Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/KS4_468FzYK_cWdC9D64VRzIu3g.roa
File:                     KS4_468FzYK_cWdC9D64VRzIu3g.roa (raw, json)
Hash identifier:          D4oiU8uvR+5HPmKKFIMBZL1pAnZtZ+yjg6ENxZQ0npk=
Subject key identifier:   29:2E:3F:E3:AF:05:CD:82:BF:71:67:42:F4:3E:B8:55:1C:C8:BB:78
Certificate issuer:       /CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
Certificate serial:       018CC424FEA90A743EB4555A423241D57402
Authority key identifier: 6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/KS4_468FzYK_cWdC9D64VRzIu3g.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34306
IP address blocks:        185.161.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fe:a9:0a:74:3e:b4:55:5a:42:32:41:d5:74:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=292e3fe3af05cd82bf716742f43eb8551cc8bb78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9a:ef:f5:28:b8:f3:29:a1:c8:35:24:08:9a:
                    38:db:f2:34:3d:62:37:be:8b:17:22:9d:68:d1:ff:
                    2d:9f:05:72:8a:da:4d:d9:85:80:f0:66:e9:70:eb:
                    db:ea:b3:6a:85:bd:c9:c4:d3:74:a0:2b:d9:5c:82:
                    4c:1b:92:a8:29:f0:c2:b3:02:3f:98:2f:96:f5:b9:
                    2e:92:b9:6b:67:a0:60:24:ae:f4:89:06:30:38:59:
                    2e:8d:8a:8d:bc:c8:60:3d:d9:a4:db:fd:7c:b4:bf:
                    5c:c1:5e:c1:7b:66:a2:24:a6:98:0f:88:6a:ea:35:
                    4b:e4:96:11:a8:95:48:26:ec:49:93:2a:b2:89:73:
                    f4:a4:66:60:27:5d:56:c7:90:68:a8:65:54:43:c5:
                    2e:53:6a:7b:8f:28:0f:a6:31:6c:dc:cf:dd:19:f7:
                    9d:15:2d:98:07:ef:6d:8a:51:d4:5d:62:71:77:29:
                    90:cb:2a:b4:1a:ad:50:d2:30:1e:cc:ae:f6:0a:a2:
                    5d:8f:e3:73:f8:61:2d:fd:8f:f1:24:6e:4b:23:63:
                    47:42:0c:ae:d6:18:a1:6a:d8:23:fc:4d:28:f9:c8:
                    2e:d7:17:be:3e:ea:22:b7:d2:4a:94:9e:7e:d8:a5:
                    a4:06:3d:75:21:f5:41:c3:4b:60:89:4e:23:2c:88:
                    ba:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2E:3F:E3:AF:05:CD:82:BF:71:67:42:F4:3E:B8:55:1C:C8:BB:78
            X509v3 Authority Key Identifier:
                keyid:6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/KS4_468FzYK_cWdC9D64VRzIu3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:5b:be:f8:53:86:68:b0:aa:c9:9e:33:fb:c6:d9:de:ba:8b:
         f2:4c:d8:5d:c9:13:fb:08:b9:9a:dc:14:fb:f5:4c:df:7b:ef:
         a1:85:f6:c6:87:2c:2a:4a:3e:0a:d1:60:cc:b3:04:57:93:12:
         e0:af:71:51:e8:07:96:41:01:6b:90:96:bc:5d:47:84:02:4f:
         98:f2:81:c2:c0:e7:1e:fa:26:2f:73:55:c4:bf:31:b8:db:b0:
         a9:d8:6f:27:90:74:c6:c8:07:a2:a4:d1:48:32:5b:46:cb:62:
         60:bb:6a:33:65:31:a8:8b:4d:43:1d:66:db:f9:30:af:54:42:
         7d:b1:47:a9:55:a4:b1:59:26:d5:ae:ac:b0:35:37:46:7b:38:
         99:fc:c0:8e:4b:5e:1f:c7:55:05:af:f4:82:e1:c0:2c:88:47:
         fc:84:ea:4c:3c:1e:71:1c:41:10:36:e9:10:a8:74:33:88:08:
         e8:f8:1b:87:a6:f7:44:df:db:17:25:99:47:26:8f:4c:a8:aa:
         74:7c:2d:bb:3c:93:62:0d:03:8d:b8:a2:42:98:6d:c5:db:ee:
         fe:d1:20:dd:23:ce:e1:63:5e:4d:1a:22:a4:d7:16:78:1d:ae:
         d9:3d:4c:2c:2b:96:88:db:99:9a:da:db:73:c4:05:30:5c:32:
         fd:20:17:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJP6pCnQ+tFVaQjJB1XQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWJlYzNmOTM1ODY2OGE4N2QxYTE2YzQ3MjJmNDFlM2My
MzgxZTIwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJlM2ZlM2FmMDVjZDgyYmY3MTY3NDJmNDNlYjg1NTFjYzhiYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApprv9Si48ymhyDUkCJo42/I0PWI3
vosXIp1o0f8tnwVyitpN2YWA8GbpcOvb6rNqhb3JxNN0oCvZXIJMG5KoKfDCswI/
mC+W9bkukrlrZ6BgJK70iQYwOFkujYqNvMhgPdmk2/18tL9cwV7Be2aiJKaYD4hq
6jVL5JYRqJVIJuxJkyqyiXP0pGZgJ11Wx5BoqGVUQ8UuU2p7jygPpjFs3M/dGfed
FS2YB+9tilHUXWJxdymQyyq0Gq1Q0jAezK72CqJdj+Nz+GEt/Y/xJG5LI2NHQgyu
1hihatgj/E0o+cgu1xe+Puoit9JKlJ5+2KWkBj11IfVBw0tgiU4jLIi6gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkuP+OvBc2Cv3FnQvQ+uFUcyLt4MB8GA1UdIwQY
MBaAFGwb7D+TWGaKh9GhbEci9B48I4HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3Zjkt
Nzk3ZjRjYzRiNTAwLzEvS1M0XzQ2OEZ6WUtfY1dkQzlENjRWUnpJdTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3ZjktNzk3ZjRjYzRiNTAw
LzEvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaEJMA0G
CSqGSIb3DQEBCwUAA4IBAQBAW774U4ZosKrJnjP7xtneuovyTNhdyRP7CLma3BT7
9Uzfe++hhfbGhywqSj4K0WDMswRXkxLgr3FR6AeWQQFrkJa8XUeEAk+Y8oHCwOce
+iYvc1XEvzG427Cp2G8nkHTGyAeipNFIMltGy2Jgu2ozZTGoi01DHWbb+TCvVEJ9
sUepVaSxWSbVrqywNTdGeziZ/MCOS14fx1UFr/SC4cAsiEf8hOpMPB5xHEEQNukQ
qHQziAjo+BuHpvdE39sXJZlHJo9MqKp0fC27PJNiDQONuKJCmG3F2+7+0SDdI87h
Y15NGiKk1xZ4Ha7ZPUwsK5aI25ma2ttzxAUwXDL9IBfq
-----END CERTIFICATE-----