Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/6bhCteonUaYq3N8YAVIXEF-v1lc.roa
File:                     6bhCteonUaYq3N8YAVIXEF-v1lc.roa (raw, json)
Hash identifier:          LQi50V8UgfI4VSYQXERdCEV8Rmc/2hcTy/UG13v57lk=
Subject key identifier:   E9:B8:42:B5:EA:27:51:A6:2A:DC:DF:18:01:52:17:10:5F:AF:D6:57
Certificate issuer:       /CN=c8cc8bda0c63e7d2d65c19ed7043b5a2d791c1f1
Certificate serial:       018DA793744FD6620B7C9E265EAFD2FFC121
Authority key identifier: C8:CC:8B:DA:0C:63:E7:D2:D6:5C:19:ED:70:43:B5:A2:D7:91:C1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/6bhCteonUaYq3N8YAVIXEF-v1lc.roa
Signing time:             Wed 14 Feb 2024 12:24:35 +0000
ROA not before:           Wed 14 Feb 2024 12:24:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41183
IP address blocks:        194.140.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:93:74:4f:d6:62:0b:7c:9e:26:5e:af:d2:ff:c1:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8cc8bda0c63e7d2d65c19ed7043b5a2d791c1f1
        Validity
            Not Before: Feb 14 12:24:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9b842b5ea2751a62adcdf18015217105fafd657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7c:43:06:0a:09:3b:dd:bd:09:2f:ea:f2:c4:
                    c6:2b:66:71:1d:80:f4:2e:0e:ac:e3:a4:44:a7:71:
                    79:a4:11:09:22:d3:99:71:99:6e:fd:fd:3e:25:2c:
                    46:50:e9:b4:ba:fd:29:43:ec:0e:98:86:a3:96:fc:
                    bc:a6:b4:b4:87:91:f9:37:74:d0:64:db:9a:89:2c:
                    c0:a4:c4:43:6b:9b:d3:7f:50:6b:a5:40:e6:39:83:
                    4b:e7:89:57:a0:e5:75:cc:ac:17:0f:58:eb:68:25:
                    c7:eb:4b:7b:76:c1:2c:56:24:b2:fc:ad:df:bc:9e:
                    1e:ae:a4:45:12:2e:a1:40:d1:da:88:fa:f7:26:4b:
                    3f:80:a5:ed:b4:7a:24:78:6d:35:61:37:36:f1:1c:
                    0a:98:9e:eb:7a:28:a2:9f:f3:a0:29:d3:97:fe:43:
                    ad:da:35:c9:f4:6b:10:34:0c:6c:9b:0b:39:22:11:
                    2c:2f:fa:43:4b:90:49:d3:51:f1:db:92:a7:f8:54:
                    19:df:34:52:61:2a:d4:d1:45:51:7b:cf:ce:20:ec:
                    2f:5b:ac:aa:20:53:b3:3e:4a:68:b1:ac:f1:b9:9f:
                    9a:30:28:b5:ed:a2:45:6d:27:f3:14:3b:6f:e1:cd:
                    45:52:7f:bd:67:6e:9c:c3:6d:0b:f4:89:8c:31:a6:
                    20:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B8:42:B5:EA:27:51:A6:2A:DC:DF:18:01:52:17:10:5F:AF:D6:57
            X509v3 Authority Key Identifier:
                keyid:C8:CC:8B:DA:0C:63:E7:D2:D6:5C:19:ED:70:43:B5:A2:D7:91:C1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMyL2gxj59LWXBntcEO1oteRwfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/6bhCteonUaYq3N8YAVIXEF-v1lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c7417c-4cab-4d51-b5ad-e30387b3f211/1/yMyL2gxj59LWXBntcEO1oteRwfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:71:50:5c:30:b7:64:2d:92:c6:6e:a1:61:16:d9:ca:83:aa:
