Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/hWR6zHHPTBqZU3Iu5JfZPpTFA1w.roa
File:                     hWR6zHHPTBqZU3Iu5JfZPpTFA1w.roa (raw, json)
Hash identifier:          BsP8md4WxDRyXhknDztBIp5/olh2KECDJMaS4fUvEdo=
Subject key identifier:   85:64:7A:CC:71:CF:4C:1A:99:53:72:2E:E4:97:D9:3E:94:C5:03:5C
Certificate issuer:       /CN=36b55fb34d29f962545132a025b52644fdffbf6f
Certificate serial:       018CC9BCAF10E3DD6EFD755BB6D54385E64B
Authority key identifier: 36:B5:5F:B3:4D:29:F9:62:54:51:32:A0:25:B5:26:44:FD:FF:BF:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NrVfs00p-WJUUTKgJbUmRP3_v28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/hWR6zHHPTBqZU3Iu5JfZPpTFA1w.roa
Signing time:             Tue 02 Jan 2024 10:33:55 +0000
ROA not before:           Tue 02 Jan 2024 10:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     132335
IP address blocks:        185.206.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/NrVfs00p-WJUUTKgJbUmRP3_v28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/NrVfs00p-WJUUTKgJbUmRP3_v28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NrVfs00p-WJUUTKgJbUmRP3_v28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:af:10:e3:dd:6e:fd:75:5b:b6:d5:43:85:e6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36b55fb34d29f962545132a025b52644fdffbf6f
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85647acc71cf4c1a9953722ee497d93e94c5035c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b4:d3:5d:ef:ad:bd:f6:ac:44:52:31:60:83:
                    a6:d7:84:0c:74:83:60:c6:cf:21:c3:5c:35:c3:1a:
                    08:88:26:78:3f:11:05:4f:c4:27:6d:5a:52:4c:12:
                    60:70:df:19:b8:3c:71:f4:f5:6d:17:c9:9b:d1:5f:
                    cc:95:0b:1e:f2:5f:b9:5d:a1:da:c0:22:33:2f:7e:
                    64:64:b7:58:05:fa:7a:1e:92:55:96:a2:82:db:2a:
                    5f:18:8a:a1:45:42:e5:7a:fd:87:af:1f:f5:2b:86:
                    83:f2:16:54:de:2c:e9:24:31:da:e5:47:f0:47:8a:
                    c4:f6:dc:0c:62:5e:c1:3b:f0:e4:b0:d3:06:5a:0b:
                    be:22:26:6c:2c:7b:5a:62:85:42:84:71:c2:1a:ae:
                    8d:2c:62:a0:a4:b5:91:54:41:54:55:3c:5f:49:fb:
                    ba:7b:e8:e3:e8:7b:d5:77:91:a7:04:df:30:ce:b0:
                    59:54:36:ee:fe:34:a0:0e:57:a8:3f:af:f1:0c:8f:
                    7a:07:6a:f6:d6:a6:5d:74:97:65:ad:76:53:fa:4a:
                    3c:65:b7:11:bf:ed:11:24:a3:a6:8b:54:f5:69:30:
                    5b:00:ba:c7:a3:e6:c6:28:41:3f:37:1d:de:63:88:
                    c8:e4:a7:90:75:fb:6f:cf:31:df:73:b0:ac:ec:74:
                    f2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:64:7A:CC:71:CF:4C:1A:99:53:72:2E:E4:97:D9:3E:94:C5:03:5C
            X509v3 Authority Key Identifier:
                keyid:36:B5:5F:B3:4D:29:F9:62:54:51:32:A0:25:B5:26:44:FD:FF:BF:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NrVfs00p-WJUUTKgJbUmRP3_v28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/hWR6zHHPTBqZU3Iu5JfZPpTFA1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2bf00b-bfbc-4f6b-a13e-f10f73a9ecb3/1/NrVfs00p-WJUUTKgJbUmRP3_v28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f9:02:53:c6:bd:d2:78:d1:59:9d:8e:78:e5:09:94:57:7b:
         66:6c:e1:b4:23:03:2f:e4:fd:bb:b1:7f:2a:6d:94:f5:48:e9:
         a6:74:35:05:13:a5:bd:b5:36:cb:70:ae:41:f9:8d:14:e6:c1:
         a2:4c:d9:7b:6c:bc:4c:b5:60:62:ee:33:bf:a0:61:cf:1e:fd:
         cd:eb:3d:41:32:4c:99:d9:a3:42:7b:ec:c9:84:d8:82:b3:a2:
         86:36:9a:a3:eb:b7:ce:d5:e3:d8:4f:6d:f6:4d:ed:04:a5:c2:
         8b:db:9e:b8:ed:36:2d:1c:8e:3a:be:3c:29:38:1e:35:cd:86:
         0d:fe:d6:43:dd:26:1e:c0:36:8a:66:d1:1e:3e:61:be:b5:87:
         2e:5a:02:1a:16:a1:21:b1:d8:e6:6f:67:7e:ec:22:ec:b1:63:
         78:cf:aa:11:11:29:2f:58:1d:c6:73:1d:1a:8c:f6:4b:e0:18:
         13:82:43:d1:90:c5:8e:91:80:ab:49:ee:29:e7:44:87:e3:42:
         24:ef:93:b3:94:21:37:87:92:70:bb:e3:95:e0:41:1d:c7:52:
         07:bd:5f:a1:d4:1d:01:eb:cd:3c:a0:e3:81:cc:03:26:60:49:
         12:41:2d:6a:f7:5c:10:e6:71:47:c0:bd:29:74:07:26:8c:d6:
         37:c4:5e:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvK8Q491u/XVbttVDheZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YjU1ZmIzNGQyOWY5NjI1NDUxMzJhMDI1YjUyNjQ0ZmRm
ZmJmNmYwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTY0N2FjYzcxY2Y0YzFhOTk1MzcyMmVlNDk3ZDkzZTk0YzUwMzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLTTXe+tvfasRFIxYIOm14QMdINg
xs8hw1w1wxoIiCZ4PxEFT8QnbVpSTBJgcN8ZuDxx9PVtF8mb0V/MlQse8l+5XaHa
wCIzL35kZLdYBfp6HpJVlqKC2ypfGIqhRULlev2Hrx/1K4aD8hZU3izpJDHa5Ufw
R4rE9twMYl7BO/DksNMGWgu+IiZsLHtaYoVChHHCGq6NLGKgpLWRVEFUVTxfSfu6
e+jj6HvVd5GnBN8wzrBZVDbu/jSgDleoP6/xDI96B2r21qZddJdlrXZT+ko8ZbcR
v+0RJKOmi1T1aTBbALrHo+bGKEE/Nx3eY4jI5KeQdftvzzHfc7Cs7HTyxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVkesxxz0wamVNyLuSX2T6UxQNcMB8GA1UdIwQY
MBaAFDa1X7NNKfliVFEyoCW1JkT9/79vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnJWZnMwMHAtV0pVVVRLZ0piVW1SUDNfdjI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yYmYwMGItYmZiYy00ZjZiLWExM2Ut
ZjEwZjczYTllY2IzLzEvaFdSNnpISFBUQnFaVTNJdTVKZlpQcFRGQTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yYmYwMGItYmZiYy00ZjZiLWExM2UtZjEwZjczYTllY2Iz
LzEvTnJWZnMwMHAtV0pVVVRLZ0piVW1SUDNfdjI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc57MA0G
CSqGSIb3DQEBCwUAA4IBAQB2+QJTxr3SeNFZnY545QmUV3tmbOG0IwMv5P27sX8q
bZT1SOmmdDUFE6W9tTbLcK5B+Y0U5sGiTNl7bLxMtWBi7jO/oGHPHv3N6z1BMkyZ
2aNCe+zJhNiCs6KGNpqj67fO1ePYT232Te0EpcKL25647TYtHI46vjwpOB41zYYN
/tZD3SYewDaKZtEePmG+tYcuWgIaFqEhsdjmb2d+7CLssWN4z6oRESkvWB3Gcx0a
jPZL4BgTgkPRkMWOkYCrSe4p50SH40Ik75OzlCE3h5Jwu+OV4EEdx1IHvV+h1B0B
6808oOOBzAMmYEkSQS1q91wQ5nFHwL0pdAcmjNY3xF7j
-----END CERTIFICATE-----