Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/bcnXeI3HPbT9tqeLu2MyQifRtNA.roa
File:                     bcnXeI3HPbT9tqeLu2MyQifRtNA.roa (raw, json)
Hash identifier:          xyLl5upVi7OYqR9KMSg2D+sX2GokIKwYHuQj3xDQIEY=
Subject key identifier:   6D:C9:D7:78:8D:C7:3D:B4:FD:B6:A7:8B:BB:63:32:42:27:D1:B4:D0
Certificate issuer:       /CN=e378a94b9964ea5e9f8b05938702ba58316b500f
Certificate serial:       018CC56EFFA169B457E6B3EF1ED0C542D0AA
Authority key identifier: E3:78:A9:4B:99:64:EA:5E:9F:8B:05:93:87:02:BA:58:31:6B:50:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/43ipS5lk6l6fiwWThwK6WDFrUA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/bcnXeI3HPbT9tqeLu2MyQifRtNA.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50057
IP address blocks:        185.161.112.0/24 maxlen: 24
                          185.161.113.0/24 maxlen: 24
                          185.161.114.0/24 maxlen: 24
                          185.161.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/43ipS5lk6l6fiwWThwK6WDFrUA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/43ipS5lk6l6fiwWThwK6WDFrUA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/43ipS5lk6l6fiwWThwK6WDFrUA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ff:a1:69:b4:57:e6:b3:ef:1e:d0:c5:42:d0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e378a94b9964ea5e9f8b05938702ba58316b500f
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dc9d7788dc73db4fdb6a78bbb63324227d1b4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e8:e8:55:06:8d:70:c9:92:8f:43:30:a3:a8:
                    09:83:74:0a:ee:8f:40:e8:c5:cd:b9:e5:c7:e8:14:
                    4f:cb:6c:27:32:82:c5:8e:f8:8e:25:3b:b7:c9:7c:
                    f0:28:b2:f8:51:bd:e4:da:0b:bd:94:a6:5c:7a:7e:
                    5e:32:d0:e6:64:1a:2c:b2:00:6e:2b:c9:be:91:19:
                    11:49:60:c3:5b:7d:0f:59:66:fb:3b:06:2b:50:79:
                    b1:17:61:5b:a6:4e:38:c3:d3:b6:ae:27:20:78:a3:
                    97:da:a5:5f:a0:2d:68:19:ab:eb:9e:7d:64:a3:c6:
                    0c:d1:4f:21:ce:f1:f2:bf:86:cc:0a:19:f6:d3:c1:
                    a3:38:6b:e1:8e:1b:6e:a6:60:fa:23:d4:48:39:84:
                    82:52:50:15:1e:49:66:c8:60:c2:d4:d4:66:f5:84:
                    b5:d5:1c:33:df:3a:b0:b4:f4:33:ff:08:1e:97:fa:
                    1b:6d:63:30:af:3f:07:f8:96:66:9e:87:30:d9:1c:
                    a1:00:46:7e:02:5a:2f:c2:4b:ea:b6:52:c0:1c:35:
                    50:74:76:33:71:56:c9:89:6b:9b:76:00:19:36:f1:
                    21:da:0b:dd:78:52:2f:1b:ee:57:db:9f:5c:a7:7b:
                    e1:59:f4:32:92:bb:a3:d2:8a:36:28:c2:b6:bb:5d:
                    b9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C9:D7:78:8D:C7:3D:B4:FD:B6:A7:8B:BB:63:32:42:27:D1:B4:D0
            X509v3 Authority Key Identifier:
                keyid:E3:78:A9:4B:99:64:EA:5E:9F:8B:05:93:87:02:BA:58:31:6B:50:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/43ipS5lk6l6fiwWThwK6WDFrUA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/bcnXeI3HPbT9tqeLu2MyQifRtNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6a5e8c-d831-41e3-84e5-f42176cd0445/1/43ipS5lk6l6fiwWThwK6WDFrUA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:03:fe:c9:20:c5:f2:92:ae:2f:5c:10:3a:e9:64:41:2a:c3:
         52:cc:6c:b6:73:48:ea:9f:36:89:48:b1:44:65:16:5d:96:ff:
         89:f2:49:0f:f8:ec:ba:65:29:0b:b7:a0:ac:37:b3:f9:f4:1d:
         29:2f:ce:0b:62:db:ef:0e:4e:d0:e8:d0:e6:65:e7:3c:c8:25:
         c1:9a:4f:66:25:41:b7:43:c5:0f:fd:2d:d8:70:4c:b6:e7:18:
         35:90:35:5d:08:f0:44:9d:b4:40:4e:7a:0d:22:d8:ce:37:22:
         6c:12:66:39:14:96:00:0c:75:8e:a0:2f:59:54:03:02:4f:04:
         55:41:c8:a9:ce:18:75:0c:83:9e:f8:11:f9:a8:46:43:62:b8:
         b7:de:1a:90:20:c5:b2:01:bb:df:46:9d:53:ce:ae:e2:2c:66:
         01:02:e9:65:55:73:79:75:9b:47:85:cc:90:6c:db:ca:3b:09:
         b8:83:34:78:0c:f3:8d:32:4c:7d:98:d7:f0:25:6b:a1:a4:75:
         12:c9:09:a2:b6:4c:6f:15:5e:88:67:1a:c3:49:5b:18:3c:49:
         3c:e5:47:03:aa:c2:9a:e3:9a:30:ec:86:8d:b9:39:15:e6:8f:
         4f:3d:56:9d:2a:a4:d0:8d:3e:80:5e:b0:92:4e:b8:b0:12:b8:
         8e:75:81:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv+habRX5rPvHtDFQtCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNzhhOTRiOTk2NGVhNWU5ZjhiMDU5Mzg3MDJiYTU4MzE2
YjUwMGYwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGM5ZDc3ODhkYzczZGI0ZmRiNmE3OGJiYjYzMzI0MjI3ZDFiNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOjoVQaNcMmSj0Mwo6gJg3QK7o9A
6MXNueXH6BRPy2wnMoLFjviOJTu3yXzwKLL4Ub3k2gu9lKZcen5eMtDmZBossgBu
K8m+kRkRSWDDW30PWWb7OwYrUHmxF2Fbpk44w9O2ricgeKOX2qVfoC1oGavrnn1k
o8YM0U8hzvHyv4bMChn208GjOGvhjhtupmD6I9RIOYSCUlAVHklmyGDC1NRm9YS1
1Rwz3zqwtPQz/wgel/obbWMwrz8H+JZmnocw2RyhAEZ+AlovwkvqtlLAHDVQdHYz
cVbJiWubdgAZNvEh2gvdeFIvG+5X259cp3vhWfQykruj0oo2KMK2u125UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3J13iNxz20/bani7tjMkIn0bTQMB8GA1UdIwQY
MBaAFON4qUuZZOpen4sFk4cCulgxa1APMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDNpcFM1bGs2bDZmaXdXVGh3SzZXREZyVUE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy82YTVlOGMtZDgzMS00MWUzLTg0ZTUt
ZjQyMTc2Y2QwNDQ1LzEvYmNuWGVJM0hQYlQ5dHFlTHUyTXlRaWZSdE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy82YTVlOGMtZDgzMS00MWUzLTg0ZTUtZjQyMTc2Y2QwNDQ1
LzEvNDNpcFM1bGs2bDZmaXdXVGh3SzZXREZyVUE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaFwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+A/7JIMXykq4vXBA66WRBKsNSzGy2c0jqnzaJSLFE
ZRZdlv+J8kkP+Oy6ZSkLt6CsN7P59B0pL84LYtvvDk7Q6NDmZec8yCXBmk9mJUG3
Q8UP/S3YcEy25xg1kDVdCPBEnbRATnoNItjONyJsEmY5FJYADHWOoC9ZVAMCTwRV
Qcipzhh1DIOe+BH5qEZDYri33hqQIMWyAbvfRp1Tzq7iLGYBAullVXN5dZtHhcyQ
bNvKOwm4gzR4DPONMkx9mNfwJWuhpHUSyQmitkxvFV6IZxrDSVsYPEk85UcDqsKa
45ow7IaNuTkV5o9PPVadKqTQjT6AXrCSTriwEriOdYE5
-----END CERTIFICATE-----