Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/SGvXWYnXO2xkv1yizo3X0hQl4YY.roa
File:                     SGvXWYnXO2xkv1yizo3X0hQl4YY.roa (raw, json)
Hash identifier:          oyO39sFSh9P6QFEwJZWKn0tw/9M4TGlfONvqejkIHv8=
Subject key identifier:   48:6B:D7:59:89:D7:3B:6C:64:BF:5C:A2:CE:8D:D7:D2:14:25:E1:86
Certificate issuer:       /CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
Certificate serial:       018F28B1A8785AB174987805643E03EAB204
Authority key identifier: 53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/SGvXWYnXO2xkv1yizo3X0hQl4YY.roa
Signing time:             Mon 29 Apr 2024 07:11:22 +0000
ROA not before:           Mon 29 Apr 2024 07:11:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198394
IP address blocks:        185.12.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:b1:a8:78:5a:b1:74:98:78:05:64:3e:03:ea:b2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
        Validity
            Not Before: Apr 29 07:11:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=486bd75989d73b6c64bf5ca2ce8dd7d21425e186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:18:21:08:1c:ca:cd:57:61:a3:5c:21:d4:
                    94:73:19:2f:8c:74:55:e6:ae:9d:de:28:e6:fc:a0:
                    29:0c:03:fc:63:cf:20:60:3b:40:15:e4:61:bc:52:
                    54:28:2b:17:a9:6c:40:da:47:11:83:ec:f7:6e:34:
                    af:9e:6b:31:95:b7:6f:08:07:0d:a8:95:bb:8b:ac:
                    5d:5c:5d:1f:03:70:5e:90:9b:7d:57:e9:e0:90:38:
                    cc:bc:4c:6e:7a:e1:c8:18:28:b2:4a:f7:9d:da:dd:
                    3f:68:92:d2:bd:64:23:04:32:b0:20:ec:3d:1c:b0:
                    5b:2f:e8:f0:53:54:96:a5:c6:1b:b5:91:60:40:e4:
                    e3:24:15:d2:7d:55:17:65:ed:8d:2e:28:cc:49:e7:
                    32:4c:d6:9b:4c:f9:c5:ff:27:ba:76:46:ab:58:32:
                    b3:7f:20:a5:03:92:fc:1a:06:86:99:52:c4:07:3b:
                    b3:99:9c:39:4f:3b:68:92:eb:4a:1b:64:50:d7:e3:
                    22:0b:37:9e:5e:be:6e:b7:3e:3c:08:39:06:01:f5:
                    02:2a:f0:71:79:4a:91:28:98:dd:9a:a9:4f:cb:07:
                    b7:a5:d3:33:ba:c7:c4:00:1a:7d:d7:42:80:66:ae:
                    39:d4:83:73:ea:b3:65:8c:4e:95:41:69:ad:db:95:
                    d9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:6B:D7:59:89:D7:3B:6C:64:BF:5C:A2:CE:8D:D7:D2:14:25:E1:86
            X509v3 Authority Key Identifier:
                keyid:53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/SGvXWYnXO2xkv1yizo3X0hQl4YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:3c:42:17:d4:1d:03:d3:67:89:ae:4e:fe:a0:88:0c:00:01:
         80:d5:b3:a6:50:9f:b9:39:c6:f0:16:0b:32:29:59:a5:38:a5:
         17:20:c8:db:bb:4a:05:c0:a1:4f:6d:a0:4c:aa:e6:bc:bc:42:
         09:85:db:8a:66:d9:76:c6:95:6c:a2:43:bc:18:ac:c3:e0:85:
         bc:65:fe:9c:1d:ac:89:89:18:c1:f2:bc:43:8d:6b:9e:41:22:
         f2:b3:de:69:f8:72:1f:b5:09:31:25:86:78:52:27:29:fe:7d:
         fd:fc:ec:ef:b2:02:9b:a9:3e:1c:fb:bc:81:a5:33:3b:18:2c:
         f5:f7:25:32:4f:60:04:fc:89:fb:d3:cf:42:84:eb:19:61:13:
         4b:1d:88:e2:55:f8:6d:8e:82:88:80:6b:c5:4d:9a:ea:41:20:
         bd:4d:71:9b:88:90:a0:87:a0:e5:d2:78:1d:fc:f8:4f:d5:9d:
         19:99:1b:73:b8:92:ef:77:e6:34:cc:77:25:96:22:6d:10:64:
         ab:c7:c2:cf:49:ba:82:03:70:25:35:98:08:ce:d4:c6:8e:4f:
         fe:f3:16:f0:25:5d:94:e0:ff:64:ad:79:2a:c5:93:37:a3:fb:
         6b:31:8d:b8:55:c8:cf:e7:6b:cb:9b:ef:0d:0f:05:17:17:06:
         e3:9b:29:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8osah4WrF0mHgFZD4D6rIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODBjZDhhZDJmODRlMTRlOWI1YjY0MjM4OTM3YjZkNDIw
N2UyMjEwHhcNMjQwNDI5MDcxMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODZiZDc1OTg5ZDczYjZjNjRiZjVjYTJjZThkZDdkMjE0MjVlMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxwYIQgcys1XYaNcIdSUcxkvjHRV
5q6d3ijm/KApDAP8Y88gYDtAFeRhvFJUKCsXqWxA2kcRg+z3bjSvnmsxlbdvCAcN
qJW7i6xdXF0fA3BekJt9V+ngkDjMvExueuHIGCiySved2t0/aJLSvWQjBDKwIOw9
HLBbL+jwU1SWpcYbtZFgQOTjJBXSfVUXZe2NLijMSecyTNabTPnF/ye6dkarWDKz
fyClA5L8GgaGmVLEBzuzmZw5TztokutKG2RQ1+MiCzeeXr5utz48CDkGAfUCKvBx
eUqRKJjdmqlPywe3pdMzusfEABp910KAZq451INz6rNljE6VQWmt25XZfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhr11mJ1ztsZL9cos6N19IUJeGGMB8GA1UdIwQY
MBaAFFOAzYrS+E4U6bW2QjiTe21CB+IhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQt
NWUzNmQxYjA4MjVlLzEvU0d2WFdZblhPMnhrdjF5aXpvM1gwaFFsNFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQtNWUzNmQxYjA4MjVl
LzEvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwYMA0G
CSqGSIb3DQEBCwUAA4IBAQClPEIX1B0D02eJrk7+oIgMAAGA1bOmUJ+5OcbwFgsy
KVmlOKUXIMjbu0oFwKFPbaBMqua8vEIJhduKZtl2xpVsokO8GKzD4IW8Zf6cHayJ
iRjB8rxDjWueQSLys95p+HIftQkxJYZ4Uicp/n39/OzvsgKbqT4c+7yBpTM7GCz1
9yUyT2AE/In7089ChOsZYRNLHYjiVfhtjoKIgGvFTZrqQSC9TXGbiJCgh6Dl0ngd
/PhP1Z0ZmRtzuJLvd+Y0zHclliJtEGSrx8LPSbqCA3AlNZgIztTGjk/+8xbwJV2U
4P9krXkqxZM3o/trMY24VcjP52vLm+8NDwUXFwbjmyno
-----END CERTIFICATE-----