Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/t_NfG1xZ6AYS8YaVfirBcomKsSc.roa
File:                     t_NfG1xZ6AYS8YaVfirBcomKsSc.roa (raw, json)
Hash identifier:          HLCn5IIm78OjdAbyeT5gTOtspdLp8AKngR0ZKfjO34g=
Subject key identifier:   B7:F3:5F:1B:5C:59:E8:06:12:F1:86:95:7E:2A:C1:72:89:8A:B1:27
Certificate issuer:       /CN=6d3006dcd289c47f9f58e128eb29757239144bb6
Certificate serial:       018D3C8D06CFFDAFF916A6447B3F33617D98
Authority key identifier: 6D:30:06:DC:D2:89:C4:7F:9F:58:E1:28:EB:29:75:72:39:14:4B:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/t_NfG1xZ6AYS8YaVfirBcomKsSc.roa
Signing time:             Wed 24 Jan 2024 17:38:11 +0000
ROA not before:           Wed 24 Jan 2024 17:38:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204778
IP address blocks:        185.120.141.0/24 maxlen: 24
                          2a13:2180::/29 maxlen: 29
                          2a13:2180::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:8d:06:cf:fd:af:f9:16:a6:44:7b:3f:33:61:7d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d3006dcd289c47f9f58e128eb29757239144bb6
        Validity
            Not Before: Jan 24 17:38:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7f35f1b5c59e80612f186957e2ac172898ab127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:60:4d:6e:c2:a8:b6:04:3b:16:99:c3:e7:d7:
                    fd:a0:40:91:55:e7:5d:15:87:51:a8:db:7b:2c:ad:
                    1c:c8:b0:04:b8:62:9d:40:ad:c9:60:50:a0:37:55:
                    ed:8b:b7:f9:01:2a:92:13:66:4a:0c:12:c8:cd:e4:
                    12:1b:55:58:7f:b7:c3:c6:8f:ed:b7:f0:de:94:b6:
                    3e:f3:bd:96:2d:d6:ca:65:f8:d3:bf:0a:63:cb:9d:
                    71:52:1c:d4:16:dc:88:50:6a:92:e4:1e:39:bb:bb:
                    9e:6f:81:13:82:60:97:dd:63:2a:97:c4:3c:f0:e6:
                    0d:a4:35:e8:b4:5e:85:34:81:ef:8d:51:64:52:52:
                    78:0d:a8:7d:fc:40:f9:44:2f:8b:6f:70:a1:4a:80:
                    44:14:96:9d:58:fe:e2:77:84:65:51:e0:75:34:a1:
                    82:cf:53:4b:ac:51:ec:99:66:09:93:48:a3:b9:7a:
                    df:26:da:4d:58:5a:b0:fb:24:bc:3c:51:c2:cd:49:
                    70:c3:fa:7e:c6:60:ff:fc:99:79:b5:ad:ce:3b:38:
                    14:66:8a:f7:dd:ad:6e:a1:37:70:ca:2a:54:0a:47:
                    8d:78:cf:04:69:a2:f7:71:b6:2a:2e:16:6e:9b:3f:
                    4c:13:3c:bb:cb:73:12:a2:a0:c8:78:ed:82:ba:c2:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F3:5F:1B:5C:59:E8:06:12:F1:86:95:7E:2A:C1:72:89:8A:B1:27
            X509v3 Authority Key Identifier:
                keyid:6D:30:06:DC:D2:89:C4:7F:9F:58:E1:28:EB:29:75:72:39:14:4B:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/t_NfG1xZ6AYS8YaVfirBcomKsSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf9e51-cc2b-4ff4-86ac-2f7e52fb8bd3/1/bTAG3NKJxH-fWOEo6yl1cjkUS7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.141.0/24
