Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/c6oLRU66wrhSElShcpzyrYmVC9s.roa
File:                     c6oLRU66wrhSElShcpzyrYmVC9s.roa (raw, json)
Hash identifier:          bDum4vF00woux8f1xRWLlY0Rp9GNvV1NMSlcWnz16BE=
Subject key identifier:   73:AA:0B:45:4E:BA:C2:B8:52:12:54:A1:72:9C:F2:AD:89:95:0B:DB
Certificate issuer:       /CN=36e7cfdd129193e219c370121ca16250e429b58b
Certificate serial:       018CC94D59FE0A955AA28747EAD9C891F408
Authority key identifier: 36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/c6oLRU66wrhSElShcpzyrYmVC9s.roa
Signing time:             Tue 02 Jan 2024 08:32:18 +0000
ROA not before:           Tue 02 Jan 2024 08:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.206.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:59:fe:0a:95:5a:a2:87:47:ea:d9:c8:91:f4:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e7cfdd129193e219c370121ca16250e429b58b
        Validity
            Not Before: Jan  2 08:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73aa0b454ebac2b8521254a1729cf2ad89950bdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:95:70:48:55:29:26:a6:e4:b8:84:50:8b:d3:
                    7c:4e:0c:9d:f9:74:01:85:71:1c:f6:fc:64:3c:45:
                    ad:1e:9e:a3:5b:30:36:c0:0b:a5:34:4e:f3:2e:e4:
                    c2:7e:90:1c:d4:d0:8d:27:63:eb:6c:81:c2:39:95:
                    dd:d1:ac:4c:a3:c0:3a:20:ff:f1:a3:53:20:ca:d0:
                    70:cf:49:19:01:4b:5f:5a:c2:7e:f2:1c:71:3d:3b:
                    48:0e:8a:f5:c8:1c:60:c9:3f:01:c1:35:0e:dc:28:
                    b7:60:f9:39:21:62:c8:8d:68:6c:5b:65:c6:87:b3:
                    cf:c9:3f:cd:b0:49:13:32:46:a7:1c:15:ba:33:db:
                    54:f2:1f:c6:b2:d1:19:dd:08:dd:89:21:6a:e8:fe:
                    7d:a2:ec:7e:9f:96:15:9c:02:78:30:82:d3:9b:3e:
                    8d:3b:c0:03:4f:d4:ea:21:f6:c1:07:b2:66:14:9b:
                    38:4f:d4:3e:6f:05:c3:51:4f:7c:38:8f:02:97:54:
                    d4:d7:d7:12:2b:6f:37:03:0a:c9:05:40:8a:17:8c:
                    c8:14:fd:28:60:e4:8c:9d:be:1c:4b:fa:b4:82:5e:
                    2d:3d:25:f9:52:af:2d:ca:4c:94:bd:00:0a:c5:83:
                    95:87:7d:cc:ae:50:2d:c3:73:9c:2d:39:dc:58:8c:
                    12:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:AA:0B:45:4E:BA:C2:B8:52:12:54:A1:72:9C:F2:AD:89:95:0B:DB
            X509v3 Authority Key Identifier:
                keyid:36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/c6oLRU66wrhSElShcpzyrYmVC9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f9:9b:d6:9c:83:00:87:06:a7:50:6b:cd:dc:3b:91:56:91:
         fd:01:d9:77:1a:88:3b:34:6d:66:22:96:5d:53:5a:0c:ab:f7:
         58:5e:c2:9a:0e:9d:ea:3d:fe:61:e1:f3:63:f4:92:24:47:8a:
         3a:7f:42:08:b5:53:02:63:22:ac:94:84:d6:09:bf:48:4e:8a:
         09:de:30:c0:a4:a9:2b:30:6c:da:20:29:f2:cc:fe:4d:94:f2:
         75:81:9b:1e:2b:d2:6f:26:0d:06:df:86:cb:98:de:77:ca:92:
         64:1d:74:d3:3a:0c:7a:aa:8b:03:72:54:54:99:c6:d2:a0:cf:
         b5:61:da:15:22:e4:43:14:d6:2d:65:64:bc:f3:cc:11:b1:4b:
         43:1a:5e:92:2f:ed:d5:b2:ee:40:b0:3e:0a:77:91:c9:74:ce:
         8f:71:74:89:02:66:d5:c8:b1:b0:6a:23:50:0c:54:c4:91:2a:
         1c:bc:41:2f:e4:80:92:c8:45:26:3b:fa:0f:3c:3d:e5:82:7c:
         38:c6:1d:c8:d2:08:ea:df:21:bc:ee:6d:c8:42:a0:3b:1d:0f:
         96:a0:dd:2e:cb:f8:4f:90:45:f3:6e:c4:bb:c9:e1:b2:36:fd:
         fe:fd:34:29:67:9a:72:6b:ce:5f:a2:36:71:2b:a0:a6:d1:5a:
         54:db:a2:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVn+CpVaoodH6tnIkfQIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTdjZmRkMTI5MTkzZTIxOWMzNzAxMjFjYTE2MjUwZTQy
OWI1OGIwHhcNMjQwMTAyMDgzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2FhMGI0NTRlYmFjMmI4NTIxMjU0YTE3MjljZjJhZDg5OTUwYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJVwSFUpJqbkuIRQi9N8Tgyd+XQB
hXEc9vxkPEWtHp6jWzA2wAulNE7zLuTCfpAc1NCNJ2PrbIHCOZXd0axMo8A6IP/x
o1MgytBwz0kZAUtfWsJ+8hxxPTtIDor1yBxgyT8BwTUO3Ci3YPk5IWLIjWhsW2XG
h7PPyT/NsEkTMkanHBW6M9tU8h/GstEZ3QjdiSFq6P59oux+n5YVnAJ4MILTmz6N
O8ADT9TqIfbBB7JmFJs4T9Q+bwXDUU98OI8Cl1TU19cSK283AwrJBUCKF4zIFP0o
YOSMnb4cS/q0gl4tPSX5Uq8tykyUvQAKxYOVh33MrlAtw3OcLTncWIwSEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOqC0VOusK4UhJUoXKc8q2JlQvbMB8GA1UdIwQY
MBaAFDbnz90SkZPiGcNwEhyhYlDkKbWLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWIt
ZGQxN2JmZDY3Y2QzLzEvYzZvTFJVNjZ3cmhTRWxTaGNwenlyWW1WQzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWItZGQxN2JmZDY3Y2Qz
LzEvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7kMA0G
CSqGSIb3DQEBCwUAA4IBAQCE+ZvWnIMAhwanUGvN3DuRVpH9Adl3Gog7NG1mIpZd
U1oMq/dYXsKaDp3qPf5h4fNj9JIkR4o6f0IItVMCYyKslITWCb9ITooJ3jDApKkr
MGzaICnyzP5NlPJ1gZseK9JvJg0G34bLmN53ypJkHXTTOgx6qosDclRUmcbSoM+1
YdoVIuRDFNYtZWS888wRsUtDGl6SL+3Vsu5AsD4Kd5HJdM6PcXSJAmbVyLGwaiNQ
DFTEkSocvEEv5ICSyEUmO/oPPD3lgnw4xh3I0gjq3yG87m3IQqA7HQ+WoN0uy/hP
kEXzbsS7yeGyNv3+/TQpZ5pya85fojZxK6Cm0VpU26Jx
-----END CERTIFICATE-----