Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/vK0xE8sIJcQeBxzewT9kAskj3jM.roa
File:                     vK0xE8sIJcQeBxzewT9kAskj3jM.roa (raw, json)
Hash identifier:          jOKwh59hR9Le3Xn0fJe05igv1u5T/M+fMvWRXYKD4Ss=
Subject key identifier:   BC:AD:31:13:CB:08:25:C4:1E:07:1C:DE:C1:3F:64:02:C9:23:DE:33
Certificate issuer:       /CN=7a550c8065bf6033fcc6a3b03813ef9271924196
Certificate serial:       018CC56EF1337A119A569FAFD3BD7A57F988
Authority key identifier: 7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/vK0xE8sIJcQeBxzewT9kAskj3jM.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        185.161.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f1:33:7a:11:9a:56:9f:af:d3:bd:7a:57:f9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a550c8065bf6033fcc6a3b03813ef9271924196
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcad3113cb0825c41e071cdec13f6402c923de33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:54:71:0d:5f:e1:25:7d:7a:20:ca:76:8e:
                    f3:05:1b:8b:f7:59:40:2a:e1:7a:b9:0b:ef:c6:97:
                    fe:3f:93:99:b3:6b:d2:b1:1a:d3:5e:eb:2d:b8:28:
                    12:98:61:62:b2:5f:5b:32:b0:58:cd:1e:b9:32:38:
                    e9:c1:93:7f:90:73:2e:b8:4b:72:4b:af:08:64:bf:
                    a6:33:7e:e9:93:c7:87:92:e4:29:83:24:28:53:60:
                    66:cd:29:3d:27:f1:3b:d5:45:1d:56:2d:a2:fd:88:
                    c6:3d:e9:a2:0c:14:a5:ba:3e:7e:40:ea:7e:dd:3e:
                    47:23:3d:36:56:60:68:ee:1e:fc:64:5d:9d:58:63:
                    dc:aa:f8:6c:e6:61:3a:2f:89:8e:26:fb:43:a7:40:
                    29:3d:eb:ab:f4:52:00:76:e7:96:94:c3:fd:2c:89:
                    fb:a8:78:46:73:c7:be:b3:d7:12:14:e3:56:17:65:
                    1c:a6:49:6c:37:da:57:50:83:9b:f6:53:d3:e0:19:
                    80:6e:e6:77:8a:05:4b:2a:19:48:7b:24:fe:b2:8b:
                    8a:54:3e:26:6b:b2:13:ed:06:dd:cb:b1:c3:87:fb:
                    64:5f:3f:f1:f8:3b:5c:50:48:4a:7b:df:03:5f:cb:
                    88:ec:d3:94:2e:01:c3:ff:6a:c1:35:ae:b7:24:1f:
                    4c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AD:31:13:CB:08:25:C4:1E:07:1C:DE:C1:3F:64:02:C9:23:DE:33
            X509v3 Authority Key Identifier:
                keyid:7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/vK0xE8sIJcQeBxzewT9kAskj3jM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:6b:1b:5e:4c:5c:e4:21:fa:20:fc:e8:83:00:05:0a:ad:1e:
         6f:e3:72:d2:30:0b:47:57:81:b5:a5:45:ae:f5:b3:2d:b0:07:
         e8:b0:ad:dd:3a:7b:a1:7a:fa:83:2a:29:e9:ed:3d:6a:c3:6a:
         16:13:3a:11:3d:b3:d5:e6:07:e6:15:db:1c:04:f1:79:73:95:
         c9:51:b4:80:f2:dc:58:34:f9:09:fb:9a:de:b1:bd:f2:18:af:
         d7:3b:00:5d:39:64:5c:7a:5f:95:9f:f0:e8:93:af:db:6f:6c:
         8e:85:3f:bf:33:e3:3e:0e:ab:95:af:f1:9a:51:56:5a:e6:a2:
         5a:c3:31:d4:fb:fe:87:d3:0a:66:54:d3:8d:77:16:f6:49:21:
         25:51:a8:da:1b:79:d3:a7:24:d2:7c:e9:87:f5:db:6f:a6:29:
         b5:67:e0:68:01:cf:ab:51:cf:e3:8f:d0:ca:3c:aa:6f:23:48:
         90:56:49:62:d6:b0:c6:b2:b9:6f:b8:b2:00:95:ef:c5:de:43:
         45:79:07:0a:a1:42:01:6c:a6:2e:23:ad:08:3f:40:ea:3a:32:
         2a:bc:77:4c:99:6c:13:a4:28:4e:6f:4e:2d:cc:ea:f7:09:e0:
         e6:b2:13:24:d6:6a:6b:21:73:ba:64:d0:31:ca:06:a2:f3:41:
         26:6b:6e:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvEzehGaVp+v0716V/mIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTUwYzgwNjViZjYwMzNmY2M2YTNiMDM4MTNlZjkyNzE5
MjQxOTYwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FkMzExM2NiMDgyNWM0MWUwNzFjZGVjMTNmNjQwMmM5MjNkZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvxUcQ1f4SV9eiDKdo7zBRuL91lA
KuF6uQvvxpf+P5OZs2vSsRrTXustuCgSmGFisl9bMrBYzR65MjjpwZN/kHMuuEty
S68IZL+mM37pk8eHkuQpgyQoU2BmzSk9J/E71UUdVi2i/YjGPemiDBSluj5+QOp+
3T5HIz02VmBo7h78ZF2dWGPcqvhs5mE6L4mOJvtDp0ApPeur9FIAdueWlMP9LIn7
qHhGc8e+s9cSFONWF2UcpklsN9pXUIOb9lPT4BmAbuZ3igVLKhlIeyT+souKVD4m
a7IT7Qbdy7HDh/tkXz/x+DtcUEhKe98DX8uI7NOULgHD/2rBNa63JB9MYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLytMRPLCCXEHgcc3sE/ZALJI94zMB8GA1UdIwQY
MBaAFHpVDIBlv2Az/MajsDgT75JxkkGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGIt
ODdiZmMzN2YwZWMyLzEvdksweEU4c0lKY1FlQnh6ZXdUOWtBc2tqM2pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGItODdiZmMzN2YwZWMy
LzEvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaH7MA0G
CSqGSIb3DQEBCwUAA4IBAQCdaxteTFzkIfog/OiDAAUKrR5v43LSMAtHV4G1pUWu
9bMtsAfosK3dOnuhevqDKinp7T1qw2oWEzoRPbPV5gfmFdscBPF5c5XJUbSA8txY
NPkJ+5resb3yGK/XOwBdOWRcel+Vn/Dok6/bb2yOhT+/M+M+DquVr/GaUVZa5qJa
wzHU+/6H0wpmVNONdxb2SSElUajaG3nTpyTSfOmH9dtvpim1Z+BoAc+rUc/jj9DK
PKpvI0iQVkli1rDGsrlvuLIAle/F3kNFeQcKoUIBbKYuI60IP0DqOjIqvHdMmWwT
pChOb04tzOr3CeDmshMk1mprIXO6ZNAxygai80Ema25i
-----END CERTIFICATE-----