                IPv6:
                  2a13:2180::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:12:0d:34:64:f7:80:12:f7:9f:01:e4:0b:57:2f:f7:96:73:
         80:41:ac:b2:6d:69:c0:0c:b4:68:a3:16:5d:5d:0e:de:39:f6:
         89:dc:f1:78:e3:d7:db:3e:0e:be:65:ef:2c:93:b3:94:9e:82:
         7d:b6:a3:46:e8:a4:97:e9:41:92:76:26:1d:e4:8d:83:3a:0e:
         57:c0:d2:d7:be:d4:52:df:f1:ab:a2:4a:e3:cf:bd:dc:14:ee:
         36:7d:59:c4:df:88:ec:c3:54:14:1a:f2:96:3f:ac:85:42:c1:
         62:c8:64:bd:73:78:7c:79:1f:e4:09:f2:e9:a4:04:fb:df:16:
         62:09:e7:f5:97:e4:76:a8:10:a2:76:d0:9e:29:db:74:7f:1c:
         98:1c:db:dd:f9:00:cb:67:59:c9:48:80:2b:4b:93:39:0b:79:
         7b:20:b0:db:b0:84:6f:48:76:31:3c:0a:87:a4:b8:b5:76:c7:
         bc:3c:43:b7:ac:59:d0:12:75:a4:af:a2:f6:22:c0:99:e5:7f:
         c0:41:ae:df:dc:72:9d:48:d6:d1:aa:8c:b5:24:cc:f8:47:6f:
         91:7a:ac:15:55:fd:7c:7f:9c:2b:45:a4:96:8d:3e:1d:73:11:
         b4:a3:9a:cb:20:fb:73:8b:96:a6:b4:cc:95:28:4e:07:a5:ad:
         5f:cf:ef:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY08jQbP/a/5FqZEez8zYX2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzAwNmRjZDI4OWM0N2Y5ZjU4ZTEyOGViMjk3NTcyMzkx
NDRiYjYwHhcNMjQwMTI0MTczODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2YzNWYxYjVjNTllODA2MTJmMTg2OTU3ZTJhYzE3Mjg5OGFiMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmBNbsKotgQ7FpnD59f9oECRVedd
FYdRqNt7LK0cyLAEuGKdQK3JYFCgN1Xti7f5ASqSE2ZKDBLIzeQSG1VYf7fDxo/t
t/DelLY+872WLdbKZfjTvwpjy51xUhzUFtyIUGqS5B45u7ueb4ETgmCX3WMql8Q8
8OYNpDXotF6FNIHvjVFkUlJ4Dah9/ED5RC+Lb3ChSoBEFJadWP7id4RlUeB1NKGC
z1NLrFHsmWYJk0ijuXrfJtpNWFqw+yS8PFHCzUlww/p+xmD//Jl5ta3OOzgUZor3
3a1uoTdwyipUCkeNeM8EaaL3cbYqLhZumz9MEzy7y3MSoqDIeO2CusLsoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfzXxtcWegGEvGGlX4qwXKJirEnMB8GA1UdIwQY
MBaAFG0wBtzSicR/n1jhKOspdXI5FEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRBRzNOS0p4SC1mV09FbzZ5bDFjamtVUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9iZjllNTEtY2MyYi00ZmY0LTg2YWMt
MmY3ZTUyZmI4YmQzLzEvdF9OZkcxeFo2QVlTOFlhVmZpckJjb21Lc1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9iZjllNTEtY2MyYi00ZmY0LTg2YWMtMmY3ZTUyZmI4YmQz
LzEvYlRBRzNOS0p4SC1mV09FbzZ5bDFjamtVUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXiNMA0E
AgACMAcDBQMqEyGAMA0GCSqGSIb3DQEBCwUAA4IBAQBgEg00ZPeAEvefAeQLVy/3
lnOAQayybWnADLRooxZdXQ7eOfaJ3PF449fbPg6+Ze8sk7OUnoJ9tqNG6KSX6UGS
diYd5I2DOg5XwNLXvtRS3/Grokrjz73cFO42fVnE34jsw1QUGvKWP6yFQsFiyGS9
c3h8eR/kCfLppAT73xZiCef1l+R2qBCidtCeKdt0fxyYHNvd+QDLZ1nJSIArS5M5
C3l7ILDbsIRvSHYxPAqHpLi1dse8PEO3rFnQEnWkr6L2IsCZ5X/AQa7f3HKdSNbR
qoy1JMz4R2+ReqwVVf18f5wrRaSWjT4dcxG0o5rLIPtzi5amtMyVKE4Hpa1fz+83
-----END CERTIFICATE-----