Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/1XNXjg4ilEb04_ugs6tgKbSNotQ.roa
File:                     1XNXjg4ilEb04_ugs6tgKbSNotQ.roa (raw, json)
Hash identifier:          AWgn7ND/vS/QrHmlEY9WnkPqj7B7eCkqpzNfzhjxqZ8=
Subject key identifier:   D5:73:57:8E:0E:22:94:46:F4:E3:FB:A0:B3:AB:60:29:B4:8D:A2:D4
Certificate issuer:       /CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
Certificate serial:       019015965FC9C49D456BB98C3728B0B45769
Authority key identifier: 5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/1XNXjg4ilEb04_ugs6tgKbSNotQ.roa
Signing time:             Fri 14 Jun 2024 07:11:34 +0000
ROA not before:           Fri 14 Jun 2024 07:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42865
IP address blocks:        185.10.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:96:5f:c9:c4:9d:45:6b:b9:8c:37:28:b0:b4:57:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
        Validity
            Not Before: Jun 14 07:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d573578e0e229446f4e3fba0b3ab6029b48da2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a9:bf:d4:71:88:cd:59:31:4a:b9:0a:57:73:
                    3e:5a:1b:26:c4:ce:72:17:1d:f7:5c:02:98:a2:c2:
                    53:d0:7b:83:f3:8e:7f:f6:b6:1e:b2:01:10:73:e2:
                    2f:32:18:3d:77:b9:77:e5:fb:9d:c2:b7:19:66:50:
                    f3:04:50:e1:e5:91:2f:44:6c:3b:63:9a:60:3e:ed:
                    dc:ff:4e:bf:e0:ac:2a:eb:65:17:d0:5f:f4:a4:02:
                    5a:7a:19:bc:f1:40:f9:25:60:91:c6:a6:3c:83:ea:
                    2f:ef:25:23:21:da:9f:dc:4f:7b:40:9b:34:4e:22:
                    d8:c9:1b:ab:79:65:0b:10:c0:3a:6f:93:2e:78:9b:
                    81:7f:e6:98:19:af:f1:b4:19:9c:25:bc:c2:ec:0f:
                    8c:7c:14:49:0a:58:b5:a8:02:9e:54:9a:8b:7a:99:
                    02:70:5d:96:28:a7:ca:07:5a:ce:d9:ab:16:13:05:
                    ba:f7:5f:c5:1b:bb:2a:60:03:df:34:fe:f8:00:b0:
                    42:2e:94:22:66:a7:3c:45:69:61:b9:b7:2c:b8:03:
                    07:00:37:9b:0d:6d:e1:dc:e2:b4:34:86:20:c4:3b:
                    57:de:01:5f:f8:e1:6f:2e:45:f9:84:c0:71:b7:71:
                    e5:59:d7:3e:46:5e:cc:c0:22:3d:e4:ff:c2:22:86:
                    45:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:73:57:8E:0E:22:94:46:F4:E3:FB:A0:B3:AB:60:29:B4:8D:A2:D4
            X509v3 Authority Key Identifier:
                keyid:5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/1XNXjg4ilEb04_ugs6tgKbSNotQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:dd:a5:11:a0:34:d4:1d:56:ee:21:6e:60:dc:32:55:92:76:
         3a:64:d3:eb:08:0b:7e:61:27:d8:62:0f:41:b1:25:b9:63:6d:
         e7:75:29:41:5e:6f:ff:e6:aa:5f:b7:d6:cf:5a:aa:de:11:fd:
         65:4e:d9:a6:e6:14:b7:f3:40:f6:a1:1c:29:10:94:fa:8f:b6:
         35:8a:55:5b:1d:0f:9a:f6:19:6f:d3:26:04:7d:13:7f:c4:c9:
         40:e9:0c:7f:82:9a:e1:e5:4b:da:60:35:9e:50:77:4b:8d:26:
         9f:f7:95:52:68:80:7f:2e:57:28:04:06:2b:d6:63:d2:54:bc:
         35:57:32:b2:96:9c:1b:3f:37:1d:0d:a3:6d:f1:67:a3:4a:ff:
         25:5e:64:46:da:dd:36:b6:45:08:e6:d8:3e:e5:c7:9b:ad:ed:
         d0:50:f8:9c:82:9e:b9:a1:16:60:ed:75:33:a2:2e:47:8d:cd:
         40:27:f9:16:27:d4:a3:95:ed:fa:e0:25:a8:13:31:48:3d:f3:
         f9:66:90:6b:19:d6:f7:82:e1:29:5d:7e:ae:94:42:32:37:ee:
         8b:ef:61:d1:ab:f7:53:a9:8f:3b:aa:f5:d8:e1:27:d8:95:8e:
         a9:20:80:fd:78:42:a6:bc:c2:53:29:9d:1b:43:48:2e:91:39:
         99:66:3f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAVll/JxJ1Fa7mMNyiwtFdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjM1MThmYWE5Yjk0YTQyZDFhM2I0ZDlmNjNiOTc0Mzk0
ZDA2NjIwHhcNMjQwNjE0MDcxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTczNTc4ZTBlMjI5NDQ2ZjRlM2ZiYTBiM2FiNjAyOWI0OGRhMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6m/1HGIzVkxSrkKV3M+WhsmxM5y
Fx33XAKYosJT0HuD845/9rYesgEQc+IvMhg9d7l35fudwrcZZlDzBFDh5ZEvRGw7
Y5pgPu3c/06/4Kwq62UX0F/0pAJaehm88UD5JWCRxqY8g+ov7yUjIdqf3E97QJs0
TiLYyRureWULEMA6b5MueJuBf+aYGa/xtBmcJbzC7A+MfBRJCli1qAKeVJqLepkC
cF2WKKfKB1rO2asWEwW691/FG7sqYAPfNP74ALBCLpQiZqc8RWlhubcsuAMHADeb
DW3h3OK0NIYgxDtX3gFf+OFvLkX5hMBxt3HlWdc+Rl7MwCI95P/CIoZFEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVzV44OIpRG9OP7oLOrYCm0jaLUMB8GA1UdIwQY
MBaAFF4jUY+qm5SkLRo7TZ9juXQ5TQZiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUt
YTQ4YWMzMWRiYmYwLzEvMVhOWGpnNGlsRWIwNF91Z3M2dGdLYlNOb3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUtYTQ4YWMzMWRiYmYw
LzEvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQrRMA0G
CSqGSIb3DQEBCwUAA4IBAQAx3aURoDTUHVbuIW5g3DJVknY6ZNPrCAt+YSfYYg9B
sSW5Y23ndSlBXm//5qpft9bPWqreEf1lTtmm5hS380D2oRwpEJT6j7Y1ilVbHQ+a
9hlv0yYEfRN/xMlA6Qx/gprh5UvaYDWeUHdLjSaf95VSaIB/LlcoBAYr1mPSVLw1
VzKylpwbPzcdDaNt8WejSv8lXmRG2t02tkUI5tg+5cebre3QUPicgp65oRZg7XUz
oi5Hjc1AJ/kWJ9Sjle364CWoEzFIPfP5ZpBrGdb3guEpXX6ulEIyN+6L72HRq/dT
qY87qvXY4SfYlY6pIID9eEKmvMJTKZ0bQ0gukTmZZj9f
-----END CERTIFICATE-----