Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/A9BGwkXtVPEBmJCVvkqyvJJSAyg.roa
File:                     A9BGwkXtVPEBmJCVvkqyvJJSAyg.roa (raw, json)
Hash identifier:          bZJi3U6/hzzZXT6yMeIDnGzyhQSFxE97fOq/T8DZFyA=
Subject key identifier:   03:D0:46:C2:45:ED:54:F1:01:98:90:95:BE:4A:B2:BC:92:52:03:28
Certificate issuer:       /CN=cd0c032892f695af4c13fb0aca8043d17b1b97bf
Certificate serial:       018E1888C82354BCD90949F52D5DFE0C63D7
Authority key identifier: CD:0C:03:28:92:F6:95:AF:4C:13:FB:0A:CA:80:43:D1:7B:1B:97:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zQwDKJL2la9ME_sKyoBD0Xsbl78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/A9BGwkXtVPEBmJCVvkqyvJJSAyg.roa
Signing time:             Thu 07 Mar 2024 10:50:01 +0000
ROA not before:           Thu 07 Mar 2024 10:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211560
IP address blocks:        185.137.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/zQwDKJL2la9ME_sKyoBD0Xsbl78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/zQwDKJL2la9ME_sKyoBD0Xsbl78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zQwDKJL2la9ME_sKyoBD0Xsbl78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:88:c8:23:54:bc:d9:09:49:f5:2d:5d:fe:0c:63:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd0c032892f695af4c13fb0aca8043d17b1b97bf
        Validity
            Not Before: Mar  7 10:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03d046c245ed54f101989095be4ab2bc92520328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2c:46:21:7e:eb:f4:2b:d9:02:86:ad:cc:20:
                    4d:fe:8c:05:84:3f:82:8d:18:0e:ab:ed:ee:9b:30:
                    36:94:3a:73:a7:12:9c:99:f7:d6:4f:e0:f7:7f:35:
                    ef:2d:42:b9:6f:c8:bb:9c:eb:29:4f:52:20:d5:a1:
                    9f:6f:c0:dd:72:f6:e4:7a:53:7b:ee:11:eb:60:25:
                    f8:ea:8e:b7:87:89:ba:26:6c:b9:98:e0:c7:07:c3:
                    29:f1:04:9b:5e:b0:c8:e9:d2:dd:ab:e7:8a:e4:62:
                    62:ba:51:e1:64:30:93:24:11:90:54:72:4e:cb:88:
                    bc:97:4d:ea:de:d3:f2:69:7e:ef:29:66:11:1a:cc:
                    33:f8:2a:72:81:8b:f8:a9:c8:73:f3:b2:5b:48:58:
                    2e:d6:bb:e7:6b:cc:a4:96:d2:55:e6:20:2f:e9:b7:
                    30:47:b0:1b:f3:be:87:12:ef:8a:84:f3:38:54:dc:
                    e6:bc:19:bf:ec:69:ed:7e:25:3c:48:e5:db:69:82:
                    e8:81:0b:6f:d8:de:0c:b6:c9:7b:19:5e:d5:77:3a:
                    99:da:cd:8e:b4:b4:89:27:0b:bb:c6:58:d2:13:f1:
                    3b:60:7e:6a:9f:20:92:f6:13:77:bf:b9:16:2e:5c:
                    3e:28:ff:91:df:1c:f8:80:cc:98:e0:8a:0a:e9:4c:
                    ef:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D0:46:C2:45:ED:54:F1:01:98:90:95:BE:4A:B2:BC:92:52:03:28
            X509v3 Authority Key Identifier:
