Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/mIugc9b_VjeqZR2WZexPbjxlixY.roa
File:                     mIugc9b_VjeqZR2WZexPbjxlixY.roa (raw, json)
Hash identifier:          +JhAz3ycNvSeHTKYu4bLMgS3E0qqWjFNQaMs4LyKe7A=
Subject key identifier:   98:8B:A0:73:D6:FF:56:37:AA:65:1D:96:65:EC:4F:6E:3C:65:8B:16
Certificate issuer:       /CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
Certificate serial:       018CC4937E8A0CE61D022B3E1317F1585F3A
Authority key identifier: 00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/mIugc9b_VjeqZR2WZexPbjxlixY.roa
Signing time:             Mon 01 Jan 2024 10:30:49 +0000
ROA not before:           Mon 01 Jan 2024 10:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9051
IP address blocks:        185.40.208.0/22 maxlen: 24
                          2a04:86c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7e:8a:0c:e6:1d:02:2b:3e:13:17:f1:58:5f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00af9dda307cb525385ef90f506d0d57bb9d2bf2
        Validity
            Not Before: Jan  1 10:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=988ba073d6ff5637aa651d9665ec4f6e3c658b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a1:41:80:f4:3e:24:9d:08:9f:b9:7b:b4:70:
                    af:8f:c6:c2:e0:0e:1e:07:21:8f:ed:00:4f:46:ff:
                    b0:c1:2e:91:93:85:85:05:42:dc:b4:59:8c:55:48:
                    62:1c:b2:f7:e8:0b:bd:af:9e:d1:93:4b:39:30:87:
                    9b:b6:5a:a4:49:89:bf:39:c6:ec:d6:57:8f:3d:b7:
                    a3:b3:9b:09:32:74:63:54:45:9b:b0:ef:fd:88:68:
                    6c:31:7f:5c:7d:37:ea:4f:39:be:77:94:ac:44:fd:
                    34:75:01:25:c8:a3:49:4d:da:1c:5e:06:d7:ed:dc:
                    df:23:b8:47:e8:95:ac:55:cb:c2:98:26:05:7d:1d:
                    ed:e3:45:d5:c6:c4:1f:b4:30:23:5f:5f:5e:e7:a6:
                    66:ed:b8:57:98:3c:0f:28:69:85:18:db:00:5b:b5:
                    55:84:6c:a2:e7:7d:51:d8:92:47:af:96:ba:bb:03:
                    81:de:71:51:69:be:c7:74:7f:b5:a3:e1:ca:f1:51:
                    b0:aa:a8:07:ef:cb:6a:b9:d5:dd:75:de:db:d6:f0:
                    12:00:6d:ae:bc:dc:1e:bd:16:42:9a:62:8a:99:0d:
                    21:34:44:8b:d3:56:f2:f9:27:d6:06:c0:ed:f7:f0:
                    c1:1d:02:69:d5:ec:39:e7:20:4d:c7:08:64:51:51:
                    71:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8B:A0:73:D6:FF:56:37:AA:65:1D:96:65:EC:4F:6E:3C:65:8B:16
            X509v3 Authority Key Identifier:
                keyid:00:AF:9D:DA:30:7C:B5:25:38:5E:F9:0F:50:6D:0D:57:BB:9D:2B:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK-d2jB8tSU4XvkPUG0NV7udK_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/mIugc9b_VjeqZR2WZexPbjxlixY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/d0e2f4-b60a-40b2-92e9-90eace9e059e/1/AK-d2jB8tSU4XvkPUG0NV7udK_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.208.0/22
