Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/c8efj3ycmEEYkA2nrxYYsYEFyhI.roa
File:                     c8efj3ycmEEYkA2nrxYYsYEFyhI.roa (raw, json)
Hash identifier:          +rAfQZq6pJIInOLw1XauWz/DX7XQCOq7xpoDLf7gJo4=
Subject key identifier:   73:C7:9F:8F:7C:9C:98:41:18:90:0D:A7:AF:16:18:B1:81:05:CA:12
Certificate issuer:       /CN=3cbdce45c4882c8a3a257110c6b1f0d49b182a9c
Certificate serial:       018DD554E923D7E89130E954C7DDDCF019B1
Authority key identifier: 3C:BD:CE:45:C4:88:2C:8A:3A:25:71:10:C6:B1:F0:D4:9B:18:2A:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/c8efj3ycmEEYkA2nrxYYsYEFyhI.roa
Signing time:             Fri 23 Feb 2024 09:38:48 +0000
ROA not before:           Fri 23 Feb 2024 09:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        185.154.189.0/24 maxlen: 24
                          2a12:dac0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:54:e9:23:d7:e8:91:30:e9:54:c7:dd:dc:f0:19:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cbdce45c4882c8a3a257110c6b1f0d49b182a9c
        Validity
            Not Before: Feb 23 09:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c79f8f7c9c984118900da7af1618b18105ca12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b4:3c:4c:9c:51:68:18:69:ce:a4:d8:28:32:
                    47:f7:ff:41:e7:59:9a:54:e4:8b:d3:b0:44:1e:63:
                    2a:ae:53:9b:fa:88:91:09:55:c1:e6:d3:19:fc:ca:
                    30:db:14:6d:24:81:d8:5f:69:2b:99:72:ca:fb:f4:
                    10:f6:42:af:ce:a5:bd:70:c3:1d:c3:87:67:f0:3c:
                    ab:7d:bf:a2:57:09:55:27:0e:de:22:c8:42:8c:05:
                    72:60:8e:42:04:74:42:eb:c9:c3:bf:bb:3e:03:a3:
                    78:bb:33:ab:c9:6e:54:8b:33:a9:54:e0:bd:b0:63:
                    c5:8e:30:27:68:c6:f1:e1:cc:6f:b0:e1:12:43:84:
                    f1:ba:99:99:bc:14:0b:b5:36:d4:e7:be:62:90:da:
                    30:e0:23:0e:28:3d:bb:99:48:3a:c6:6b:30:55:c5:
                    ed:f3:f1:76:ee:3c:b5:70:74:ae:58:fa:cf:6d:73:
                    29:a7:82:91:e3:e7:81:fd:31:8e:39:c8:fb:05:92:
                    83:fa:13:4d:09:69:e4:39:64:b6:ab:13:f9:ec:78:
                    d1:d5:b7:6b:79:ab:7b:d6:45:c0:c9:28:23:6c:09:
                    d7:cf:da:63:46:1b:cb:0d:f1:e2:1a:0f:b1:17:fb:
                    c7:31:ca:e2:ae:9c:44:70:ec:13:f6:cc:fe:5f:fa:
                    00:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C7:9F:8F:7C:9C:98:41:18:90:0D:A7:AF:16:18:B1:81:05:CA:12
            X509v3 Authority Key Identifier:
                keyid:3C:BD:CE:45:C4:88:2C:8A:3A:25:71:10:C6:B1:F0:D4:9B:18:2A:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/c8efj3ycmEEYkA2nrxYYsYEFyhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.189.0/24
