Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/9RsHYiEhmB9xa1oq3TRvIljK-Bs.roa
File:                     9RsHYiEhmB9xa1oq3TRvIljK-Bs.roa (raw, json)
Hash identifier:          vBN0a3hF8GzM+F36dvyzjgJHeZJZqVeyOJY7T3I0aR8=
Subject key identifier:   F5:1B:07:62:21:21:98:1F:71:6B:5A:2A:DD:34:6F:22:58:CA:F8:1B
Certificate issuer:       /CN=c3ab8f44fc356096b8e656fc8739871ec00d1f12
Certificate serial:       018CC34897F50B73A999D2B1868241B70CEB
Authority key identifier: C3:AB:8F:44:FC:35:60:96:B8:E6:56:FC:87:39:87:1E:C0:0D:1F:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6uPRPw1YJa45lb8hzmHHsANHxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/9RsHYiEhmB9xa1oq3TRvIljK-Bs.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207099
IP address blocks:        185.155.65.0/24 maxlen: 24
                          185.155.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/w6uPRPw1YJa45lb8hzmHHsANHxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/w6uPRPw1YJa45lb8hzmHHsANHxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6uPRPw1YJa45lb8hzmHHsANHxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:97:f5:0b:73:a9:99:d2:b1:86:82:41:b7:0c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3ab8f44fc356096b8e656fc8739871ec00d1f12
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f51b07622121981f716b5a2add346f2258caf81b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:b0:61:4e:f9:da:8b:96:52:b5:0d:78:03:
                    bb:17:d6:12:d4:eb:6e:bd:03:4c:42:1e:ca:6b:fd:
                    0b:b4:41:0c:c1:68:bd:e7:bf:87:f3:ce:2d:17:e8:
                    68:25:ad:0f:4c:1c:a1:3c:6c:17:18:93:b9:15:96:
                    ed:fe:6c:ef:39:ee:7f:76:7c:cf:e3:5a:88:f4:44:
                    a5:18:0d:fa:e5:cc:7a:33:df:76:c7:0d:23:8d:c3:
                    64:e9:fd:c8:ee:84:5b:84:b3:bb:c2:6b:cb:5a:14:
                    7b:97:cb:92:f8:57:da:fb:6b:80:cd:73:dc:46:cb:
                    c0:22:cd:4f:b4:4d:dd:29:d9:e6:6a:65:76:fb:ba:
                    44:80:71:64:94:d4:95:11:83:8a:e5:30:1d:57:a4:
                    97:d7:31:b3:71:77:c0:82:ef:47:4b:87:d6:a2:c1:
                    47:7f:45:af:05:e2:7e:74:21:a4:bd:23:60:2e:34:
                    0a:8b:af:ed:ea:e2:c7:73:01:26:1b:a0:a2:98:60:
                    bd:b2:51:82:f1:32:f3:03:69:b1:52:b4:5a:0b:74:
                    0d:4f:c5:3b:93:e5:93:23:e5:36:b2:95:f5:fb:f6:
                    46:83:a3:f7:a0:ec:4d:26:39:ce:98:5a:c6:cf:95:
                    03:ce:b6:c8:db:15:df:c5:7c:31:79:27:e4:48:b8:
                    38:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:1B:07:62:21:21:98:1F:71:6B:5A:2A:DD:34:6F:22:58:CA:F8:1B
            X509v3 Authority Key Identifier:
