Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/AbUXlXa8JK9FAQDaiXpgaCZN7NQ.roa
File:                     AbUXlXa8JK9FAQDaiXpgaCZN7NQ.roa (raw, json)
Hash identifier:          G6GSPB355o9ZAww+hKSCzHz5thM7bCCKYxzzHgNE/K4=
Subject key identifier:   01:B5:17:95:76:BC:24:AF:45:01:00:DA:89:7A:60:68:26:4D:EC:D4
Certificate issuer:       /CN=9ea1e7e2f8f317759f3468fd815bf14eb36e21c8
Certificate serial:       018CC9BBE6527DC518614012D7C05D1BB6CF
Authority key identifier: 9E:A1:E7:E2:F8:F3:17:75:9F:34:68:FD:81:5B:F1:4E:B3:6E:21:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nqHn4vjzF3WfNGj9gVvxTrNuIcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/AbUXlXa8JK9FAQDaiXpgaCZN7NQ.roa
Signing time:             Tue 02 Jan 2024 10:33:03 +0000
ROA not before:           Tue 02 Jan 2024 10:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199356
IP address blocks:        185.18.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/nqHn4vjzF3WfNGj9gVvxTrNuIcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/nqHn4vjzF3WfNGj9gVvxTrNuIcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nqHn4vjzF3WfNGj9gVvxTrNuIcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e6:52:7d:c5:18:61:40:12:d7:c0:5d:1b:b6:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ea1e7e2f8f317759f3468fd815bf14eb36e21c8
        Validity
            Not Before: Jan  2 10:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01b5179576bc24af450100da897a6068264decd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7a:0b:99:d4:a9:02:81:06:0d:82:27:5e:71:
                    c1:f3:c2:b8:81:56:12:b6:4e:30:79:39:a8:34:89:
                    5a:91:00:f4:77:16:fe:f2:51:12:9f:bf:23:bc:c2:
                    fc:b8:32:18:0a:0f:f8:b2:9e:30:82:86:a0:13:78:
                    62:06:8a:f5:1e:ec:04:56:5c:16:59:7d:4b:55:db:
                    6f:9b:30:68:ef:2a:c6:d4:fe:6d:6b:af:dd:5b:e5:
                    16:82:ca:d1:5c:95:84:4c:ca:47:94:ae:28:fa:91:
                    a5:f3:bb:e1:17:05:f0:ad:48:82:46:00:99:d7:45:
                    8f:4b:0c:48:da:f1:6a:40:19:8f:92:3d:76:61:e2:
                    70:59:2c:1e:82:5d:43:e1:14:97:9e:37:97:7e:b5:
                    6a:99:2a:6e:24:f1:fe:9b:4d:6a:21:74:4c:b5:65:
                    f1:40:6f:69:2a:21:4e:35:4e:06:a5:42:9e:cf:f1:
                    8c:c3:d6:f9:d8:6c:89:59:65:1c:a0:ab:8e:eb:af:
                    db:c5:2a:63:df:7a:bf:b9:39:4c:a0:16:55:df:ce:
                    81:de:38:cf:52:cb:00:d7:19:43:44:2b:b8:20:d6:
                    01:88:ed:7d:22:30:02:75:23:ce:35:6b:7a:1f:7f:
                    f6:c8:bd:40:ac:05:cd:fc:e5:dd:2e:78:44:e6:b0:
                    46:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B5:17:95:76:BC:24:AF:45:01:00:DA:89:7A:60:68:26:4D:EC:D4
            X509v3 Authority Key Identifier:
