Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/ksEgrP6CeRbizakkkCN0u1NPY1A.roa
File:                     ksEgrP6CeRbizakkkCN0u1NPY1A.roa (raw, json)
Hash identifier:          EsOQr65P0t1xk3R3d8rVB6cNsrYf/aETw1GDNdilyFU=
Subject key identifier:   92:C1:20:AC:FE:82:79:16:E2:CD:A9:24:90:23:74:BB:53:4F:63:50
Certificate issuer:       /CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
Certificate serial:       018CC86F721EB4AF47F12162D64DA8C49C03
Authority key identifier: 2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/ksEgrP6CeRbizakkkCN0u1NPY1A.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        185.116.63.0/24 maxlen: 24
                          185.65.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:72:1e:b4:af:47:f1:21:62:d6:4d:a8:c4:9c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92c120acfe827916e2cda924902374bb534f6350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d8:6e:29:f6:86:e0:94:39:53:4b:28:83:fa:
                    2f:f3:cd:36:4a:f6:dd:c6:83:c1:3f:eb:0e:f4:21:
                    02:cf:d8:2c:d6:cb:56:ec:0e:16:7c:e4:6f:43:7f:
                    4f:32:f1:4d:e7:ac:ba:b8:0f:f7:e8:81:c0:b4:90:
                    74:a0:bc:cd:4b:1e:8c:96:7a:28:0e:70:35:1f:41:
                    65:f3:0d:dd:84:2a:38:31:7e:13:26:49:cd:f4:46:
                    05:e9:1f:2d:c8:71:6a:1c:6c:75:6f:2a:da:c7:5d:
                    1a:bb:54:e4:7d:18:09:19:cf:14:1a:14:06:8e:89:
                    ee:e3:d2:dd:81:15:40:26:c6:2e:b1:6d:b1:62:79:
                    37:7b:ad:b7:b7:1d:4b:51:19:39:e5:50:b9:a5:9c:
                    68:fb:c2:26:c6:d5:c5:c8:53:b8:91:47:3e:ff:31:
                    ac:84:41:ef:15:45:98:d5:e4:c1:23:0e:cc:e2:c9:
                    36:ab:2e:08:21:30:a8:0f:90:e3:a1:91:cc:53:12:
                    56:60:76:5c:16:f4:bd:0b:8b:57:4e:ad:3a:0b:0d:
                    7f:8d:ee:8d:7f:e0:5e:56:14:06:26:3b:6f:e7:3b:
                    7c:d1:4f:4e:e6:26:f2:51:f4:19:cf:00:35:47:8e:
                    44:f5:11:ed:74:1f:74:97:8c:96:75:98:1d:76:8f:
                    33:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C1:20:AC:FE:82:79:16:E2:CD:A9:24:90:23:74:BB:53:4F:63:50
            X509v3 Authority Key Identifier:
                keyid:2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/ksEgrP6CeRbizakkkCN0u1NPY1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.79.0/24
                  185.116.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a2:5b:6f:69:eb:57:80:1a:4f:19:d2:9b:6e:a7:a9:ff:ce:
         45:a7:6f:6b:b0:0d:b6:02:32:bd:f8:cd:8b:bc:3e:a6:a0:4d:
         fb:c6:66:be:55:28:b5:e1:0d:6a:1a:8b:85:9d:d4:c7:c7:42:
         97:16:a4:38:fe:b1:88:38:9d:1f:e6:21:42:6b:df:0b:cc:27:
         2e:1a:43:e5:10:ae:d0:50:74:44:54:9c:0f:8d:76:fe:29:63:
         e1:6b:65:8d:e1:e5:dd:81:73:0d:fc:ed:ad:cf:32:55:57:ab:
         4a:63:fd:0d:20:40:91:f0:66:ab:f9:97:c2:10:97:f8:72:81:
         99:6b:29:ab:75:bd:66:95:e2:83:b2:0f:98:95:30:8b:c2:60:
         1f:e2:96:39:47:65:6e:76:52:05:dc:f9:25:7c:8e:65:e5:7f:
         2c:ea:1a:31:58:9e:ea:46:57:ba:7e:bf:b4:ca:82:0d:b7:83:
         fb:e2:2e:79:9b:fe:70:0c:18:10:06:9f:e8:e4:db:76:ee:5e:
         f7:c8:f2:13:fc:32:70:d0:8b:95:03:4c:09:72:17:a6:e7:21:
         b7:33:dd:b6:26:e4:dc:c6:69:d9:ae:52:5c:ed:bb:3b:ca:c2:
         16:d2:51:d7:b6:2c:dc:26:69:ad:f6:26:83:92:73:c4:fd:6f:
         7a:c4:6b:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb3IetK9H8SFi1k2oxJwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOWJlYzAyMTFmNjFlYWYxMTljZWIyZDQwYzVhMGZlM2Fh
OGMyYTAwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmMxMjBhY2ZlODI3OTE2ZTJjZGE5MjQ5MDIzNzRiYjUzNGY2MzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdhuKfaG4JQ5U0sog/ov8802Svbd
xoPBP+sO9CECz9gs1stW7A4WfORvQ39PMvFN56y6uA/36IHAtJB0oLzNSx6Mlnoo
DnA1H0Fl8w3dhCo4MX4TJknN9EYF6R8tyHFqHGx1byrax10au1TkfRgJGc8UGhQG
jonu49LdgRVAJsYusW2xYnk3e623tx1LURk55VC5pZxo+8ImxtXFyFO4kUc+/zGs
hEHvFUWY1eTBIw7M4sk2qy4IITCoD5DjoZHMUxJWYHZcFvS9C4tXTq06Cw1/je6N
f+BeVhQGJjtv5zt80U9O5ibyUfQZzwA1R45E9RHtdB90l4yWdZgddo8zewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJLBIKz+gnkW4s2pJJAjdLtTT2NQMB8GA1UdIwQY
MBaAFCub7AIR9h6vEZzrLUDFoP46qMKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2Qt
ODMzMjk1ZTA0ZTM3LzEva3NFZ3JQNkNlUmJpemFra2tDTjB1MU5QWTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2QtODMzMjk1ZTA0ZTM3
LzEvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUFPAwQA
uXQ/MA0GCSqGSIb3DQEBCwUAA4IBAQB9oltvaetXgBpPGdKbbqep/85Fp29rsA22
AjK9+M2LvD6moE37xma+VSi14Q1qGouFndTHx0KXFqQ4/rGIOJ0f5iFCa98LzCcu
GkPlEK7QUHREVJwPjXb+KWPha2WN4eXdgXMN/O2tzzJVV6tKY/0NIECR8Gar+ZfC
EJf4coGZaymrdb1mleKDsg+YlTCLwmAf4pY5R2VudlIF3PklfI5l5X8s6hoxWJ7q
Rle6fr+0yoINt4P74i55m/5wDBgQBp/o5Nt27l73yPIT/DJw0IuVA0wJchem5yG3
M922JuTcxmnZrlJc7bs7ysIW0lHXtizcJmmt9iaDknPE/W96xGvQ
-----END CERTIFICATE-----