Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Rg3Un5AgjDFsDkbpnNxt0Agx-54.roa
File:                     Rg3Un5AgjDFsDkbpnNxt0Agx-54.roa (raw, json)
Hash identifier:          2xdqlKAnOPpn8vLfTZcoRI3ChpGLIe3xky5pNyyDg44=
Subject key identifier:   46:0D:D4:9F:90:20:8C:31:6C:0E:46:E9:9C:DC:6D:D0:08:31:FB:9E
Certificate issuer:       /CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
Certificate serial:       018CC8017FCD71E477F15ED734D02624CF07
Authority key identifier: 2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Rg3Un5AgjDFsDkbpnNxt0Agx-54.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.107.197.0/24 maxlen: 24
                          185.107.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7f:cd:71:e4:77:f1:5e:d7:34:d0:26:24:cf:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=460dd49f90208c316c0e46e99cdc6dd00831fb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f1:4c:33:6b:78:74:ca:00:34:6a:22:ad:df:
                    32:43:65:40:b4:44:13:b0:41:ad:44:5c:dc:6b:dc:
                    1a:12:b3:0f:f6:89:1d:b4:20:64:ad:c1:65:42:0e:
                    66:8d:00:7e:7c:2f:69:e6:0b:49:52:c1:63:35:a1:
                    b5:b9:d6:c1:ac:39:4e:d1:56:9e:80:4c:95:0c:c1:
                    cc:3b:ae:92:5b:3f:54:e2:51:47:07:7b:bc:82:38:
                    7a:cf:b8:0c:0e:f2:ba:4e:66:d3:09:ae:9d:11:68:
                    85:fc:82:11:a5:c4:2b:b8:25:cd:14:fb:0e:bf:44:
                    cd:84:b3:72:38:66:c0:ee:b9:32:f1:d6:6f:44:cb:
                    9a:e2:e1:d6:3d:03:5f:f6:4f:15:1e:57:08:08:4f:
                    d2:d5:c0:c5:19:27:2b:79:f4:e7:41:ef:85:7e:06:
                    b0:57:76:3b:4b:b7:a9:b0:87:ce:3b:72:3a:2d:0c:
                    c9:f3:4b:50:a1:d0:05:35:b4:ea:5f:73:79:4d:ac:
                    4c:f4:3f:f4:1f:95:d9:ea:c5:32:8d:ed:d0:c1:11:
                    21:3c:ff:e3:54:f1:c0:e1:52:39:97:07:63:17:86:
                    42:3d:ed:73:52:db:bc:14:94:9b:2f:e9:03:c4:dd:
                    c7:87:28:48:cd:64:0d:3f:3b:b0:d5:4f:ea:3d:cf:
                    a2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0D:D4:9F:90:20:8C:31:6C:0E:46:E9:9C:DC:6D:D0:08:31:FB:9E
            X509v3 Authority Key Identifier:
                keyid:2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Rg3Un5AgjDFsDkbpnNxt0Agx-54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:89:51:57:ce:93:cc:63:38:fc:fb:41:36:3e:b9:0b:b6:db:
         74:5f:ae:f7:58:5e:0f:9a:b4:0d:68:35:dd:cb:ad:a0:47:ef:
         a5:06:be:fb:46:92:b9:d7:28:a2:41:c7:ba:e3:ac:75:3c:8d:
         a5:87:a7:6b:c7:c9:43:86:ef:87:85:50:a2:fa:a8:db:82:1b:
         da:c3:f3:d8:2b:2d:27:54:a8:85:8d:75:f1:53:a0:11:16:76:
         8c:5a:7a:76:9c:42:8f:b5:87:fb:a7:c8:73:39:cd:88:5f:89:
         65:0c:86:88:b4:90:06:a2:f2:56:a2:4c:4b:2b:db:fb:1b:b8:
         16:cd:9e:43:b1:91:d2:d5:c6:51:1a:66:8f:83:9b:b6:d9:ac:
         4c:83:d7:3f:1e:75:53:16:88:93:da:79:b4:29:f4:e3:8c:49:
         60:a0:67:92:9d:3c:6b:6a:b2:2c:f3:0f:4f:c8:c7:53:31:81:
         35:5c:59:07:ef:da:d9:8e:ca:db:81:b0:6d:aa:75:2c:bf:96:
         72:87:f4:83:e9:c7:37:3d:2d:23:8c:4e:d7:ab:f2:56:8f:85:
         f1:34:33:2c:05:77:13:b6:90:a7:90:53:05:52:93:cc:51:1f:
         6c:4f:57:eb:7b:c9:52:99:4b:eb:66:5d:95:06:31:e6:c5:2b:
         08:ba:d1:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAX/NceR38V7XNNAmJM8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjM3YzVhZmZlOTM1NDNhZTJmZTZlMWZmZWQxODIzOTZl
YjliYjMwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBkZDQ5ZjkwMjA4YzMxNmMwZTQ2ZTk5Y2RjNmRkMDA4MzFmYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/FMM2t4dMoANGoird8yQ2VAtEQT
sEGtRFzca9waErMP9okdtCBkrcFlQg5mjQB+fC9p5gtJUsFjNaG1udbBrDlO0Vae
gEyVDMHMO66SWz9U4lFHB3u8gjh6z7gMDvK6TmbTCa6dEWiF/IIRpcQruCXNFPsO
v0TNhLNyOGbA7rky8dZvRMua4uHWPQNf9k8VHlcICE/S1cDFGScrefTnQe+Ffgaw
V3Y7S7epsIfOO3I6LQzJ80tQodAFNbTqX3N5TaxM9D/0H5XZ6sUyje3QwREhPP/j
VPHA4VI5lwdjF4ZCPe1zUtu8FJSbL+kDxN3HhyhIzWQNPzuw1U/qPc+i/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYN1J+QIIwxbA5G6ZzcbdAIMfueMB8GA1UdIwQY
MBaAFCsjfFr/6TVDri/m4f/tGCOW65uzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEt
MTQ3MDJhNGQyNjYwLzEvUmczVW41QWdqREZzRGticG5OeHQwQWd4LTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEtMTQ3MDJhNGQyNjYw
LzEvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWvEMA0G
CSqGSIb3DQEBCwUAA4IBAQA0iVFXzpPMYzj8+0E2PrkLttt0X673WF4PmrQNaDXd
y62gR++lBr77RpK51yiiQce646x1PI2lh6drx8lDhu+HhVCi+qjbghvaw/PYKy0n
VKiFjXXxU6ARFnaMWnp2nEKPtYf7p8hzOc2IX4llDIaItJAGovJWokxLK9v7G7gW
zZ5DsZHS1cZRGmaPg5u22axMg9c/HnVTFoiT2nm0KfTjjElgoGeSnTxrarIs8w9P
yMdTMYE1XFkH79rZjsrbgbBtqnUsv5Zyh/SD6cc3PS0jjE7Xq/JWj4XxNDMsBXcT
tpCnkFMFUpPMUR9sT1fre8lSmUvrZl2VBjHmxSsIutG2
-----END CERTIFICATE-----