Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/N2pVQB7Q9pk52kcMttAqV1U6xjo.roa
File:                     N2pVQB7Q9pk52kcMttAqV1U6xjo.roa (raw, json)
Hash identifier:          KhaBeCFDiZsBbrg0Rgx8Iyujle1blqOxlB8Lu4SNjB0=
Subject key identifier:   37:6A:55:40:1E:D0:F6:99:39:DA:47:0C:B6:D0:2A:57:55:3A:C6:3A
Certificate issuer:       /CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
Certificate serial:       018D4225D324A049FE226C2A4602A0260C74
Authority key identifier: 31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/N2pVQB7Q9pk52kcMttAqV1U6xjo.roa
Signing time:             Thu 25 Jan 2024 19:43:11 +0000
ROA not before:           Thu 25 Jan 2024 19:43:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202874
IP address blocks:        185.150.124.0/22 maxlen: 22
                          2a13:a540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:42:25:d3:24:a0:49:fe:22:6c:2a:46:02:a0:26:0c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
        Validity
            Not Before: Jan 25 19:43:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376a55401ed0f69939da470cb6d02a57553ac63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6b:14:a0:d5:b1:06:58:45:3c:e4:19:4b:73:
                    bc:5c:6b:ba:03:45:60:08:1f:5e:14:fb:72:b0:21:
                    e2:61:d1:c5:75:c2:58:ae:a1:d6:81:e0:2f:06:67:
                    d4:be:7f:ad:e5:08:9b:41:66:c6:6c:7d:70:65:19:
                    52:f8:36:f1:2e:cd:6f:e3:b4:69:f2:e7:58:4f:28:
                    3a:46:42:25:71:10:cc:14:a9:7c:dd:9f:9c:f4:7e:
                    61:52:ac:e7:30:e1:fe:04:eb:ee:91:e4:ce:33:45:
                    08:e4:8a:b0:3d:61:e8:41:21:fd:12:b0:aa:8d:9d:
                    5f:8a:4a:f1:18:22:9f:54:df:5f:bf:04:36:97:e5:
                    a1:8f:a9:e3:4b:f1:2b:21:da:95:86:47:20:3e:1d:
                    b9:3a:c5:a8:a9:3d:aa:84:c8:e4:b7:b3:70:d0:85:
                    4c:cc:f5:78:f2:1f:16:ee:74:d7:11:68:b1:e0:5e:
                    8f:99:e5:08:9e:f5:e5:1d:cd:b8:fe:df:83:68:38:
                    e7:ca:a6:a5:4b:ad:32:fc:06:ab:26:4a:57:09:cf:
                    16:0e:0b:a1:01:8c:5a:a0:5b:bd:5a:15:3e:21:2b:
                    fc:30:e7:ab:b7:6a:a1:0c:05:7f:03:43:4a:9a:9b:
                    ab:6e:a2:9f:53:42:dd:06:6a:29:06:42:3b:f1:a9:
                    ef:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6A:55:40:1E:D0:F6:99:39:DA:47:0C:B6:D0:2A:57:55:3A:C6:3A
            X509v3 Authority Key Identifier:
                keyid:31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/N2pVQB7Q9pk52kcMttAqV1U6xjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.124.0/22
                IPv6:
                  2a13:a540::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:ce:5f:73:ef:79:af:25:d8:4c:17:d9:2c:06:f4:9b:53:4a:
         86:c5:00:fc:3d:5b:9e:f9:cd:fb:78:9f:f0:74:26:19:42:c6:
         ff:e5:9e:68:a0:47:d2:e9:4d:f5:e2:c8:a5:52:90:d3:07:86:
         a3:a7:dc:22:e2:9a:89:60:3e:70:c7:39:15:12:74:46:d9:88:
         b5:a7:7b:3b:8d:5e:22:6a:eb:fc:0f:38:ec:0f:73:c7:4c:40:
         11:98:4c:8d:a9:35:46:60:0e:73:43:a5:1f:fd:52:e6:51:4e:
         2d:85:47:2c:ff:65:a7:77:78:43:4b:02:00:ca:86:19:02:3a:
         67:d5:93:c9:f1:45:d8:d5:13:31:4c:92:9c:99:b0:d2:bb:18:
         57:6b:e0:64:12:24:c6:b8:0d:df:8a:4c:c0:52:1a:08:ba:b7:
         42:39:70:cd:6b:8b:da:b7:6e:2f:15:39:ee:f0:89:40:a8:ab:
         4e:5b:c4:c6:a6:1d:dd:7d:50:e6:9c:96:64:7e:ca:59:89:44:
         df:8d:29:31:8a:b7:53:d8:36:b3:d8:21:ec:35:46:2c:f0:92:
         73:9f:3c:da:93:d3:b0:ff:03:42:b7:8b:27:d8:da:4e:91:3a:
         2b:a3:6a:78:fa:33:ac:a9:d2:de:00:a9:50:ef:bd:c2:96:2b:
         bd:55:57:8c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1CJdMkoEn+ImwqRgKgJgx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxM2ViZTQzNmE3NTYyOWI4ZjNkYjc0YTlhM2ZhMWQ1ZDMw
YWQzN2YwHhcNMjQwMTI1MTk0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZhNTU0MDFlZDBmNjk5MzlkYTQ3MGNiNmQwMmE1NzU1M2FjNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmsUoNWxBlhFPOQZS3O8XGu6A0Vg
CB9eFPtysCHiYdHFdcJYrqHWgeAvBmfUvn+t5QibQWbGbH1wZRlS+DbxLs1v47Rp
8udYTyg6RkIlcRDMFKl83Z+c9H5hUqznMOH+BOvukeTOM0UI5IqwPWHoQSH9ErCq
jZ1fikrxGCKfVN9fvwQ2l+Whj6njS/ErIdqVhkcgPh25OsWoqT2qhMjkt7Nw0IVM
zPV48h8W7nTXEWix4F6PmeUInvXlHc24/t+DaDjnyqalS60y/AarJkpXCc8WDguh
AYxaoFu9WhU+ISv8MOert2qhDAV/A0NKmpurbqKfU0LdBmopBkI78anvdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDdqVUAe0PaZOdpHDLbQKldVOsY6MB8GA1UdIwQY
MBaAFDE+vkNqdWKbjz23Spo/odXTCtN/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAt
OTYwYzhmMGE5NWIyLzEvTjJwVlFCN1E5cGs1MmtjTXR0QXFWMVU2eGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAtOTYwYzhmMGE5NWIy
LzEvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZZ8MA0E
AgACMAcDBQMqE6VAMA0GCSqGSIb3DQEBCwUAA4IBAQCPzl9z73mvJdhMF9ksBvSb
U0qGxQD8PVue+c37eJ/wdCYZQsb/5Z5ooEfS6U314silUpDTB4ajp9wi4pqJYD5w
xzkVEnRG2Yi1p3s7jV4iauv8DzjsD3PHTEARmEyNqTVGYA5zQ6Uf/VLmUU4thUcs
/2Wnd3hDSwIAyoYZAjpn1ZPJ8UXY1RMxTJKcmbDSuxhXa+BkEiTGuA3fikzAUhoI
urdCOXDNa4vat24vFTnu8IlAqKtOW8TGph3dfVDmnJZkfspZiUTfjSkxirdT2Daz
2CHsNUYs8JJznzzak9Ow/wNCt4sn2NpOkToro2p4+jOsqdLeAKlQ773Cliu9VVeM
-----END CERTIFICATE-----