Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/7llY_dOaKkiG2SCPk3KgX-Vy4js.roa
File:                     7llY_dOaKkiG2SCPk3KgX-Vy4js.roa (raw, json)
Hash identifier:          5XrALu4/ZOHhP7bKw0CcLI0ipABagws5xNeks1e/93Y=
Subject key identifier:   EE:59:58:FD:D3:9A:2A:48:86:D9:20:8F:93:72:A0:5F:E5:72:E2:3B
Certificate issuer:       /CN=0a2a157f00515f95b6df5dc0d52eb1b5d43fde5c
Certificate serial:       018CC9BCAD5FF76586E76811F1A52F23226B
Authority key identifier: 0A:2A:15:7F:00:51:5F:95:B6:DF:5D:C0:D5:2E:B1:B5:D4:3F:DE:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/7llY_dOaKkiG2SCPk3KgX-Vy4js.roa
Signing time:             Tue 02 Jan 2024 10:33:54 +0000
ROA not before:           Tue 02 Jan 2024 10:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        185.211.12.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ad:5f:f7:65:86:e7:68:11:f1:a5:2f:23:22:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a2a157f00515f95b6df5dc0d52eb1b5d43fde5c
        Validity
            Not Before: Jan  2 10:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee5958fdd39a2a4886d9208f9372a05fe572e23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f2:43:cd:b7:c1:a8:d8:4e:7f:5f:24:06:ac:
                    f6:2b:28:77:c1:cf:f3:32:e5:65:80:a9:df:32:2f:
                    d4:17:d9:44:0d:0a:05:6e:ab:ba:13:66:46:65:d2:
                    70:3a:eb:34:94:eb:52:50:48:0d:80:ab:39:53:7f:
                    74:81:ec:99:5d:a9:1c:a1:37:58:58:a1:19:80:3d:
                    c4:e5:56:8e:74:bf:03:60:17:39:a4:97:3b:71:40:
                    be:41:fc:8b:e0:e1:fd:8d:43:0f:37:6e:9e:08:36:
                    03:33:fd:69:02:62:08:b5:ea:a4:8e:02:f8:cc:16:
                    68:f7:0c:49:a4:22:f2:3a:42:56:11:bd:b5:9a:8e:
                    b5:8d:f3:a5:4a:67:ae:f9:27:20:78:e9:e6:01:24:
                    5b:1c:8e:a6:5f:eb:2b:60:30:44:bb:50:0c:d4:5e:
                    e6:5b:de:5e:8a:cd:c7:0a:fb:88:66:cf:bb:c6:7f:
                    69:38:83:26:53:05:b7:0a:a6:7d:94:c9:85:a4:b9:
                    88:65:be:93:e4:99:db:33:9d:ca:d7:76:b7:d9:89:
                    22:89:7d:f9:27:b1:ec:6a:67:f0:d0:2f:9d:be:c0:
                    55:2c:7b:fa:e7:b7:8f:19:cc:c1:7f:4b:ea:80:e6:
                    5b:2e:37:2d:d7:30:0d:39:d2:97:ee:d3:77:e0:f9:
                    de:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:59:58:FD:D3:9A:2A:48:86:D9:20:8F:93:72:A0:5F:E5:72:E2:3B
            X509v3 Authority Key Identifier:
                keyid:0A:2A:15:7F:00:51:5F:95:B6:DF:5D:C0:D5:2E:B1:B5:D4:3F:DE:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/7llY_dOaKkiG2SCPk3KgX-Vy4js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:8c:b3:e1:af:f0:8a:63:97:62:d6:2b:50:57:23:bf:68:46:
         8d:3c:26:f6:e6:c2:bb:61:7c:8a:3d:9d:43:3b:62:3b:e4:3a:
         a5:8a:5b:a7:82:c6:69:3d:50:22:02:f7:6f:76:1e:06:97:81:
         84:c9:61:48:80:2a:31:51:7b:cd:4a:ce:17:2b:c4:f7:80:fe:
         21:06:17:81:96:df:02:2b:e6:21:41:bc:ae:36:ec:e8:02:59:
         09:26:ae:2f:74:72:23:10:82:5c:cf:59:d5:b3:83:2b:66:e9:
         bd:25:88:e2:40:eb:4c:58:35:81:4c:5d:93:64:93:72:1a:dc:
         2d:52:93:44:a1:c3:7a:00:fc:d8:ad:d4:f2:cc:92:18:44:4b:
         a8:59:a5:1e:6b:c5:b4:f6:d6:25:fe:89:35:87:e4:59:c3:af:
         2f:fb:cb:51:03:2c:47:b4:7e:28:db:e8:df:6b:98:80:77:02:
         5c:33:10:db:ba:6e:59:58:b9:72:73:b8:7e:ed:e4:ae:1c:af:
         a1:7d:25:e9:94:4f:74:53:7d:fd:14:82:c0:8f:e0:83:9c:fb:
         f6:99:2a:8f:ed:92:7e:bb:17:b9:7c:32:32:d7:a2:cf:19:7f:
         ae:1c:dd:19:1b:77:e3:c6:ae:92:88:f1:60:b8:ad:3d:81:70:
         d4:ee:0a:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvK1f92WG52gR8aUvIyJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMmExNTdmMDA1MTVmOTViNmRmNWRjMGQ1MmViMWI1ZDQz
ZmRlNWMwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTU5NThmZGQzOWEyYTQ4ODZkOTIwOGY5MzcyYTA1ZmU1NzJlMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/JDzbfBqNhOf18kBqz2Kyh3wc/z
MuVlgKnfMi/UF9lEDQoFbqu6E2ZGZdJwOus0lOtSUEgNgKs5U390geyZXakcoTdY
WKEZgD3E5VaOdL8DYBc5pJc7cUC+QfyL4OH9jUMPN26eCDYDM/1pAmIIteqkjgL4
zBZo9wxJpCLyOkJWEb21mo61jfOlSmeu+ScgeOnmASRbHI6mX+srYDBEu1AM1F7m
W95eis3HCvuIZs+7xn9pOIMmUwW3CqZ9lMmFpLmIZb6T5JnbM53K13a32YkiiX35
J7Hsamfw0C+dvsBVLHv657ePGczBf0vqgOZbLjct1zANOdKX7tN34PneYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5ZWP3TmipIhtkgj5NyoF/lcuI7MB8GA1UdIwQY
MBaAFAoqFX8AUV+Vtt9dwNUusbXUP95cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lvVmZ3QlJYNVcyMzEzQTFTNnh0ZFFfM2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zYTM5ZTktM2Q0MC00NmY4LWJiMGYt
NWJhNDNiMTE4Zjc1LzEvN2xsWV9kT2FLa2lHMlNDUGszS2dYLVZ5NGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zYTM5ZTktM2Q0MC00NmY4LWJiMGYtNWJhNDNiMTE4Zjc1
LzEvQ2lvVmZ3QlJYNVcyMzEzQTFTNnh0ZFFfM2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudMMMA0G
CSqGSIb3DQEBCwUAA4IBAQAGjLPhr/CKY5di1itQVyO/aEaNPCb25sK7YXyKPZ1D
O2I75DqlilungsZpPVAiAvdvdh4Gl4GEyWFIgCoxUXvNSs4XK8T3gP4hBheBlt8C
K+YhQbyuNuzoAlkJJq4vdHIjEIJcz1nVs4MrZum9JYjiQOtMWDWBTF2TZJNyGtwt
UpNEocN6APzYrdTyzJIYREuoWaUea8W09tYl/ok1h+RZw68v+8tRAyxHtH4o2+jf
a5iAdwJcMxDbum5ZWLlyc7h+7eSuHK+hfSXplE90U339FILAj+CDnPv2mSqP7ZJ+
uxe5fDIy16LPGX+uHN0ZG3fjxq6SiPFguK09gXDU7goH
-----END CERTIFICATE-----