                keyid:C3:AB:8F:44:FC:35:60:96:B8:E6:56:FC:87:39:87:1E:C0:0D:1F:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6uPRPw1YJa45lb8hzmHHsANHxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/9RsHYiEhmB9xa1oq3TRvIljK-Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6e74e6-2603-4711-ace1-75ae1e6d9c31/1/w6uPRPw1YJa45lb8hzmHHsANHxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.65.0-185.155.66.255

    Signature Algorithm: sha256WithRSAEncryption
         1a:bb:b1:6e:b5:09:0e:bd:a7:3b:05:08:70:24:a6:91:54:81:
         4c:21:88:ad:e0:d3:e5:c9:15:74:e2:2b:73:a8:aa:77:56:e7:
         3e:29:17:f2:3f:85:d8:9a:2f:e7:f1:95:62:1c:70:e4:43:69:
         0e:89:ce:56:4a:07:41:b0:41:a2:0e:71:c6:76:ab:d8:38:0e:
         4a:08:3e:b9:06:8f:d1:dd:8f:2c:3e:be:3f:1f:84:bf:91:4d:
         5b:d9:4b:69:4d:81:c6:7b:b1:b7:3f:d7:87:19:f6:dd:2e:5f:
         0b:b6:aa:c2:a0:af:55:87:74:6e:c0:bc:33:c7:2f:9a:78:68:
         5b:47:40:08:a7:28:9c:a9:2a:05:b1:a1:05:2a:7f:8f:d8:53:
         6e:11:3f:7f:02:cd:5b:ed:db:27:95:5f:c1:a5:4e:49:6a:47:
         20:ee:56:0a:d8:0b:c1:9f:49:38:c2:61:b4:d7:fd:c6:19:14:
         60:63:e3:d5:e6:d8:3f:0b:5d:3a:4f:f8:ad:f8:bf:3c:7a:33:
         6e:bb:a8:b5:98:45:2e:d3:2c:58:43:1e:0d:8e:3a:b2:49:8d:
         87:60:7e:4d:61:e2:df:06:8b:9a:83:17:70:23:2c:00:06:15:
         24:0a:b9:19:64:80:02:d0:78:f8:4d:01:d9:9c:e3:15:b5:22:
         fa:d6:17:b5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSJf1C3OpmdKxhoJBtwzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWI4ZjQ0ZmMzNTYwOTZiOGU2NTZmYzg3Mzk4NzFlYzAw
ZDFmMTIwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTFiMDc2MjIxMjE5ODFmNzE2YjVhMmFkZDM0NmYyMjU4Y2FmODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFuwYU752ouWUrUNeAO7F9YS1Otu
vQNMQh7Ka/0LtEEMwWi957+H884tF+hoJa0PTByhPGwXGJO5FZbt/mzvOe5/dnzP
41qI9ESlGA365cx6M992xw0jjcNk6f3I7oRbhLO7wmvLWhR7l8uS+Ffa+2uAzXPc
RsvAIs1PtE3dKdnmamV2+7pEgHFklNSVEYOK5TAdV6SX1zGzcXfAgu9HS4fWosFH
f0WvBeJ+dCGkvSNgLjQKi6/t6uLHcwEmG6CimGC9slGC8TLzA2mxUrRaC3QNT8U7
k+WTI+U2spX1+/ZGg6P3oOxNJjnOmFrGz5UDzrbI2xXfxXwxeSfkSLg4FQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPUbB2IhIZgfcWtaKt00byJYyvgbMB8GA1UdIwQY
MBaAFMOrj0T8NWCWuOZW/Ic5hx7ADR8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ1UFJQdzFZSmE0NWxiOGh6bUhIc0FOSHhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZTc0ZTYtMjYwMy00NzExLWFjZTEt
NzVhZTFlNmQ5YzMxLzEvOVJzSFlpRWhtQjl4YTFvcTNUUnZJbGpLLUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZTc0ZTYtMjYwMy00NzExLWFjZTEtNzVhZTFlNmQ5YzMx
LzEvdzZ1UFJQdzFZSmE0NWxiOGh6bUhIc0FOSHhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5m0ED
BAC5m0IwDQYJKoZIhvcNAQELBQADggEBABq7sW61CQ69pzsFCHAkppFUgUwhiK3g
0+XJFXTiK3OoqndW5z4pF/I/hdiaL+fxlWIccORDaQ6JzlZKB0GwQaIOccZ2q9g4
DkoIPrkGj9Hdjyw+vj8fhL+RTVvZS2lNgcZ7sbc/14cZ9t0uXwu2qsKgr1WHdG7A
vDPHL5p4aFtHQAinKJypKgWxoQUqf4/YU24RP38CzVvt2yeVX8GlTklqRyDuVgrY
C8GfSTjCYbTX/cYZFGBj49Xm2D8LXTpP+K34vzx6M267qLWYRS7TLFhDHg2OOrJJ
jYdgfk1h4t8Gi5qDF3AjLAAGFSQKuRlkgALQePhNAdmc4xW1IvrWF7U=
-----END CERTIFICATE-----