Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i6AITnvrM12TYJ1kRcCI0T4uJYc.roa
File:                     i6AITnvrM12TYJ1kRcCI0T4uJYc.roa (raw, json)
Hash identifier:          o3F7kAY4HXw6OdoLe76/pRtjDAsj2qzAFBw2POdV65w=
Subject key identifier:   8B:A0:08:4E:7B:EB:33:5D:93:60:9D:64:45:C0:88:D1:3E:2E:25:87
Certificate issuer:       /CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
Certificate serial:       018CC86FCCD4DF2C409D34004C64E7A4A0EA
Authority key identifier: 96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i6AITnvrM12TYJ1kRcCI0T4uJYc.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212263
IP address blocks:        185.222.21.0/24 maxlen: 24
                          2a10:f300::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cc:d4:df:2c:40:9d:34:00:4c:64:e7:a4:a0:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba0084e7beb335d93609d6445c088d13e2e2587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4a:64:30:94:62:06:4b:dd:0d:fe:59:73:10:
                    62:3a:26:97:38:b0:5f:56:8a:3b:26:0a:43:0b:7b:
                    d3:52:ff:96:7f:5a:f2:77:f0:c9:3c:0a:83:37:0a:
                    62:d9:8d:ef:16:f6:b3:8c:bf:63:fa:02:b0:78:48:
                    83:36:42:6d:9e:2d:d4:35:bb:10:46:41:73:47:cb:
                    b2:b1:4d:31:ff:b5:5f:05:1a:8a:ba:85:69:ae:cd:
                    a1:e7:d7:53:54:fe:aa:50:05:03:da:f3:40:8d:98:
                    5f:cf:90:67:99:65:7c:e8:a7:c5:90:d7:27:d3:c3:
                    df:dd:88:2d:fb:ca:be:29:21:57:27:7a:c0:fd:88:
                    1f:76:e6:95:51:78:62:ac:0d:00:5c:7e:8d:23:47:
                    bb:93:1c:02:85:ca:49:a1:e3:82:7d:4e:19:00:eb:
                    82:44:92:42:5b:4e:6c:e3:24:88:5b:a2:c2:e0:9d:
                    c6:ef:ed:3d:76:a2:3a:b2:68:fe:c3:4c:f8:ca:27:
                    4c:21:f3:ad:7b:79:00:ac:fc:79:30:54:f7:77:de:
                    3f:61:aa:1a:1a:02:13:55:48:af:3c:d5:78:e5:f2:
                    49:14:14:2b:aa:57:7b:35:6f:61:5c:b1:5c:c6:df:
                    ae:43:22:8e:9c:2f:0b:41:6f:8c:b6:b1:1b:84:24:
                    a4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A0:08:4E:7B:EB:33:5D:93:60:9D:64:45:C0:88:D1:3E:2E:25:87
            X509v3 Authority Key Identifier:
                keyid:96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i6AITnvrM12TYJ1kRcCI0T4uJYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.21.0/24
                IPv6:
                  2a10:f300::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:6b:92:c0:2c:86:d5:3c:c9:ed:93:ca:bb:8b:83:8a:80:79:
         7d:64:58:39:e4:0b:ab:bf:cb:ff:ba:53:91:b6:63:a9:f6:cb:
         38:b0:9e:2e:b7:38:05:1c:24:d0:74:1b:a6:09:1f:fd:6b:1f:
         f6:ab:12:7c:b8:9e:2f:90:09:fa:46:0d:df:c6:0b:3f:7a:1a:
         b6:5b:0f:ff:63:11:e8:54:78:54:50:a6:e8:6a:0d:e0:31:46:
         23:1f:91:94:c1:c9:b4:d4:75:89:c6:f6:e1:59:43:27:0d:e2:
         c6:2e:6e:f6:a5:a9:c0:93:c0:e7:a5:f7:bd:09:76:09:67:10:
         3f:cc:37:ce:be:97:85:db:a6:64:c5:78:77:fd:d0:5a:6a:60:
         a2:fb:05:ce:38:f5:d0:f0:65:fa:a5:18:da:d9:01:24:a9:f5:
         b6:09:a6:28:98:d8:8f:c6:5d:31:7d:93:4e:32:97:ea:e4:ac:
         4d:2a:07:10:e3:3f:0d:2c:46:d4:aa:96:3f:57:c4:6e:d1:bd:
         38:fa:de:8d:cd:11:f4:05:46:d5:39:82:42:94:1a:cb:a4:bf:
         e6:91:e8:58:bf:9e:ca:a2:4f:ed:a2:7c:b7:59:c8:03:4a:8a:
         07:d3:9d:21:4f:a3:98:8c:d2:53:fa:a9:52:16:a5:50:2e:61:
         51:c5:23:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb8zU3yxAnTQATGTnpKDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTZmNzdjYmRhMTAxOTg3ZDlkZmM4NGJlOTBiNmZiYTY2
YWRjOWYwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmEwMDg0ZTdiZWIzMzVkOTM2MDlkNjQ0NWMwODhkMTNlMmUyNTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UpkMJRiBkvdDf5ZcxBiOiaXOLBf
Voo7JgpDC3vTUv+Wf1ryd/DJPAqDNwpi2Y3vFvazjL9j+gKweEiDNkJtni3UNbsQ
RkFzR8uysU0x/7VfBRqKuoVprs2h59dTVP6qUAUD2vNAjZhfz5BnmWV86KfFkNcn
08Pf3Ygt+8q+KSFXJ3rA/YgfduaVUXhirA0AXH6NI0e7kxwChcpJoeOCfU4ZAOuC
RJJCW05s4ySIW6LC4J3G7+09dqI6smj+w0z4yidMIfOte3kArPx5MFT3d94/Yaoa
GgITVUivPNV45fJJFBQrqld7NW9hXLFcxt+uQyKOnC8LQW+MtrEbhCSkFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIugCE576zNdk2CdZEXAiNE+LiWHMB8GA1UdIwQY
MBaAFJbm93y9oQGYfZ38hL6QtvumatyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDkt
MzIwOGRlMzljMDlkLzEvaTZBSVRudnJNMTJUWUoxa1JjQ0kwVDR1SlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDktMzIwOGRlMzljMDlk
LzEvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAud4VMA0E
AgACMAcDBQMqEPMAMA0GCSqGSIb3DQEBCwUAA4IBAQBEa5LALIbVPMntk8q7i4OK
gHl9ZFg55Aurv8v/ulORtmOp9ss4sJ4utzgFHCTQdBumCR/9ax/2qxJ8uJ4vkAn6
Rg3fxgs/ehq2Ww//YxHoVHhUUKboag3gMUYjH5GUwcm01HWJxvbhWUMnDeLGLm72
panAk8Dnpfe9CXYJZxA/zDfOvpeF26ZkxXh3/dBaamCi+wXOOPXQ8GX6pRja2QEk
qfW2CaYomNiPxl0xfZNOMpfq5KxNKgcQ4z8NLEbUqpY/V8Ru0b04+t6NzRH0BUbV
OYJClBrLpL/mkehYv57Kok/tony3WcgDSooH050hT6OYjNJT+qlSFqVQLmFRxSOt
-----END CERTIFICATE-----