Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/n9sqyD7y6cANEcgqoNAha3ECp3M.roa
File:                     n9sqyD7y6cANEcgqoNAha3ECp3M.roa (raw, json)
Hash identifier:          cEuXqKFPFjYmwdiNID7aiZrvPw3hkNAGFmB9GRX/nGk=
Subject key identifier:   9F:DB:2A:C8:3E:F2:E9:C0:0D:11:C8:2A:A0:D0:21:6B:71:02:A7:73
Certificate issuer:       /CN=c15233af4ba59119d6ff194d7cd8665084a6ee77
Certificate serial:       018CC9BB074028FF6571B45EDB77DA570E9D
Authority key identifier: C1:52:33:AF:4B:A5:91:19:D6:FF:19:4D:7C:D8:66:50:84:A6:EE:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wVIzr0ulkRnW_xlNfNhmUISm7nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/n9sqyD7y6cANEcgqoNAha3ECp3M.roa
Signing time:             Tue 02 Jan 2024 10:32:06 +0000
ROA not before:           Tue 02 Jan 2024 10:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208617
IP address blocks:        185.160.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/wVIzr0ulkRnW_xlNfNhmUISm7nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/wVIzr0ulkRnW_xlNfNhmUISm7nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wVIzr0ulkRnW_xlNfNhmUISm7nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:07:40:28:ff:65:71:b4:5e:db:77:da:57:0e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15233af4ba59119d6ff194d7cd8665084a6ee77
        Validity
            Not Before: Jan  2 10:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fdb2ac83ef2e9c00d11c82aa0d0216b7102a773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3d:83:08:9f:b1:ca:51:68:1b:97:80:e8:58:
                    ee:3c:00:e5:50:90:cb:04:ed:cf:6b:2e:d8:85:67:
                    44:ff:1c:df:59:1f:5c:d9:3c:af:ff:d1:b6:fe:95:
                    e9:d9:0b:15:9d:b9:5f:66:ef:be:24:21:2b:28:f4:
                    60:d3:e3:17:13:3f:01:8f:34:31:7c:a9:62:4b:9e:
                    7c:5d:1d:67:0f:a8:9f:30:fb:10:ce:e3:7a:c4:e8:
                    91:e2:41:e8:40:24:cf:66:51:6c:c2:2b:d2:cf:be:
                    e5:f8:b2:07:0e:e8:8d:25:c6:8c:17:6b:a9:70:fd:
                    e5:73:6b:78:b8:2d:0e:e3:2f:16:bd:a8:3f:57:c1:
                    a7:b3:fa:3d:a6:ed:e9:10:53:c4:35:a2:74:e7:49:
                    05:09:b4:6a:86:95:d4:58:33:d9:fd:6c:fe:d2:8f:
                    c3:00:05:a3:e1:a9:5f:d9:fc:ab:ce:37:06:e0:eb:
                    9f:69:19:8f:2d:33:e7:7a:c8:0a:9c:80:df:04:26:
                    f5:5d:8c:51:ff:85:fa:27:11:7b:c5:43:08:9c:1c:
                    3f:e0:02:59:21:56:3b:bd:8a:92:26:3b:d7:7e:b6:
                    af:bc:bd:73:33:b9:b8:73:4e:6a:25:14:1a:94:7b:
                    77:81:a9:ed:7e:c9:e4:0f:82:f8:ad:2e:59:88:8c:
                    7a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DB:2A:C8:3E:F2:E9:C0:0D:11:C8:2A:A0:D0:21:6B:71:02:A7:73
            X509v3 Authority Key Identifier:
