Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/9sYpZkoiteR5iGTJSKVLxO9l15I.roa
File:                     9sYpZkoiteR5iGTJSKVLxO9l15I.roa (raw, json)
Hash identifier:          YHEbyXiOlAiMSBnqGNqPIW24X/g3jCDKOVq0Mqla82E=
Subject key identifier:   F6:C6:29:66:4A:22:B5:E4:79:88:64:C9:48:A5:4B:C4:EF:65:D7:92
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E1EACE412B791DF596DEDECDD4CFBFC3B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/9sYpZkoiteR5iGTJSKVLxO9l15I.roa
Signing time:             Fri 08 Mar 2024 15:27:10 +0000
ROA not before:           Fri 08 Mar 2024 15:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60922
IP address blocks:        185.46.175.0/24 maxlen: 24
                          185.161.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:ac:e4:12:b7:91:df:59:6d:ed:ec:dd:4c:fb:fc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  8 15:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6c629664a22b5e4798864c948a54bc4ef65d792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cd:39:9b:a3:98:ba:06:6f:82:37:ec:bc:b6:
                    29:b8:d0:28:91:2d:fe:db:20:18:07:d6:06:18:a6:
                    05:0b:c0:81:36:a1:a6:4a:8e:5f:c7:40:11:53:8d:
                    f2:0f:1b:3a:72:3d:7f:20:42:92:3c:29:4f:18:45:
                    18:97:54:01:ce:51:2a:53:b0:84:4f:6e:d8:44:f6:
                    5b:2f:9b:da:29:c2:15:b8:f0:cd:48:4b:4f:3c:4a:
                    92:7b:1b:dd:8d:2d:c2:c7:d0:13:59:10:77:1d:af:
                    a6:2e:65:37:26:f1:d8:46:e2:a2:7c:6a:53:6d:b5:
                    a8:d8:98:79:c5:7b:15:82:fd:5f:46:33:98:40:b3:
                    02:52:20:57:f8:57:c8:ef:57:6b:84:58:aa:95:75:
                    7e:65:8a:94:fb:33:88:ac:f3:4c:71:27:4d:8f:fc:
                    3b:a9:44:65:54:50:10:74:7e:d6:71:a1:44:f4:f4:
                    20:0a:d9:6e:e8:4c:f8:22:e4:b3:85:07:7a:41:af:
                    15:28:58:c8:a2:ab:a9:61:cb:92:a5:80:f0:74:51:
                    96:93:47:f0:1e:4f:f0:6b:81:15:12:80:53:a8:d5:
                    94:a1:e7:6b:5d:fb:47:a3:91:48:31:27:44:01:9d:
                    ba:57:85:b3:48:2d:a2:36:94:63:25:06:c6:51:af:
                    f5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C6:29:66:4A:22:B5:E4:79:88:64:C9:48:A5:4B:C4:EF:65:D7:92
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/9sYpZkoiteR5iGTJSKVLxO9l15I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.175.0/24
                  185.161.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:85:5f:a2:a5:9a:42:46:45:57:b7:15:0d:b6:dd:ca:b0:70:
         6b:7e:db:88:a0:cb:8f:1f:4a:92:f1:c6:d5:c0:47:a8:be:9b:
         95:ed:16:07:da:da:79:33:ae:57:9b:38:b7:99:9b:68:cb:77:
         a2:08:45:ad:a4:f4:07:7e:99:16:39:ff:c4:3f:13:f7:6e:4c:
         04:6c:4f:a8:98:71:15:7c:e5:b9:b2:93:c1:69:56:7d:fc:4a:
         5b:3b:1e:56:ec:d6:b4:5d:5b:9e:81:87:a3:8b:6d:0d:29:f2:
         83:85:82:7f:f8:90:fe:9a:bc:59:db:5c:1c:68:75:5d:08:75:
         82:c4:a0:25:12:27:e9:3e:9e:db:2b:35:be:a0:3e:39:34:8d:
         4d:b6:6f:33:06:66:4f:c5:e2:b3:10:4e:63:d5:68:7c:a2:ef:
         9e:c0:9a:a4:f1:a9:31:ee:1a:0e:b4:2a:7d:ed:c5:c2:57:84:
         fe:70:11:fb:0c:3e:a1:4a:fe:cf:bf:b8:a9:34:12:3d:cc:59:
         3d:33:ea:cf:ac:b1:29:7e:c9:bb:b2:3c:24:47:d0:d1:91:31:
         32:42:c8:3c:09:cd:b1:4c:cb:02:4e:c9:ee:8b:ab:fe:82:66:
         d6:be:37:fc:07:c0:51:c6:78:b7:14:d2:60:18:1c:eb:ac:00:
         62:c4:3e:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4erOQSt5HfWW3t7N1M+/w7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA4MTUyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM2Mjk2NjRhMjJiNWU0Nzk4ODY0Yzk0OGE1NGJjNGVmNjVkNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc05m6OYugZvgjfsvLYpuNAokS3+
2yAYB9YGGKYFC8CBNqGmSo5fx0ARU43yDxs6cj1/IEKSPClPGEUYl1QBzlEqU7CE
T27YRPZbL5vaKcIVuPDNSEtPPEqSexvdjS3Cx9ATWRB3Ha+mLmU3JvHYRuKifGpT
bbWo2Jh5xXsVgv1fRjOYQLMCUiBX+FfI71drhFiqlXV+ZYqU+zOIrPNMcSdNj/w7
qURlVFAQdH7WcaFE9PQgCtlu6Ez4IuSzhQd6Qa8VKFjIoqupYcuSpYDwdFGWk0fw
Hk/wa4EVEoBTqNWUoedrXftHo5FIMSdEAZ26V4WzSC2iNpRjJQbGUa/1PwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbGKWZKIrXkeYhkyUilS8TvZdeSMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvOXNZcFprb2l0ZVI1aUdUSlNLVkx4TzlsMTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuS6vAwQA
uaFPMA0GCSqGSIb3DQEBCwUAA4IBAQBThV+ipZpCRkVXtxUNtt3KsHBrftuIoMuP
H0qS8cbVwEeovpuV7RYH2tp5M65Xmzi3mZtoy3eiCEWtpPQHfpkWOf/EPxP3bkwE
bE+omHEVfOW5spPBaVZ9/EpbOx5W7Na0XVuegYeji20NKfKDhYJ/+JD+mrxZ21wc
aHVdCHWCxKAlEifpPp7bKzW+oD45NI1Ntm8zBmZPxeKzEE5j1Wh8ou+ewJqk8akx
7hoOtCp97cXCV4T+cBH7DD6hSv7Pv7ipNBI9zFk9M+rPrLEpfsm7sjwkR9DRkTEy
Qsg8Cc2xTMsCTsnui6v+gmbWvjf8B8BRxni3FNJgGBzrrABixD5J
-----END CERTIFICATE-----