Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/myJZLDmhhFTukaz-Cy-XBC8lzxU.roa
File:                     myJZLDmhhFTukaz-Cy-XBC8lzxU.roa (raw, json)
Hash identifier:          Uy55sknZKJwx9EWcFnU4S0MVAb2IhSQ/7dyNrh6iMIw=
Subject key identifier:   9B:22:59:2C:39:A1:84:54:EE:91:AC:FE:0B:2F:97:04:2F:25:CF:15
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       018CC26D2B3A98F5DB8DC05C2ABD14982139
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/myJZLDmhhFTukaz-Cy-XBC8lzxU.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199447
IP address blocks:        185.12.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:3a:98:f5:db:8d:c0:5c:2a:bd:14:98:21:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b22592c39a18454ee91acfe0b2f97042f25cf15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:ec:7f:d7:fe:d8:1f:e9:3e:72:66:1d:5d:
                    8f:96:b4:52:0b:ee:0a:12:2a:f9:8c:5f:a1:60:05:
                    b6:5f:72:47:2a:f1:23:18:71:86:bf:5f:63:b6:20:
                    5e:62:ab:92:ac:02:bc:37:00:78:ba:c7:c8:2e:d1:
                    3a:8c:a7:d1:82:99:15:54:92:ce:b8:52:af:ba:29:
                    5c:ff:ca:2b:ec:06:81:ec:38:1a:6e:63:dc:10:c5:
                    e2:26:a6:dd:23:9f:e8:99:0f:45:0b:2e:7c:46:e6:
                    37:9f:c1:a2:7a:04:1b:a0:ab:bb:be:49:ed:fe:6f:
                    1f:14:5b:01:f7:f3:35:30:e6:a1:29:df:01:87:88:
                    24:0e:e6:5a:45:65:9b:68:ac:bf:60:53:13:bf:bc:
                    d9:fb:7e:7b:82:06:e2:41:88:38:ee:d2:0a:73:7b:
                    51:c9:78:53:50:12:f2:b7:b7:b8:33:b9:79:8b:a1:
                    b1:f4:cc:47:8c:3f:47:3c:88:9a:98:de:cc:05:72:
                    db:e8:a7:5f:31:30:c6:64:1d:5f:38:b1:e1:1c:ba:
                    2e:b1:f1:80:10:8d:ef:29:91:4b:0a:e8:2b:79:b8:
                    ad:d8:6b:60:12:c8:c4:74:81:5b:3e:38:83:85:1d:
                    c5:38:c4:2c:5e:d3:f1:66:30:a4:89:40:7b:6c:14:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:22:59:2C:39:A1:84:54:EE:91:AC:FE:0B:2F:97:04:2F:25:CF:15
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/myJZLDmhhFTukaz-Cy-XBC8lzxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:e8:83:07:0a:a2:da:d9:d9:b7:7c:9d:3d:d8:66:35:4b:eb:
         ae:60:0a:b1:9d:9b:8d:87:f8:52:b7:23:6b:81:79:7c:e0:c9:
         68:41:d2:58:99:75:d7:0a:5d:0a:91:03:7e:ac:49:12:21:3e:
         44:44:57:97:0f:90:e6:48:06:ac:a2:1b:ed:7e:f7:ed:d8:ea:
         5e:06:06:8f:66:04:97:9f:3e:93:3f:2d:14:0c:91:fe:d9:4a:
         96:17:e7:97:f0:e0:9e:2e:38:cf:d5:b1:66:06:db:02:e0:03:
         89:0a:79:6d:11:54:19:2a:fb:0e:76:fc:27:1c:72:a0:b4:76:
         f0:a3:05:96:ef:be:65:17:ab:6b:ce:d2:e7:af:4a:20:67:a4:
         2d:b1:45:44:90:43:8e:20:4e:ab:0b:ca:2f:52:cb:bb:70:1c:
         32:0d:88:ea:48:c1:bf:e1:4d:1c:d2:4f:5d:bd:6c:11:9b:70:
         a5:45:98:e3:a1:de:fc:5c:06:f2:ca:41:bf:f8:21:13:ec:4e:
         4b:7e:7e:95:54:4e:d3:ab:61:43:fc:06:44:b2:b0:79:ef:dd:
         33:98:28:c3:1f:77:87:60:7a:54:d6:ac:1f:6b:d0:34:10:a2:
         51:fa:62:b4:fa:67:87:ce:ad:e4:d3:78:60:fa:24:85:57:fb:
         65:04:af:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSs6mPXbjcBcKr0UmCE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjIyNTkyYzM5YTE4NDU0ZWU5MWFjZmUwYjJmOTcwNDJmMjVjZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmPsf9f+2B/pPnJmHV2PlrRSC+4K
Eir5jF+hYAW2X3JHKvEjGHGGv19jtiBeYquSrAK8NwB4usfILtE6jKfRgpkVVJLO
uFKvuilc/8or7AaB7DgabmPcEMXiJqbdI5/omQ9FCy58RuY3n8GiegQboKu7vknt
/m8fFFsB9/M1MOahKd8Bh4gkDuZaRWWbaKy/YFMTv7zZ+357ggbiQYg47tIKc3tR
yXhTUBLyt7e4M7l5i6Gx9MxHjD9HPIiamN7MBXLb6KdfMTDGZB1fOLHhHLousfGA
EI3vKZFLCugrebit2GtgEsjEdIFbPjiDhR3FOMQsXtPxZjCkiUB7bBTs8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsiWSw5oYRU7pGs/gsvlwQvJc8VMB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvbXlKWkxEbWhoRlR1a2F6LUN5LVhCQzhsenhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwLMA0G
CSqGSIb3DQEBCwUAA4IBAQBk6IMHCqLa2dm3fJ092GY1S+uuYAqxnZuNh/hStyNr
gXl84MloQdJYmXXXCl0KkQN+rEkSIT5ERFeXD5DmSAasohvtfvft2OpeBgaPZgSX
nz6TPy0UDJH+2UqWF+eX8OCeLjjP1bFmBtsC4AOJCnltEVQZKvsOdvwnHHKgtHbw
owWW775lF6trztLnr0ogZ6QtsUVEkEOOIE6rC8ovUsu7cBwyDYjqSMG/4U0c0k9d
vWwRm3ClRZjjod78XAbyykG/+CET7E5Lfn6VVE7Tq2FD/AZEsrB5790zmCjDH3eH
YHpU1qwfa9A0EKJR+mK0+meHzq3k03hg+iSFV/tlBK+M
-----END CERTIFICATE-----