Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0_y0l3xmg-HvXwSNy-vPKteJVwE.roa
File:                     0_y0l3xmg-HvXwSNy-vPKteJVwE.roa (raw, json)
Hash identifier:          GB5NUDQXKAs4j1nKHbP3D0MnPYPoFllZbqJ59s8+8lM=
Subject key identifier:   D3:FC:B4:97:7C:66:83:E1:EF:5F:04:8D:CB:EB:CF:2A:D7:89:57:01
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E1EACE4E063E9FEA70D7C83757529566F
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0_y0l3xmg-HvXwSNy-vPKteJVwE.roa
Signing time:             Fri 08 Mar 2024 15:27:10 +0000
ROA not before:           Fri 08 Mar 2024 15:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64494
IP address blocks:        185.46.175.0/24 maxlen: 24
                          185.161.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:ac:e4:e0:63:e9:fe:a7:0d:7c:83:75:75:29:56:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  8 15:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3fcb4977c6683e1ef5f048dcbebcf2ad7895701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:aa:2e:93:29:73:3d:59:44:9c:63:4d:31:
                    e6:af:c3:7b:81:77:29:ad:6c:af:49:2d:b6:1f:d3:
                    bd:d2:a1:da:24:45:a8:74:c0:95:8a:cc:62:9d:8e:
                    d9:24:b0:8f:8a:d8:9a:d1:b1:83:a8:8c:ac:b1:39:
                    06:5f:40:55:57:d3:b2:75:51:ee:85:53:97:99:9c:
                    2e:5b:d6:ad:f8:a7:4c:96:4b:b6:b3:33:a6:af:79:
                    cf:e5:85:dd:28:70:c6:e3:2d:5f:92:7e:4b:f7:77:
                    b0:17:9c:a8:92:af:69:2d:86:c1:35:e8:e0:bf:e3:
                    d5:99:87:2b:b4:6f:d5:0d:e2:33:ac:5c:e7:a8:c7:
                    6d:05:8b:9d:ec:51:83:34:d2:00:a0:6b:6e:d5:4f:
                    48:de:a0:e7:f1:f4:43:bb:41:62:a4:25:a6:b4:75:
                    1c:4c:98:55:27:4e:b0:94:37:89:88:2a:9b:66:5b:
                    39:42:bd:44:41:bf:3f:b3:1e:61:2d:36:88:7d:7d:
                    1c:09:9d:27:06:38:01:7b:54:e1:89:84:e5:bb:aa:
                    88:34:f2:52:a6:c5:e0:e3:d5:d7:63:e5:41:e3:d3:
                    d2:73:3b:e5:1d:09:9e:fb:35:d7:98:2e:f8:af:47:
                    f5:3d:96:23:df:ea:ba:24:3c:9e:e0:5d:6e:65:96:
                    bc:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FC:B4:97:7C:66:83:E1:EF:5F:04:8D:CB:EB:CF:2A:D7:89:57:01
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/0_y0l3xmg-HvXwSNy-vPKteJVwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.175.0/24
                  185.161.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1a:ae:5c:8a:c2:2e:4c:49:a5:2e:9b:d2:a2:bc:85:d1:92:
         b6:5a:d2:38:ee:5f:3c:ee:6f:d6:ee:13:8f:c9:de:28:26:4b:
         cc:fd:99:93:05:3d:f4:70:2b:d4:a5:b7:87:2f:5a:bd:ae:5c:
         05:a4:76:de:e3:62:04:53:19:7a:87:56:a4:85:23:4d:17:ef:
         1d:23:fd:61:88:6a:29:18:c2:86:57:01:36:46:87:bd:7e:23:
         de:0e:4c:d5:91:a5:03:42:4e:0a:d3:fe:21:02:ee:43:58:77:
         ad:b8:fc:4b:dd:fb:a7:95:7c:33:5e:b7:dc:6a:7a:e7:db:05:
         2a:5b:45:9f:62:5f:e7:3b:dc:6c:6d:6a:90:50:69:6f:7c:be:
         8d:28:a5:f2:a4:f0:e6:f3:c5:74:51:94:64:88:07:cb:81:a0:
         16:a4:68:60:8a:27:23:79:35:8e:88:85:ab:b9:87:12:86:d2:
         35:aa:67:dd:d7:2f:17:d5:b6:33:c2:e5:d1:43:ae:45:92:f6:
         cb:e8:2a:4b:52:99:15:c7:54:fb:ea:dc:ea:fe:d5:17:90:bb:
         60:cf:08:cf:2b:7e:af:fd:ca:f8:be:d2:98:08:3a:90:c4:ad:
         e4:f0:18:18:e1:5a:df:2e:3e:8a:a1:b4:55:48:09:8f:ca:55:
         5c:f8:0a:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4erOTgY+n+pw18g3V1KVZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA4MTUyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZjYjQ5NzdjNjY4M2UxZWY1ZjA0OGRjYmViY2YyYWQ3ODk1NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0eqLpMpcz1ZRJxjTTHmr8N7gXcp
rWyvSS22H9O90qHaJEWodMCVisxinY7ZJLCPitia0bGDqIyssTkGX0BVV9OydVHu
hVOXmZwuW9at+KdMlku2szOmr3nP5YXdKHDG4y1fkn5L93ewF5yokq9pLYbBNejg
v+PVmYcrtG/VDeIzrFznqMdtBYud7FGDNNIAoGtu1U9I3qDn8fRDu0FipCWmtHUc
TJhVJ06wlDeJiCqbZls5Qr1EQb8/sx5hLTaIfX0cCZ0nBjgBe1ThiYTlu6qINPJS
psXg49XXY+VB49PSczvlHQme+zXXmC74r0f1PZYj3+q6JDye4F1uZZa8bwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNP8tJd8ZoPh718EjcvrzyrXiVcBMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMF95MGwzeG1nLUh2WHdTTnktdlBLdGVKVndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuS6vAwQA
uaFPMA0GCSqGSIb3DQEBCwUAA4IBAQBQGq5cisIuTEmlLpvSoryF0ZK2WtI47l88
7m/W7hOPyd4oJkvM/ZmTBT30cCvUpbeHL1q9rlwFpHbe42IEUxl6h1akhSNNF+8d
I/1hiGopGMKGVwE2Roe9fiPeDkzVkaUDQk4K0/4hAu5DWHetuPxL3funlXwzXrfc
anrn2wUqW0WfYl/nO9xsbWqQUGlvfL6NKKXypPDm88V0UZRkiAfLgaAWpGhgiicj
eTWOiIWruYcShtI1qmfd1y8X1bYzwuXRQ65FkvbL6CpLUpkVx1T76tzq/tUXkLtg
zwjPK36v/cr4vtKYCDqQxK3k8BgY4VrfLj6KobRVSAmPylVc+ArZ
-----END CERTIFICATE-----