Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/j38aB9YsZ1oAsxL0gfaw50vGATQ.roa
File:                     j38aB9YsZ1oAsxL0gfaw50vGATQ.roa (raw, json)
Hash identifier:          WPHSV59T6Lu3apfyT3Bb1s5PRcyNY32p1UeU4hw4sk0=
Subject key identifier:   8F:7F:1A:07:D6:2C:67:5A:00:B3:12:F4:81:F6:B0:E7:4B:C6:01:34
Certificate issuer:       /CN=6c5311a57ccfcb5135261ff39bd19a115ef3e7cf
Certificate serial:       018CC4930505E492EC49568AEF0665AF5091
Authority key identifier: 6C:53:11:A5:7C:CF:CB:51:35:26:1F:F3:9B:D1:9A:11:5E:F3:E7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/j38aB9YsZ1oAsxL0gfaw50vGATQ.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205187
IP address blocks:        185.226.248.0/22 maxlen: 24
                          2a0c:7e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:05:05:e4:92:ec:49:56:8a:ef:06:65:af:50:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c5311a57ccfcb5135261ff39bd19a115ef3e7cf
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f7f1a07d62c675a00b312f481f6b0e74bc60134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:32:0d:ee:60:96:9a:cc:f5:d9:1f:52:5e:f1:
                    9e:4d:15:17:9e:31:12:56:2c:aa:54:0d:39:02:86:
                    ee:03:31:68:c2:41:a9:57:4e:28:c1:39:a8:aa:0b:
                    f2:d4:1e:09:7e:6e:89:6c:a0:72:90:e9:94:b4:2c:
                    2a:82:61:7b:0c:64:74:f1:7c:6d:e3:b0:2e:ac:f7:
                    2b:c9:32:7b:78:67:3f:8d:35:fe:7d:d5:70:a1:4c:
                    d3:a2:4e:cb:85:02:22:15:21:29:39:88:6d:5b:aa:
                    df:fb:02:3e:4f:e2:94:47:9b:70:8e:31:2c:f2:b3:
                    3f:68:6e:a9:99:fb:37:fe:b3:ba:94:0d:15:0e:02:
                    38:4b:1c:dc:35:99:ed:93:65:e6:f9:67:c1:60:01:
                    14:57:41:a0:d7:14:4d:fb:9c:32:b4:c6:4c:7f:2f:
                    c0:35:0b:df:4e:f1:a1:75:e0:69:ec:aa:8e:0a:15:
                    7f:9b:26:07:11:5e:f6:c2:22:f2:02:77:eb:eb:a8:
                    7d:93:5f:1f:87:27:58:0d:10:06:0c:ce:62:76:a7:
                    3a:40:57:0d:0d:15:a1:70:c0:33:cb:47:0c:45:2d:
                    2d:d7:b5:5c:07:6a:92:2c:43:0e:ee:c4:f6:5c:5c:
                    57:f4:37:36:40:ba:e7:7a:a2:16:50:45:15:57:2b:
                    fc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7F:1A:07:D6:2C:67:5A:00:B3:12:F4:81:F6:B0:E7:4B:C6:01:34
            X509v3 Authority Key Identifier:
                keyid:6C:53:11:A5:7C:CF:CB:51:35:26:1F:F3:9B:D1:9A:11:5E:F3:E7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/j38aB9YsZ1oAsxL0gfaw50vGATQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.248.0/22
