Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/1yMEAbiSgNnK-H7vmg_2X-wQ8pI.roa
File:                     1yMEAbiSgNnK-H7vmg_2X-wQ8pI.roa (raw, json)
Hash identifier:          u3AaibGPYL9XT+3zn7Ds1RJg81ruQzEaXQnqoKGaHe0=
Subject key identifier:   D7:23:04:01:B8:92:80:D9:CA:F8:7E:EF:9A:0F:F6:5F:EC:10:F2:92
Certificate issuer:       /CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
Certificate serial:       018F2F0290EA1B2DB8B02166664E59F61492
Authority key identifier: 9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/1yMEAbiSgNnK-H7vmg_2X-wQ8pI.roa
Signing time:             Tue 30 Apr 2024 12:37:28 +0000
ROA not before:           Tue 30 Apr 2024 12:37:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200697
IP address blocks:        185.136.240.0/24 maxlen: 24
                          185.136.241.0/24 maxlen: 24
                          185.136.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:02:90:ea:1b:2d:b8:b0:21:66:66:4e:59:f6:14:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
        Validity
            Not Before: Apr 30 12:37:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7230401b89280d9caf87eef9a0ff65fec10f292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ad:41:cb:ea:66:88:21:85:42:fa:02:1c:d1:
                    b2:5d:99:d0:ab:45:02:6f:d6:99:4b:4c:e1:8b:14:
                    cf:1b:cb:7d:ae:a3:28:f2:25:a8:b8:fa:a2:10:c4:
                    5b:e9:a3:12:bb:15:02:57:f4:3b:3e:67:c9:4b:76:
                    fd:fe:c1:55:fc:97:a5:14:3b:9c:a4:b9:08:78:6b:
                    ac:a8:26:f9:94:7e:0a:61:55:90:f8:95:a5:0f:19:
                    ae:f7:c4:6c:cd:95:74:f3:f9:14:f2:da:bd:93:39:
                    54:4a:f5:03:df:f7:21:49:fe:0c:6d:1d:6c:09:36:
                    ab:3f:98:a6:9d:31:16:f7:4f:ff:c9:65:f7:61:d5:
                    7c:90:df:8c:30:c4:a3:4d:dc:81:80:e7:30:3a:94:
                    6c:1c:39:d3:cb:2a:e8:8d:1f:6c:d0:68:70:21:7e:
                    da:e7:07:3a:f1:e6:4d:b1:3d:d8:44:31:c8:1d:f2:
                    4e:27:16:d5:73:65:18:a1:d2:76:92:3f:db:2d:73:
                    1f:1b:4b:1b:50:ed:d0:bd:12:9e:e0:b9:29:68:b8:
                    16:02:c7:3e:36:f2:bb:6c:d0:00:fa:91:f5:fd:3b:
                    9a:5f:5c:06:b0:e8:2e:30:09:a1:4f:07:0f:f3:cf:
                    3c:a8:2e:23:5c:7c:2c:9d:54:c5:16:62:5b:c8:64:
                    23:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:23:04:01:B8:92:80:D9:CA:F8:7E:EF:9A:0F:F6:5F:EC:10:F2:92
            X509v3 Authority Key Identifier:
                keyid:9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/1yMEAbiSgNnK-H7vmg_2X-wQ8pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.240.0-185.136.242.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:0b:c7:c7:c8:59:e5:a8:d4:8f:72:be:d4:71:06:7e:68:ca:
         37:91:92:7a:4d:73:3d:79:e6:89:70:4b:a8:7c:f6:1e:b1:1a:
         7d:a4:f1:ad:4c:70:5e:1a:c8:dc:6b:cb:0d:28:a1:0f:cb:14:
         76:b5:f3:8b:db:81:66:93:7d:ca:f4:49:5d:47:f6:1e:d6:5d:
         7a:61:9e:e5:5e:aa:c4:4c:2c:df:bd:2f:5c:58:b9:d5:73:3e:
         18:93:97:fc:fa:94:6f:f8:76:27:ed:1c:93:06:e2:33:4d:8b:
         27:9a:94:4d:ea:b5:28:f9:f5:7e:29:e5:d6:e7:41:62:43:35:
         03:1c:a3:ac:bc:9b:4d:87:cc:67:99:c1:20:14:e8:b0:4c:6b:
         99:a3:d3:19:a9:b9:22:92:8e:ca:ba:88:b3:70:88:6e:7c:37:
         58:ea:23:e3:2c:98:f7:eb:e8:7c:80:bb:c3:d1:c9:c6:60:8a:
         b3:52:7e:d9:cf:23:d0:8a:9e:32:0c:57:79:d2:48:86:09:d6:
         05:ec:b2:b4:26:9e:1a:03:fe:4f:28:99:d6:12:43:28:54:2e:
         71:22:4d:0e:03:97:91:44:35:85:1d:b9:1a:b2:c9:17:51:e0:
         fd:7f:c1:b8:7b:8b:ac:68:33:3f:5b:a1:96:f8:5a:42:ce:d8:
         8a:2c:6d:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8vApDqGy24sCFmZk5Z9hSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWNkMWIzYzg3NzI5NTZmYTg1NTM1YTg0NjRiNGNhMTk2
NjNhZGUwHhcNMjQwNDMwMTIzNzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzIzMDQwMWI4OTI4MGQ5Y2FmODdlZWY5YTBmZjY1ZmVjMTBmMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq61By+pmiCGFQvoCHNGyXZnQq0UC
b9aZS0zhixTPG8t9rqMo8iWouPqiEMRb6aMSuxUCV/Q7PmfJS3b9/sFV/JelFDuc
pLkIeGusqCb5lH4KYVWQ+JWlDxmu98RszZV08/kU8tq9kzlUSvUD3/chSf4MbR1s
CTarP5imnTEW90//yWX3YdV8kN+MMMSjTdyBgOcwOpRsHDnTyyrojR9s0GhwIX7a
5wc68eZNsT3YRDHIHfJOJxbVc2UYodJ2kj/bLXMfG0sbUO3QvRKe4LkpaLgWAsc+
NvK7bNAA+pH1/TuaX1wGsOguMAmhTwcP8888qC4jXHwsnVTFFmJbyGQjrQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNcjBAG4koDZyvh+75oP9l/sEPKSMB8GA1UdIwQY
MBaAFJwc0bPIdylW+oVTWoRktMoZZjreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMt
OTE2MDQ3MDYyYTIyLzEvMXlNRUFiaVNnTm5LLUg3dm1nXzJYLXdROHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMtOTE2MDQ3MDYyYTIy
LzEvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS5iPAD
BAC5iPIwDQYJKoZIhvcNAQELBQADggEBAJ8Lx8fIWeWo1I9yvtRxBn5oyjeRknpN
cz155olwS6h89h6xGn2k8a1McF4ayNxryw0ooQ/LFHa184vbgWaTfcr0SV1H9h7W
XXphnuVeqsRMLN+9L1xYudVzPhiTl/z6lG/4diftHJMG4jNNiyealE3qtSj59X4p
5dbnQWJDNQMco6y8m02HzGeZwSAU6LBMa5mj0xmpuSKSjsq6iLNwiG58N1jqI+Ms
mPfr6HyAu8PRycZgirNSftnPI9CKnjIMV3nSSIYJ1gXssrQmnhoD/k8omdYSQyhU
LnEiTQ4Dl5FENYUduRqyyRdR4P1/wbh7i6xoMz9boZb4WkLO2IosbWg=
-----END CERTIFICATE-----