Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/9ZejYcr2DvwSq2bAceL1F3gIkSY.roa
File:                     9ZejYcr2DvwSq2bAceL1F3gIkSY.roa (raw, json)
Hash identifier:          0N4WVxZZWC50jr7bHkPwm26ctvQhCuMBfdgFnYW+B6A=
Subject key identifier:   F5:97:A3:61:CA:F6:0E:FC:12:AB:66:C0:71:E2:F5:17:78:08:91:26
Certificate issuer:       /CN=28208ba4e75e27b046f9e5278221b44778b6ae8d
Certificate serial:       018CC94D49EA38F3791149B4D42460F71389
Authority key identifier: 28:20:8B:A4:E7:5E:27:B0:46:F9:E5:27:82:21:B4:47:78:B6:AE:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCCLpOdeJ7BG-eUngiG0R3i2ro0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/9ZejYcr2DvwSq2bAceL1F3gIkSY.roa
Signing time:             Tue 02 Jan 2024 08:32:14 +0000
ROA not before:           Tue 02 Jan 2024 08:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207578
IP address blocks:        185.187.44.0/23 maxlen: 23
                          193.25.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/KCCLpOdeJ7BG-eUngiG0R3i2ro0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/KCCLpOdeJ7BG-eUngiG0R3i2ro0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCCLpOdeJ7BG-eUngiG0R3i2ro0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:49:ea:38:f3:79:11:49:b4:d4:24:60:f7:13:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28208ba4e75e27b046f9e5278221b44778b6ae8d
        Validity
            Not Before: Jan  2 08:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f597a361caf60efc12ab66c071e2f51778089126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:08:9e:f9:aa:b0:9e:a4:07:f5:d9:90:08:a9:
                    29:0c:a4:6f:d9:d0:cb:65:b0:80:47:3b:63:24:52:
                    08:39:3e:7d:3b:f4:ca:3a:d8:7a:05:81:64:14:1a:
                    d7:3f:42:aa:ce:18:93:3c:f2:e8:20:c7:03:99:37:
                    12:ea:1d:b7:15:c3:ca:61:4d:bd:0b:77:89:a7:ed:
                    ce:f4:71:d2:82:ba:20:7a:70:e3:19:26:d0:2a:f9:
                    13:13:d1:03:fa:19:dc:c8:d5:03:94:00:17:30:30:
                    bc:29:83:cb:b1:cd:34:46:34:b2:f7:a1:eb:62:5f:
                    6c:a1:25:5c:30:62:11:f7:19:01:10:76:c0:d6:11:
                    32:ce:17:db:8a:a1:76:a3:d6:11:54:85:a0:3f:9a:
                    14:a9:24:16:c5:48:60:51:33:e3:d9:cd:9c:90:c7:
                    7d:90:82:5d:a8:eb:e7:92:5c:2a:09:90:f9:1c:11:
                    7d:08:cd:00:12:bb:79:6b:33:72:09:ba:58:7f:8e:
                    c3:86:74:09:4d:27:4a:8f:e0:51:47:10:19:0f:66:
                    d5:92:31:62:73:85:f4:9b:c3:b5:10:19:ab:bf:29:
                    70:a3:5e:29:20:01:2a:2f:fc:03:3b:87:ce:5b:a9:
                    1f:ed:66:0e:a2:7c:bd:57:59:0f:33:77:89:c0:f7:
                    ea:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:97:A3:61:CA:F6:0E:FC:12:AB:66:C0:71:E2:F5:17:78:08:91:26
            X509v3 Authority Key Identifier:
                keyid:28:20:8B:A4:E7:5E:27:B0:46:F9:E5:27:82:21:B4:47:78:B6:AE:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCCLpOdeJ7BG-eUngiG0R3i2ro0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/9ZejYcr2DvwSq2bAceL1F3gIkSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/02cc02-bfd9-4070-a31d-b7cd9b3b2e4f/1/KCCLpOdeJ7BG-eUngiG0R3i2ro0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.44.0/23
                  193.25.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:53:01:b9:dd:9f:b0:17:13:8c:36:08:c3:ac:62:0f:0d:9e:
         f0:4a:37:0f:05:46:29:b5:f0:09:14:44:d2:e7:c4:b3:2b:25:
         84:8e:ec:3a:da:30:46:0f:da:1c:23:f2:83:3b:20:44:86:4d:
         ff:e5:39:a3:d7:63:0d:63:04:fb:e9:31:26:dc:c6:4c:29:92:
         c8:23:dc:e1:d9:72:22:45:82:f3:2a:bc:aa:30:84:d2:18:18:
         f1:ed:1d:d2:63:95:fc:54:33:94:b5:2b:19:69:31:b9:06:93:
         b6:07:32:98:4c:c2:04:dd:f3:a1:3b:6d:b6:6e:53:42:92:5e:
         43:e4:a4:4f:68:8b:d1:73:43:b8:35:2f:be:1f:d5:ae:eb:f8:
         1f:c9:52:fa:50:f2:60:58:38:ac:cd:3b:da:ea:69:85:e4:b9:
         0d:bd:b0:cc:af:69:15:00:71:b4:b6:f3:54:e5:9b:72:93:e6:
         23:87:20:3e:c1:36:f2:85:72:78:49:3c:b8:e8:1f:9d:3f:16:
         32:fa:ff:57:45:bb:c4:03:67:8a:78:4c:99:94:14:c0:8e:fc:
         56:d5:c6:93:74:38:b1:63:39:46:5f:21:32:19:a1:c8:f0:a3:
         e8:2b:27:10:ec:ad:ad:cc:cc:0a:cb:39:7e:81:5b:63:23:df:
         43:1a:9b:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTUnqOPN5EUm01CRg9xOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjA4YmE0ZTc1ZTI3YjA0NmY5ZTUyNzgyMjFiNDQ3Nzhi
NmFlOGQwHhcNMjQwMTAyMDgzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTk3YTM2MWNhZjYwZWZjMTJhYjY2YzA3MWUyZjUxNzc4MDg5MTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwie+aqwnqQH9dmQCKkpDKRv2dDL
ZbCARztjJFIIOT59O/TKOth6BYFkFBrXP0KqzhiTPPLoIMcDmTcS6h23FcPKYU29
C3eJp+3O9HHSgrogenDjGSbQKvkTE9ED+hncyNUDlAAXMDC8KYPLsc00RjSy96Hr
Yl9soSVcMGIR9xkBEHbA1hEyzhfbiqF2o9YRVIWgP5oUqSQWxUhgUTPj2c2ckMd9
kIJdqOvnklwqCZD5HBF9CM0AErt5azNyCbpYf47DhnQJTSdKj+BRRxAZD2bVkjFi
c4X0m8O1EBmrvylwo14pIAEqL/wDO4fOW6kf7WYOony9V1kPM3eJwPfqIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPWXo2HK9g78EqtmwHHi9Rd4CJEmMB8GA1UdIwQY
MBaAFCggi6TnXiewRvnlJ4IhtEd4tq6NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NDTHBPZGVKN0JHLWVVbmdpRzBSM2kycm8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMmNjMDItYmZkOS00MDcwLWEzMWQt
YjdjZDliM2IyZTRmLzEvOVplalljcjJEdndTcTJiQWNlTDFGM2dJa1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMmNjMDItYmZkOS00MDcwLWEzMWQtYjdjZDliM2IyZTRm
LzEvS0NDTHBPZGVKN0JHLWVVbmdpRzBSM2kycm8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubssAwQA
wRnLMA0GCSqGSIb3DQEBCwUAA4IBAQAHUwG53Z+wFxOMNgjDrGIPDZ7wSjcPBUYp
tfAJFETS58SzKyWEjuw62jBGD9ocI/KDOyBEhk3/5Tmj12MNYwT76TEm3MZMKZLI
I9zh2XIiRYLzKryqMITSGBjx7R3SY5X8VDOUtSsZaTG5BpO2BzKYTMIE3fOhO222
blNCkl5D5KRPaIvRc0O4NS++H9Wu6/gfyVL6UPJgWDiszTva6mmF5LkNvbDMr2kV
AHG0tvNU5Ztyk+YjhyA+wTbyhXJ4STy46B+dPxYy+v9XRbvEA2eKeEyZlBTAjvxW
1caTdDixYzlGXyEyGaHI8KPoKycQ7K2tzMwKyzl+gVtjI99DGpu8
-----END CERTIFICATE-----