Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/kj0cJmWL3rLgFLjXuZhSiX-b4Zs.roa
File:                     kj0cJmWL3rLgFLjXuZhSiX-b4Zs.roa (raw, json)
Hash identifier:          wlQTKXeMhx3hr3ryjVuyAy1bVpMhekt6CdPqCRr5/n0=
Subject key identifier:   92:3D:1C:26:65:8B:DE:B2:E0:14:B8:D7:B9:98:52:89:7F:9B:E1:9B
Certificate issuer:       /CN=83e6403cf73221c117ea49bc9234fe6f4a11d780
Certificate serial:       018CC6B7CDBF94BCEB0458351E26BCB1C02F
Authority key identifier: 83:E6:40:3C:F7:32:21:C1:17:EA:49:BC:92:34:FE:6F:4A:11:D7:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-ZAPPcyIcEX6km8kjT-b0oR14A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/kj0cJmWL3rLgFLjXuZhSiX-b4Zs.roa
Signing time:             Mon 01 Jan 2024 20:29:43 +0000
ROA not before:           Mon 01 Jan 2024 20:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42687
IP address blocks:        185.203.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/g-ZAPPcyIcEX6km8kjT-b0oR14A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/g-ZAPPcyIcEX6km8kjT-b0oR14A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-ZAPPcyIcEX6km8kjT-b0oR14A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:cd:bf:94:bc:eb:04:58:35:1e:26:bc:b1:c0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83e6403cf73221c117ea49bc9234fe6f4a11d780
        Validity
            Not Before: Jan  1 20:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=923d1c26658bdeb2e014b8d7b99852897f9be19b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:97:75:e8:5b:75:4f:11:64:34:87:07:00:67:
                    dd:7e:1b:60:79:c1:c7:c9:06:e2:6f:ae:42:de:1b:
                    d3:6d:bd:4b:12:47:e5:ee:f3:77:01:77:1f:8d:da:
                    0e:02:8a:d2:4b:76:99:0e:4e:96:fa:46:70:e0:6d:
                    cb:ab:cf:5f:1c:aa:70:1f:40:84:b0:f8:f1:4f:18:
                    c8:91:7c:41:b0:86:49:e7:93:59:2b:71:ee:b9:1b:
                    16:d3:fe:eb:56:bf:30:4a:53:fe:fe:90:12:ae:4e:
                    21:e2:7a:28:10:8e:f3:98:e2:b1:57:d8:98:d5:be:
                    cd:0b:78:77:b3:36:e6:76:1e:fd:cf:bb:7c:a6:d4:
                    ac:0d:7d:ec:5a:6f:fa:db:45:4b:4f:e9:61:23:27:
                    01:3d:73:34:2b:19:d2:3f:e0:e4:99:81:5f:5d:1d:
                    6c:fa:31:a9:05:b7:78:2c:7a:08:b6:58:0a:54:a9:
                    c4:9e:b5:47:48:a6:8f:20:53:d5:9e:00:69:05:62:
                    19:4e:e6:d6:c8:37:11:5e:8f:e7:6b:24:cf:b9:8e:
                    d2:7d:93:2f:27:fd:99:84:a2:8c:fc:99:75:0e:30:
                    74:c1:32:54:69:ba:3b:c6:b8:7a:9a:2c:d2:05:54:
                    a0:f2:34:5c:fa:3b:16:df:85:92:7b:40:23:3a:09:
                    45:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3D:1C:26:65:8B:DE:B2:E0:14:B8:D7:B9:98:52:89:7F:9B:E1:9B
            X509v3 Authority Key Identifier:
