Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/zY3sKUWPig7GWql2H0Hp1dcDz0w.roa
File:                     zY3sKUWPig7GWql2H0Hp1dcDz0w.roa (raw, json)
Hash identifier:          DbELxZGEWocma2+1n9GXb6BFwIetRnbjuF6AUSiVFv4=
Subject key identifier:   CD:8D:EC:29:45:8F:8A:0E:C6:5A:A9:76:1F:41:E9:D5:D7:03:CF:4C
Certificate issuer:       /CN=985ae6c59c35e460387daebcfb866f8a1ebb3686
Certificate serial:       018CC2DB66ED522ED816231518E5D77FBF07
Authority key identifier: 98:5A:E6:C5:9C:35:E4:60:38:7D:AE:BC:FB:86:6F:8A:1E:BB:36:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/zY3sKUWPig7GWql2H0Hp1dcDz0w.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199487
IP address blocks:        185.9.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:ed:52:2e:d8:16:23:15:18:e5:d7:7f:bf:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=985ae6c59c35e460387daebcfb866f8a1ebb3686
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd8dec29458f8a0ec65aa9761f41e9d5d703cf4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3f:08:91:12:fd:c0:53:b1:3b:b2:56:ea:da:
                    c9:77:f9:b2:dc:2b:25:de:1f:97:30:45:ab:64:b3:
                    33:77:72:c8:c0:fe:cb:44:5a:cc:66:8f:54:03:8c:
                    b7:0e:bd:6b:90:48:e1:02:27:ce:da:35:a3:d4:ce:
                    82:8a:15:8d:3d:35:20:6f:75:0c:ab:25:2a:bd:d1:
                    a9:28:f2:8e:95:39:06:53:2d:2d:1d:d5:3c:5f:be:
                    f0:44:69:75:36:40:ab:f4:ba:f9:97:c1:17:3f:8f:
                    cd:6d:5b:a2:26:43:b5:7e:1e:7c:ce:66:8c:2d:5d:
                    89:e4:9a:97:76:7b:40:2e:c2:2c:96:f4:bb:14:58:
                    5a:be:db:90:1d:44:91:b4:81:05:9b:00:5a:35:e8:
                    e7:ca:b6:01:e6:84:7b:2d:2e:18:35:f4:47:e9:f6:
                    96:e5:fd:6b:b5:e2:a4:a1:1a:55:1b:5b:0e:1b:91:
                    dd:4f:f2:f4:90:72:65:88:8c:74:a8:fc:7d:23:8c:
                    e2:73:f9:a9:35:a8:03:bb:63:f7:c3:c9:a9:b5:0a:
                    cd:4c:b2:bb:97:d9:f7:3e:24:a2:b0:8d:54:64:f1:
                    9c:97:e0:d7:75:a2:e5:ee:f9:a5:4e:ca:95:c3:bc:
                    55:10:99:24:6f:64:62:9e:db:aa:df:19:af:d5:ad:
                    51:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8D:EC:29:45:8F:8A:0E:C6:5A:A9:76:1F:41:E9:D5:D7:03:CF:4C
            X509v3 Authority Key Identifier:
                keyid:98:5A:E6:C5:9C:35:E4:60:38:7D:AE:BC:FB:86:6F:8A:1E:BB:36:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/zY3sKUWPig7GWql2H0Hp1dcDz0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:20:6e:87:c7:49:00:66:2a:1a:2f:90:9c:72:0f:7f:d9:e3:
         05:e5:93:f1:84:5a:be:06:c9:4d:9a:2c:09:9e:06:4e:bc:28:
         55:24:e9:59:85:50:a7:7f:b7:53:44:c3:25:59:28:a1:42:8e:
         a2:f9:bb:0e:f2:18:28:c4:51:9a:9d:86:72:16:06:fc:f7:e1:
         e7:b3:83:ab:a3:1a:b3:d1:b1:77:2a:ec:8b:89:2c:db:1c:02:
         a4:6d:b4:7a:17:2e:05:c0:cd:a4:57:5e:51:80:a6:ed:b3:20:
         ee:78:9e:ea:3d:f6:ec:8a:62:43:fa:7d:80:9f:ef:f5:d3:97:
         f9:50:33:70:4d:0b:45:2b:66:7d:30:7d:9d:ee:e3:97:70:38:
         42:09:8e:62:ae:35:15:5a:e9:61:16:7d:db:06:35:94:b2:97:
         b4:2a:c5:f9:86:93:5b:84:13:45:07:a7:35:b9:18:8d:49:99:
         72:a1:4a:dc:96:32:2f:3e:99:19:e6:a6:09:0f:15:e7:12:3f:
         56:02:ef:5e:88:ed:7a:96:dd:f5:5a:68:07:91:e4:b9:35:0a:
         4a:61:2f:de:25:04:b8:0b:93:bb:eb:6b:b8:71:34:0b:0d:03:
         da:ad:ba:5f:d4:02:57:17:04:0c:40:1c:f6:81:66:1c:b1:a5:
         e7:d4:8c:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22btUi7YFiMVGOXXf78HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NWFlNmM1OWMzNWU0NjAzODdkYWViY2ZiODY2ZjhhMWVi
YjM2ODYwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDhkZWMyOTQ1OGY4YTBlYzY1YWE5NzYxZjQxZTlkNWQ3MDNjZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkD8IkRL9wFOxO7JW6trJd/my3Csl
3h+XMEWrZLMzd3LIwP7LRFrMZo9UA4y3Dr1rkEjhAifO2jWj1M6CihWNPTUgb3UM
qyUqvdGpKPKOlTkGUy0tHdU8X77wRGl1NkCr9Lr5l8EXP4/NbVuiJkO1fh58zmaM
LV2J5JqXdntALsIslvS7FFhavtuQHUSRtIEFmwBaNejnyrYB5oR7LS4YNfRH6faW
5f1rteKkoRpVG1sOG5HdT/L0kHJliIx0qPx9I4zic/mpNagDu2P3w8mptQrNTLK7
l9n3PiSisI1UZPGcl+DXdaLl7vmlTsqVw7xVEJkkb2Rintuq3xmv1a1R8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2N7ClFj4oOxlqpdh9B6dXXA89MMB8GA1UdIwQY
MBaAFJha5sWcNeRgOH2uvPuGb4oeuzaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZybXhadzE1R0E0ZmE2OC00WnZpaDY3Tm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84YjkwNmItOWMxZC00NWQ5LTg2YmEt
YzdmZTYyMjI3ZGYzLzEvelkzc0tVV1BpZzdHV3FsMkgwSHAxZGNEejB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84YjkwNmItOWMxZC00NWQ5LTg2YmEtYzdmZTYyMjI3ZGYz
LzEvbUZybXhadzE1R0E0ZmE2OC00WnZpaDY3Tm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQkVMA0G
CSqGSIb3DQEBCwUAA4IBAQA0IG6Hx0kAZioaL5Cccg9/2eMF5ZPxhFq+BslNmiwJ
ngZOvChVJOlZhVCnf7dTRMMlWSihQo6i+bsO8hgoxFGanYZyFgb89+Hns4Oroxqz
0bF3KuyLiSzbHAKkbbR6Fy4FwM2kV15RgKbtsyDueJ7qPfbsimJD+n2An+/105f5
UDNwTQtFK2Z9MH2d7uOXcDhCCY5irjUVWulhFn3bBjWUspe0KsX5hpNbhBNFB6c1
uRiNSZlyoUrcljIvPpkZ5qYJDxXnEj9WAu9eiO16lt31WmgHkeS5NQpKYS/eJQS4
C5O762u4cTQLDQParbpf1AJXFwQMQBz2gWYcsaXn1IzA
-----END CERTIFICATE-----