                IPv6:
                  2a12:dac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:1b:f9:b4:34:35:4a:76:59:ac:bf:1d:5c:88:b0:3b:45:18:
         30:85:66:ca:97:c8:7a:e5:30:08:cd:ea:0e:d4:22:4a:14:7a:
         5f:17:f3:ae:34:9d:e2:89:77:1d:39:57:80:63:a7:e3:4e:66:
         f2:d3:ae:98:07:d8:52:dd:cf:41:c1:b3:e5:a5:ef:3a:4d:c6:
         9e:88:af:42:93:f3:6e:8f:a2:e4:f1:c7:18:2a:d3:8b:c7:29:
         51:c6:25:5a:81:91:aa:50:62:4f:d3:0b:ea:4a:e8:c9:ec:c9:
         be:ba:1f:fa:73:c1:19:2c:c5:43:7d:20:04:a9:8d:d2:b6:7e:
         f8:63:e4:bf:91:fb:e1:1c:eb:9b:b0:ce:95:49:8b:fd:fe:4c:
         d3:63:b0:01:27:60:17:22:40:c6:77:44:7b:9c:d6:7b:cd:35:
         e5:d4:17:90:95:0b:58:59:3e:54:e7:c4:8a:e0:3d:cc:38:aa:
         6b:07:3c:ba:00:20:04:02:27:51:79:68:23:b9:a2:1c:95:2e:
         cc:5d:17:11:24:bf:1b:12:4e:0a:54:9a:81:55:0d:88:96:86:
         f6:af:85:8d:69:c0:46:66:87:eb:46:58:d1:20:a0:0a:5a:85:
         a9:61:37:65:8e:ed:9d:47:ee:04:9a:56:9f:c0:9f:3d:a1:60:
         3f:ec:d8:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3VVOkj1+iRMOlUx93c8BmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYmRjZTQ1YzQ4ODJjOGEzYTI1NzExMGM2YjFmMGQ0OWIx
ODJhOWMwHhcNMjQwMjIzMDkzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2M3OWY4ZjdjOWM5ODQxMTg5MDBkYTdhZjE2MThiMTgxMDVjYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorQ8TJxRaBhpzqTYKDJH9/9B51ma
VOSL07BEHmMqrlOb+oiRCVXB5tMZ/Mow2xRtJIHYX2krmXLK+/QQ9kKvzqW9cMMd
w4dn8Dyrfb+iVwlVJw7eIshCjAVyYI5CBHRC68nDv7s+A6N4uzOryW5UizOpVOC9
sGPFjjAnaMbx4cxvsOESQ4TxupmZvBQLtTbU575ikNow4CMOKD27mUg6xmswVcXt
8/F27jy1cHSuWPrPbXMpp4KR4+eB/TGOOcj7BZKD+hNNCWnkOWS2qxP57HjR1bdr
eat71kXAySgjbAnXz9pjRhvLDfHiGg+xF/vHMcrirpxEcOwT9sz+X/oAHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHPHn498nJhBGJANp68WGLGBBcoSMB8GA1UdIwQY
MBaAFDy9zkXEiCyKOiVxEMax8NSbGCqcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEwzT1JjU0lMSW82SlhFUXhySHcxSnNZS3B3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYzk0NjktMTZmZS00ZTdiLTg4MjMt
NWRiNDM5YjRjY2VlLzEvYzhlZmozeWNtRUVZa0EybnJ4WVlzWUVGeWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYzk0NjktMTZmZS00ZTdiLTg4MjMtNWRiNDM5YjRjY2Vl
LzEvUEwzT1JjU0lMSW82SlhFUXhySHcxSnNZS3B3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZq9MA0E
AgACMAcDBQMqEtrAMA0GCSqGSIb3DQEBCwUAA4IBAQBEG/m0NDVKdlmsvx1ciLA7
RRgwhWbKl8h65TAIzeoO1CJKFHpfF/OuNJ3iiXcdOVeAY6fjTmby066YB9hS3c9B
wbPlpe86TcaeiK9Ck/Nuj6Lk8ccYKtOLxylRxiVagZGqUGJP0wvqSujJ7Mm+uh/6
c8EZLMVDfSAEqY3Stn74Y+S/kfvhHOubsM6VSYv9/kzTY7ABJ2AXIkDGd0R7nNZ7
zTXl1BeQlQtYWT5U58SK4D3MOKprBzy6ACAEAidReWgjuaIclS7MXRcRJL8bEk4K
VJqBVQ2Ilob2r4WNacBGZofrRljRIKAKWoWpYTdlju2dR+4EmlafwJ89oWA/7NhA
-----END CERTIFICATE-----