Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/621tlFJD5YksBp3oGB0A5kdHiDU.roa
File:                     621tlFJD5YksBp3oGB0A5kdHiDU.roa (raw, json)
Hash identifier:          3bTM/Q8qlCa+VgmspIcUF/QULFFi7zCCIDBrfnEztWk=
Subject key identifier:   EB:6D:6D:94:52:43:E5:89:2C:06:9D:E8:18:1D:00:E6:47:47:88:35
Certificate issuer:       /CN=0ff8f94454f6ca6a7d70be455b2d6405f98fbcce
Certificate serial:       018CC649F64E940A065ABD7B1B4796E4B1FB
Authority key identifier: 0F:F8:F9:44:54:F6:CA:6A:7D:70:BE:45:5B:2D:64:05:F9:8F:BC:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_j5RFT2ymp9cL5FWy1kBfmPvM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/621tlFJD5YksBp3oGB0A5kdHiDU.roa
Signing time:             Mon 01 Jan 2024 18:29:45 +0000
ROA not before:           Mon 01 Jan 2024 18:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        185.99.199.0/24 maxlen: 24
                          185.99.196.0/24 maxlen: 24
                          185.99.197.0/24 maxlen: 24
                          185.99.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/D_j5RFT2ymp9cL5FWy1kBfmPvM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/D_j5RFT2ymp9cL5FWy1kBfmPvM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_j5RFT2ymp9cL5FWy1kBfmPvM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f6:4e:94:0a:06:5a:bd:7b:1b:47:96:e4:b1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff8f94454f6ca6a7d70be455b2d6405f98fbcce
        Validity
            Not Before: Jan  1 18:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb6d6d945243e5892c069de8181d00e647478835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9a:e4:72:d0:21:6d:3b:71:b5:01:b1:bd:1d:
                    03:3d:ad:ae:01:b1:01:95:0a:57:49:09:2f:e4:5e:
                    e5:18:38:00:64:2d:d1:7f:51:23:6d:a8:0e:80:99:
                    6d:05:90:94:7f:3a:e7:97:d3:2b:74:55:ac:c4:25:
                    dd:04:fb:26:99:71:1c:57:31:9f:7a:6d:6c:5a:62:
                    6d:11:56:34:25:d8:fc:42:00:23:38:5d:df:f2:7f:
                    d6:96:32:7d:d1:49:2f:04:66:78:93:bb:67:d4:7d:
                    d7:f0:ea:19:94:70:17:66:a4:9b:5a:2a:d5:7b:ce:
                    f9:68:3e:5d:fe:fc:3c:81:ca:e9:fe:20:cc:ab:97:
                    bd:86:18:b6:87:fa:8f:b9:60:75:2b:9e:a6:fc:1e:
                    d9:0c:5f:95:c4:2c:17:d8:91:08:f7:5f:bd:80:b2:
                    08:57:30:fd:04:40:c5:75:99:a8:a7:92:02:fb:8d:
                    c0:1c:d0:00:95:ad:71:a6:bb:96:2a:c8:b7:e8:42:
                    f3:51:05:60:0e:72:83:51:19:93:d9:93:98:0d:e1:
                    ab:fd:e2:9b:3d:74:e2:7d:75:4a:76:a7:58:2a:7b:
                    cf:f4:57:8f:39:9f:37:9d:77:50:97:c4:5b:9e:05:
                    43:72:8c:57:6f:8b:28:50:7f:5b:49:16:9b:df:f3:
                    46:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:6D:6D:94:52:43:E5:89:2C:06:9D:E8:18:1D:00:E6:47:47:88:35
            X509v3 Authority Key Identifier:
                keyid:0F:F8:F9:44:54:F6:CA:6A:7D:70:BE:45:5B:2D:64:05:F9:8F:BC:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_j5RFT2ymp9cL5FWy1kBfmPvM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/621tlFJD5YksBp3oGB0A5kdHiDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1b1df-750a-4732-b783-e8619aa75680/1/D_j5RFT2ymp9cL5FWy1kBfmPvM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:fb:f9:56:87:7a:2e:12:31:32:d6:cc:5b:49:be:6f:99:18:
         02:8c:27:eb:4c:fa:7d:29:17:99:9e:6a:32:8c:52:4d:70:ab:
         fc:68:94:da:ab:e6:97:16:7c:bc:36:4d:0c:a8:17:a7:5e:0b:
         94:60:b7:c5:61:c5:4c:0e:bd:ae:38:82:46:d9:a9:28:73:41:
         fd:90:e3:0b:c6:eb:ba:60:e1:6a:f3:60:b1:46:79:94:6b:f8:
         e5:1d:97:48:c9:c3:2b:4c:91:dc:9a:a0:b9:42:64:9b:34:d9:
         62:89:68:68:08:1f:7e:a8:16:22:1b:64:9b:76:ed:aa:fc:6b:
         39:48:c0:be:45:a2:bb:e8:68:f5:ae:7c:95:34:2d:4d:80:c0:
         7c:32:5a:c7:12:93:2f:6e:2c:9c:b5:94:cb:0c:a2:34:3e:ea:
         0c:f5:e7:4a:93:e0:7a:15:1a:89:4d:8c:3e:5e:ed:ff:4b:60:
         96:d1:5f:75:37:97:89:d1:b1:ce:f4:b4:bb:84:b9:d4:75:a4:
         b2:41:0a:db:91:57:4a:02:65:1e:a9:fe:73:ae:d8:f6:d3:19:
         14:41:a3:72:62:02:c3:d6:3e:54:ef:d5:36:92:1f:03:a1:35:
         ad:98:11:5f:fe:e2:a6:41:ea:66:07:b4:a1:0d:20:eb:53:d8:
         a0:d7:15:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSfZOlAoGWr17G0eW5LH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjhmOTQ0NTRmNmNhNmE3ZDcwYmU0NTViMmQ2NDA1Zjk4
ZmJjY2UwHhcNMjQwMTAxMTgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjZkNmQ5NDUyNDNlNTg5MmMwNjlkZTgxODFkMDBlNjQ3NDc4ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5rkctAhbTtxtQGxvR0DPa2uAbEB
lQpXSQkv5F7lGDgAZC3Rf1EjbagOgJltBZCUfzrnl9MrdFWsxCXdBPsmmXEcVzGf
em1sWmJtEVY0Jdj8QgAjOF3f8n/WljJ90UkvBGZ4k7tn1H3X8OoZlHAXZqSbWirV
e875aD5d/vw8gcrp/iDMq5e9hhi2h/qPuWB1K56m/B7ZDF+VxCwX2JEI91+9gLII
VzD9BEDFdZmop5IC+43AHNAAla1xpruWKsi36ELzUQVgDnKDURmT2ZOYDeGr/eKb
PXTifXVKdqdYKnvP9FePOZ83nXdQl8RbngVDcoxXb4soUH9bSRab3/NGJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOttbZRSQ+WJLAad6BgdAOZHR4g1MB8GA1UdIwQY
MBaAFA/4+URU9spqfXC+RVstZAX5j7zOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9qNVJGVDJ5bXA5Y0w1Rld5MWtCZm1Qdk00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMWIxZGYtNzUwYS00NzMyLWI3ODMt
ZTg2MTlhYTc1NjgwLzEvNjIxdGxGSkQ1WWtzQnAzb0dCMEE1a2RIaURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMWIxZGYtNzUwYS00NzMyLWI3ODMtZTg2MTlhYTc1Njgw
LzEvRF9qNVJGVDJ5bXA5Y0w1Rld5MWtCZm1Qdk00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBC+/lWh3ouEjEy1sxbSb5vmRgCjCfrTPp9KReZnmoy
jFJNcKv8aJTaq+aXFny8Nk0MqBenXguUYLfFYcVMDr2uOIJG2akoc0H9kOMLxuu6
YOFq82CxRnmUa/jlHZdIycMrTJHcmqC5QmSbNNliiWhoCB9+qBYiG2Sbdu2q/Gs5
SMC+RaK76Gj1rnyVNC1NgMB8MlrHEpMvbiyctZTLDKI0PuoM9edKk+B6FRqJTYw+
Xu3/S2CW0V91N5eJ0bHO9LS7hLnUdaSyQQrbkVdKAmUeqf5zrtj20xkUQaNyYgLD
1j5U79U2kh8DoTWtmBFf/uKmQepmB7ShDSDrU9ig1xUq
-----END CERTIFICATE-----