Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ay_wlDN-ndcgAviL2PNTu2L903k.roa
File:                     ay_wlDN-ndcgAviL2PNTu2L903k.roa (raw, json)
Hash identifier:          pjrQPdY12FeFKxJ+9pm0uzOSm2COkO6MrLiFT2qeiCs=
Subject key identifier:   6B:2F:F0:94:33:7E:9D:D7:20:02:F8:8B:D8:F3:53:BB:62:FD:D3:79
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF9013EAD7EDBE116A0ADCAA63663C
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ay_wlDN-ndcgAviL2PNTu2L903k.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216192
IP address blocks:        185.17.138.0/24 maxlen: 24
                          212.68.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:90:13:ea:d7:ed:be:11:6a:0a:dc:aa:63:66:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b2ff094337e9dd72002f88bd8f353bb62fdd379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d7:a0:e9:6c:62:6a:da:55:ed:7b:e4:85:2e:
                    d7:7f:53:9d:02:6e:5c:98:4d:7b:7b:34:b6:d1:51:
                    50:17:ae:96:c3:3c:93:d5:93:ab:55:df:46:c8:d4:
                    ce:8c:cb:a8:cb:dd:4f:2a:85:7a:c1:6d:69:11:8b:
                    75:64:a1:de:c6:ea:32:76:48:89:0b:9b:60:62:54:
                    7a:09:c1:ad:63:ca:b9:68:d5:eb:2a:d8:ac:6e:7a:
                    81:a6:02:91:ac:1d:30:8f:69:f0:37:15:8e:8f:bb:
                    7b:e2:c1:8d:a8:44:53:1b:cf:ae:be:95:a0:ac:dd:
                    96:6b:a4:fd:ab:6f:24:02:5e:c3:3a:6c:b2:59:d2:
                    e6:50:2a:4c:30:23:e0:f4:e4:96:8b:95:d0:86:e9:
                    33:b1:e0:ca:ed:08:23:f0:d2:ed:f4:6d:9d:42:44:
                    2b:d2:37:e0:be:39:6a:17:15:07:93:b4:81:1d:f1:
                    fc:0a:b3:cf:8f:75:88:33:73:32:26:99:3b:56:ff:
                    2f:9d:e6:bd:a9:bd:a5:9f:cb:72:aa:5c:a6:6c:a8:
                    0c:f3:7e:24:4c:66:c9:7b:9a:d0:a7:62:96:0b:45:
                    66:f2:05:f3:9e:c9:19:41:21:28:c7:23:0b:ee:27:
                    94:75:c1:58:0e:81:93:95:97:ff:50:eb:73:a5:50:
                    74:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:2F:F0:94:33:7E:9D:D7:20:02:F8:8B:D8:F3:53:BB:62:FD:D3:79
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ay_wlDN-ndcgAviL2PNTu2L903k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.138.0/24
                  212.68.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:fe:49:ba:c7:cc:8a:14:72:f6:ec:24:e7:d3:a5:a7:11:51:
         57:38:19:1c:b9:b0:08:0d:45:d6:68:6c:8a:e8:e5:79:cf:3b:
         3b:9b:1b:0f:77:62:20:f2:e4:0b:b0:d1:e5:2a:5f:ec:d9:bb:
         82:d8:96:76:0e:9a:47:fc:39:ef:c7:2b:13:54:00:45:4a:d1:
         f6:c2:17:74:00:51:6b:e8:45:56:21:be:b1:f2:62:6f:df:54:
         7c:29:9b:75:36:54:b8:4f:ac:df:c6:21:fd:68:6e:6a:1d:ca:
         a4:cf:30:5e:df:7c:fc:f1:81:d4:38:86:9c:54:4d:e4:ef:4b:
         62:05:6c:ca:7c:27:27:e7:d9:73:9d:0e:74:93:e2:ef:e1:e7:
         d1:ed:be:f0:4b:7c:39:e8:57:82:b4:a6:fe:21:51:27:11:ee:
         3a:af:7d:43:a3:a3:0b:64:fe:5c:42:c2:aa:0e:6a:82:a3:5c:
         db:cb:3a:de:b6:98:89:6c:69:d2:44:49:c0:36:14:42:81:4e:
         cc:ec:d0:66:c5:5d:7a:87:2b:44:9c:b2:62:d0:6b:3c:24:06:
         a6:69:37:a4:56:53:b4:06:47:08:98:6a:c5:f1:8f:db:3c:76:
         ab:9d:09:dd:65:db:2d:6c:10:77:05:80:8b:dd:42:ce:c2:d2:
         26:f6:08:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI35AT6tftvhFqCtyqY2Y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJmZjA5NDMzN2U5ZGQ3MjAwMmY4OGJkOGYzNTNiYjYyZmRkMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9eg6WxiatpV7XvkhS7Xf1OdAm5c
mE17ezS20VFQF66WwzyT1ZOrVd9GyNTOjMuoy91PKoV6wW1pEYt1ZKHexuoydkiJ
C5tgYlR6CcGtY8q5aNXrKtisbnqBpgKRrB0wj2nwNxWOj7t74sGNqERTG8+uvpWg
rN2Wa6T9q28kAl7DOmyyWdLmUCpMMCPg9OSWi5XQhukzseDK7Qgj8NLt9G2dQkQr
0jfgvjlqFxUHk7SBHfH8CrPPj3WIM3MyJpk7Vv8vnea9qb2ln8tyqlymbKgM834k
TGbJe5rQp2KWC0Vm8gXznskZQSEoxyML7ieUdcFYDoGTlZf/UOtzpVB0NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGsv8JQzfp3XIAL4i9jzU7ti/dN5MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvYXlfd2xETi1uZGNnQXZpTDJQTlR1Mkw5MDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRGKAwQA
1EQlMA0GCSqGSIb3DQEBCwUAA4IBAQBA/km6x8yKFHL27CTn06WnEVFXOBkcubAI
DUXWaGyK6OV5zzs7mxsPd2Ig8uQLsNHlKl/s2buC2JZ2DppH/DnvxysTVABFStH2
whd0AFFr6EVWIb6x8mJv31R8KZt1NlS4T6zfxiH9aG5qHcqkzzBe33z88YHUOIac
VE3k70tiBWzKfCcn59lznQ50k+Lv4efR7b7wS3w56FeCtKb+IVEnEe46r31Do6ML
ZP5cQsKqDmqCo1zbyzretpiJbGnSREnANhRCgU7M7NBmxV16hytEnLJi0Gs8JAam
aTekVlO0BkcImGrF8Y/bPHarnQndZdstbBB3BYCL3ULOwtIm9gj3
-----END CERTIFICATE-----