Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/Y0L8t0mryvrv21tncsP8p-r-xsk.roa
File:                     Y0L8t0mryvrv21tncsP8p-r-xsk.roa (raw, json)
Hash identifier:          AE9HD9z5lUgKaXgQRha0ox6qON6WF/P1LA7LaHY+ypk=
Subject key identifier:   63:42:FC:B7:49:AB:CA:FA:EF:DB:5B:67:72:C3:FC:A7:EA:FE:C6:C9
Certificate issuer:       /CN=a3c71c86459de74bbd35a3ccbfd8ae5d9cb4d2d8
Certificate serial:       018CC3B6CEDF4A120B393AD30BADFD76FE7A
Authority key identifier: A3:C7:1C:86:45:9D:E7:4B:BD:35:A3:CC:BF:D8:AE:5D:9C:B4:D2:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8cchkWd50u9NaPMv9iuXZy00tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/Y0L8t0mryvrv21tncsP8p-r-xsk.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211080
IP address blocks:        185.182.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/o8cchkWd50u9NaPMv9iuXZy00tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/o8cchkWd50u9NaPMv9iuXZy00tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8cchkWd50u9NaPMv9iuXZy00tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ce:df:4a:12:0b:39:3a:d3:0b:ad:fd:76:fe:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3c71c86459de74bbd35a3ccbfd8ae5d9cb4d2d8
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6342fcb749abcafaefdb5b6772c3fca7eafec6c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:01:c0:73:3b:fb:7f:65:8b:8e:16:b2:15:38:
                    cf:b7:b8:72:79:d7:81:d8:56:8e:d7:38:e0:0b:9c:
                    20:81:5c:5b:44:d4:ac:da:64:0b:b2:36:3f:fb:f8:
                    49:cf:b4:95:e3:89:73:a0:d3:10:df:cb:7b:fb:31:
                    30:15:e0:54:bf:bb:84:e3:7e:6f:fd:2e:88:e2:30:
                    8d:41:0e:ba:99:b4:25:b2:8b:13:46:13:ce:25:08:
                    d3:3e:f7:25:7f:f1:1c:12:ca:fa:2f:24:89:c4:2b:
                    1c:e0:28:6c:ea:22:17:cc:6a:a2:19:da:f1:76:58:
                    66:95:bd:d4:64:68:5d:1b:26:6f:5e:b7:f2:dc:1d:
                    ef:d0:58:c1:4b:d9:30:d0:32:3e:5d:23:54:78:8a:
                    e3:9d:e6:08:3b:ac:36:b9:5b:63:62:eb:bc:a0:62:
                    99:86:eb:5a:52:52:f8:f2:31:7c:e0:87:88:0d:71:
                    15:a4:ef:6c:e9:7f:e3:b4:77:32:7f:a2:54:7e:0c:
                    06:6f:12:31:31:30:82:65:09:17:dc:e8:b1:f7:a1:
                    a0:55:f5:fc:18:43:8c:f6:84:ac:35:3a:4d:17:74:
                    e1:0f:c4:36:62:6a:7c:f4:42:29:40:a4:f7:e2:92:
                    21:0f:a2:03:23:86:60:ba:d0:ab:0f:29:d0:87:07:
                    50:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:42:FC:B7:49:AB:CA:FA:EF:DB:5B:67:72:C3:FC:A7:EA:FE:C6:C9
            X509v3 Authority Key Identifier:
                keyid:A3:C7:1C:86:45:9D:E7:4B:BD:35:A3:CC:BF:D8:AE:5D:9C:B4:D2:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8cchkWd50u9NaPMv9iuXZy00tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/Y0L8t0mryvrv21tncsP8p-r-xsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/cc8e7a-e413-43ff-aa59-0914ad24a3e4/1/o8cchkWd50u9NaPMv9iuXZy00tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:5d:e2:85:f2:d0:22:ec:36:11:f8:a5:6d:5f:0e:a8:2e:5a:
         fa:ec:3f:25:c5:9a:ce:e8:fb:81:63:d9:47:36:29:9c:d6:b7:
         06:2f:92:a6:56:ff:94:8d:ad:2e:ce:b3:e9:90:21:01:43:69:
         4b:67:8f:32:a0:6e:57:26:46:e3:68:f4:c9:12:6c:26:ee:67:
         19:2a:14:92:b3:0e:a9:30:32:bc:a8:fc:ef:78:3e:15:b8:ca:
         19:7f:59:93:57:26:ac:e9:7d:88:6b:c4:44:42:a6:d6:71:3b:
         c4:79:6b:d7:88:bc:62:80:0e:be:55:67:4f:f3:07:84:bd:2f:
         18:91:a8:7c:fa:47:c1:84:67:7a:df:1c:c7:09:5e:9d:c4:ef:
         b7:bc:5f:2c:1f:4f:69:85:60:38:aa:34:92:32:73:d6:85:5c:
         d7:98:16:8d:d6:e2:a1:d3:03:0f:15:1c:27:49:d9:39:87:57:
         f6:0a:a1:7a:46:b7:71:23:af:bc:6b:52:c9:2e:5e:a3:1b:a8:
         a3:20:4a:5c:f7:9b:53:3c:d7:a4:9c:c4:42:44:e5:00:c6:20:
         13:88:e6:78:59:41:b3:14:1c:28:31:59:7e:f6:58:58:f4:cc:
         d4:87:5e:11:1d:d9:b6:13:96:9c:64:69:98:a8:fa:00:75:f6:
         dd:29:dc:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDts7fShILOTrTC639dv56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYzcxYzg2NDU5ZGU3NGJiZDM1YTNjY2JmZDhhZTVkOWNi
NGQyZDgwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzQyZmNiNzQ5YWJjYWZhZWZkYjViNjc3MmMzZmNhN2VhZmVjNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQHAczv7f2WLjhayFTjPt7hyedeB
2FaO1zjgC5wggVxbRNSs2mQLsjY/+/hJz7SV44lzoNMQ38t7+zEwFeBUv7uE435v
/S6I4jCNQQ66mbQlsosTRhPOJQjTPvclf/EcEsr6LySJxCsc4Chs6iIXzGqiGdrx
dlhmlb3UZGhdGyZvXrfy3B3v0FjBS9kw0DI+XSNUeIrjneYIO6w2uVtjYuu8oGKZ
hutaUlL48jF84IeIDXEVpO9s6X/jtHcyf6JUfgwGbxIxMTCCZQkX3Oix96GgVfX8
GEOM9oSsNTpNF3ThD8Q2Ymp89EIpQKT34pIhD6IDI4ZgutCrDynQhwdQDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNC/LdJq8r679tbZ3LD/Kfq/sbJMB8GA1UdIwQY
MBaAFKPHHIZFnedLvTWjzL/Yrl2ctNLYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhjY2hrV2Q1MHU5TmFQTXY5aXVYWnkwMHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jYzhlN2EtZTQxMy00M2ZmLWFhNTkt
MDkxNGFkMjRhM2U0LzEvWTBMOHQwbXJ5dnJ2MjF0bmNzUDhwLXIteHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jYzhlN2EtZTQxMy00M2ZmLWFhNTktMDkxNGFkMjRhM2U0
LzEvbzhjY2hrV2Q1MHU5TmFQTXY5aXVYWnkwMHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubaeMA0G
CSqGSIb3DQEBCwUAA4IBAQAlXeKF8tAi7DYR+KVtXw6oLlr67D8lxZrO6PuBY9lH
Nimc1rcGL5KmVv+Uja0uzrPpkCEBQ2lLZ48yoG5XJkbjaPTJEmwm7mcZKhSSsw6p
MDK8qPzveD4VuMoZf1mTVyas6X2Ia8REQqbWcTvEeWvXiLxigA6+VWdP8weEvS8Y
kah8+kfBhGd63xzHCV6dxO+3vF8sH09phWA4qjSSMnPWhVzXmBaN1uKh0wMPFRwn
Sdk5h1f2CqF6RrdxI6+8a1LJLl6jG6ijIEpc95tTPNeknMRCROUAxiATiOZ4WUGz
FBwoMVl+9lhY9MzUh14RHdm2E5acZGmYqPoAdfbdKdxA
-----END CERTIFICATE-----