Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/9bzfDXSE2VCQU1Qu_AkNADSKS6k.roa
File:                     9bzfDXSE2VCQU1Qu_AkNADSKS6k.roa (raw, json)
Hash identifier:          +DC0ju+z6/p8bUJNpAd+K6MZu7wvibTiHnumppRrf9w=
Subject key identifier:   F5:BC:DF:0D:74:84:D9:50:90:53:54:2E:FC:09:0D:00:34:8A:4B:A9
Certificate issuer:       /CN=64f47c98440f103825c8ea5074298b18cc113e20
Certificate serial:       018CC50051A3EA7AF506272A7CC09DF5B690
Authority key identifier: 64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/9bzfDXSE2VCQU1Qu_AkNADSKS6k.roa
Signing time:             Mon 01 Jan 2024 12:29:41 +0000
ROA not before:           Mon 01 Jan 2024 12:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204194
IP address blocks:        185.3.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:51:a3:ea:7a:f5:06:27:2a:7c:c0:9d:f5:b6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64f47c98440f103825c8ea5074298b18cc113e20
        Validity
            Not Before: Jan  1 12:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5bcdf0d7484d9509053542efc090d00348a4ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:91:26:21:0f:6e:a5:28:eb:cd:85:6b:58:
                    64:e7:b9:b0:4e:41:51:d4:4a:fd:04:16:e7:35:87:
                    b4:ac:64:70:d7:e8:b9:1a:63:6f:4c:0a:78:f4:ef:
                    1a:d3:58:89:2d:9a:b5:c9:0b:b0:2b:b4:70:56:a1:
                    37:54:87:c8:2a:e0:03:27:df:42:bf:79:0f:d1:6e:
                    42:90:08:df:e0:59:ba:2b:fb:a3:1e:7b:68:7d:c4:
                    d1:39:13:4b:03:f6:b5:70:85:49:86:f2:5d:ea:4a:
                    99:7f:d8:05:a8:2e:bc:8a:82:70:13:58:01:0b:22:
                    a7:a7:4f:1b:d8:be:13:88:d4:cf:cd:b2:d9:ce:83:
                    b4:f8:20:90:ae:4f:26:65:5d:42:ce:8c:9f:33:63:
                    1d:40:dc:a4:28:d2:83:30:91:29:a2:db:e1:47:6b:
                    29:aa:b2:fc:32:b1:bf:1d:fb:03:57:f5:7c:8b:9f:
                    ed:bd:1f:24:01:f9:9b:88:7b:bf:d1:c9:58:92:ca:
                    61:a6:f2:93:fa:da:7b:07:99:a3:30:f1:c7:53:d1:
                    9b:7c:91:d3:1b:df:65:a2:b1:ae:be:f3:66:d5:41:
                    e8:19:1c:8a:d0:cd:f0:6d:71:65:99:ea:14:7d:ea:
                    62:81:52:b5:31:21:d4:a0:3c:c5:da:7f:e1:ce:f1:
                    0b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:BC:DF:0D:74:84:D9:50:90:53:54:2E:FC:09:0D:00:34:8A:4B:A9
            X509v3 Authority Key Identifier:
                keyid:64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/9bzfDXSE2VCQU1Qu_AkNADSKS6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1d:fc:a1:46:a5:a7:dd:21:88:18:6b:08:2a:5a:41:a4:9b:
         52:0f:44:64:85:e1:b1:b3:d8:fb:69:92:58:b4:f4:32:ad:5f:
         20:00:82:31:65:70:6a:cc:9d:16:bd:04:c5:40:9b:5f:53:77:
         15:15:c2:79:60:e9:13:3a:fe:b9:84:7c:bb:bd:b0:94:7e:24:
         9f:a5:65:7e:57:03:b6:00:b7:60:de:54:fc:b0:b8:65:a8:ce:
         33:28:ac:27:cf:6c:aa:1b:9d:6b:b9:ef:5d:a1:f5:e2:24:e9:
         ed:b3:6f:36:ce:1d:06:6d:a6:5b:43:cc:99:c9:ee:02:5f:4c:
         9f:05:cf:fd:c2:3c:bd:ec:ed:2a:2d:aa:0c:c0:26:b2:fa:be:
         71:24:c1:fb:d8:12:c4:f7:47:75:7c:b5:0c:74:03:cc:64:be:
         86:e1:53:10:b0:dd:78:80:11:8d:d7:cc:ff:29:41:af:94:8a:
         e7:ee:e9:a9:6a:67:6c:30:37:90:22:b7:dd:b0:dc:80:46:d9:
         ea:52:cd:5d:4b:95:df:0c:79:5f:22:45:3d:e0:56:86:20:4e:
         40:0d:07:a1:1d:aa:2a:61:54:cf:6d:75:0d:9f:af:ac:e4:c5:
         6a:bb:70:ca:a4:07:55:13:9d:db:29:fd:e4:1b:b2:9f:7e:22:
         11:4d:01:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFGj6nr1BicqfMCd9baQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZjQ3Yzk4NDQwZjEwMzgyNWM4ZWE1MDc0Mjk4YjE4Y2Mx
MTNlMjAwHhcNMjQwMTAxMTIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWJjZGYwZDc0ODRkOTUwOTA1MzU0MmVmYzA5MGQwMDM0OGE0YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6mRJiEPbqUo682Fa1hk57mwTkFR
1Er9BBbnNYe0rGRw1+i5GmNvTAp49O8a01iJLZq1yQuwK7RwVqE3VIfIKuADJ99C
v3kP0W5CkAjf4Fm6K/ujHntofcTRORNLA/a1cIVJhvJd6kqZf9gFqC68ioJwE1gB
CyKnp08b2L4TiNTPzbLZzoO0+CCQrk8mZV1CzoyfM2MdQNykKNKDMJEpotvhR2sp
qrL8MrG/HfsDV/V8i5/tvR8kAfmbiHu/0clYksphpvKT+tp7B5mjMPHHU9GbfJHT
G99lorGuvvNm1UHoGRyK0M3wbXFlmeoUfepigVK1MSHUoDzF2n/hzvELZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPW83w10hNlQkFNULvwJDQA0ikupMB8GA1UdIwQY
MBaAFGT0fJhEDxA4JcjqUHQpixjMET4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYt
Mzg0NDc4NTVkNjY5LzEvOWJ6ZkRYU0UyVkNRVTFRdV9Ba05BRFNLUzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYtMzg0NDc4NTVkNjY5
LzEvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQO/MA0G
CSqGSIb3DQEBCwUAA4IBAQAUHfyhRqWn3SGIGGsIKlpBpJtSD0RkheGxs9j7aZJY
tPQyrV8gAIIxZXBqzJ0WvQTFQJtfU3cVFcJ5YOkTOv65hHy7vbCUfiSfpWV+VwO2
ALdg3lT8sLhlqM4zKKwnz2yqG51rue9dofXiJOnts282zh0GbaZbQ8yZye4CX0yf
Bc/9wjy97O0qLaoMwCay+r5xJMH72BLE90d1fLUMdAPMZL6G4VMQsN14gBGN18z/
KUGvlIrn7umpamdsMDeQIrfdsNyARtnqUs1dS5XfDHlfIkU94FaGIE5ADQehHaoq
YVTPbXUNn6+s5MVqu3DKpAdVE53bKf3kG7KffiIRTQGb
-----END CERTIFICATE-----