         b5:aa:21:94:5a:ce:91:a7:58:8d:fa:23:4d:7d:6a:1d:e1:24:
         b4:5d:b8:5d:08:e5:2e:fb:33:59:51:88:1a:99:df:d3:2f:e5:
         e0:1e:5a:a0:37:36:11:81:7f:9a:98:bc:55:5a:67:f1:f8:5f:
         e0:26:35:8d:56:51:88:70:27:46:a4:93:ed:d6:fe:60:1e:fb:
         7a:e7:1c:8f:f6:91:11:f4:0b:73:ff:d3:56:5e:32:f9:7d:d1:
         f7:58:5b:e1:64:50:fd:6e:1d:dd:81:ee:e5:79:a1:6e:76:0f:
         06:44:44:33:36:46:8e:d2:dd:e0:46:4b:cf:49:cf:3c:3b:c4:
         5b:b7:33:bc:1e:80:fe:78:3e:ef:5b:86:4a:6b:b0:31:24:52:
         74:db:df:a1:74:8a:3c:f5:72:a0:85:69:78:39:92:dc:05:21:
         71:51:e9:71:5a:11:33:62:5e:a7:c0:33:d6:59:70:11:2a:3f:
         8c:72:40:83:36:60:7b:f9:4d:c0:5f:f9:9e:c4:24:50:51:bb:
         46:08:95:ff:b5:bd:3f:c3:c3:04:16:06:c9:5d:37:4d:ac:50:
         3c:c5:53:27:44:ca:a1:0c:6e:30:2a:6d:55:ed:b3:e1:b4:fb:
         6c:a9:5b:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nk3RP1mILfJ4mXq/S/8EhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4Y2M4YmRhMGM2M2U3ZDJkNjVjMTllZDcwNDNiNWEyZDc5
MWMxZjEwHhcNMjQwMjE0MTIyNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWI4NDJiNWVhMjc1MWE2MmFkY2RmMTgwMTUyMTcxMDVmYWZkNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHxDBgoJO929CS/q8sTGK2ZxHYD0
Lg6s46REp3F5pBEJItOZcZlu/f0+JSxGUOm0uv0pQ+wOmIajlvy8prS0h5H5N3TQ
ZNuaiSzApMRDa5vTf1BrpUDmOYNL54lXoOV1zKwXD1jraCXH60t7dsEsViSy/K3f
vJ4erqRFEi6hQNHaiPr3Jks/gKXttHokeG01YTc28RwKmJ7reiiin/OgKdOX/kOt
2jXJ9GsQNAxsmws5IhEsL/pDS5BJ01Hx25Kn+FQZ3zRSYSrU0UVRe8/OIOwvW6yq
IFOzPkposazxuZ+aMCi17aJFbSfzFDtv4c1FUn+9Z26cw20L9ImMMaYgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOm4QrXqJ1GmKtzfGAFSFxBfr9ZXMB8GA1UdIwQY
MBaAFMjMi9oMY+fS1lwZ7XBDtaLXkcHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU15TDJneGo1OUxXWEJudGNFTzFvdGVSd2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9jNzQxN2MtNGNhYi00ZDUxLWI1YWQt
ZTMwMzg3YjNmMjExLzEvNmJoQ3Rlb25VYVlxM044WUFWSVhFRi12MWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9jNzQxN2MtNGNhYi00ZDUxLWI1YWQtZTMwMzg3YjNmMjEx
LzEveU15TDJneGo1OUxXWEJudGNFTzFvdGVSd2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwoz4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhcVBcMLdkLZLGbqFhFtnKg6q1qiGUWs6Rp1iN+iNN
fWod4SS0XbhdCOUu+zNZUYgamd/TL+XgHlqgNzYRgX+amLxVWmfx+F/gJjWNVlGI
cCdGpJPt1v5gHvt65xyP9pER9Atz/9NWXjL5fdH3WFvhZFD9bh3dge7leaFudg8G
REQzNkaO0t3gRkvPSc88O8RbtzO8HoD+eD7vW4ZKa7AxJFJ029+hdIo89XKghWl4
OZLcBSFxUelxWhEzYl6nwDPWWXARKj+MckCDNmB7+U3AX/mexCRQUbtGCJX/tb0/
w8MEFgbJXTdNrFA8xVMnRMqhDG4wKm1V7bPhtPtsqVvR
-----END CERTIFICATE-----