Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/X8u5--ryVNVXp24Wzt4Hb36mGNw.roa
File:                     X8u5--ryVNVXp24Wzt4Hb36mGNw.roa (raw, json)
Hash identifier:          qWwN/mpoc1RoC2QRL1Xqe1WwpCimhNpunDc8gB9OGcQ=
Subject key identifier:   5F:CB:B9:FB:EA:F2:54:D5:57:A7:6E:16:CE:DE:07:6F:7E:A6:18:DC
Certificate issuer:       /CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
Certificate serial:       018CC8DF1997D9148FF9F51FF4410B7DC72B
Authority key identifier: 6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/X8u5--ryVNVXp24Wzt4Hb36mGNw.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51175
IP address blocks:        185.191.244.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:19:97:d9:14:8f:f9:f5:1f:f4:41:0b:7d:c7:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fdbbe7e978029c6ceaa557b4a76da68074311b1
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fcbb9fbeaf254d557a76e16cede076f7ea618dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:67:8c:90:f1:1d:3d:49:4b:f8:ab:bf:18:bb:
                    4b:7f:ad:80:86:b8:38:6e:55:89:46:ad:92:c6:96:
                    ff:2c:09:56:b3:ce:e7:d5:3f:d2:ce:87:8c:50:fb:
                    65:ac:80:c9:f6:65:e6:dc:57:65:f2:0e:0f:dc:04:
                    34:25:84:98:6f:0a:4e:5a:cd:3e:05:92:d7:01:66:
                    f8:b6:23:09:90:be:41:61:ae:21:b7:59:b1:c6:d0:
                    27:49:6c:2b:73:da:35:2f:ad:b1:d8:ea:ea:63:29:
                    7e:5e:8a:46:e3:9d:b4:28:ca:68:78:6e:b0:f9:66:
                    be:f7:dd:7f:c1:05:60:b0:a7:14:fb:ab:be:6f:51:
                    0e:76:12:46:33:6e:99:fb:fb:8b:6b:a1:e0:07:ff:
                    36:9a:dd:41:54:08:98:ec:a4:9f:d0:23:5c:84:2c:
                    01:f4:66:1a:24:96:13:41:59:30:ae:b4:0c:f0:8d:
                    32:c2:fc:f1:7d:bc:26:c0:9b:83:c2:cd:d0:24:36:
                    dc:46:61:44:51:e6:2d:8d:20:9d:ef:f6:fd:81:5a:
                    48:d4:b7:bb:e0:02:ee:d2:9b:eb:ed:18:78:45:cc:
                    f0:cc:3f:63:64:22:5c:f8:68:8c:d9:d5:c9:5f:97:
                    cb:8c:35:a5:43:a9:ba:a6:e6:2e:0d:0c:ff:45:c3:
                    aa:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:CB:B9:FB:EA:F2:54:D5:57:A7:6E:16:CE:DE:07:6F:7E:A6:18:DC
            X509v3 Authority Key Identifier:
                keyid:6F:DB:BE:7E:97:80:29:C6:CE:AA:55:7B:4A:76:DA:68:07:43:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9u-fpeAKcbOqlV7SnbaaAdDEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/X8u5--ryVNVXp24Wzt4Hb36mGNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/72a4e3-f793-4f9a-ba4e-0590394a2efa/1/b9u-fpeAKcbOqlV7SnbaaAdDEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:be:73:44:f9:47:69:98:57:63:d0:aa:03:33:2f:cd:d6:af:
         9b:e0:1d:de:13:2a:41:ce:90:80:dd:54:81:93:50:ec:bf:c3:
         fe:2a:20:a8:72:33:ed:44:8b:96:86:ea:61:a6:c0:cd:21:cb:
         99:5d:47:0f:7c:81:28:25:9e:8d:5b:39:99:47:7c:aa:be:44:
         a6:3d:60:f8:3a:5f:2b:f1:c9:09:a9:8b:2d:28:12:e5:f1:0d:
         69:36:8c:b6:00:3b:e1:4a:13:7b:60:4f:e4:c2:fa:93:f5:e0:
         56:49:7c:2b:95:92:89:3d:d5:03:ff:73:c6:19:45:29:88:0f:
         92:bd:a1:f6:ee:1c:f3:ec:f1:93:71:be:14:8f:d6:26:c9:9f:
         b8:7b:6c:02:a0:b2:1c:7d:c6:a1:48:55:98:56:05:01:6e:61:
         df:1c:07:7c:30:29:3a:3d:4f:86:ad:49:af:4f:f7:40:bf:d5:
         87:0b:fc:10:0a:b0:f6:de:42:02:16:57:87:31:6a:e1:f6:0f:
         dc:c7:38:01:f7:57:c1:3e:f0:75:a1:f7:b7:96:b7:8f:52:5d:
         d1:95:75:d8:3b:72:bd:31:39:2e:dc:78:83:4c:39:10:9c:5f:
         de:98:7c:3d:5f:c3:c9:e8:e8:1d:0f:41:b8:a7:b7:dd:d2:28:
         93:f8:54:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xmX2RSP+fUf9EELfccrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZGJiZTdlOTc4MDI5YzZjZWFhNTU3YjRhNzZkYTY4MDc0
MzExYjEwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmNiYjlmYmVhZjI1NGQ1NTdhNzZlMTZjZWRlMDc2ZjdlYTYxOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWeMkPEdPUlL+Ku/GLtLf62Ahrg4
blWJRq2Sxpb/LAlWs87n1T/SzoeMUPtlrIDJ9mXm3Fdl8g4P3AQ0JYSYbwpOWs0+
BZLXAWb4tiMJkL5BYa4ht1mxxtAnSWwrc9o1L62x2OrqYyl+XopG4520KMpoeG6w
+Wa+991/wQVgsKcU+6u+b1EOdhJGM26Z+/uLa6HgB/82mt1BVAiY7KSf0CNchCwB
9GYaJJYTQVkwrrQM8I0ywvzxfbwmwJuDws3QJDbcRmFEUeYtjSCd7/b9gVpI1Le7
4ALu0pvr7Rh4RczwzD9jZCJc+GiM2dXJX5fLjDWlQ6m6puYuDQz/RcOqOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/Lufvq8lTVV6duFs7eB29+phjcMB8GA1UdIwQY
MBaAFG/bvn6XgCnGzqpVe0p22mgHQxGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUt
MDU5MDM5NGEyZWZhLzEvWDh1NS0tcnlWTlZYcDI0V3p0NEhiMzZtR053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS83MmE0ZTMtZjc5My00ZjlhLWJhNGUtMDU5MDM5NGEyZWZh
LzEvYjl1LWZwZUFLY2JPcWxWN1NuYmFhQWRERWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub/0MA0G
CSqGSIb3DQEBCwUAA4IBAQA5vnNE+UdpmFdj0KoDMy/N1q+b4B3eEypBzpCA3VSB
k1Dsv8P+KiCocjPtRIuWhuphpsDNIcuZXUcPfIEoJZ6NWzmZR3yqvkSmPWD4Ol8r
8ckJqYstKBLl8Q1pNoy2ADvhShN7YE/kwvqT9eBWSXwrlZKJPdUD/3PGGUUpiA+S
vaH27hzz7PGTcb4Uj9YmyZ+4e2wCoLIcfcahSFWYVgUBbmHfHAd8MCk6PU+GrUmv
T/dAv9WHC/wQCrD23kICFleHMWrh9g/cxzgB91fBPvB1ofe3lrePUl3RlXXYO3K9
MTku3HiDTDkQnF/emHw9X8PJ6OgdD0G4p7fd0iiT+FR7
-----END CERTIFICATE-----