Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/cjKZCzokgeKxkzvua6YUrdu9Y4c.roa
File:                     cjKZCzokgeKxkzvua6YUrdu9Y4c.roa (raw, json)
Hash identifier:          8VNibdSlizPBVdd+6LIQQeEv5umM7n/pAzoStevQtKc=
Subject key identifier:   72:32:99:0B:3A:24:81:E2:B1:93:3B:EE:6B:A6:14:AD:DB:BD:63:87
Certificate issuer:       /CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
Certificate serial:       018CC26D7CC245971978511BE9A8F6FBE433
Authority key identifier: 93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/cjKZCzokgeKxkzvua6YUrdu9Y4c.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206063
IP address blocks:        185.188.0.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7c:c2:45:97:19:78:51:1b:e9:a8:f6:fb:e4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7232990b3a2481e2b1933bee6ba614addbbd6387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:21:51:bf:35:2f:c9:dd:cd:50:7b:68:9c:e8:
                    61:6d:0d:f8:35:41:ce:16:6e:92:b6:2b:04:42:16:
                    67:39:b5:1a:fa:df:df:a7:02:59:32:8e:fb:94:50:
                    12:99:36:5b:29:68:b9:14:ee:20:9b:47:16:c9:e2:
                    25:5a:6e:8c:6b:5b:1e:1e:da:80:2a:ab:30:a8:10:
                    c5:68:39:8f:81:3c:1a:15:2f:19:99:24:33:53:c9:
                    bc:52:18:6f:22:df:43:0e:3e:ec:56:55:0e:f0:bc:
                    af:0b:34:2b:fb:22:49:ee:92:8f:46:d7:cb:ff:24:
                    12:c1:21:11:dc:6a:13:de:1c:3f:90:04:f3:ab:4b:
                    d5:a1:40:53:49:28:e6:2e:9e:82:ff:22:5e:21:18:
                    37:1c:3b:fe:0d:cb:41:90:f2:9a:05:6b:40:3a:70:
                    66:5d:23:22:9a:0d:cd:d5:cf:0c:b0:f9:21:60:0e:
                    ad:65:ae:03:7a:2c:c8:c7:3d:14:26:d4:9f:95:ce:
                    64:9e:ee:d4:28:e6:50:9b:3f:85:9b:85:79:43:74:
                    a4:03:17:ca:2f:77:2f:c0:b3:5c:77:91:4d:36:18:
                    b2:5c:8b:89:b6:ee:3b:a3:83:45:7a:59:2b:83:10:
                    aa:bc:9d:33:17:83:92:a3:de:3a:d2:07:01:28:93:
                    0b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:32:99:0B:3A:24:81:E2:B1:93:3B:EE:6B:A6:14:AD:DB:BD:63:87
            X509v3 Authority Key Identifier:
                keyid:93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/cjKZCzokgeKxkzvua6YUrdu9Y4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:8d:5f:1c:5c:2e:83:3c:73:6f:38:7c:15:01:30:95:6f:11:
         d3:a1:3a:4c:42:41:34:7e:28:2f:6b:dd:cc:c7:46:1a:2b:4a:
         a8:de:40:5a:d0:79:60:a4:c0:91:ce:93:9a:da:69:44:20:b7:
         89:60:84:1c:b1:1a:77:24:46:07:f8:9f:36:b4:e9:16:f9:d0:
         fd:d3:9b:01:d0:9d:3d:18:eb:2f:91:f9:0b:1b:6f:4c:c8:f4:
         21:10:dc:bf:1f:17:5c:3d:b2:3a:7d:53:75:be:4b:28:2d:4d:
         8a:5f:f8:cd:b6:e9:10:a8:59:f5:c7:47:34:c7:9f:1d:95:a4:
         5e:f5:17:45:83:5e:df:eb:3d:87:32:f2:52:ad:8c:8b:80:42:
         e9:44:38:fe:8c:14:c8:d8:a4:2e:65:27:6b:8d:61:35:c3:b2:
         fa:c7:c7:f7:07:a6:54:0e:78:23:a9:8a:37:60:c8:58:ff:e6:
         0c:60:e6:15:94:81:78:d9:95:fa:21:0d:20:cc:8b:4b:bb:7d:
         a9:0d:44:38:15:4c:b4:7c:85:e5:df:52:9b:f9:da:b6:b9:a8:
         3c:2f:a6:ac:ac:f6:a1:1e:71:1a:42:1a:36:f8:c2:f1:df:06:
         07:49:aa:d7:bd:1d:bf:e1:17:22:82:db:ad:55:79:89:bd:87:
         3e:d4:0f:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXzCRZcZeFEb6aj2++QzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGM0NWZmZTEzZjg0MWYxODhhZjc0M2JkN2RjMzRlZDU0
ODA1ZDQwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjMyOTkwYjNhMjQ4MWUyYjE5MzNiZWU2YmE2MTRhZGRiYmQ2Mzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCFRvzUvyd3NUHtonOhhbQ34NUHO
Fm6StisEQhZnObUa+t/fpwJZMo77lFASmTZbKWi5FO4gm0cWyeIlWm6Ma1seHtqA
KqswqBDFaDmPgTwaFS8ZmSQzU8m8UhhvIt9DDj7sVlUO8LyvCzQr+yJJ7pKPRtfL
/yQSwSER3GoT3hw/kATzq0vVoUBTSSjmLp6C/yJeIRg3HDv+DctBkPKaBWtAOnBm
XSMimg3N1c8MsPkhYA6tZa4DeizIxz0UJtSflc5knu7UKOZQmz+Fm4V5Q3SkAxfK
L3cvwLNcd5FNNhiyXIuJtu47o4NFelkrgxCqvJ0zF4OSo9460gcBKJMLCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIymQs6JIHisZM77mumFK3bvWOHMB8GA1UdIwQY
MBaAFJPcRf/hP4QfGIr3Q719w07VSAXUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQt
MjE4OTU3MjhiYTRlLzEvY2pLWkN6b2tnZUt4a3p2dWE2WVVyZHU5WTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQtMjE4OTU3MjhiYTRl
LzEvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubwAMA0G
CSqGSIb3DQEBCwUAA4IBAQCfjV8cXC6DPHNvOHwVATCVbxHToTpMQkE0figva93M
x0YaK0qo3kBa0HlgpMCRzpOa2mlEILeJYIQcsRp3JEYH+J82tOkW+dD905sB0J09
GOsvkfkLG29MyPQhENy/HxdcPbI6fVN1vksoLU2KX/jNtukQqFn1x0c0x58dlaRe
9RdFg17f6z2HMvJSrYyLgELpRDj+jBTI2KQuZSdrjWE1w7L6x8f3B6ZUDngjqYo3
YMhY/+YMYOYVlIF42ZX6IQ0gzItLu32pDUQ4FUy0fIXl31Kb+dq2uag8L6asrPah
HnEaQho2+MLx3wYHSarXvR2/4RcigtutVXmJvYc+1A9l
-----END CERTIFICATE-----