Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/9BZxv9PxQ67eDr_cobSorbir-Wc.roa
File:                     9BZxv9PxQ67eDr_cobSorbir-Wc.roa (raw, json)
Hash identifier:          AUfVZFmzpQtPTYfocoC9fYj6GmO02RAerbXSPp5Qr4M=
Subject key identifier:   F4:16:71:BF:D3:F1:43:AE:DE:0E:BF:DC:A1:B4:A8:AD:B8:AB:F9:67
Certificate issuer:       /CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
Certificate serial:       018CC7933F37B1DD1A257F4BB08A4F0A1272
Authority key identifier: E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/9BZxv9PxQ67eDr_cobSorbir-Wc.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60239
IP address blocks:        185.34.202.0/24 maxlen: 24
                          2a04:5ec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3f:37:b1:dd:1a:25:7f:4b:b0:8a:4f:0a:12:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e74c290b5bccdb7de5383ee45ba615d2f306761f
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41671bfd3f143aede0ebfdca1b4a8adb8abf967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8f:cf:c4:72:67:0c:61:24:57:a5:4b:03:0d:
                    d1:11:b3:bf:a1:90:52:3f:2c:a4:e2:6c:40:37:cd:
                    02:d5:b3:b9:4c:e1:ab:3b:f0:25:b2:44:c8:e0:71:
                    86:7d:ed:ec:72:33:64:16:43:f1:10:3e:17:48:b4:
                    95:30:f6:8a:7c:07:7a:7f:9a:db:cc:d8:dd:c4:1c:
                    89:3e:aa:fb:11:63:b2:78:d3:47:53:8e:08:85:c9:
                    ea:53:67:27:0e:ed:26:61:38:e6:16:ad:f6:c7:75:
                    f0:3b:12:62:20:ea:ad:06:53:f7:49:7b:9f:6a:db:
                    44:d1:bf:b1:9d:93:a5:59:09:51:ac:a6:b0:0d:33:
                    96:35:9c:83:d5:bf:be:f7:ec:78:c6:44:14:17:e3:
                    e0:9d:74:c7:7d:c3:9f:8c:a7:f2:94:44:10:96:35:
                    3e:ec:ee:25:98:a4:2e:21:a8:4e:c6:c5:7f:d7:e2:
                    5d:16:c4:8a:11:10:89:57:07:b3:8f:10:4b:29:41:
                    ca:6c:18:18:6f:0c:a7:38:36:75:84:36:fc:0d:66:
                    f1:d4:1d:e4:6c:a3:ca:dd:37:65:14:83:44:94:47:
                    2f:2d:cc:f3:68:98:ff:61:57:ea:c3:64:4f:05:29:
                    f0:ce:95:92:07:22:45:0d:29:0c:f1:5d:b2:1c:ef:
                    2c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:16:71:BF:D3:F1:43:AE:DE:0E:BF:DC:A1:B4:A8:AD:B8:AB:F9:67
            X509v3 Authority Key Identifier:
                keyid:E7:4C:29:0B:5B:CC:DB:7D:E5:38:3E:E4:5B:A6:15:D2:F3:06:76:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50wpC1vM233lOD7kW6YV0vMGdh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/9BZxv9PxQ67eDr_cobSorbir-Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/222376-5cf6-4978-a8a3-d741fb273116/1/50wpC1vM233lOD7kW6YV0vMGdh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.202.0/24