                keyid:C1:52:33:AF:4B:A5:91:19:D6:FF:19:4D:7C:D8:66:50:84:A6:EE:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wVIzr0ulkRnW_xlNfNhmUISm7nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/n9sqyD7y6cANEcgqoNAha3ECp3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/b66ff8-e2ab-483c-a373-4b7f375ecd06/1/wVIzr0ulkRnW_xlNfNhmUISm7nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:3c:81:a8:6b:47:28:d1:38:fe:57:f9:8c:de:c2:ba:22:67:
         14:58:03:30:b3:95:65:46:17:35:2f:ab:8f:7a:5d:27:3c:3f:
         0c:57:10:3b:06:ca:87:76:dc:b3:75:fa:91:44:f7:fc:86:a5:
         d2:87:5b:c0:0e:a2:72:a3:7f:46:0a:ca:3b:59:c6:61:13:d0:
         df:9b:ca:11:28:15:30:d7:5a:26:34:9b:7b:a8:0e:4e:16:42:
         6e:3b:b2:b8:89:07:04:2f:80:48:bf:fb:77:33:65:de:db:59:
         f7:68:d0:8e:78:02:70:68:6a:22:5b:4f:82:c5:2e:d5:78:d8:
         bb:e9:dd:53:94:8f:db:f7:cb:8c:1d:7b:1d:65:64:03:b6:24:
         3a:f9:94:00:69:90:80:28:eb:6f:3b:36:77:52:28:08:1e:7e:
         d9:34:dd:73:2b:17:09:9b:b1:5c:51:21:e4:6d:80:f5:fc:45:
         6e:71:e0:0c:82:d7:00:87:e4:57:7a:63:4c:a1:15:53:23:12:
         5e:e2:4a:0c:b8:97:9c:97:2b:64:9a:d4:2f:9b:ce:bc:97:2e:
         03:06:3d:df:ed:f1:6a:c2:57:a4:aa:97:72:a0:c6:c8:85:83:
         65:79:8e:54:b9:e5:af:fa:8f:7e:be:70:3a:3e:4b:33:70:31:
         e0:a8:92:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuwdAKP9lcbRe23faVw6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNTIzM2FmNGJhNTkxMTlkNmZmMTk0ZDdjZDg2NjUwODRh
NmVlNzcwHhcNMjQwMTAyMTAzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmRiMmFjODNlZjJlOWMwMGQxMWM4MmFhMGQwMjE2YjcxMDJhNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj2DCJ+xylFoG5eA6FjuPADlUJDL
BO3Pay7YhWdE/xzfWR9c2Tyv/9G2/pXp2QsVnblfZu++JCErKPRg0+MXEz8BjzQx
fKliS558XR1nD6ifMPsQzuN6xOiR4kHoQCTPZlFswivSz77l+LIHDuiNJcaMF2up
cP3lc2t4uC0O4y8Wvag/V8Gns/o9pu3pEFPENaJ050kFCbRqhpXUWDPZ/Wz+0o/D
AAWj4alf2fyrzjcG4OufaRmPLTPnesgKnIDfBCb1XYxR/4X6JxF7xUMInBw/4AJZ
IVY7vYqSJjvXfravvL1zM7m4c05qJRQalHt3gantfsnkD4L4rS5ZiIx60QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/bKsg+8unADRHIKqDQIWtxAqdzMB8GA1UdIwQY
MBaAFMFSM69LpZEZ1v8ZTXzYZlCEpu53MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1ZJenIwdWxrUm5XX3hsTmZOaG1VSVNtN25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9iNjZmZjgtZTJhYi00ODNjLWEzNzMt
NGI3ZjM3NWVjZDA2LzEvbjlzcXlEN3k2Y0FORWNncW9OQWhhM0VDcDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9iNjZmZjgtZTJhYi00ODNjLWEzNzMtNGI3ZjM3NWVjZDA2
LzEvd1ZJenIwdWxrUm5XX3hsTmZOaG1VSVNtN25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDMMA0G
CSqGSIb3DQEBCwUAA4IBAQACPIGoa0co0Tj+V/mM3sK6ImcUWAMws5VlRhc1L6uP
el0nPD8MVxA7BsqHdtyzdfqRRPf8hqXSh1vADqJyo39GCso7WcZhE9Dfm8oRKBUw
11omNJt7qA5OFkJuO7K4iQcEL4BIv/t3M2Xe21n3aNCOeAJwaGoiW0+CxS7VeNi7
6d1TlI/b98uMHXsdZWQDtiQ6+ZQAaZCAKOtvOzZ3UigIHn7ZNN1zKxcJm7FcUSHk
bYD1/EVuceAMgtcAh+RXemNMoRVTIxJe4koMuJeclytkmtQvm868ly4DBj3f7fFq
wlekqpdyoMbIhYNleY5UueWv+o9+vnA6PkszcDHgqJK2
-----END CERTIFICATE-----