Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/AY6VgT3YQ3yXwQ4UcsKBId4knlE.roa
File:                     AY6VgT3YQ3yXwQ4UcsKBId4knlE.roa (raw, json)
Hash identifier:          GZJomk1LFxp/JDZa8yWf8w9BsmsNUa+Co8YF2Yn33tw=
Subject key identifier:   01:8E:95:81:3D:D8:43:7C:97:C1:0E:14:72:C2:81:21:DE:24:9E:51
Certificate issuer:       /CN=50399d4435bb85fae910abe38e68533204dfd60b
Certificate serial:       018CC4251B657E6EE64AE01BA50A21EB176B
Authority key identifier: 50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/AY6VgT3YQ3yXwQ4UcsKBId4knlE.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9443
IP address blocks:        185.167.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1b:65:7e:6e:e6:4a:e0:1b:a5:0a:21:eb:17:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50399d4435bb85fae910abe38e68533204dfd60b
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=018e95813dd8437c97c10e1472c28121de249e51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:b8:ca:e0:50:8c:a6:1c:38:eb:06:0a:ec:03:
                    b1:e5:80:67:86:bc:9b:57:d2:a7:58:02:ea:6b:f8:
                    cb:8c:f1:71:2d:51:d3:a5:8b:22:a9:d7:68:99:22:
                    ce:5c:ae:c7:a3:1a:59:26:28:07:67:66:78:d8:4f:
                    a7:3b:f6:f6:ca:fb:fd:76:f4:44:e2:ba:ea:0e:25:
                    14:49:ec:ec:d6:59:27:e9:f7:78:c5:5f:b5:0d:1c:
                    52:c5:70:c0:af:4b:96:ac:65:5b:f3:e8:29:2a:6b:
                    1e:cb:d2:df:7a:5c:de:08:aa:99:9b:11:cf:fc:f5:
                    54:85:3f:43:73:66:03:6e:6d:b0:35:0d:79:1a:1b:
                    b3:b5:86:31:49:37:d0:b0:89:3e:1b:49:07:a2:b4:
                    46:22:92:4d:fb:a7:92:d1:18:ec:11:3f:73:bf:48:
                    63:ad:f0:86:f2:6b:db:96:33:74:f7:1a:be:ca:9c:
                    81:57:ab:62:7d:41:08:88:6b:d8:cd:39:6b:89:42:
                    cf:88:b2:6b:31:d4:5e:d0:03:18:98:4a:f9:b0:a2:
                    86:c4:22:a9:9d:7c:a4:86:fd:d4:8d:0c:22:ff:a3:
                    a0:33:a4:30:94:51:1e:4f:82:d4:0e:4b:73:16:e3:
                    34:a1:97:20:2a:c8:1a:b9:6b:13:a6:79:87:f2:1d:
                    0d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:8E:95:81:3D:D8:43:7C:97:C1:0E:14:72:C2:81:21:DE:24:9E:51
            X509v3 Authority Key Identifier:
                keyid:50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/AY6VgT3YQ3yXwQ4UcsKBId4knlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a2:1f:85:d3:43:88:a3:9b:fd:ea:b2:4a:10:4a:65:d7:aa:
         c0:11:ba:56:a1:8f:0e:c3:64:ef:75:5b:d0:bd:2b:5e:be:7e:
         45:a3:95:ba:41:31:45:fc:da:f6:11:e3:d7:68:1e:a6:3a:6f:
         4c:c6:1d:8a:e6:b0:8b:7f:81:90:63:aa:de:11:d2:74:b1:dc:
         d9:c8:3a:9a:90:99:3e:55:d2:74:2d:9d:93:c4:ef:a7:6d:5d:
         df:73:89:f3:a1:0c:31:9f:66:b3:cb:28:5d:19:9a:84:05:89:
         f8:cc:cb:32:7b:91:80:7c:bc:bc:5c:54:91:95:e1:00:da:c3:
         1b:e4:23:69:a7:6e:9e:b0:b1:93:66:08:f3:e1:93:4c:5a:2e:
         31:62:5e:d5:be:04:63:80:f2:fb:ae:7d:8e:62:1e:be:05:d6:
         5b:f7:d6:9d:75:16:f6:fb:93:dd:cb:ed:ff:d3:39:a1:df:3a:
         4e:5b:22:af:ac:70:5d:b5:94:62:8b:dc:93:3b:4c:b2:c2:b7:
         14:a0:0d:fc:05:85:50:c6:b1:3d:93:45:2a:76:5f:dd:d2:cd:
         c4:df:7b:8a:b9:dd:ac:35:a3:2c:58:42:78:43:76:0b:f5:cf:
         17:b1:a3:0c:ac:e4:61:55:7b:98:c1:12:ee:5d:63:08:a4:e5:
         b5:68:40:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRtlfm7mSuAbpQoh6xdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzk5ZDQ0MzViYjg1ZmFlOTEwYWJlMzhlNjg1MzMyMDRk
ZmQ2MGIwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMThlOTU4MTNkZDg0MzdjOTdjMTBlMTQ3MmMyODEyMWRlMjQ5ZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LjK4FCMphw46wYK7AOx5YBnhryb
V9KnWALqa/jLjPFxLVHTpYsiqddomSLOXK7HoxpZJigHZ2Z42E+nO/b2yvv9dvRE
4rrqDiUUSezs1lkn6fd4xV+1DRxSxXDAr0uWrGVb8+gpKmsey9LfelzeCKqZmxHP
/PVUhT9Dc2YDbm2wNQ15GhuztYYxSTfQsIk+G0kHorRGIpJN+6eS0RjsET9zv0hj
rfCG8mvbljN09xq+ypyBV6tifUEIiGvYzTlriULPiLJrMdRe0AMYmEr5sKKGxCKp
nXykhv3UjQwi/6OgM6QwlFEeT4LUDktzFuM0oZcgKsgauWsTpnmH8h0N0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGOlYE92EN8l8EOFHLCgSHeJJ5RMB8GA1UdIwQY
MBaAFFA5nUQ1u4X66RCr445oUzIE39YLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQt
MzRmZmRiNDQyMTEzLzEvQVk2VmdUM1lRM3lYd1E0VWNzS0JJZDRrbmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQtMzRmZmRiNDQyMTEz
LzEvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuae/MA0G
CSqGSIb3DQEBCwUAA4IBAQCFoh+F00OIo5v96rJKEEpl16rAEbpWoY8Ow2TvdVvQ
vStevn5Fo5W6QTFF/Nr2EePXaB6mOm9Mxh2K5rCLf4GQY6reEdJ0sdzZyDqakJk+
VdJ0LZ2TxO+nbV3fc4nzoQwxn2azyyhdGZqEBYn4zMsye5GAfLy8XFSRleEA2sMb
5CNpp26esLGTZgjz4ZNMWi4xYl7VvgRjgPL7rn2OYh6+BdZb99addRb2+5Pdy+3/
0zmh3zpOWyKvrHBdtZRii9yTO0yywrcUoA38BYVQxrE9k0Uqdl/d0s3E33uKud2s
NaMsWEJ4Q3YL9c8XsaMMrORhVXuYwRLuXWMIpOW1aECz
-----END CERTIFICATE-----