Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/71pKUD58AydOaExs5YStKg5RgYA.roa
File:                     71pKUD58AydOaExs5YStKg5RgYA.roa (raw, json)
Hash identifier:          1S/+b+7aBmbBVYSTGcnBdXeC+Nd9OCjLHIlFzBCaweg=
Subject key identifier:   EF:5A:4A:50:3E:7C:03:27:4E:68:4C:6C:E5:84:AD:2A:0E:51:81:80
Certificate issuer:       /CN=11eecd71c193e4ac30ed03d0b9f05da101c603d2
Certificate serial:       018CC94E4EEA16BDD0EDF0F4B1F757A4F9A9
Authority key identifier: 11:EE:CD:71:C1:93:E4:AC:30:ED:03:D0:B9:F0:5D:A1:01:C6:03:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ee7NccGT5Kww7QPQufBdoQHGA9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/71pKUD58AydOaExs5YStKg5RgYA.roa
Signing time:             Tue 02 Jan 2024 08:33:21 +0000
ROA not before:           Tue 02 Jan 2024 08:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210876
IP address blocks:        185.236.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/Ee7NccGT5Kww7QPQufBdoQHGA9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/Ee7NccGT5Kww7QPQufBdoQHGA9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ee7NccGT5Kww7QPQufBdoQHGA9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4e:ea:16:bd:d0:ed:f0:f4:b1:f7:57:a4:f9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11eecd71c193e4ac30ed03d0b9f05da101c603d2
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef5a4a503e7c03274e684c6ce584ad2a0e518180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1c:d0:62:94:ca:3c:a3:7f:09:b4:d3:a2:ac:
                    b8:13:e0:65:c4:64:f3:14:2b:8b:20:ce:06:c1:26:
                    57:53:11:51:a5:c5:64:13:c2:34:02:79:b2:92:3f:
                    12:9a:8d:fc:c9:1e:a5:de:9b:98:5f:e0:db:28:c6:
                    53:18:b3:56:22:c8:d2:20:fe:51:f7:95:2f:76:5e:
                    24:47:f2:26:57:9e:0f:79:77:44:91:fc:11:4c:c8:
                    8d:9e:c9:c7:3a:a3:e6:bc:11:2c:ad:32:5c:10:f7:
                    db:e5:c5:fb:2f:ab:1f:cc:00:e2:8f:90:fd:42:82:
                    f1:1b:9e:1a:fd:aa:8f:ce:38:66:2d:96:b3:61:92:
                    c3:ab:6f:85:38:30:c5:41:da:83:dc:5f:e8:52:3e:
                    99:73:c6:a3:05:2e:e9:14:2c:d8:41:a7:39:1c:77:
                    e2:83:da:a5:66:7b:60:c3:30:75:b6:5e:03:18:bc:
                    d2:48:b5:8f:fd:77:ad:cf:3a:e1:aa:d3:0b:c5:32:
                    bd:d6:00:4c:84:2e:a3:56:7c:b5:ab:8c:94:c8:6f:
                    b9:75:d9:e5:00:3a:34:8a:1c:99:e6:b1:e8:7e:73:
                    88:df:31:c7:c9:55:46:75:74:ea:76:38:9b:ed:09:
                    14:2c:3b:a6:a4:fe:a3:3f:44:76:3a:aa:7a:3b:62:
                    e6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:5A:4A:50:3E:7C:03:27:4E:68:4C:6C:E5:84:AD:2A:0E:51:81:80
            X509v3 Authority Key Identifier:
                keyid:11:EE:CD:71:C1:93:E4:AC:30:ED:03:D0:B9:F0:5D:A1:01:C6:03:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ee7NccGT5Kww7QPQufBdoQHGA9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/71pKUD58AydOaExs5YStKg5RgYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4fd95a-5157-4a1b-b868-138995c99b97/1/Ee7NccGT5Kww7QPQufBdoQHGA9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:fd:61:a2:42:e8:c6:3d:b5:fe:48:d5:a7:63:bd:a2:d9:2c:
         cc:6e:62:d5:65:4a:3c:22:23:70:6c:33:97:73:0b:67:0e:e2:
         f2:2e:be:72:bd:aa:50:67:8a:75:8f:bd:42:a7:0f:8f:17:a6:
         a7:10:ea:4d:2d:48:8f:fc:4d:ae:26:40:df:7b:cd:4a:02:f8:
         2e:f5:e5:28:c4:d5:db:e9:ec:d4:3b:f0:af:0a:69:cd:f0:32:
         59:d3:6d:37:39:51:f1:d8:b6:f4:6a:63:f9:f7:1e:08:93:d5:
         24:5a:6d:b9:ad:78:b5:1a:bd:00:90:2d:02:e7:6a:6e:40:ae:
         fe:33:ca:48:2c:81:98:64:22:a4:11:d2:4c:ae:e7:3b:e7:b8:
         4f:cf:21:0e:0b:a2:64:15:f8:19:6d:95:47:39:a3:a9:c3:0e:
         fe:53:6b:ce:70:52:0c:fa:6d:11:a5:b6:9c:0a:fe:f4:b9:ff:
         3c:b6:4c:f0:47:49:d4:0f:19:81:13:4f:db:9d:71:24:3f:7d:
         94:6b:ea:88:1b:b4:f3:00:55:39:5a:87:75:44:15:1b:32:4b:
         86:67:c4:28:f7:21:f8:71:2b:0b:54:53:5b:45:1f:bf:bd:88:
         3d:32:14:ba:fe:45:55:14:be:dd:cf:61:73:af:aa:1d:a0:73:
         5b:3e:48:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTk7qFr3Q7fD0sfdXpPmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZWVjZDcxYzE5M2U0YWMzMGVkMDNkMGI5ZjA1ZGExMDFj
NjAzZDIwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjVhNGE1MDNlN2MwMzI3NGU2ODRjNmNlNTg0YWQyYTBlNTE4MTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxzQYpTKPKN/CbTToqy4E+BlxGTz
FCuLIM4GwSZXUxFRpcVkE8I0Anmykj8Smo38yR6l3puYX+DbKMZTGLNWIsjSIP5R
95Uvdl4kR/ImV54PeXdEkfwRTMiNnsnHOqPmvBEsrTJcEPfb5cX7L6sfzADij5D9
QoLxG54a/aqPzjhmLZazYZLDq2+FODDFQdqD3F/oUj6Zc8ajBS7pFCzYQac5HHfi
g9qlZntgwzB1tl4DGLzSSLWP/XetzzrhqtMLxTK91gBMhC6jVny1q4yUyG+5ddnl
ADo0ihyZ5rHofnOI3zHHyVVGdXTqdjib7QkULDumpP6jP0R2Oqp6O2LmaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9aSlA+fAMnTmhMbOWErSoOUYGAMB8GA1UdIwQY
MBaAFBHuzXHBk+SsMO0D0LnwXaEBxgPSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWU3TmNjR1Q1S3d3N1FQUXVmQmRvUUhHQTlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80ZmQ5NWEtNTE1Ny00YTFiLWI4Njgt
MTM4OTk1Yzk5Yjk3LzEvNzFwS1VENThBeWRPYUV4czVZU3RLZzVSZ1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80ZmQ5NWEtNTE1Ny00YTFiLWI4NjgtMTM4OTk1Yzk5Yjk3
LzEvRWU3TmNjR1Q1S3d3N1FQUXVmQmRvUUhHQTlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuewYMA0G
CSqGSIb3DQEBCwUAA4IBAQBw/WGiQujGPbX+SNWnY72i2SzMbmLVZUo8IiNwbDOX
cwtnDuLyLr5yvapQZ4p1j71Cpw+PF6anEOpNLUiP/E2uJkDfe81KAvgu9eUoxNXb
6ezUO/CvCmnN8DJZ0203OVHx2Lb0amP59x4Ik9UkWm25rXi1Gr0AkC0C52puQK7+
M8pILIGYZCKkEdJMruc757hPzyEOC6JkFfgZbZVHOaOpww7+U2vOcFIM+m0Rpbac
Cv70uf88tkzwR0nUDxmBE0/bnXEkP32Ua+qIG7TzAFU5Wod1RBUbMkuGZ8Qo9yH4
cSsLVFNbRR+/vYg9MhS6/kVVFL7dz2Fzr6odoHNbPkjb
-----END CERTIFICATE-----