                keyid:CD:0C:03:28:92:F6:95:AF:4C:13:FB:0A:CA:80:43:D1:7B:1B:97:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQwDKJL2la9ME_sKyoBD0Xsbl78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/A9BGwkXtVPEBmJCVvkqyvJJSAyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/384a32-3e1c-4d86-bdb8-35276b7975ae/1/zQwDKJL2la9ME_sKyoBD0Xsbl78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:f0:c7:24:f7:38:f5:a6:6e:9e:44:0d:aa:3c:e2:89:57:68:
         ae:18:47:3c:c8:91:a5:ab:d0:0f:c6:aa:1f:00:2f:66:3b:b0:
         4f:6d:45:a4:f1:88:40:40:2d:58:4d:33:ad:80:99:0e:df:e4:
         8e:8e:20:29:ed:51:f1:ad:fe:60:a8:1c:38:c1:33:5a:96:4a:
         03:c4:9e:06:89:ba:67:fa:cf:77:c6:29:53:48:7b:89:f7:30:
         c3:58:98:ba:d6:33:e5:10:61:cb:73:5d:e3:5f:7f:62:aa:ab:
         d0:46:fc:3c:63:7c:a5:21:02:3d:3b:ea:b4:f3:52:ec:51:6b:
         bc:5a:fe:44:4b:93:55:82:84:a0:4c:d5:81:c4:66:4b:c7:e3:
         1f:6e:e6:5c:42:89:80:6f:22:58:48:01:75:f8:a7:ce:80:d1:
         6a:24:2e:d4:0c:d5:68:dc:5d:dc:17:ab:c4:31:67:15:fd:b1:
         16:6b:0c:90:0f:36:9f:d5:f3:e9:49:7a:64:75:27:83:3d:c3:
         f0:80:b4:17:4a:2f:ff:e1:52:68:55:34:4a:b9:87:4d:82:b2:
         b9:28:59:71:27:15:8c:14:87:16:32:d4:4c:a3:55:67:90:ee:
         bb:4b:f9:25:71:81:e5:76:96:69:8a:58:51:9f:b8:a3:59:c7:
         b5:00:dd:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4YiMgjVLzZCUn1LV3+DGPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMGMwMzI4OTJmNjk1YWY0YzEzZmIwYWNhODA0M2QxN2Ix
Yjk3YmYwHhcNMjQwMzA3MTA1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2QwNDZjMjQ1ZWQ1NGYxMDE5ODkwOTViZTRhYjJiYzkyNTIwMzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCxGIX7r9CvZAoatzCBN/owFhD+C
jRgOq+3umzA2lDpzpxKcmffWT+D3fzXvLUK5b8i7nOspT1Ig1aGfb8DdcvbkelN7
7hHrYCX46o63h4m6Jmy5mODHB8Mp8QSbXrDI6dLdq+eK5GJiulHhZDCTJBGQVHJO
y4i8l03q3tPyaX7vKWYRGswz+CpygYv4qchz87JbSFgu1rvna8ykltJV5iAv6bcw
R7Ab876HEu+KhPM4VNzmvBm/7GntfiU8SOXbaYLogQtv2N4Mtsl7GV7VdzqZ2s2O
tLSJJwu7xljSE/E7YH5qnyCS9hN3v7kWLlw+KP+R3xz4gMyY4IoK6UzvFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPQRsJF7VTxAZiQlb5KsrySUgMoMB8GA1UdIwQY
MBaAFM0MAyiS9pWvTBP7CsqAQ9F7G5e/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelF3REtKTDJsYTlNRV9zS3lvQkQwWHNibDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zODRhMzItM2UxYy00ZDg2LWJkYjgt
MzUyNzZiNzk3NWFlLzEvQTlCR3drWHRWUEVCbUpDVnZrcXl2SkpTQXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zODRhMzItM2UxYy00ZDg2LWJkYjgtMzUyNzZiNzk3NWFl
LzEvelF3REtKTDJsYTlNRV9zS3lvQkQwWHNibDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYliMA0G
CSqGSIb3DQEBCwUAA4IBAQAx8Mck9zj1pm6eRA2qPOKJV2iuGEc8yJGlq9APxqof
AC9mO7BPbUWk8YhAQC1YTTOtgJkO3+SOjiAp7VHxrf5gqBw4wTNalkoDxJ4Gibpn
+s93xilTSHuJ9zDDWJi61jPlEGHLc13jX39iqqvQRvw8Y3ylIQI9O+q081LsUWu8
Wv5ES5NVgoSgTNWBxGZLx+MfbuZcQomAbyJYSAF1+KfOgNFqJC7UDNVo3F3cF6vE
MWcV/bEWawyQDzaf1fPpSXpkdSeDPcPwgLQXSi//4VJoVTRKuYdNgrK5KFlxJxWM
FIcWMtRMo1VnkO67S/klcYHldpZpilhRn7ijWce1AN2p
-----END CERTIFICATE-----