Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/3OX791jIHt-KyzYL70SzuRA3sB8.roa
File:                     3OX791jIHt-KyzYL70SzuRA3sB8.roa (raw, json)
Hash identifier:          C9c2nOfhQAjNeZ49os1dNhuW+dMXSzAkbgLJen/CRbU=
Subject key identifier:   DC:E5:FB:F7:58:C8:1E:DF:8A:CB:36:0B:EF:44:B3:B9:10:37:B0:1F
Certificate issuer:       /CN=84df54bdc104106cdb299e01ef08a60985ec35fb
Certificate serial:       018CC56E6965C4F621A8338E28046D302A9E
Authority key identifier: 84:DF:54:BD:C1:04:10:6C:DB:29:9E:01:EF:08:A6:09:85:EC:35:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/3OX791jIHt-KyzYL70SzuRA3sB8.roa
Signing time:             Mon 01 Jan 2024 14:29:56 +0000
ROA not before:           Mon 01 Jan 2024 14:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51918
IP address blocks:        185.117.236.0/22 maxlen: 22
                          2a06:94c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:69:65:c4:f6:21:a8:33:8e:28:04:6d:30:2a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84df54bdc104106cdb299e01ef08a60985ec35fb
        Validity
            Not Before: Jan  1 14:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce5fbf758c81edf8acb360bef44b3b91037b01f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:54:2d:a7:2e:11:ba:61:10:60:73:ba:89:95:
                    49:5f:61:9f:79:e0:56:c0:8a:17:8f:89:3d:88:2a:
                    1a:d8:d0:56:80:d8:ca:ab:be:22:be:79:3c:d8:70:
                    48:c5:5f:40:7f:c7:51:61:8f:36:37:9b:e0:71:3c:
                    c8:a2:de:95:f4:d2:f4:75:68:36:12:a3:e0:5f:71:
                    56:e5:3e:c5:c7:c7:66:e4:82:ab:8c:d6:47:ad:20:
                    2d:7c:39:58:db:de:77:43:4e:17:f5:b7:b2:df:f7:
                    06:7d:a8:48:0d:08:d8:1c:6c:89:9c:78:46:be:93:
                    4a:1f:ea:34:06:91:f1:a3:13:3f:a2:68:71:84:6a:
                    6e:2a:3c:6c:ba:d7:3d:ac:b6:a8:49:5d:d1:4f:43:
                    d4:7f:35:68:29:5a:16:ce:a8:1a:37:7e:d0:f9:2e:
                    4d:d5:7e:94:89:0b:f0:2d:25:78:85:77:5d:53:4d:
                    ea:6b:42:f3:9b:45:fa:39:6e:eb:52:ed:cf:18:f0:
                    ec:7b:20:3d:22:40:7d:7c:eb:6d:32:bc:4b:eb:5f:
                    62:71:01:2f:b9:14:92:e2:6b:df:4f:15:68:2b:5a:
                    9d:0d:cc:5b:1a:a2:7f:8c:04:f8:68:43:22:83:2c:
                    94:83:11:76:9a:36:15:5f:4e:b2:dd:ad:0d:6a:f0:
                    ab:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E5:FB:F7:58:C8:1E:DF:8A:CB:36:0B:EF:44:B3:B9:10:37:B0:1F
            X509v3 Authority Key Identifier:
                keyid:84:DF:54:BD:C1:04:10:6C:DB:29:9E:01:EF:08:A6:09:85:EC:35:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hN9UvcEEEGzbKZ4B7wimCYXsNfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/3OX791jIHt-KyzYL70SzuRA3sB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/f93da2-1457-4cd9-9073-806a315dd1fd/1/hN9UvcEEEGzbKZ4B7wimCYXsNfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.236.0/22
