Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/aaAuG80p-fsbddrUCAY6zdpIu2U.roa
File:                     aaAuG80p-fsbddrUCAY6zdpIu2U.roa (raw, json)
Hash identifier:          //PH+yE/fL9qNitAHOL58hqoTJq7jYgpNUaHELqP+jQ=
Subject key identifier:   69:A0:2E:1B:CD:29:F9:FB:1B:75:DA:D4:08:06:3A:CD:DA:48:BB:65
Certificate issuer:       /CN=2c37b4bec97d608abe23bc57ba398246ccc57760
Certificate serial:       018CC500CB9FB1AD3490CA8E09D8DD067CA7
Authority key identifier: 2C:37:B4:BE:C9:7D:60:8A:BE:23:BC:57:BA:39:82:46:CC:C5:77:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/aaAuG80p-fsbddrUCAY6zdpIu2U.roa
Signing time:             Mon 01 Jan 2024 12:30:12 +0000
ROA not before:           Mon 01 Jan 2024 12:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205671
IP address blocks:        185.210.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 16:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:cb:9f:b1:ad:34:90:ca:8e:09:d8:dd:06:7c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c37b4bec97d608abe23bc57ba398246ccc57760
        Validity
            Not Before: Jan  1 12:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69a02e1bcd29f9fb1b75dad408063acdda48bb65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6a:79:de:ab:b6:91:87:d1:b9:cb:44:aa:bc:
                    28:f1:a4:51:86:77:8c:ea:d7:24:49:29:0e:60:3c:
                    ae:96:fa:75:00:e1:7e:a9:1b:3e:45:46:6e:c6:e2:
                    54:fa:d9:bf:ae:65:10:c0:a7:e6:d9:1d:62:47:55:
                    82:4c:86:c0:0a:28:61:07:e4:a4:ce:7d:79:9b:dc:
                    1d:16:d8:08:65:96:2a:4b:33:7a:52:f4:4f:ad:dd:
                    34:af:2f:91:0e:50:00:db:52:7b:d6:9d:32:6f:27:
                    f4:7e:8a:76:f1:c7:6a:02:54:d0:19:a1:e8:5e:c5:
                    1a:2c:7c:df:3e:b4:74:cb:af:ee:3c:ab:67:de:2e:
                    c1:2a:82:5a:b6:f6:61:9f:ca:ec:5f:dc:ff:60:38:
                    f6:d0:65:f2:73:04:1e:c5:2c:41:d2:62:ad:e4:11:
                    1b:76:22:58:c3:38:ff:a4:93:ba:e4:3c:13:12:c9:
                    2d:c1:4a:9b:85:2d:b2:c6:7f:a2:1a:c4:1e:0a:f4:
                    46:df:c1:6a:23:11:1f:ed:21:42:1f:0d:ca:5e:b0:
                    66:dc:70:cb:f5:58:21:11:b6:49:f0:3b:e6:38:da:
                    bb:fe:f7:42:04:a4:68:65:c5:3e:c0:3d:c8:24:c7:
                    ae:b8:9f:da:38:a3:e2:d2:9c:78:d1:60:2a:9f:14:
                    6c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A0:2E:1B:CD:29:F9:FB:1B:75:DA:D4:08:06:3A:CD:DA:48:BB:65
            X509v3 Authority Key Identifier:
