Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kDx868ZRdw1KksulNQ4efMhZESk.roa
File:                     kDx868ZRdw1KksulNQ4efMhZESk.roa (raw, json)
Hash identifier:          yFVqitc88yrYWYn6QjHtrUQZdo7kcMkt8Ar8QJSv0L8=
Subject key identifier:   90:3C:7C:EB:C6:51:77:0D:4A:92:CB:A5:35:0E:1E:7C:C8:59:11:29
Certificate issuer:       /CN=90a03b68f87da71c271c9cf5c82e955dbc65c104
Certificate serial:       018CC5DC548A3255592D12659B594C9330EA
Authority key identifier: 90:A0:3B:68:F8:7D:A7:1C:27:1C:9C:F5:C8:2E:95:5D:BC:65:C1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kDx868ZRdw1KksulNQ4efMhZESk.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48062
IP address blocks:        185.197.180.0/24 maxlen: 26
                          2a10:f000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:54:8a:32:55:59:2d:12:65:9b:59:4c:93:30:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90a03b68f87da71c271c9cf5c82e955dbc65c104
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=903c7cebc651770d4a92cba5350e1e7cc8591129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:01:8c:91:b2:dd:35:85:20:6c:48:08:1e:d4:
                    82:e6:e7:ae:53:a9:2f:8e:c1:1f:f2:f8:fe:a1:29:
                    99:93:2c:6c:70:22:9e:49:67:f7:c6:ad:c1:69:79:
                    39:57:33:37:48:25:44:5e:f0:45:50:54:0d:cd:ba:
                    e7:c9:3e:af:c5:14:ae:28:98:52:c4:4f:7d:19:c4:
                    ad:67:f0:2f:d6:69:2f:86:d0:37:50:9a:3d:5d:25:
                    9f:dd:64:64:b2:ee:e2:c4:c9:54:88:48:47:9c:fc:
                    db:b6:87:8e:a8:ee:ae:6a:5e:32:68:6f:d9:13:51:
                    a0:aa:55:68:3b:ac:15:93:b4:e2:a2:a1:72:35:8e:
                    ae:ba:bc:e4:43:2e:21:7d:4a:50:82:5e:7d:3c:20:
                    7c:51:05:a7:9e:59:86:e8:3d:33:dc:41:9b:7a:05:
                    ca:30:a1:b5:7b:19:5d:bb:2e:f8:5d:80:ff:9c:29:
                    de:35:c4:ed:f7:3a:b3:d7:f0:63:ca:bb:5d:ec:ad:
                    a1:31:c6:93:78:59:f2:4d:75:a9:a1:b4:45:b0:f1:
                    ed:f2:5b:bc:ff:61:eb:99:55:5f:b2:bd:52:d7:90:
                    0a:6a:d5:26:5d:4b:bd:0e:93:a5:ca:ee:1d:03:98:
                    bb:00:94:48:e8:2b:0e:4b:66:88:f7:9f:f1:0f:b6:
                    85:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3C:7C:EB:C6:51:77:0D:4A:92:CB:A5:35:0E:1E:7C:C8:59:11:29
            X509v3 Authority Key Identifier:
                keyid:90:A0:3B:68:F8:7D:A7:1C:27:1C:9C:F5:C8:2E:95:5D:BC:65:C1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kDx868ZRdw1KksulNQ4efMhZESk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.180.0/24
                IPv6:
