Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/6d3UwdWkXJhNmDuUOB7_LVCvQ7E.roa
File:                     6d3UwdWkXJhNmDuUOB7_LVCvQ7E.roa (raw, json)
Hash identifier:          vBIClPVQwCrtmvntyhrJuiImivua5m5Cz4B8z2d5Z/o=
Subject key identifier:   E9:DD:D4:C1:D5:A4:5C:98:4D:98:3B:94:38:1E:FF:2D:50:AF:43:B1
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018CC5DCE479D17319C52B9C59795816F44A
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/6d3UwdWkXJhNmDuUOB7_LVCvQ7E.roa
Signing time:             Mon 01 Jan 2024 16:30:37 +0000
ROA not before:           Mon 01 Jan 2024 16:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42689
IP address blocks:        185.106.192.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e4:79:d1:73:19:c5:2b:9c:59:79:58:16:f4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  1 16:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9ddd4c1d5a45c984d983b94381eff2d50af43b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7c:61:91:33:ab:8e:fb:73:f1:5a:b7:25:69:
                    65:12:fd:6e:80:1c:15:8c:da:ef:7a:5f:3a:95:28:
                    22:67:83:d1:ca:9b:39:3b:41:08:3b:f0:bc:3f:61:
                    42:63:a8:3c:e6:6f:b2:3e:a4:36:d4:4b:96:f2:f0:
                    5f:c6:1a:3b:53:52:2d:4f:c4:40:44:c9:65:27:97:
                    83:59:38:35:f3:17:47:35:53:32:a0:da:16:6f:62:
                    d9:26:5f:ee:48:f8:2b:50:84:f6:79:7c:d3:90:06:
                    43:3c:59:9f:fd:94:1e:20:43:b1:72:42:7d:a9:36:
                    d2:5f:33:b7:12:b7:e8:11:56:12:d2:83:0f:40:60:
                    4b:8b:20:2c:28:2d:48:91:25:40:97:dc:13:f8:93:
                    e0:cb:f5:91:bf:9e:1c:3f:17:c2:cf:64:fa:fd:c4:
                    1e:d1:61:b2:e5:39:89:e4:50:b6:05:4f:aa:cf:f2:
                    36:32:9e:ad:06:c3:8a:9a:f5:71:58:e6:77:9c:4e:
                    1a:52:1e:32:2f:e1:c9:be:46:eb:6c:df:d3:70:12:
                    bd:91:9f:6c:59:e3:5b:9a:7b:07:3e:d1:65:e7:90:
                    62:d7:f1:19:e0:60:13:e8:99:42:01:fc:18:0e:17:
                    86:c8:5f:e7:e9:4a:e9:bd:58:c1:c4:57:3f:1f:30:
                    e8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:DD:D4:C1:D5:A4:5C:98:4D:98:3B:94:38:1E:FF:2D:50:AF:43:B1
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/6d3UwdWkXJhNmDuUOB7_LVCvQ7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:08:5e:9f:a5:1e:bf:b1:c9:56:f7:05:bd:b8:93:f2:b2:86:
         9f:4b:1d:e3:f6:1c:c2:8e:b9:20:2e:85:f9:71:54:01:35:fe:
         0e:20:3a:59:06:31:e6:4a:3b:fe:a4:2d:e5:31:28:af:30:86:
         fd:3b:52:32:cb:75:c3:c2:d0:75:24:9e:19:7f:b5:89:13:3e:
         55:de:a0:46:7e:df:71:40:88:1c:66:60:9e:13:99:1e:86:25:
         0c:07:af:b6:1c:ef:40:17:89:f0:a9:d1:4a:98:40:bb:2f:53:
         65:52:96:6c:ad:51:cb:97:8e:ee:95:3f:32:e7:80:29:62:9a:
         2b:f2:ec:0c:4f:7c:27:09:b2:8c:a0:f4:46:71:3a:7e:84:6a:
         49:ab:70:1e:25:aa:14:d2:48:f1:f9:cc:7b:ed:2e:84:48:26:
         63:d8:61:67:26:96:cc:dd:08:8c:64:78:59:e0:dd:00:ce:d1:
         5b:d7:ca:6f:7e:a8:fc:70:1b:a5:da:80:18:3e:9d:c5:8e:f1:
         2c:43:13:ab:9c:a7:92:10:cc:63:99:0e:01:03:8a:c2:49:45:
         88:52:9c:ac:1e:d1:cd:df:e5:c3:30:6d:38:12:d2:46:11:e1:
         49:d7:42:85:79:a0:39:f9:25:b3:6b:d8:8a:ce:9d:ad:df:bc:
         07:b1:b8:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3OR50XMZxSucWXlYFvRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTAxMTYzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWRkZDRjMWQ1YTQ1Yzk4NGQ5ODNiOTQzODFlZmYyZDUwYWY0M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnxhkTOrjvtz8Vq3JWllEv1ugBwV
jNrvel86lSgiZ4PRyps5O0EIO/C8P2FCY6g85m+yPqQ21EuW8vBfxho7U1ItT8RA
RMllJ5eDWTg18xdHNVMyoNoWb2LZJl/uSPgrUIT2eXzTkAZDPFmf/ZQeIEOxckJ9
qTbSXzO3ErfoEVYS0oMPQGBLiyAsKC1IkSVAl9wT+JPgy/WRv54cPxfCz2T6/cQe
0WGy5TmJ5FC2BU+qz/I2Mp6tBsOKmvVxWOZ3nE4aUh4yL+HJvkbrbN/TcBK9kZ9s
WeNbmnsHPtFl55Bi1/EZ4GAT6JlCAfwYDheGyF/n6UrpvVjBxFc/HzDo0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnd1MHVpFyYTZg7lDge/y1Qr0OxMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvNmQzVXdkV2tYSmhObUR1VU9CN19MVkN2UTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWrAMA0G
CSqGSIb3DQEBCwUAA4IBAQCPCF6fpR6/sclW9wW9uJPysoafSx3j9hzCjrkgLoX5
cVQBNf4OIDpZBjHmSjv+pC3lMSivMIb9O1Iyy3XDwtB1JJ4Zf7WJEz5V3qBGft9x
QIgcZmCeE5kehiUMB6+2HO9AF4nwqdFKmEC7L1NlUpZsrVHLl47ulT8y54ApYpor
8uwMT3wnCbKMoPRGcTp+hGpJq3AeJaoU0kjx+cx77S6ESCZj2GFnJpbM3QiMZHhZ
4N0AztFb18pvfqj8cBul2oAYPp3FjvEsQxOrnKeSEMxjmQ4BA4rCSUWIUpysHtHN
3+XDMG04EtJGEeFJ10KFeaA5+SWza9iKzp2t37wHsbgb
-----END CERTIFICATE-----