Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/OtXgLJkfUNEmXrTDuIEi2BKebqk.roa
File:                     OtXgLJkfUNEmXrTDuIEi2BKebqk.roa (raw, json)
Hash identifier:          3thsiuL/MqfhHoFq05CaFIlRaTGoYaooAS+w2GBZnLQ=
Subject key identifier:   3A:D5:E0:2C:99:1F:50:D1:26:5E:B4:C3:B8:81:22:D8:12:9E:6E:A9
Certificate issuer:       /CN=2fcb30fd7d6e449493ec7cb0d9f78600458be21b
Certificate serial:       018CC2DAC5218D97017C960A0F1950E70FD9
Authority key identifier: 2F:CB:30:FD:7D:6E:44:94:93:EC:7C:B0:D9:F7:86:00:45:8B:E2:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8sw_X1uRJST7Hyw2feGAEWL4hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/OtXgLJkfUNEmXrTDuIEi2BKebqk.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205219
IP address blocks:        185.242.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/L8sw_X1uRJST7Hyw2feGAEWL4hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/L8sw_X1uRJST7Hyw2feGAEWL4hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8sw_X1uRJST7Hyw2feGAEWL4hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c5:21:8d:97:01:7c:96:0a:0f:19:50:e7:0f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fcb30fd7d6e449493ec7cb0d9f78600458be21b
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad5e02c991f50d1265eb4c3b88122d8129e6ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a7:a3:b2:72:03:08:6e:e9:59:10:8b:af:20:
                    88:e4:68:bd:4d:e0:25:0a:aa:b6:f7:e2:58:2f:33:
                    39:07:78:85:eb:f4:93:99:ff:eb:a0:f9:91:c4:a0:
                    3c:92:2e:f0:bc:a7:64:d0:76:1c:d2:05:e9:d2:7b:
                    df:be:97:d5:92:b6:d2:b7:85:c3:48:41:83:3d:a7:
                    76:d4:4d:4e:fd:05:32:2a:f2:4a:9a:8c:44:9e:3b:
                    2d:d5:ef:71:dd:37:1d:b0:14:ab:73:84:db:be:df:
                    3e:aa:53:1d:77:fc:0f:c8:98:55:63:d3:25:81:6f:
                    95:4e:0f:24:ed:62:cc:8b:27:57:b6:ae:73:0d:25:
                    94:36:7e:5e:63:e9:b6:7f:a1:72:37:32:47:2e:e5:
                    0f:79:23:36:df:68:a7:8a:f8:de:db:96:5f:d1:a8:
                    21:a2:fb:7a:c4:3b:29:ad:57:bd:62:b3:c2:8e:cb:
                    d2:e8:f5:05:7b:21:7b:ee:f5:e6:dd:4c:50:0c:86:
                    4a:a1:f0:fa:4c:10:b1:1d:7f:2c:e8:44:7b:68:b9:
                    0b:88:5a:fa:4f:f1:df:10:86:8e:ec:9a:1f:8b:9f:
                    29:7e:ad:f8:2a:07:15:5d:24:e6:bf:b7:4e:67:04:
                    71:6f:6d:23:3a:16:03:c2:14:65:b9:2d:68:a7:6b:
                    b9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D5:E0:2C:99:1F:50:D1:26:5E:B4:C3:B8:81:22:D8:12:9E:6E:A9
            X509v3 Authority Key Identifier:
