Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/yzrzc-sPqCXP0vKszYw8O2ztITQ.roa
File:                     yzrzc-sPqCXP0vKszYw8O2ztITQ.roa (raw, json)
Hash identifier:          bp5D5sdJaDq1pbBhi2NfmKJaSlx3gFKExLwnDIbkxjw=
Subject key identifier:   CB:3A:F3:73:EB:0F:A8:25:CF:D2:F2:AC:CD:8C:3C:3B:6C:ED:21:34
Certificate issuer:       /CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
Certificate serial:       018CC4255F44C9D0BB813203C527ACBE48F4
Authority key identifier: 14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/yzrzc-sPqCXP0vKszYw8O2ztITQ.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38999
IP address blocks:        185.127.183.0/24 maxlen: 24
                          185.127.183.0/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:44:c9:d0:bb:81:32:03:c5:27:ac:be:48:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb3af373eb0fa825cfd2f2accd8c3c3b6ced2134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:19:f3:23:76:5d:6c:3c:19:68:55:1d:09:58:
                    30:83:ad:96:b9:2b:36:f0:39:98:8e:42:df:a6:16:
                    7f:57:b6:73:b1:e7:c1:58:20:b2:9a:08:36:4a:22:
                    c0:88:8f:d5:b0:2d:c3:a6:3f:49:29:08:73:47:61:
                    62:de:1a:61:d3:b3:15:03:5f:55:df:a8:79:ee:e4:
                    c4:c7:74:1d:d0:a4:79:a6:d7:6d:64:5f:17:41:ec:
                    a6:5a:1d:fe:61:70:a4:df:38:a2:37:50:a1:b2:cc:
                    ea:8b:4f:7f:86:6d:10:b8:b3:c3:01:64:2c:35:41:
                    ee:7d:3a:e5:b2:38:07:65:b5:8f:95:b1:69:a9:75:
                    65:4e:0b:d8:b7:15:23:c4:f8:29:f9:18:be:a6:ad:
                    ba:c5:d2:45:c0:d0:79:48:88:f1:f5:3b:fa:08:7a:
                    90:a5:41:55:46:ab:f6:2d:6f:a6:4f:ea:81:d6:9c:
                    79:e6:7c:19:e9:f9:3e:de:f6:0c:2c:3e:6b:51:a0:
                    ef:63:b0:60:1c:df:87:13:95:26:39:0c:8d:00:52:
                    65:ab:c3:72:9b:09:40:74:6e:8b:58:1b:9e:9d:a4:
                    79:45:59:3f:83:12:37:74:29:09:d2:4b:df:83:08:
                    17:d3:31:1c:1e:5a:7f:8a:8c:78:bf:48:a5:b0:c9:
                    c1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:3A:F3:73:EB:0F:A8:25:CF:D2:F2:AC:CD:8C:3C:3B:6C:ED:21:34
            X509v3 Authority Key Identifier:
                keyid:14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/yzrzc-sPqCXP0vKszYw8O2ztITQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:21:28:b0:e4:c6:29:cc:8d:e7:8d:dc:57:1e:01:49:8b:53:
         f5:d8:ac:7d:e2:56:8d:d0:25:8f:89:b6:5e:ac:be:37:1f:7b:
         ab:a4:fb:36:a9:ad:d5:da:2c:b2:c2:3c:0b:7b:38:55:7d:c9:
         cc:71:43:12:7d:45:ac:73:14:5f:ff:34:48:2a:38:95:ed:0e:
         3c:d7:93:ce:b8:5b:82:f7:b6:99:c8:2c:d9:66:86:80:02:b1:
         9b:29:4c:79:a2:7f:08:d4:7e:b9:b9:e9:d1:ab:c8:69:d9:46:
         74:a7:c9:53:0c:42:bb:44:ca:0e:bd:a0:eb:18:b9:23:00:f7:
         a1:11:01:64:9d:ec:69:d3:e6:99:2a:ce:f5:a8:a1:81:23:06:
         2e:72:60:93:8e:9a:34:d1:79:2e:53:df:1c:27:e7:fd:ca:ed:
         0d:a8:25:88:8c:af:88:c7:10:a2:46:33:04:43:61:eb:18:2b:
         25:ac:ae:8d:f7:27:98:c2:3c:d1:23:78:70:76:9f:64:18:a3:
         48:0f:f2:a1:f9:57:5d:79:d4:1c:d1:0e:69:2b:38:da:d9:0d:
         38:df:15:b3:14:e0:56:0e:3e:46:e7:14:33:29:d9:ba:1f:6a:
         5f:f5:26:0c:77:31:e5:8f:43:2a:34:15:d3:d2:a9:a8:de:d1:
         85:77:0f:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV9EydC7gTIDxSesvkj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NzRiNmZjNjdiNmI5MGRiMzExYzYxZmMwZTNhOWM3NTI4
MzNjNTYwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjNhZjM3M2ViMGZhODI1Y2ZkMmYyYWNjZDhjM2MzYjZjZWQyMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRnzI3ZdbDwZaFUdCVgwg62WuSs2
8DmYjkLfphZ/V7ZzsefBWCCymgg2SiLAiI/VsC3Dpj9JKQhzR2Fi3hph07MVA19V
36h57uTEx3Qd0KR5ptdtZF8XQeymWh3+YXCk3ziiN1Chsszqi09/hm0QuLPDAWQs
NUHufTrlsjgHZbWPlbFpqXVlTgvYtxUjxPgp+Ri+pq26xdJFwNB5SIjx9Tv6CHqQ
pUFVRqv2LW+mT+qB1px55nwZ6fk+3vYMLD5rUaDvY7BgHN+HE5UmOQyNAFJlq8Ny
mwlAdG6LWBuenaR5RVk/gxI3dCkJ0kvfgwgX0zEcHlp/iox4v0ilsMnBCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMs683PrD6glz9LyrM2MPDts7SE0MB8GA1UdIwQY
MBaAFBR0tvxntrkNsxHGH8DjqcdSgzxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQt
OGM1NmQ4ZmUxN2I1LzEveXpyemMtc1BxQ1hQMHZLc3pZdzhPMnp0SVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQtOGM1NmQ4ZmUxN2I1
LzEvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX+3MA0G
CSqGSIb3DQEBCwUAA4IBAQCqISiw5MYpzI3njdxXHgFJi1P12Kx94laN0CWPibZe
rL43H3urpPs2qa3V2iyywjwLezhVfcnMcUMSfUWscxRf/zRIKjiV7Q4815POuFuC
97aZyCzZZoaAArGbKUx5on8I1H65uenRq8hp2UZ0p8lTDEK7RMoOvaDrGLkjAPeh
EQFknexp0+aZKs71qKGBIwYucmCTjpo00XkuU98cJ+f9yu0NqCWIjK+IxxCiRjME
Q2HrGCslrK6N9yeYwjzRI3hwdp9kGKNID/Kh+VddedQc0Q5pKzja2Q043xWzFOBW
Dj5G5xQzKdm6H2pf9SYMdzHlj0MqNBXT0qmo3tGFdw/T
-----END CERTIFICATE-----