Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/vBhooYiM0swrVV0mjJ27_f_9XX8.roa
File:                     vBhooYiM0swrVV0mjJ27_f_9XX8.roa (raw, json)
Hash identifier:          A4Wuhq/oU09yoQSID3SfNxFluO+oyTaErUFbE4q92HE=
Subject key identifier:   BC:18:68:A1:88:8C:D2:CC:2B:55:5D:26:8C:9D:BB:FD:FF:FD:5D:7F
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       018CC86EFA934A503E30B659B54872488052
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/vBhooYiM0swrVV0mjJ27_f_9XX8.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61003
IP address blocks:        185.39.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:93:4a:50:3e:30:b6:59:b5:48:72:48:80:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc1868a1888cd2cc2b555d268c9dbbfdfffd5d7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:99:56:a2:b1:fc:1a:df:30:92:6e:78:f8:16:
                    17:41:24:6b:cf:3e:ed:b6:ed:63:aa:16:df:12:3c:
                    8e:6f:87:e4:17:56:e6:95:fb:d9:4c:65:70:c0:5c:
                    a3:77:0f:3c:86:a6:e6:cb:e7:24:86:dc:f7:a9:cc:
                    3f:9e:73:e4:ae:78:92:5d:ba:41:1a:4b:df:f3:48:
                    9f:10:c6:9a:31:59:92:70:13:f2:ab:8c:72:52:21:
                    f3:6b:f9:45:fa:e3:02:e7:03:60:d7:a1:77:3f:e1:
                    23:0e:95:a1:c5:ab:75:6e:ce:23:d7:cb:1a:52:08:
                    a5:82:f2:b6:76:39:29:4b:30:17:7e:2c:e3:36:6a:
                    04:1e:c3:c7:05:f9:27:9b:46:21:75:a0:b7:96:78:
                    0d:11:fc:d5:96:c4:78:8c:b7:e3:3b:98:9c:5f:a8:
                    3e:2e:eb:de:27:e1:16:ea:fe:db:9e:b5:c0:9e:8c:
                    ef:5b:ff:9d:17:5b:22:62:8a:ee:17:91:17:6d:a8:
                    af:0b:e5:75:c1:b1:53:11:5c:03:cb:42:0a:43:ec:
                    df:d9:77:18:6b:af:58:e5:b6:5a:24:60:05:fc:7c:
                    3a:22:a0:10:ee:89:3f:60:66:4f:ad:a5:89:5c:c6:
                    3d:4a:5c:1e:59:ba:c6:79:1d:12:86:81:3f:e5:dd:
                    da:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:18:68:A1:88:8C:D2:CC:2B:55:5D:26:8C:9D:BB:FD:FF:FD:5D:7F
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/vBhooYiM0swrVV0mjJ27_f_9XX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f3:7b:95:38:7c:bc:f2:df:7c:c6:40:aa:36:aa:a9:e3:7b:
         f9:4d:b6:fa:56:54:b8:f5:3c:e3:aa:21:3c:64:d1:84:15:fa:
         9c:4f:e2:ec:34:30:c1:89:9a:99:d5:93:2c:75:c8:25:b3:c6:
         5f:d8:23:58:1c:fd:2b:29:a5:63:29:31:ca:9d:d6:ac:c6:93:
         56:4e:7c:83:db:68:13:6d:ce:34:4a:9c:50:06:c7:4f:74:97:
         8d:06:46:70:0c:11:2f:22:0e:0f:97:3d:ff:31:a6:7c:a5:51:
         49:fe:b4:70:f7:5c:b0:eb:77:7e:3c:8a:81:ad:70:89:04:c5:
         63:50:94:96:8e:5a:af:72:79:89:31:98:63:25:10:48:56:2b:
         c9:f6:6e:d6:bd:70:59:09:08:52:de:8e:a4:5c:76:ab:0d:35:
         de:64:33:83:fc:b1:e3:3e:ca:c6:a0:79:02:7d:0d:2a:8b:9a:
         aa:02:75:6d:ed:78:ca:d9:c3:f6:64:58:92:6a:5c:a9:30:0c:
         5c:2a:d4:52:a7:46:4d:bb:7e:a2:87:bb:ec:b2:74:36:a5:34:
         da:65:ea:16:e4:3d:c4:22:98:ba:01:0f:13:02:db:64:bd:7b:
         38:47:f6:ea:e2:9c:db:41:76:02:ff:4d:f0:66:14:9a:2b:3b:
         fe:f8:8c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvqTSlA+MLZZtUhySIBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE4NjhhMTg4OGNkMmNjMmI1NTVkMjY4YzlkYmJmZGZmZmQ1ZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZlWorH8Gt8wkm54+BYXQSRrzz7t
tu1jqhbfEjyOb4fkF1bmlfvZTGVwwFyjdw88hqbmy+ckhtz3qcw/nnPkrniSXbpB
Gkvf80ifEMaaMVmScBPyq4xyUiHza/lF+uMC5wNg16F3P+EjDpWhxat1bs4j18sa
UgilgvK2djkpSzAXfizjNmoEHsPHBfknm0YhdaC3lngNEfzVlsR4jLfjO5icX6g+
LuveJ+EW6v7bnrXAnozvW/+dF1siYoruF5EXbaivC+V1wbFTEVwDy0IKQ+zf2XcY
a69Y5bZaJGAF/Hw6IqAQ7ok/YGZPraWJXMY9SlweWbrGeR0ShoE/5d3ahQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwYaKGIjNLMK1VdJoydu/3//V1/MB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvdkJob29ZaU0wc3dyVlYwbWpKMjdfZl85WFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSczMA0G
CSqGSIb3DQEBCwUAA4IBAQBv83uVOHy88t98xkCqNqqp43v5Tbb6VlS49TzjqiE8
ZNGEFfqcT+LsNDDBiZqZ1ZMsdcgls8Zf2CNYHP0rKaVjKTHKndasxpNWTnyD22gT
bc40SpxQBsdPdJeNBkZwDBEvIg4Plz3/MaZ8pVFJ/rRw91yw63d+PIqBrXCJBMVj
UJSWjlqvcnmJMZhjJRBIVivJ9m7WvXBZCQhS3o6kXHarDTXeZDOD/LHjPsrGoHkC
fQ0qi5qqAnVt7XjK2cP2ZFiSalypMAxcKtRSp0ZNu36ih7vssnQ2pTTaZeoW5D3E
Ipi6AQ8TAttkvXs4R/bq4pzbQXYC/03wZhSaKzv++IzQ
-----END CERTIFICATE-----