                keyid:2F:CB:30:FD:7D:6E:44:94:93:EC:7C:B0:D9:F7:86:00:45:8B:E2:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8sw_X1uRJST7Hyw2feGAEWL4hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/OtXgLJkfUNEmXrTDuIEi2BKebqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b910bf-e49b-4cdc-be79-4dd4dc3391ac/1/L8sw_X1uRJST7Hyw2feGAEWL4hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:86:5c:dc:fd:bf:ae:0b:e9:56:0f:3f:0b:1b:59:a3:77:0c:
         bf:7c:e0:f8:38:e4:3d:3f:39:5b:e2:5e:15:6f:47:31:d0:b8:
         71:65:ff:ff:00:1a:89:10:73:06:41:a9:86:25:16:8b:91:17:
         c5:85:35:ce:6e:c6:78:99:45:bb:1e:85:d9:5a:b8:6a:f2:f6:
         cd:51:05:48:16:39:0d:8f:24:40:9a:0e:c8:12:49:60:65:e4:
         f9:9b:65:4f:c3:17:1e:ca:cd:51:5a:b2:85:d4:ca:eb:b7:cf:
         fd:e8:17:e8:97:0d:fb:d3:67:f5:f7:85:1c:8b:b3:f6:3e:71:
         d7:8b:61:3a:65:12:2a:2d:64:f0:dc:b6:ba:2a:77:59:95:54:
         66:05:d2:87:2d:5d:1d:6b:31:72:0f:02:d4:2e:03:a2:e3:c2:
         d0:22:91:dd:2b:fc:c5:2b:75:1f:af:55:a6:21:4d:7c:59:7e:
         52:73:dc:c9:57:1d:6e:ef:b3:78:3f:c5:4c:98:34:4e:a7:f7:
         3d:21:1f:73:f6:79:8c:83:c4:de:8b:ca:2e:f3:4a:a3:a0:61:
         59:c2:4b:6d:72:9c:9f:f0:3a:14:b4:de:e1:a3:ae:86:ac:9a:
         0f:d7:43:52:ad:c7:de:e2:08:48:b2:d6:7d:73:75:c9:13:da:
         c7:79:7a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sUhjZcBfJYKDxlQ5w/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2IzMGZkN2Q2ZTQ0OTQ5M2VjN2NiMGQ5Zjc4NjAwNDU4
YmUyMWIwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ1ZTAyYzk5MWY1MGQxMjY1ZWI0YzNiODgxMjJkODEyOWU2ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6ejsnIDCG7pWRCLryCI5Gi9TeAl
Cqq29+JYLzM5B3iF6/STmf/roPmRxKA8ki7wvKdk0HYc0gXp0nvfvpfVkrbSt4XD
SEGDPad21E1O/QUyKvJKmoxEnjst1e9x3TcdsBSrc4Tbvt8+qlMdd/wPyJhVY9Ml
gW+VTg8k7WLMiydXtq5zDSWUNn5eY+m2f6FyNzJHLuUPeSM232inivje25Zf0agh
ovt6xDsprVe9YrPCjsvS6PUFeyF77vXm3UxQDIZKofD6TBCxHX8s6ER7aLkLiFr6
T/HfEIaO7Jofi58pfq34KgcVXSTmv7dOZwRxb20jOhYDwhRluS1op2u5TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrV4CyZH1DRJl60w7iBItgSnm6pMB8GA1UdIwQY
MBaAFC/LMP19bkSUk+x8sNn3hgBFi+IbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhzd19YMXVSSlNUN0h5dzJmZUdBRVdMNGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iOTEwYmYtZTQ5Yi00Y2RjLWJlNzkt
NGRkNGRjMzM5MWFjLzEvT3RYZ0xKa2ZVTkVtWHJURHVJRWkyQktlYnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iOTEwYmYtZTQ5Yi00Y2RjLWJlNzktNGRkNGRjMzM5MWFj
LzEvTDhzd19YMXVSSlNUN0h5dzJmZUdBRVdMNGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufK2MA0G
CSqGSIb3DQEBCwUAA4IBAQCThlzc/b+uC+lWDz8LG1mjdwy/fOD4OOQ9Pzlb4l4V
b0cx0LhxZf//ABqJEHMGQamGJRaLkRfFhTXObsZ4mUW7HoXZWrhq8vbNUQVIFjkN
jyRAmg7IEklgZeT5m2VPwxceys1RWrKF1Mrrt8/96Bfolw3702f194Uci7P2PnHX
i2E6ZRIqLWTw3La6KndZlVRmBdKHLV0dazFyDwLULgOi48LQIpHdK/zFK3Ufr1Wm
IU18WX5Sc9zJVx1u77N4P8VMmDROp/c9IR9z9nmMg8Tei8ou80qjoGFZwkttcpyf
8DoUtN7ho66GrJoP10NSrcfe4ghIstZ9c3XJE9rHeXox
-----END CERTIFICATE-----