                IPv6:
                  2a06:94c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:90:0f:8d:d2:5f:b4:6d:ac:37:12:a3:76:28:70:af:05:47:
         7a:e2:99:95:77:df:00:16:f7:6c:e8:83:93:73:7f:8f:93:d3:
         9f:7f:90:fe:de:6f:96:d9:06:98:10:f6:86:98:88:34:76:7f:
         e3:22:a9:0b:2e:ef:02:af:0c:34:d3:26:48:82:35:31:1a:36:
         54:7d:15:e0:d5:57:fa:aa:31:5d:aa:2d:a4:ea:90:1e:34:66:
         db:ff:35:99:da:2e:bd:c4:c0:4c:be:95:96:d6:33:6f:d3:b3:
         c0:36:9d:90:0e:61:78:24:b6:f3:c6:b7:e3:cb:b0:29:b3:39:
         68:a5:5c:89:43:7c:4a:d7:c9:f5:88:9c:55:14:da:bd:9f:d7:
         04:9b:3c:40:7a:a1:44:be:80:b6:fb:cc:c2:23:f6:50:e7:b2:
         d8:5e:00:25:f1:c4:70:fb:b1:6c:78:9c:f4:bf:fa:e1:45:96:
         02:e7:e0:cc:46:95:d0:12:a0:21:77:09:e4:aa:a6:d1:9e:b4:
         dd:67:4b:51:a8:12:3e:61:38:78:0a:2d:0d:7d:b8:02:5d:ed:
         00:e9:78:6b:56:f5:37:6c:db:0f:2c:44:74:71:51:23:d6:09:
         8d:34:d5:c6:30:45:d6:11:bc:00:cb:07:5b:06:6a:d9:ce:a5:
         2d:f5:07:2d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbmllxPYhqDOOKARtMCqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZGY1NGJkYzEwNDEwNmNkYjI5OWUwMWVmMDhhNjA5ODVl
YzM1ZmIwHhcNMjQwMTAxMTQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U1ZmJmNzU4YzgxZWRmOGFjYjM2MGJlZjQ0YjNiOTEwMzdiMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVQtpy4RumEQYHO6iZVJX2GfeeBW
wIoXj4k9iCoa2NBWgNjKq74ivnk82HBIxV9Af8dRYY82N5vgcTzIot6V9NL0dWg2
EqPgX3FW5T7Fx8dm5IKrjNZHrSAtfDlY2953Q04X9bey3/cGfahIDQjYHGyJnHhG
vpNKH+o0BpHxoxM/omhxhGpuKjxsutc9rLaoSV3RT0PUfzVoKVoWzqgaN37Q+S5N
1X6UiQvwLSV4hXddU03qa0Lzm0X6OW7rUu3PGPDseyA9IkB9fOttMrxL619icQEv
uRSS4mvfTxVoK1qdDcxbGqJ/jAT4aEMigyyUgxF2mjYVX06y3a0NavCrwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNzl+/dYyB7fiss2C+9Es7kQN7AfMB8GA1UdIwQY
MBaAFITfVL3BBBBs2ymeAe8IpgmF7DX7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE45VXZjRUVFR3piS1o0Qjd3aW1DWVhzTmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9mOTNkYTItMTQ1Ny00Y2Q5LTkwNzMt
ODA2YTMxNWRkMWZkLzEvM09YNzkxaklIdC1LeXpZTDcwU3p1UkEzc0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9mOTNkYTItMTQ1Ny00Y2Q5LTkwNzMtODA2YTMxNWRkMWZk
LzEvaE45VXZjRUVFR3piS1o0Qjd3aW1DWVhzTmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXXsMA0E
AgACMAcDBQMqBpTAMA0GCSqGSIb3DQEBCwUAA4IBAQBRkA+N0l+0baw3EqN2KHCv
BUd64pmVd98AFvds6IOTc3+Pk9Off5D+3m+W2QaYEPaGmIg0dn/jIqkLLu8Crww0
0yZIgjUxGjZUfRXg1Vf6qjFdqi2k6pAeNGbb/zWZ2i69xMBMvpWW1jNv07PANp2Q
DmF4JLbzxrfjy7ApszlopVyJQ3xK18n1iJxVFNq9n9cEmzxAeqFEvoC2+8zCI/ZQ
57LYXgAl8cRw+7FseJz0v/rhRZYC5+DMRpXQEqAhdwnkqqbRnrTdZ0tRqBI+YTh4
Ci0NfbgCXe0A6XhrVvU3bNsPLER0cVEj1gmNNNXGMEXWEbwAywdbBmrZzqUt9Qct
-----END CERTIFICATE-----