                keyid:2C:37:B4:BE:C9:7D:60:8A:BE:23:BC:57:BA:39:82:46:CC:C5:77:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/aaAuG80p-fsbddrUCAY6zdpIu2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:16:fb:24:ba:a7:7e:dc:52:7c:15:d8:38:31:44:32:1c:c9:
         5f:2c:52:8f:9d:96:0c:13:20:7f:a6:ab:4d:50:b2:95:0a:eb:
         c4:be:8d:94:c1:0a:97:32:3f:49:79:f2:a2:ca:44:7d:9c:4f:
         73:17:a1:8a:aa:dc:72:97:ec:f1:d5:18:9e:a7:14:54:db:58:
         d5:ee:9d:14:29:5a:1a:7e:a6:a5:3e:c4:e7:f3:d3:96:34:46:
         d9:3d:13:f1:60:61:a6:2f:27:50:62:1a:3c:4b:17:09:17:5f:
         83:f5:86:7e:93:6e:af:e5:97:32:c7:f8:35:ca:ee:fe:cc:60:
         57:7b:dd:cb:6c:91:3c:74:29:08:f0:c9:48:be:94:0f:d4:c7:
         c7:9a:8e:90:cb:50:53:0a:d6:1a:58:83:67:b9:d8:4e:72:c0:
         26:30:42:cd:12:88:bd:8e:95:48:5e:b6:8f:a2:e0:e8:3d:e0:
         18:5c:37:b1:10:ac:08:19:03:0c:ad:55:13:f1:9b:03:48:84:
         35:d8:69:c2:2a:a2:db:87:d4:13:ae:b4:08:45:5f:2f:75:ff:
         fe:5a:fe:88:73:aa:94:96:2d:c7:6e:c5:cf:ab:49:19:0d:c3:
         f3:0c:a0:46:09:10:2a:3c:76:49:d1:3a:c1:b3:c6:e8:bb:e9:
         fd:40:c4:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMufsa00kMqOCdjdBnynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzdiNGJlYzk3ZDYwOGFiZTIzYmM1N2JhMzk4MjQ2Y2Nj
NTc3NjAwHhcNMjQwMTAxMTIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEwMmUxYmNkMjlmOWZiMWI3NWRhZDQwODA2M2FjZGRhNDhiYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWp53qu2kYfRuctEqrwo8aRRhneM
6tckSSkOYDyulvp1AOF+qRs+RUZuxuJU+tm/rmUQwKfm2R1iR1WCTIbACihhB+Sk
zn15m9wdFtgIZZYqSzN6UvRPrd00ry+RDlAA21J71p0ybyf0fop28cdqAlTQGaHo
XsUaLHzfPrR0y6/uPKtn3i7BKoJatvZhn8rsX9z/YDj20GXycwQexSxB0mKt5BEb
diJYwzj/pJO65DwTEsktwUqbhS2yxn+iGsQeCvRG38FqIxEf7SFCHw3KXrBm3HDL
9VghEbZJ8DvmONq7/vdCBKRoZcU+wD3IJMeuuJ/aOKPi0px40WAqnxRs9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmgLhvNKfn7G3Xa1AgGOs3aSLtlMB8GA1UdIwQY
MBaAFCw3tL7JfWCKviO8V7o5gkbMxXdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERlMHZzbDlZSXEtSTd4WHVqbUNSc3pGZDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iMTI2MDQtYjQ4MS00MTZkLWIwODgt
MjEwNzY3YmQwYmEyLzEvYWFBdUc4MHAtZnNiZGRyVUNBWTZ6ZHBJdTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iMTI2MDQtYjQ4MS00MTZkLWIwODgtMjEwNzY3YmQwYmEy
LzEvTERlMHZzbDlZSXEtSTd4WHVqbUNSc3pGZDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQBAFvskuqd+3FJ8Fdg4MUQyHMlfLFKPnZYMEyB/pqtN
ULKVCuvEvo2UwQqXMj9JefKiykR9nE9zF6GKqtxyl+zx1RiepxRU21jV7p0UKVoa
fqalPsTn89OWNEbZPRPxYGGmLydQYho8SxcJF1+D9YZ+k26v5Zcyx/g1yu7+zGBX
e93LbJE8dCkI8MlIvpQP1MfHmo6Qy1BTCtYaWINnudhOcsAmMELNEoi9jpVIXraP
ouDoPeAYXDexEKwIGQMMrVUT8ZsDSIQ12GnCKqLbh9QTrrQIRV8vdf/+Wv6Ic6qU
li3HbsXPq0kZDcPzDKBGCRAqPHZJ0TrBs8bou+n9QMTl
-----END CERTIFICATE-----