                keyid:83:E6:40:3C:F7:32:21:C1:17:EA:49:BC:92:34:FE:6F:4A:11:D7:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-ZAPPcyIcEX6km8kjT-b0oR14A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/kj0cJmWL3rLgFLjXuZhSiX-b4Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/09c3b1-72eb-433a-96cb-48777aa961e9/1/g-ZAPPcyIcEX6km8kjT-b0oR14A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:7b:01:ce:fd:84:da:c7:4d:3f:67:b1:10:d9:ad:12:64:cd:
         bc:93:a8:84:4f:2b:b2:60:34:e4:90:46:5f:91:56:15:62:1f:
         50:88:ff:2d:0c:b6:ec:4c:c9:48:ae:9f:49:85:37:fb:14:76:
         f3:86:3c:96:a3:7a:50:9f:fd:1a:20:67:b4:c8:c7:60:ef:17:
         63:65:bd:23:b5:e7:8e:48:bb:19:43:67:c5:23:ef:74:7c:8f:
         8b:ac:1b:01:8f:2e:ab:a7:52:cf:3b:3a:a6:e2:60:c4:9d:ec:
         1d:94:31:6d:b2:bb:05:03:ca:cb:a9:67:b3:3e:d5:a0:15:a5:
         5f:aa:be:5c:31:12:3d:1f:8a:c8:be:28:77:b6:c5:c5:3a:87:
         44:0c:37:37:96:78:2e:17:63:19:23:2a:0f:8a:a0:cc:12:cf:
         cb:76:73:67:8a:9d:42:48:ca:57:b8:27:c0:2f:ef:94:a1:a7:
         0b:5e:10:6f:24:aa:bf:9f:48:ca:b1:a2:54:d7:91:7d:94:c4:
         b8:45:61:71:3e:35:9f:cc:aa:04:95:c8:ea:c8:ea:84:b7:ee:
         28:1b:e3:e0:a6:31:b3:0f:bf:1c:d5:0d:b3:51:8e:11:06:37:
         79:7f:0e:a4:20:a3:97:c5:42:8e:fb:52:c0:76:92:eb:8d:97:
         5d:48:49:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt82/lLzrBFg1Hia8scAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZTY0MDNjZjczMjIxYzExN2VhNDliYzkyMzRmZTZmNGEx
MWQ3ODAwHhcNMjQwMTAxMjAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNkMWMyNjY1OGJkZWIyZTAxNGI4ZDdiOTk4NTI4OTdmOWJlMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpd16Ft1TxFkNIcHAGfdfhtgecHH
yQbib65C3hvTbb1LEkfl7vN3AXcfjdoOAorSS3aZDk6W+kZw4G3Lq89fHKpwH0CE
sPjxTxjIkXxBsIZJ55NZK3HuuRsW0/7rVr8wSlP+/pASrk4h4nooEI7zmOKxV9iY
1b7NC3h3szbmdh79z7t8ptSsDX3sWm/620VLT+lhIycBPXM0KxnSP+DkmYFfXR1s
+jGpBbd4LHoItlgKVKnEnrVHSKaPIFPVngBpBWIZTubWyDcRXo/nayTPuY7SfZMv
J/2ZhKKM/Jl1DjB0wTJUabo7xrh6mizSBVSg8jRc+jsW34WSe0AjOglFbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJI9HCZli96y4BS417mYUol/m+GbMB8GA1UdIwQY
MBaAFIPmQDz3MiHBF+pJvJI0/m9KEdeAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy1aQVBQY3lJY0VYNmttOGtqVC1iMG9SMTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wOWMzYjEtNzJlYi00MzNhLTk2Y2It
NDg3NzdhYTk2MWU5LzEva2owY0ptV0wzckxnRkxqWHVaaFNpWC1iNFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wOWMzYjEtNzJlYi00MzNhLTk2Y2ItNDg3NzdhYTk2MWU5
LzEvZy1aQVBQY3lJY0VYNmttOGtqVC1iMG9SMTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucuwMA0G
CSqGSIb3DQEBCwUAA4IBAQAnewHO/YTax00/Z7EQ2a0SZM28k6iETyuyYDTkkEZf
kVYVYh9QiP8tDLbsTMlIrp9JhTf7FHbzhjyWo3pQn/0aIGe0yMdg7xdjZb0jteeO
SLsZQ2fFI+90fI+LrBsBjy6rp1LPOzqm4mDEnewdlDFtsrsFA8rLqWezPtWgFaVf
qr5cMRI9H4rIvih3tsXFOodEDDc3lnguF2MZIyoPiqDMEs/LdnNnip1CSMpXuCfA
L++UoacLXhBvJKq/n0jKsaJU15F9lMS4RWFxPjWfzKoElcjqyOqEt+4oG+PgpjGz
D78c1Q2zUY4RBjd5fw6kIKOXxUKO+1LAdpLrjZddSEnB
-----END CERTIFICATE-----