                  2a10:f000::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:47:9d:2a:97:a0:28:a3:f5:eb:a6:3f:d8:a3:17:2d:5c:2d:
         c9:77:23:a0:d3:67:da:be:40:e8:ce:68:e9:c5:d2:56:16:db:
         52:18:80:08:32:3f:6f:aa:d3:3c:af:a9:9b:05:79:59:51:02:
         4d:ab:b6:da:1f:bd:97:6f:fc:c0:19:8c:f3:9b:cf:ae:c9:bd:
         cb:30:d1:29:15:f6:00:b5:48:5d:25:39:72:24:35:f8:24:03:
         f4:01:04:d9:a5:f4:97:92:a0:90:33:79:4b:3a:8e:e5:75:09:
         cd:6a:c6:44:c6:69:fd:86:d0:68:47:d7:24:95:53:6a:72:06:
         e8:48:09:73:f7:63:e4:c1:da:dc:24:e6:68:e9:16:11:43:26:
         d2:a0:75:94:87:6c:9a:4b:d1:34:7c:19:ae:65:36:43:1a:8e:
         2d:7c:3d:93:2c:6e:6a:4e:30:61:ff:a7:1f:78:33:fe:ed:42:
         8d:af:0c:ab:13:be:9b:7b:3b:b9:ff:86:51:2a:ec:57:a9:ce:
         cc:d5:84:9a:c8:28:50:78:b2:5e:88:c1:e2:24:7f:fc:42:da:
         7c:aa:88:b7:1e:71:08:a8:80:8b:98:d2:b5:6a:18:3c:95:5c:
         d3:81:98:9d:b2:84:3a:3e:63:fd:b7:fe:f0:2c:e7:d4:97:77:
         d1:5d:63:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3FSKMlVZLRJlm1lMkzDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYTAzYjY4Zjg3ZGE3MWMyNzFjOWNmNWM4MmU5NTVkYmM2
NWMxMDQwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNjN2NlYmM2NTE3NzBkNGE5MmNiYTUzNTBlMWU3Y2M4NTkxMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gGMkbLdNYUgbEgIHtSC5ueuU6kv
jsEf8vj+oSmZkyxscCKeSWf3xq3BaXk5VzM3SCVEXvBFUFQNzbrnyT6vxRSuKJhS
xE99GcStZ/Av1mkvhtA3UJo9XSWf3WRksu7ixMlUiEhHnPzbtoeOqO6ual4yaG/Z
E1GgqlVoO6wVk7TioqFyNY6uurzkQy4hfUpQgl59PCB8UQWnnlmG6D0z3EGbegXK
MKG1exlduy74XYD/nCneNcTt9zqz1/Bjyrtd7K2hMcaTeFnyTXWpobRFsPHt8lu8
/2HrmVVfsr1S15AKatUmXUu9DpOlyu4dA5i7AJRI6CsOS2aI95/xD7aFvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJA8fOvGUXcNSpLLpTUOHnzIWREpMB8GA1UdIwQY
MBaAFJCgO2j4faccJxyc9cgulV28ZcEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0tBN2FQaDlweHduSEp6MXlDNlZYYnhsd1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YWZjMzctMDkwOS00ZDU0LWJjZWYt
YmQzNGUwYTk1YTFlLzEva0R4ODY4WlJkdzFLa3N1bE5RNGVmTWhaRVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YWZjMzctMDkwOS00ZDU0LWJjZWYtYmQzNGUwYTk1YTFl
LzEva0tBN2FQaDlweHduSEp6MXlDNlZYYnhsd1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucW0MA0E
AgACMAcDBQAqEPAAMA0GCSqGSIb3DQEBCwUAA4IBAQA7R50ql6Aoo/Xrpj/Yoxct
XC3JdyOg02favkDozmjpxdJWFttSGIAIMj9vqtM8r6mbBXlZUQJNq7baH72Xb/zA
GYzzm8+uyb3LMNEpFfYAtUhdJTlyJDX4JAP0AQTZpfSXkqCQM3lLOo7ldQnNasZE
xmn9htBoR9cklVNqcgboSAlz92PkwdrcJOZo6RYRQybSoHWUh2yaS9E0fBmuZTZD
Go4tfD2TLG5qTjBh/6cfeDP+7UKNrwyrE76bezu5/4ZRKuxXqc7M1YSayChQeLJe
iMHiJH/8Qtp8qoi3HnEIqICLmNK1ahg8lVzTgZidsoQ6PmP9t/7wLOfUl3fRXWP0
-----END CERTIFICATE-----