hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8xZTk2MjEtNjI2ZS00MDMyLTliNTQt
NzZlMzM0OWM5N2MyLzEvMDZ1a3Z5Unp0YXZrUjVzdV9rNEk2VjZqa2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8xZTk2MjEtNjI2ZS00MDMyLTliNTQtNzZlMzM0OWM5N2My
LzEvOVkzeXhHbkplSWxmaEZnQ1RGQnVnQnlQc2hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub08MA0E
AgACMAcDBQAqC9aAMA0GCSqGSIb3DQEBCwUAA4IBAQA/MlW5wkSp2Rlz0tWq4qHc
3ADQXRUG1lYqpsHyoRqXIwshtxzxY+hKnK291YJQo5IiZAHwjIPo3xH0DlN6TGZ4
URKWjL50hdRH+sqqOb3PBvjZFqBGkBfciCqGTUdGp01AXw2dmSlM5MPtnbIpAqXz
8uV1GsR4S7S835vYu//MEgwrS0C7G8bq7fCMQWXHokazIIWrjmzw4SoiHg3E60T7
tXolkb5k/7K9nTPTBK5tGuOa6wIKYZ+leGyfRg/4mWhF9WS8QV7X3IAs4/Ti4+c5
0VbqU0wtKwdb0LUTsMNC2ha1uPjcqcecu1+Rpn9kgG0JS6fzWPZir+ImB2Q1rjB6
-----END CERTIFICATE-----