Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/i27mq1CUnj4ZbV-HaQCSWKsxFwI.roa
File:                     i27mq1CUnj4ZbV-HaQCSWKsxFwI.roa (raw, json)
Hash identifier:          76qOsFSUDJNYOI0XGoTIXHu6SUK5rzvRad3cdcWKd78=
Subject key identifier:   8B:6E:E6:AB:50:94:9E:3E:19:6D:5F:87:69:00:92:58:AB:31:17:02
Certificate issuer:       /CN=9b97c22d0b338a8a45aa1345b0917ba0dc973390
Certificate serial:       018CC3B710592C4084D45908E1DD983884DE
Authority key identifier: 9B:97:C2:2D:0B:33:8A:8A:45:AA:13:45:B0:91:7B:A0:DC:97:33:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5fCLQsziopFqhNFsJF7oNyXM5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/i27mq1CUnj4ZbV-HaQCSWKsxFwI.roa
Signing time:             Mon 01 Jan 2024 06:30:03 +0000
ROA not before:           Mon 01 Jan 2024 06:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399471
IP address blocks:        185.126.34.0/24 maxlen: 24
                          185.28.37.0/24 maxlen: 24
                          185.28.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/m5fCLQsziopFqhNFsJF7oNyXM5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/m5fCLQsziopFqhNFsJF7oNyXM5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m5fCLQsziopFqhNFsJF7oNyXM5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:10:59:2c:40:84:d4:59:08:e1:dd:98:38:84:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b97c22d0b338a8a45aa1345b0917ba0dc973390
        Validity
            Not Before: Jan  1 06:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b6ee6ab50949e3e196d5f8769009258ab311702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:19:15:21:8c:f5:99:09:dc:26:fa:85:dc:64:
                    13:82:65:39:ce:82:7b:51:e1:88:74:22:22:a4:e4:
                    03:31:d6:59:3c:5d:0c:3e:aa:45:b8:e2:93:44:9a:
                    9b:d6:2a:0f:cd:0b:cd:86:4a:fd:af:6f:31:04:27:
                    2f:3e:bd:dc:7a:dd:6a:14:14:54:50:a0:38:92:2e:
                    59:fb:62:79:fd:a2:77:1b:f7:89:6b:89:1c:5b:87:
                    05:8d:04:05:21:70:e3:13:46:df:4a:75:14:dc:3e:
                    39:d7:ab:d2:5f:37:48:02:76:bb:5b:1f:fe:26:e5:
                    a3:2d:c3:82:b1:51:fb:fb:e7:d5:e8:10:ac:e4:05:
                    c5:7b:50:bd:98:5a:60:a1:f5:3e:6a:1d:fe:aa:67:
                    a4:b6:78:fd:10:af:37:9a:04:da:2a:dd:38:be:58:
                    ae:db:ce:93:ae:75:79:87:17:48:b2:8a:a0:fd:93:
                    b0:cf:50:c3:fa:c2:f1:98:4a:4c:b3:ac:67:f9:82:
                    5b:d0:64:5b:aa:35:7e:1d:29:cc:a4:c0:c4:32:8e:
                    53:66:83:51:c0:e8:d9:1f:a7:7b:6a:48:6f:a0:f4:
                    9c:db:2f:ca:bb:3f:1f:ad:43:fe:6c:e7:9a:93:a4:
                    b1:17:03:f3:3e:75:62:23:bf:41:28:a4:b4:a6:69:
                    8d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6E:E6:AB:50:94:9E:3E:19:6D:5F:87:69:00:92:58:AB:31:17:02
            X509v3 Authority Key Identifier:
                keyid:9B:97:C2:2D:0B:33:8A:8A:45:AA:13:45:B0:91:7B:A0:DC:97:33:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5fCLQsziopFqhNFsJF7oNyXM5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/i27mq1CUnj4ZbV-HaQCSWKsxFwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e2258d-8bc5-44ed-8073-ae999ed7c5d4/1/m5fCLQsziopFqhNFsJF7oNyXM5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.37.0/24
                  185.28.39.0/24
                  185.126.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:6c:57:99:50:9e:6b:81:45:a9:cd:04:44:d2:6e:ef:d7:d4:
         c5:b5:35:34:e4:c3:d2:83:59:e4:45:72:2f:88:00:eb:bb:42:
         2c:3a:71:4b:fa:72:14:a2:79:f3:4f:8c:01:97:3e:d2:cc:f7:
         80:3b:88:ed:6c:af:a8:d9:60:63:e6:98:33:19:33:4d:f2:d4:
         dd:1e:28:9b:b5:35:5d:c2:ae:ab:1f:9f:b0:ad:be:d0:97:24:
         48:4c:2c:9a:eb:cb:96:ed:33:6e:d6:6f:7b:75:23:a2:c4:0e:
         32:72:6d:6b:2e:49:e0:cb:bc:e7:5e:e9:18:12:09:0b:9b:2a:
         87:74:6b:17:6e:03:5b:e1:09:d1:9a:81:68:49:c1:3e:ac:58:
         dd:cc:c4:64:70:72:8a:4b:01:8d:23:5f:18:71:2e:fb:ce:38:
         d0:35:ce:df:9d:32:4e:a2:70:d3:52:1c:1b:1b:a0:d9:f6:89:
         26:90:bb:21:ad:3e:d9:87:92:d2:0f:c7:4b:e7:1e:da:db:6f:
         ac:79:91:98:ab:ae:ab:4b:14:bc:93:cb:d2:b2:4c:0c:f0:92:
         b3:4f:d5:20:d1:bd:84:80:bd:01:d7:5c:48:ee:ff:f8:ac:b0:
         4a:30:fd:4d:73:9f:a1:79:b1:b1:ed:23:c8:5d:f0:21:75:e6:
         ab:be:d3:85
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtxBZLECE1FkI4d2YOITeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliOTdjMjJkMGIzMzhhOGE0NWFhMTM0NWIwOTE3YmEwZGM5
NzMzOTAwHhcNMjQwMTAxMDYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZlZTZhYjUwOTQ5ZTNlMTk2ZDVmODc2OTAwOTI1OGFiMzExNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBkVIYz1mQncJvqF3GQTgmU5zoJ7
UeGIdCIipOQDMdZZPF0MPqpFuOKTRJqb1ioPzQvNhkr9r28xBCcvPr3cet1qFBRU
UKA4ki5Z+2J5/aJ3G/eJa4kcW4cFjQQFIXDjE0bfSnUU3D4516vSXzdIAna7Wx/+
JuWjLcOCsVH7++fV6BCs5AXFe1C9mFpgofU+ah3+qmektnj9EK83mgTaKt04vliu
286TrnV5hxdIsoqg/ZOwz1DD+sLxmEpMs6xn+YJb0GRbqjV+HSnMpMDEMo5TZoNR
wOjZH6d7akhvoPSc2y/Kuz8frUP+bOeak6SxFwPzPnViI79BKKS0pmmNQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFItu5qtQlJ4+GW1fh2kAklirMRcCMB8GA1UdIwQY
MBaAFJuXwi0LM4qKRaoTRbCRe6DclzOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTVmQ0xRc3ppb3BGcWhORnNKRjdvTnlYTTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lMjI1OGQtOGJjNS00NGVkLTgwNzMt
YWU5OTllZDdjNWQ0LzEvaTI3bXExQ1VuajRaYlYtSGFRQ1NXS3N4RndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lMjI1OGQtOGJjNS00NGVkLTgwNzMtYWU5OTllZDdjNWQ0
LzEvbTVmQ0xRc3ppb3BGcWhORnNKRjdvTnlYTTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuRwlAwQA
uRwnAwQAuX4iMA0GCSqGSIb3DQEBCwUAA4IBAQBybFeZUJ5rgUWpzQRE0m7v19TF
tTU05MPSg1nkRXIviADru0IsOnFL+nIUonnzT4wBlz7SzPeAO4jtbK+o2WBj5pgz
GTNN8tTdHiibtTVdwq6rH5+wrb7QlyRITCya68uW7TNu1m97dSOixA4ycm1rLkng
y7znXukYEgkLmyqHdGsXbgNb4QnRmoFoScE+rFjdzMRkcHKKSwGNI18YcS77zjjQ
Nc7fnTJOonDTUhwbG6DZ9okmkLshrT7Zh5LSD8dL5x7a22+seZGYq66rSxS8k8vS
skwM8JKzT9Ug0b2EgL0B11xI7v/4rLBKMP1Nc5+hebGx7SPIXfAhdearvtOF
-----END CERTIFICATE-----