                keyid:9E:A1:E7:E2:F8:F3:17:75:9F:34:68:FD:81:5B:F1:4E:B3:6E:21:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nqHn4vjzF3WfNGj9gVvxTrNuIcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/AbUXlXa8JK9FAQDaiXpgaCZN7NQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba3577-ccb3-4ea6-8368-7458608f8d99/1/nqHn4vjzF3WfNGj9gVvxTrNuIcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:0c:7c:e9:8f:3e:36:f2:0e:9b:4a:f4:cf:36:24:b9:a8:18:
         62:57:d9:a3:0d:e4:e7:d2:13:1f:78:91:7f:d2:cc:e4:58:d9:
         51:88:84:f5:f4:13:8e:ab:a2:47:f2:d1:2b:20:6d:7a:35:80:
         d7:da:d9:52:1d:64:04:9a:cb:9c:6c:94:96:81:d8:fb:80:0d:
         0b:1f:4e:44:56:da:be:a0:b3:2f:89:7f:65:a2:58:02:ba:d2:
         5b:f6:de:d0:08:95:29:59:f0:7f:56:80:cb:7e:6b:f0:e6:b6:
         44:86:3d:37:8e:bd:68:0a:14:bc:ad:2d:f9:d5:9b:fc:5a:c6:
         80:67:c7:66:eb:e1:3b:34:a3:4f:76:be:2f:39:ea:1e:f7:2e:
         06:ef:91:2e:d2:e3:75:57:86:66:29:88:04:ff:c4:fd:f0:1a:
         7c:86:9f:58:48:e5:9e:6e:e5:ab:1a:95:a8:6e:b6:f2:88:f9:
         34:ed:5c:74:1c:40:33:0c:24:79:f4:06:fe:50:d5:00:19:5b:
         84:63:6a:4d:06:06:11:30:92:77:c4:6a:38:24:2e:f0:29:e7:
         1f:34:ec:df:17:ac:ac:5f:8f:c1:07:d9:14:c4:ac:5b:f7:02:
         36:b1:9d:f0:6d:c6:0c:3c:79:b5:92:6c:ad:a1:1d:5e:b7:5e:
         59:19:9f:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+ZSfcUYYUAS18BdG7bPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYTFlN2UyZjhmMzE3NzU5ZjM0NjhmZDgxNWJmMTRlYjM2
ZTIxYzgwHhcNMjQwMTAyMTAzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWI1MTc5NTc2YmMyNGFmNDUwMTAwZGE4OTdhNjA2ODI2NGRlY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonoLmdSpAoEGDYInXnHB88K4gVYS
tk4weTmoNIlakQD0dxb+8lESn78jvML8uDIYCg/4sp4wgoagE3hiBor1HuwEVlwW
WX1LVdtvmzBo7yrG1P5ta6/dW+UWgsrRXJWETMpHlK4o+pGl87vhFwXwrUiCRgCZ
10WPSwxI2vFqQBmPkj12YeJwWSwegl1D4RSXnjeXfrVqmSpuJPH+m01qIXRMtWXx
QG9pKiFONU4GpUKez/GMw9b52GyJWWUcoKuO66/bxSpj33q/uTlMoBZV386B3jjP
UssA1xlDRCu4INYBiO19IjACdSPONWt6H3/2yL1ArAXN/OXdLnhE5rBGNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG1F5V2vCSvRQEA2ol6YGgmTezUMB8GA1UdIwQY
MBaAFJ6h5+L48xd1nzRo/YFb8U6zbiHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnFIbjR2anpGM1dmTkdqOWdWdnhUck51SWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYTM1NzctY2NiMy00ZWE2LTgzNjgt
NzQ1ODYwOGY4ZDk5LzEvQWJVWGxYYThKSzlGQVFEYWlYcGdhQ1pON05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYTM1NzctY2NiMy00ZWE2LTgzNjgtNzQ1ODYwOGY4ZDk5
LzEvbnFIbjR2anpGM1dmTkdqOWdWdnhUck51SWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRJEMA0G
CSqGSIb3DQEBCwUAA4IBAQB9DHzpjz428g6bSvTPNiS5qBhiV9mjDeTn0hMfeJF/
0szkWNlRiIT19BOOq6JH8tErIG16NYDX2tlSHWQEmsucbJSWgdj7gA0LH05EVtq+
oLMviX9lolgCutJb9t7QCJUpWfB/VoDLfmvw5rZEhj03jr1oChS8rS351Zv8WsaA
Z8dm6+E7NKNPdr4vOeoe9y4G75Eu0uN1V4ZmKYgE/8T98Bp8hp9YSOWebuWrGpWo
brbyiPk07Vx0HEAzDCR59Ab+UNUAGVuEY2pNBgYRMJJ3xGo4JC7wKecfNOzfF6ys
X4/BB9kUxKxb9wI2sZ3wbcYMPHm1kmytoR1et15ZGZ/X
-----END CERTIFICATE-----