                IPv6:
                  2a04:5ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:bd:e8:a2:48:8e:43:46:ed:ea:ff:58:ed:be:e6:1f:6f:be:
         40:ac:26:0e:5a:f0:9b:1d:d9:d1:9a:bc:c0:03:00:03:ae:a1:
         f9:9c:2b:3b:3f:36:89:9f:08:65:e9:9d:ef:b4:40:f7:a7:4e:
         7f:20:c6:5d:1a:a5:bb:ec:fc:2d:41:ba:86:51:6d:87:c1:30:
         7e:73:b0:28:e9:44:30:05:20:06:a4:88:ab:7e:6b:bc:c5:a5:
         e6:47:53:89:01:df:96:c5:ee:08:37:82:6a:dc:4e:8c:c9:df:
         7c:15:40:5e:41:78:44:18:dd:da:e3:e7:c5:50:f3:ff:54:a2:
         be:2d:3c:4b:4f:46:f7:8f:64:fc:66:5d:90:7a:24:04:e7:36:
         90:a5:9f:b0:a0:82:cc:f8:34:55:ba:5c:f0:fe:73:91:b2:68:
         7b:e1:80:89:02:f3:bd:c8:da:c2:9d:9c:82:af:40:5a:ba:a9:
         eb:cd:ec:41:3e:7e:17:ab:3d:07:dd:12:1a:ca:94:45:e4:7b:
         29:b7:61:0f:3c:4d:a8:8a:da:ae:23:03:77:04:fa:e9:81:19:
         7f:b8:43:68:be:0a:72:a9:23:77:3d:27:86:94:a0:8c:81:60:
         b9:2c:39:5e:85:d7:15:13:01:71:66:cd:5a:83:7f:e5:7d:12:
         41:24:2d:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHkz83sd0aJX9LsIpPChJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NGMyOTBiNWJjY2RiN2RlNTM4M2VlNDViYTYxNWQyZjMw
Njc2MWYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE2NzFiZmQzZjE0M2FlZGUwZWJmZGNhMWI0YThhZGI4YWJmOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY/PxHJnDGEkV6VLAw3REbO/oZBS
Pyyk4mxAN80C1bO5TOGrO/AlskTI4HGGfe3scjNkFkPxED4XSLSVMPaKfAd6f5rb
zNjdxByJPqr7EWOyeNNHU44IhcnqU2cnDu0mYTjmFq32x3XwOxJiIOqtBlP3SXuf
attE0b+xnZOlWQlRrKawDTOWNZyD1b++9+x4xkQUF+PgnXTHfcOfjKfylEQQljU+
7O4lmKQuIahOxsV/1+JdFsSKERCJVwezjxBLKUHKbBgYbwynODZ1hDb8DWbx1B3k
bKPK3TdlFINElEcvLczzaJj/YVfqw2RPBSnwzpWSByJFDSkM8V2yHO8sXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPQWcb/T8UOu3g6/3KG0qK24q/lnMB8GA1UdIwQY
MBaAFOdMKQtbzNt95Tg+5FumFdLzBnYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMt
ZDc0MWZiMjczMTE2LzEvOUJaeHY5UHhRNjdlRHJfY29iU29yYmlyLVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8yMjIzNzYtNWNmNi00OTc4LWE4YTMtZDc0MWZiMjczMTE2
LzEvNTB3cEMxdk0yMzNsT0Q3a1c2WVYwdk1HZGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSLKMA0E
AgACMAcDBQMqBF7AMA0GCSqGSIb3DQEBCwUAA4IBAQCfveiiSI5DRu3q/1jtvuYf
b75ArCYOWvCbHdnRmrzAAwADrqH5nCs7PzaJnwhl6Z3vtED3p05/IMZdGqW77Pwt
QbqGUW2HwTB+c7Ao6UQwBSAGpIirfmu8xaXmR1OJAd+Wxe4IN4Jq3E6Myd98FUBe
QXhEGN3a4+fFUPP/VKK+LTxLT0b3j2T8Zl2QeiQE5zaQpZ+woILM+DRVulzw/nOR
smh74YCJAvO9yNrCnZyCr0BauqnrzexBPn4Xqz0H3RIaypRF5Hspt2EPPE2oitqu
IwN3BPrpgRl/uENovgpyqSN3PSeGlKCMgWC5LDlehdcVEwFxZs1ag3/lfRJBJC0h
-----END CERTIFICATE-----