                IPv6:
                  2a04:86c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:55:01:50:11:3a:83:4f:02:85:18:95:38:12:16:bc:a5:96:
         84:d7:5e:1f:17:07:a6:73:52:89:a5:30:d3:38:32:93:b8:0c:
         9f:23:a0:a5:e4:cd:7a:6e:9c:e4:46:53:be:67:aa:94:ab:25:
         91:c2:96:84:e9:06:d4:15:81:8b:17:5c:80:a3:37:f4:83:18:
         97:92:d3:da:5c:aa:f8:0b:d9:d8:66:99:96:e1:4f:1d:4d:e4:
         af:ff:d2:fd:0b:a0:6f:3a:8d:a4:e4:c7:34:46:e2:7e:74:d0:
         13:e2:2f:63:1a:9a:45:a5:9b:55:0d:a5:da:31:20:64:b5:3e:
         08:24:f8:fd:51:4c:91:78:04:bf:de:a0:10:ad:1b:08:aa:1e:
         37:5c:c0:14:fe:75:cf:17:f7:b4:f0:fe:c6:7b:d0:4b:a1:68:
         c1:2d:03:59:1b:97:e6:f1:e0:5a:89:98:e1:b9:a7:10:3f:51:
         16:06:d3:5a:5c:76:08:2d:dc:16:fd:40:e5:c8:6e:92:4e:51:
         02:6e:dc:34:49:31:b0:a2:1f:9c:02:0b:01:53:a7:dc:5f:93:
         cb:f4:6e:3a:bc:16:c9:1e:35:ba:d4:27:09:e0:c2:e1:03:6c:
         21:b8:64:a9:8a:5c:42:86:57:b9:f4:21:8d:11:bd:a5:4a:4b:
         3d:56:4e:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk36KDOYdAis+ExfxWF86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWY5ZGRhMzA3Y2I1MjUzODVlZjkwZjUwNmQwZDU3YmI5
ZDJiZjIwHhcNMjQwMTAxMTAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhiYTA3M2Q2ZmY1NjM3YWE2NTFkOTY2NWVjNGY2ZTNjNjU4YjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaFBgPQ+JJ0In7l7tHCvj8bC4A4e
ByGP7QBPRv+wwS6Rk4WFBULctFmMVUhiHLL36Au9r57Rk0s5MIebtlqkSYm/Ocbs
1lePPbejs5sJMnRjVEWbsO/9iGhsMX9cfTfqTzm+d5SsRP00dQElyKNJTdocXgbX
7dzfI7hH6JWsVcvCmCYFfR3t40XVxsQftDAjX19e56Zm7bhXmDwPKGmFGNsAW7VV
hGyi531R2JJHr5a6uwOB3nFRab7HdH+1o+HK8VGwqqgH78tqudXddd7b1vASAG2u
vNwevRZCmmKKmQ0hNESL01by+SfWBsDt9/DBHQJp1ew55yBNxwhkUVFxMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJiLoHPW/1Y3qmUdlmXsT248ZYsWMB8GA1UdIwQY
MBaAFACvndowfLUlOF75D1BtDVe7nSvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTkt
OTBlYWNlOWUwNTllLzEvbUl1Z2M5Yl9WamVxWlIyV1pleFBianhsaXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9kMGUyZjQtYjYwYS00MGIyLTkyZTktOTBlYWNlOWUwNTll
LzEvQUstZDJqQjh0U1U0WHZrUFVHME5WN3VkS19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSjQMA0E
AgACMAcDBQMqBIbAMA0GCSqGSIb3DQEBCwUAA4IBAQAgVQFQETqDTwKFGJU4Eha8
pZaE114fFwemc1KJpTDTODKTuAyfI6Cl5M16bpzkRlO+Z6qUqyWRwpaE6QbUFYGL
F1yAozf0gxiXktPaXKr4C9nYZpmW4U8dTeSv/9L9C6BvOo2k5Mc0RuJ+dNAT4i9j
GppFpZtVDaXaMSBktT4IJPj9UUyReAS/3qAQrRsIqh43XMAU/nXPF/e08P7Ge9BL
oWjBLQNZG5fm8eBaiZjhuacQP1EWBtNaXHYILdwW/UDlyG6STlECbtw0STGwoh+c
AgsBU6fcX5PL9G46vBbJHjW61CcJ4MLhA2whuGSpilxChle59CGNEb2lSks9Vk6P
-----END CERTIFICATE-----