Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/kYmtXfUc5PRc1gr0SUmPa32oWV4.roa
File:                     kYmtXfUc5PRc1gr0SUmPa32oWV4.roa (raw, json)
Hash identifier:          tEktmtrl/M5ciELGgyjiAg4gHGsV1sLw+1RcWnhouP0=
Subject key identifier:   91:89:AD:5D:F5:1C:E4:F4:5C:D6:0A:F4:49:49:8F:6B:7D:A8:59:5E
Certificate issuer:       /CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
Certificate serial:       018CC4249697737CA5829A3EE40F542189F3
Authority key identifier: E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/kYmtXfUc5PRc1gr0SUmPa32oWV4.roa
Signing time:             Mon 01 Jan 2024 08:29:41 +0000
ROA not before:           Mon 01 Jan 2024 08:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211563
IP address blocks:        185.27.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:96:97:73:7c:a5:82:9a:3e:e4:0f:54:21:89:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
        Validity
            Not Before: Jan  1 08:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9189ad5df51ce4f45cd60af449498f6b7da8595e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:99:80:65:c9:bc:47:48:bd:ba:58:d0:c4:
                    ac:3c:c8:cf:20:05:dd:6f:aa:78:a7:fe:8a:6d:46:
                    6d:93:fd:66:0e:b7:21:e5:ae:dc:4f:9e:0f:e1:77:
                    9a:7c:c2:8a:49:24:d4:9f:9d:5d:35:d5:97:64:c0:
                    91:57:64:60:96:d4:7e:90:1a:87:6d:e3:a5:a7:32:
                    6c:59:09:e5:06:bb:23:39:98:79:6f:79:c0:07:46:
                    bb:90:97:6d:6e:d5:24:c4:be:b0:8c:3a:51:60:96:
                    dc:55:83:b5:3e:83:51:d2:90:08:aa:a6:eb:92:c4:
                    e0:89:ee:ff:f3:56:ac:af:b2:e9:89:7d:43:ec:36:
                    b2:ee:47:50:aa:59:8f:7b:bf:a2:e6:23:4b:61:40:
                    31:67:22:86:b5:f4:cb:0e:32:84:f9:2d:75:45:8e:
                    d6:6b:97:9b:82:6f:81:3e:da:70:b1:7c:9d:6f:51:
                    d5:43:9f:d0:ac:7e:85:25:54:19:09:7e:ee:75:99:
                    9e:40:0c:a7:33:7d:99:5f:3b:98:31:c3:7f:ae:cd:
                    90:23:0e:ec:49:bf:89:34:6f:be:9f:8a:c3:6c:1e:
                    80:43:77:3a:60:66:d9:61:6c:12:92:79:2c:70:18:
                    75:32:3c:81:52:df:2d:88:b2:67:2a:d6:c9:07:01:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:89:AD:5D:F5:1C:E4:F4:5C:D6:0A:F4:49:49:8F:6B:7D:A8:59:5E
            X509v3 Authority Key Identifier:
                keyid:E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/kYmtXfUc5PRc1gr0SUmPa32oWV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:80:4d:02:e0:41:9e:75:47:a5:3e:e5:c0:d3:e1:a8:4a:5c:
         88:c0:1b:7e:fa:d2:5d:b4:f5:40:97:f4:a0:a1:4c:2d:06:60:
         f4:7b:2a:5a:0b:a3:55:34:6d:7a:95:a8:43:62:98:68:05:10:
         bd:de:16:35:42:1d:73:76:c9:7b:20:d4:e6:6d:f0:49:06:bc:
         d8:91:67:6f:94:99:b9:47:47:e3:fb:10:2a:fa:51:68:9b:a8:
         82:07:a3:96:9e:2c:d7:eb:1e:ed:e2:ef:48:53:b5:46:d4:3c:
         ad:02:bf:96:c2:0a:cb:fb:eb:50:f8:b5:5d:c7:a9:c3:57:dd:
         74:d1:58:cb:9e:de:88:83:10:f0:c0:dd:e1:53:d8:e4:ab:43:
         8d:80:43:9a:0e:41:82:3d:5f:11:f5:75:41:a3:6b:92:d2:0f:
         3e:43:2e:78:ea:71:42:b1:57:bf:24:3f:ea:07:6c:ee:bb:96:
         26:b0:59:40:d4:3a:c0:5f:3a:34:4b:4d:03:23:30:f0:cb:b7:
         da:68:bf:e2:35:e5:bd:c4:5f:07:34:d0:e9:d3:5d:38:35:87:
         fd:df:61:63:38:5d:60:52:2c:90:96:16:02:ea:eb:0a:d0:d7:
         50:46:9d:26:af:8d:3b:49:13:a4:fe:47:ef:59:4d:fe:86:66:
         62:03:d8:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJJaXc3ylgpo+5A9UIYnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MjA0NDZmNzlmZmMyZDdjM2E5ZWYzNDBjZTlkZTI1NzIz
YTcxOWEwHhcNMjQwMTAxMDgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTg5YWQ1ZGY1MWNlNGY0NWNkNjBhZjQ0OTQ5OGY2YjdkYTg1OTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG+ZgGXJvEdIvbpY0MSsPMjPIAXd
b6p4p/6KbUZtk/1mDrch5a7cT54P4XeafMKKSSTUn51dNdWXZMCRV2RgltR+kBqH
beOlpzJsWQnlBrsjOZh5b3nAB0a7kJdtbtUkxL6wjDpRYJbcVYO1PoNR0pAIqqbr
ksTgie7/81asr7LpiX1D7Day7kdQqlmPe7+i5iNLYUAxZyKGtfTLDjKE+S11RY7W
a5ebgm+BPtpwsXydb1HVQ5/QrH6FJVQZCX7udZmeQAynM32ZXzuYMcN/rs2QIw7s
Sb+JNG++n4rDbB6AQ3c6YGbZYWwSknkscBh1MjyBUt8tiLJnKtbJBwFYYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGJrV31HOT0XNYK9ElJj2t9qFleMB8GA1UdIwQY
MBaAFOUgRG95/8LXw6nvNAzp3iVyOnGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMt
MGUwZTEzN2U1NTkxLzEva1ltdFhmVWM1UFJjMWdyMFNVbVBhMzJvV1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMtMGUwZTEzN2U1NTkx
LzEvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRtSMA0G
CSqGSIb3DQEBCwUAA4IBAQB6gE0C4EGedUelPuXA0+GoSlyIwBt++tJdtPVAl/Sg
oUwtBmD0eypaC6NVNG16lahDYphoBRC93hY1Qh1zdsl7INTmbfBJBrzYkWdvlJm5
R0fj+xAq+lFom6iCB6OWnizX6x7t4u9IU7VG1DytAr+WwgrL++tQ+LVdx6nDV910
0VjLnt6IgxDwwN3hU9jkq0ONgEOaDkGCPV8R9XVBo2uS0g8+Qy546nFCsVe/JD/q
B2zuu5YmsFlA1DrAXzo0S00DIzDwy7faaL/iNeW9xF8HNNDp0104NYf932FjOF1g
UiyQlhYC6usK0NdQRp0mr407SROk/kfvWU3+hmZiA9gW
-----END CERTIFICATE-----