Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/wYfHdL-XH7LF5SGVgMP-qXtKpM4.roa
File:                     wYfHdL-XH7LF5SGVgMP-qXtKpM4.roa (raw, json)
Hash identifier:          kwFaH+14/fqrQcJWuG9v/9Mjt2QxzkzARnFdk9ZonjM=
Subject key identifier:   C1:87:C7:74:BF:97:1F:B2:C5:E5:21:95:80:C3:FE:A9:7B:4A:A4:CE
Certificate issuer:       /CN=7d2a01224b1da86480cfecbcb6c52df9812968e8
Certificate serial:       018CC8709FEFA08B033664B4021BC3F78D22
Authority key identifier: 7D:2A:01:22:4B:1D:A8:64:80:CF:EC:BC:B6:C5:2D:F9:81:29:68:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/wYfHdL-XH7LF5SGVgMP-qXtKpM4.roa
Signing time:             Tue 02 Jan 2024 04:31:13 +0000
ROA not before:           Tue 02 Jan 2024 04:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43023
IP address blocks:        185.187.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:9f:ef:a0:8b:03:36:64:b4:02:1b:c3:f7:8d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d2a01224b1da86480cfecbcb6c52df9812968e8
        Validity
            Not Before: Jan  2 04:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c187c774bf971fb2c5e5219580c3fea97b4aa4ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:28:43:94:3c:88:aa:00:3d:2a:4b:1a:a3:8d:
                    76:5b:75:8a:dc:d0:30:93:8d:a7:a2:05:e0:a1:d4:
                    c2:c3:6b:36:b8:d5:11:d6:c9:6c:0a:a4:93:28:e0:
                    0e:37:62:7e:ba:8b:44:86:0e:1f:28:15:f8:f0:11:
                    a7:6d:16:49:b8:08:d4:b4:3c:91:0b:e6:24:15:fb:
                    42:2a:6c:2e:24:df:a0:3e:1f:6d:ea:d0:5b:73:5e:
                    c6:fe:c4:3a:ee:85:31:8b:49:d7:94:85:13:1b:62:
                    7e:ea:a5:42:4d:08:14:65:87:cc:8a:29:d4:12:35:
                    7d:1d:aa:8d:85:f7:73:45:a9:1f:ac:e3:e2:4a:a7:
                    78:23:04:f7:7f:f1:fe:d5:db:b7:3a:76:c6:92:02:
                    11:06:25:e3:2f:6c:32:ea:57:b4:0e:e6:2f:2e:22:
                    4d:e9:43:3b:f6:c5:73:f4:78:85:51:b1:24:cc:81:
                    2d:f2:71:3e:b6:23:84:ee:1f:e4:4c:ac:fc:cc:05:
                    0d:44:8f:95:29:09:84:7c:cf:58:57:97:c1:c0:17:
                    f5:83:8d:d2:f8:9d:c3:b2:81:b7:56:db:42:30:14:
                    a2:50:01:d9:7a:6f:11:84:bf:6f:ad:0a:d1:db:dd:
                    8e:ba:39:a5:10:26:40:71:4f:8a:d3:e5:f3:19:fa:
                    5b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:87:C7:74:BF:97:1F:B2:C5:E5:21:95:80:C3:FE:A9:7B:4A:A4:CE
            X509v3 Authority Key Identifier:
                keyid:7D:2A:01:22:4B:1D:A8:64:80:CF:EC:BC:B6:C5:2D:F9:81:29:68:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fSoBIksdqGSAz-y8tsUt-YEpaOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/wYfHdL-XH7LF5SGVgMP-qXtKpM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/c41f77-b6a2-4494-a074-4fae84fa158e/1/fSoBIksdqGSAz-y8tsUt-YEpaOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e9:45:01:53:8b:20:f0:81:af:89:a0:7c:42:41:81:99:4e:
