Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/XbRZb3w3EIQPeDaSlNJ14vdJkBA.roa
File:                     XbRZb3w3EIQPeDaSlNJ14vdJkBA.roa (raw, json)
Hash identifier:          J3cQZjX6GpDWzOECzgf3MdhxR87k0p8FiPU+rsECbXs=
Subject key identifier:   5D:B4:59:6F:7C:37:10:84:0F:78:36:92:94:D2:75:E2:F7:49:90:10
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A85E29CFB01EBB6693EFB91BDE689
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/XbRZb3w3EIQPeDaSlNJ14vdJkBA.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205502
IP address blocks:        188.72.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:85:e2:9c:fb:01:eb:b6:69:3e:fb:91:bd:e6:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db4596f7c3710840f78369294d275e2f7499010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:c8:2c:ff:98:17:e1:46:a4:86:bd:47:5b:f9:
                    af:b3:11:77:84:eb:d2:9b:6b:c5:ae:32:93:b1:0f:
                    d7:80:45:20:90:6e:1f:47:44:42:eb:e0:c9:59:58:
                    a7:92:8a:13:78:56:9f:54:db:18:48:10:a5:d2:15:
                    e5:b8:2c:ff:10:c7:06:2e:50:66:22:cd:a2:59:d4:
                    c6:4b:73:6e:2a:20:46:6a:37:3f:5a:f5:bf:e1:a8:
                    55:23:c2:ec:63:54:e1:d9:fb:98:56:a5:b5:5b:17:
                    b6:41:25:ed:1a:ed:11:73:29:94:ff:c4:40:cb:f5:
                    78:37:7f:45:4e:8b:0c:91:a3:c1:4f:83:c8:3b:09:
                    23:85:4b:c3:31:bb:44:93:e2:7f:35:da:8b:00:88:
                    41:87:43:c9:73:a0:00:6b:a6:6c:a5:db:29:7a:7b:
                    37:69:5a:f4:c4:8b:a1:c7:87:a3:15:cd:6a:10:62:
                    1a:df:6d:3b:03:9a:8f:cf:6e:33:96:ae:7c:e7:03:
                    44:a1:c9:fd:1d:13:90:50:13:88:23:8f:35:51:08:
                    69:03:64:c3:3b:5f:78:3f:05:1b:73:4e:9e:c7:90:
                    bd:12:b0:ca:16:b4:47:a7:3f:26:bb:d3:e3:cd:d9:
                    9e:fb:d5:65:ee:49:31:ec:bf:fd:dd:32:6a:ca:99:
                    55:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B4:59:6F:7C:37:10:84:0F:78:36:92:94:D2:75:E2:F7:49:90:10
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/XbRZb3w3EIQPeDaSlNJ14vdJkBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:3f:17:eb:6d:fd:2f:aa:c5:d4:bf:94:9d:7e:65:9b:90:0c:
         00:b4:54:9a:20:c5:8a:75:5a:a6:40:ac:df:7b:f1:be:c8:24:
         5b:77:cc:e9:bd:b4:fc:85:37:66:28:bf:ef:85:a1:e7:6e:ba:
         86:5c:74:32:bc:c2:60:f0:1f:4e:02:a8:8a:94:5a:10:6c:05:
         96:8e:c5:e9:34:a5:3b:c3:90:39:49:93:50:91:8c:6f:ee:dd:
         b1:4a:f5:d4:50:c9:e8:82:61:28:e9:46:2f:ea:43:fd:7b:bc:
         47:3e:b7:82:bc:61:c7:0d:df:7e:48:96:f6:06:95:eb:a7:fd:
         a2:b0:a1:c8:77:54:04:1c:eb:a5:1b:02:2d:a1:89:4d:cf:09:
         55:fe:85:cb:e6:60:b5:91:81:ef:b0:c6:4b:c2:76:b0:ef:25:
         a8:0d:08:33:fe:5a:a1:ac:21:e5:4f:86:04:c0:80:c7:8f:b2:
         da:0e:63:03:6c:53:3b:33:85:b3:e4:14:d3:4b:19:ae:a8:fa:
         49:07:e2:78:66:c1:c0:f6:82:26:c6:c5:0a:5f:e4:04:ab:0b:
         24:eb:0a:35:a6:6d:75:28:2e:a3:e0:6d:b6:37:0c:76:0a:4b:
         0c:f5:57:fe:56:06:b9:1e:c0:6c:29:16:d9:ed:e5:4c:6e:d8:
         05:cd:eb:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoXinPsB67ZpPvuRveaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI0NTk2ZjdjMzcxMDg0MGY3ODM2OTI5NGQyNzVlMmY3NDk5MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mgs/5gX4Uakhr1HW/mvsxF3hOvS
m2vFrjKTsQ/XgEUgkG4fR0RC6+DJWVinkooTeFafVNsYSBCl0hXluCz/EMcGLlBm
Is2iWdTGS3NuKiBGajc/WvW/4ahVI8LsY1Th2fuYVqW1Wxe2QSXtGu0RcymU/8RA
y/V4N39FTosMkaPBT4PIOwkjhUvDMbtEk+J/NdqLAIhBh0PJc6AAa6Zspdspens3
aVr0xIuhx4ejFc1qEGIa3207A5qPz24zlq585wNEocn9HROQUBOII481UQhpA2TD
O194PwUbc06ex5C9ErDKFrRHpz8mu9Pjzdme+9Vl7kkx7L/93TJqyplVZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF20WW98NxCED3g2kpTSdeL3SZAQMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvWGJSWmIzdzNFSVFQZURhU2xOSjE0dmRKa0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEhdMA0G
CSqGSIb3DQEBCwUAA4IBAQBhPxfrbf0vqsXUv5SdfmWbkAwAtFSaIMWKdVqmQKzf
e/G+yCRbd8zpvbT8hTdmKL/vhaHnbrqGXHQyvMJg8B9OAqiKlFoQbAWWjsXpNKU7
w5A5SZNQkYxv7t2xSvXUUMnogmEo6UYv6kP9e7xHPreCvGHHDd9+SJb2BpXrp/2i
sKHId1QEHOulGwItoYlNzwlV/oXL5mC1kYHvsMZLwnaw7yWoDQgz/lqhrCHlT4YE
wIDHj7LaDmMDbFM7M4Wz5BTTSxmuqPpJB+J4ZsHA9oImxsUKX+QEqwsk6wo1pm11
KC6j4G22Nwx2CksM9Vf+Vga5HsBsKRbZ7eVMbtgFzevP
-----END CERTIFICATE-----