Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/h18pVLgH-ywIRvuOqOU1_0_JhK8.roa
File:                     h18pVLgH-ywIRvuOqOU1_0_JhK8.roa (raw, json)
Hash identifier:          vtPu8dlh7Ti6YqjjwLXfQCUjK4+7UbuCS7XDomqHrU8=
Subject key identifier:   87:5F:29:54:B8:07:FB:2C:08:46:FB:8E:A8:E5:35:FF:4F:C9:84:AF
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       018CC8DEC83FA84D72E1EFADC36773D40441
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/h18pVLgH-ywIRvuOqOU1_0_JhK8.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13097
IP address blocks:        185.208.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c8:3f:a8:4d:72:e1:ef:ad:c3:67:73:d4:04:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=875f2954b807fb2c0846fb8ea8e535ff4fc984af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5f:ab:aa:50:e8:6f:a5:89:07:37:98:f0:52:
                    59:31:5d:da:e2:df:a9:83:68:8d:e2:8c:ba:f8:94:
                    6d:77:03:1c:49:9f:87:2e:b8:da:8a:06:a1:78:d9:
                    b7:04:bf:a1:91:cc:54:78:f7:2f:37:74:a8:eb:5c:
                    c3:8f:9d:d5:58:42:70:20:50:e8:3d:08:65:aa:6b:
                    58:0f:0c:6c:ee:64:af:44:51:c0:18:6a:75:d0:44:
                    e3:4b:d1:57:d1:2e:33:01:45:f6:2a:bd:56:3b:a2:
                    50:47:5b:58:04:e0:0b:12:ac:d9:82:f8:e4:a5:10:
                    c1:d5:2a:59:5c:2d:49:ce:43:3a:cb:7b:64:5f:c2:
                    84:ef:34:ab:2b:75:d1:9e:e5:61:e0:db:7b:19:65:
                    f4:9f:23:11:67:fe:b3:f0:6b:6b:bd:35:ca:d5:d1:
                    ec:ea:ef:d1:33:b1:2e:7e:f0:c0:e1:2d:43:71:a0:
                    6e:7d:f0:ad:99:9e:fc:f1:41:ba:43:17:94:b3:1e:
                    14:f1:37:6d:55:e3:3d:c6:88:cb:18:88:19:dc:cf:
                    57:23:87:63:5e:d2:2f:44:1e:6d:40:b4:d5:10:c5:
                    af:31:8c:4e:91:54:66:e3:b9:b0:ca:80:82:e5:80:
                    e2:20:3f:cd:9c:b8:cb:94:66:11:d4:81:2c:53:56:
                    19:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:5F:29:54:B8:07:FB:2C:08:46:FB:8E:A8:E5:35:FF:4F:C9:84:AF
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/h18pVLgH-ywIRvuOqOU1_0_JhK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:2e:86:a3:3f:7d:fd:ef:98:40:cf:22:99:16:79:6a:8a:d9:
         d1:2a:03:49:79:23:50:21:e5:2a:3c:30:d9:59:da:33:28:36:
         a6:ee:4e:59:1a:e7:e3:65:5d:7b:74:53:81:1c:6f:5e:3e:08:
         b6:07:97:0f:cd:db:b6:8c:d6:1f:fe:6d:23:f4:56:14:fa:2f:
         fb:dc:5e:e5:42:2c:55:81:93:3c:38:ef:bf:3c:ea:1a:e6:79:
         71:f2:20:8b:16:82:1e:88:1d:ff:44:f2:3b:cd:0f:33:8e:21:
         8e:21:ba:89:75:65:29:44:0b:99:93:ca:c9:95:76:8c:cb:95:
         48:ef:01:4c:0d:9f:34:b7:66:21:d2:8e:7d:b2:63:ca:8d:d0:
         87:6f:ad:86:91:d2:3a:68:29:d5:d0:fb:33:e4:fe:ac:76:98:
         63:2d:26:1b:c2:8d:1d:2e:f1:1e:92:96:f2:6e:b6:d8:98:7e:
         27:0d:2c:10:2a:2e:50:1a:fd:05:60:ef:77:11:a1:89:e4:85:
         a3:88:1f:b6:21:74:71:44:f0:ba:d7:ad:07:19:04:9b:15:7b:
         e4:da:68:80:cc:92:4f:2b:77:ca:82:70:37:08:0c:c6:48:dd:
         ee:d0:a7:d2:f3:8f:c8:b8:e7:8d:c4:45:8a:a3:29:8e:f2:13:
         c0:0f:5d:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sg/qE1y4e+tw2dz1ARBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzVmMjk1NGI4MDdmYjJjMDg0NmZiOGVhOGU1MzVmZjRmYzk4NGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl+rqlDob6WJBzeY8FJZMV3a4t+p
g2iN4oy6+JRtdwMcSZ+HLrjaigaheNm3BL+hkcxUePcvN3So61zDj53VWEJwIFDo
PQhlqmtYDwxs7mSvRFHAGGp10ETjS9FX0S4zAUX2Kr1WO6JQR1tYBOALEqzZgvjk
pRDB1SpZXC1JzkM6y3tkX8KE7zSrK3XRnuVh4Nt7GWX0nyMRZ/6z8GtrvTXK1dHs
6u/RM7EufvDA4S1DcaBuffCtmZ788UG6QxeUsx4U8TdtVeM9xojLGIgZ3M9XI4dj
XtIvRB5tQLTVEMWvMYxOkVRm47mwyoCC5YDiID/NnLjLlGYR1IEsU1YZdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdfKVS4B/ssCEb7jqjlNf9PyYSvMB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvaDE4cFZMZ0gteXdJUnZ1T3FPVTFfMF9KaEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudCKMA0G
CSqGSIb3DQEBCwUAA4IBAQAALoajP33975hAzyKZFnlqitnRKgNJeSNQIeUqPDDZ
WdozKDam7k5ZGufjZV17dFOBHG9ePgi2B5cPzdu2jNYf/m0j9FYU+i/73F7lQixV
gZM8OO+/POoa5nlx8iCLFoIeiB3/RPI7zQ8zjiGOIbqJdWUpRAuZk8rJlXaMy5VI
7wFMDZ80t2Yh0o59smPKjdCHb62GkdI6aCnV0Psz5P6sdphjLSYbwo0dLvEekpby
brbYmH4nDSwQKi5QGv0FYO93EaGJ5IWjiB+2IXRxRPC6160HGQSbFXvk2miAzJJP
K3fKgnA3CAzGSN3u0KfS84/IuOeNxEWKoymO8hPAD12T
-----END CERTIFICATE-----