Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/w97e7vFuKGNIvX8f6GCfoPObOsQ.roa
File:                     w97e7vFuKGNIvX8f6GCfoPObOsQ.roa (raw, json)
Hash identifier:          Fob8A7VloI6nNv9j5xHMW5Y9QGgqdFBS3YIBRdwNMZA=
Subject key identifier:   C3:DE:DE:EE:F1:6E:28:63:48:BD:7F:1F:E8:60:9F:A0:F3:9B:3A:C4
Certificate issuer:       /CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
Certificate serial:       018CC424FE3DA59CC447DEA06659F30BD244
Authority key identifier: 6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/w97e7vFuKGNIvX8f6GCfoPObOsQ.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21351
IP address blocks:        185.161.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fe:3d:a5:9c:c4:47:de:a0:66:59:f3:0b:d2:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3dedeeef16e286348bd7f1fe8609fa0f39b3ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6a:7f:37:50:3a:72:4c:d3:21:b8:e7:f8:18:
                    87:69:62:38:5b:3d:01:d5:d6:fe:ea:58:9e:b6:fb:
                    40:8b:6c:c8:97:cd:25:6e:92:21:6f:73:d6:e2:4b:
                    c3:fe:33:23:6d:85:e9:f1:44:22:70:2e:52:8f:d7:
                    48:0a:ad:b0:4e:2e:db:8a:30:90:09:8c:f5:d0:e4:
                    cf:68:6f:bd:06:0f:be:6d:24:c7:36:ff:2a:83:14:
                    50:12:e4:bc:53:35:2b:c4:3a:47:d9:b5:39:a1:18:
                    95:7f:88:48:38:6b:d5:0b:b2:d3:8b:ad:bf:e3:28:
                    d8:c1:8e:70:cb:60:5e:17:f8:62:4f:c5:0a:34:f3:
                    b5:5f:33:fc:e7:3b:73:ce:43:f9:2b:89:8f:37:3c:
                    e0:f4:f7:48:f6:1b:ba:c3:d3:6d:d8:07:5b:2a:a3:
                    2b:d2:44:8c:8b:64:6c:62:ad:c9:29:b2:e1:cc:aa:
                    85:f8:76:bf:95:40:f2:e7:0e:cf:b4:a5:6c:07:ef:
                    90:7f:a5:bb:0c:e3:08:f6:3a:21:b3:4c:6e:83:5c:
                    66:3b:49:e3:e2:a0:32:bc:06:6c:f3:71:31:2a:b9:
                    cc:b4:f5:55:bc:85:ef:8c:ff:da:3d:d8:54:50:b4:
                    61:30:75:40:32:5d:bb:d8:18:46:d6:71:f8:ae:ef:
                    70:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:DE:DE:EE:F1:6E:28:63:48:BD:7F:1F:E8:60:9F:A0:F3:9B:3A:C4
            X509v3 Authority Key Identifier:
                keyid:6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/w97e7vFuKGNIvX8f6GCfoPObOsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:8a:28:9c:54:61:87:94:6c:d3:e7:e1:f9:5a:53:79:3a:12:
         6f:c6:b3:26:f3:06:73:71:c1:c2:05:27:61:10:d1:bc:2f:47:
         dd:05:89:e8:f9:85:db:f9:2f:92:1b:c3:54:91:8c:6d:0f:1e:
         27:23:4e:68:37:f1:f7:5c:56:ff:78:bd:d8:36:43:47:4f:ac:
         0e:f6:b0:cc:59:64:26:5c:6a:af:cc:f6:ac:3f:e3:11:16:93:
         13:1d:84:5c:83:3b:59:92:79:d7:f1:71:ba:96:a6:6d:2a:56:
         1b:17:ba:29:bc:b3:e2:e7:f1:e9:f7:a9:80:2e:72:78:60:db:
         e0:d9:2c:74:15:5b:8b:50:07:a8:0a:d1:7e:5d:b1:0b:39:35:
         ac:60:7e:9c:97:e1:8e:22:f7:b4:c9:b1:08:8d:87:34:7f:66:
         bc:05:81:b7:78:74:b7:f5:62:03:3e:c1:9d:c7:08:3e:b3:77:
         49:ea:0d:89:38:9d:13:db:e3:9d:1a:30:a9:33:3b:d4:73:f9:
         ca:4c:45:19:e8:80:ac:6a:86:a8:e2:bb:71:81:5d:d6:89:12:
         d8:d6:ae:30:32:7a:be:80:59:35:03:1a:5e:cd:6d:70:f1:37:
         13:79:53:d1:95:60:c4:a6:52:2f:5a:6a:e6:20:3a:ed:ff:17:
         99:dd:b5:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJP49pZzER96gZlnzC9JEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWJlYzNmOTM1ODY2OGE4N2QxYTE2YzQ3MjJmNDFlM2My
MzgxZTIwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2RlZGVlZWYxNmUyODYzNDhiZDdmMWZlODYwOWZhMGYzOWIzYWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGp/N1A6ckzTIbjn+BiHaWI4Wz0B
1db+6lietvtAi2zIl80lbpIhb3PW4kvD/jMjbYXp8UQicC5Sj9dICq2wTi7bijCQ
CYz10OTPaG+9Bg++bSTHNv8qgxRQEuS8UzUrxDpH2bU5oRiVf4hIOGvVC7LTi62/
4yjYwY5wy2BeF/hiT8UKNPO1XzP85ztzzkP5K4mPNzzg9PdI9hu6w9Nt2AdbKqMr
0kSMi2RsYq3JKbLhzKqF+Ha/lUDy5w7PtKVsB++Qf6W7DOMI9johs0xug1xmO0nj
4qAyvAZs83ExKrnMtPVVvIXvjP/aPdhUULRhMHVAMl272BhG1nH4ru9w7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPe3u7xbihjSL1/H+hgn6DzmzrEMB8GA1UdIwQY
MBaAFGwb7D+TWGaKh9GhbEci9B48I4HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3Zjkt
Nzk3ZjRjYzRiNTAwLzEvdzk3ZTd2RnVLR05Jdlg4ZjZHQ2ZvUE9iT3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3ZjktNzk3ZjRjYzRiNTAw
LzEvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaEIMA0G
CSqGSIb3DQEBCwUAA4IBAQAeiiicVGGHlGzT5+H5WlN5OhJvxrMm8wZzccHCBSdh
ENG8L0fdBYno+YXb+S+SG8NUkYxtDx4nI05oN/H3XFb/eL3YNkNHT6wO9rDMWWQm
XGqvzPasP+MRFpMTHYRcgztZknnX8XG6lqZtKlYbF7opvLPi5/Hp96mALnJ4YNvg
2Sx0FVuLUAeoCtF+XbELOTWsYH6cl+GOIve0ybEIjYc0f2a8BYG3eHS39WIDPsGd
xwg+s3dJ6g2JOJ0T2+OdGjCpMzvUc/nKTEUZ6ICsaoao4rtxgV3WiRLY1q4wMnq+
gFk1AxpezW1w8TcTeVPRlWDEplIvWmrmIDrt/xeZ3bXq
-----END CERTIFICATE-----