         ec:46:9c:36:f8:78:e4:85:54:1d:75:35:69:2a:a1:72:88:f6:
         07:0a:5e:80:1c:ea:46:8a:38:f3:61:e2:80:71:20:6b:f7:00:
         9c:e3:88:26:66:a9:5a:44:7f:89:a3:9c:1e:9f:5c:29:37:c1:
         2c:dd:8d:59:36:83:c2:49:6e:fd:ec:da:bd:95:8d:61:8a:12:
         7a:94:8a:34:65:b7:fe:e8:13:56:92:ad:bc:5f:83:9d:e6:23:
         22:05:ee:6e:e2:d8:82:38:28:d3:28:52:9f:42:c1:e0:bd:9c:
         7e:b2:fa:ac:5d:6c:f9:15:a2:84:89:0e:a8:dc:fb:b9:c6:62:
         f4:c2:50:b6:14:c9:c2:f9:6c:10:1c:41:ca:b8:6e:b4:ff:9a:
         ad:16:1f:df:15:86:de:cc:0e:3c:39:e0:b0:8c:9f:11:44:ae:
         e4:d5:e8:c9:97:0a:29:2a:47:43:d3:db:cb:0c:87:3a:2a:06:
         73:0f:68:43:d1:92:09:d7:e9:42:ec:cd:c1:f7:28:7d:f3:0c:
         5c:02:b8:3f:a7:df:ad:b4:91:22:77:93:47:00:88:1c:5f:7d:
         a4:c3:5a:00:08:75:82:df:92:50:2d:69:30:85:d8:7f:5e:25:
         f4:83:6c:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJ/voIsDNmS0AhvD940iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMmEwMTIyNGIxZGE4NjQ4MGNmZWNiY2I2YzUyZGY5ODEy
OTY4ZTgwHhcNMjQwMTAyMDQzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTg3Yzc3NGJmOTcxZmIyYzVlNTIxOTU4MGMzZmVhOTdiNGFhNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyhDlDyIqgA9Kksao412W3WK3NAw
k42nogXgodTCw2s2uNUR1slsCqSTKOAON2J+uotEhg4fKBX48BGnbRZJuAjUtDyR
C+YkFftCKmwuJN+gPh9t6tBbc17G/sQ67oUxi0nXlIUTG2J+6qVCTQgUZYfMiinU
EjV9HaqNhfdzRakfrOPiSqd4IwT3f/H+1du3OnbGkgIRBiXjL2wy6le0DuYvLiJN
6UM79sVz9HiFUbEkzIEt8nE+tiOE7h/kTKz8zAUNRI+VKQmEfM9YV5fBwBf1g43S
+J3DsoG3VttCMBSiUAHZem8RhL9vrQrR292OujmlECZAcU+K0+XzGfpbLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGHx3S/lx+yxeUhlYDD/ql7SqTOMB8GA1UdIwQY
MBaAFH0qASJLHahkgM/svLbFLfmBKWjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlNvQklrc2RxR1NBei15OHRzVXQtWUVwYU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9jNDFmNzctYjZhMi00NDk0LWEwNzQt
NGZhZTg0ZmExNThlLzEvd1lmSGRMLVhIN0xGNVNHVmdNUC1xWHRLcE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9jNDFmNzctYjZhMi00NDk0LWEwNzQtNGZhZTg0ZmExNThl
LzEvZlNvQklrc2RxR1NBei15OHRzVXQtWUVwYU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubuKMA0G
CSqGSIb3DQEBCwUAA4IBAQAs6UUBU4sg8IGviaB8QkGBmU7sRpw2+HjkhVQddTVp
KqFyiPYHCl6AHOpGijjzYeKAcSBr9wCc44gmZqlaRH+Jo5wen1wpN8Es3Y1ZNoPC
SW797Nq9lY1hihJ6lIo0Zbf+6BNWkq28X4Od5iMiBe5u4tiCOCjTKFKfQsHgvZx+
svqsXWz5FaKEiQ6o3Pu5xmL0wlC2FMnC+WwQHEHKuG60/5qtFh/fFYbezA48OeCw
jJ8RRK7k1ejJlwopKkdD09vLDIc6KgZzD2hD0ZIJ1+lC7M3B9yh98wxcArg/p9+t
tJEid5NHAIgcX32kw1oACHWC35JQLWkwhdh/XiX0g2zc
-----END CERTIFICATE-----