                IPv6:
                  2a0c:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:58:e1:3f:96:47:41:b6:27:bb:64:b0:82:ec:ee:68:81:6c:
         ca:49:6c:c9:0b:7d:92:73:a3:9a:c4:ad:ae:29:f3:48:c5:ed:
         16:73:ef:9c:22:c6:f6:48:6a:1d:94:e1:57:54:3f:3e:0a:47:
         e4:e3:8c:da:f4:de:8a:7f:8c:3d:95:63:ea:d8:26:96:d2:89:
         c0:52:13:cb:df:c5:3c:79:79:9a:58:ee:48:bc:0a:50:46:65:
         62:1e:07:c1:54:6e:6f:00:a0:3e:ef:d7:e0:07:7f:f3:6b:78:
         47:60:81:70:89:44:62:d7:13:2a:1c:8d:17:1a:b3:f2:40:a5:
         0c:46:6e:bd:1f:4f:49:5d:1b:91:93:ba:44:4d:ff:8d:dd:e5:
         90:e2:53:d5:86:0e:05:a5:fe:20:db:f8:6d:3f:cf:f5:0c:71:
         39:de:ba:7d:a8:c7:6e:cb:c1:73:08:e3:dc:64:29:3b:e4:f4:
         74:40:30:fb:d1:0d:6e:5c:e6:da:07:38:1e:8b:01:13:6a:27:
         37:45:1c:d9:c4:78:44:12:04:d6:cc:53:89:7a:a4:50:75:58:
         73:5b:c7:b0:cd:5d:cf:4d:4e:97:d9:fa:86:8f:f4:46:b0:fd:
         f9:38:b0:1e:a5:d4:ee:fa:00:84:82:2a:4b:a9:e6:47:1e:af:
         b0:09:18:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkwUF5JLsSVaK7wZlr1CRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNTMxMWE1N2NjZmNiNTEzNTI2MWZmMzliZDE5YTExNWVm
M2U3Y2YwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdmMWEwN2Q2MmM2NzVhMDBiMzEyZjQ4MWY2YjBlNzRiYzYwMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDIN7mCWmsz12R9SXvGeTRUXnjES
ViyqVA05AobuAzFowkGpV04owTmoqgvy1B4Jfm6JbKBykOmUtCwqgmF7DGR08Xxt
47AurPcryTJ7eGc/jTX+fdVwoUzTok7LhQIiFSEpOYhtW6rf+wI+T+KUR5twjjEs
8rM/aG6pmfs3/rO6lA0VDgI4SxzcNZntk2Xm+WfBYAEUV0Gg1xRN+5wytMZMfy/A
NQvfTvGhdeBp7KqOChV/myYHEV72wiLyAnfr66h9k18fhydYDRAGDM5idqc6QFcN
DRWhcMAzy0cMRS0t17VcB2qSLEMO7sT2XFxX9Dc2QLrneqIWUEUVVyv8JQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI9/GgfWLGdaALMS9IH2sOdLxgE0MB8GA1UdIwQY
MBaAFGxTEaV8z8tRNSYf85vRmhFe8+fPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkZNUnBYelB5MUUxSmhfem05R2FFVjd6NTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kOTgzY2QtM2Y4ZS00ZDZlLWEzOGMt
NGQ4ZDYyYjE4ZTg5LzEvajM4YUI5WXNaMW9Bc3hMMGdmYXc1MHZHQVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kOTgzY2QtM2Y4ZS00ZDZlLWEzOGMtNGQ4ZDYyYjE4ZTg5
LzEvYkZNUnBYelB5MUUxSmhfem05R2FFVjd6NTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueL4MA0E
AgACMAcDBQMqDH4AMA0GCSqGSIb3DQEBCwUAA4IBAQAEWOE/lkdBtie7ZLCC7O5o
gWzKSWzJC32Sc6OaxK2uKfNIxe0Wc++cIsb2SGodlOFXVD8+Ckfk44za9N6Kf4w9
lWPq2CaW0onAUhPL38U8eXmaWO5IvApQRmViHgfBVG5vAKA+79fgB3/za3hHYIFw
iURi1xMqHI0XGrPyQKUMRm69H09JXRuRk7pETf+N3eWQ4lPVhg4Fpf4g2/htP8/1
DHE53rp9qMduy8FzCOPcZCk75PR0QDD70Q1uXObaBzgeiwETaic3RRzZxHhEEgTW
zFOJeqRQdVhzW8ewzV3PTU6X2fqGj/RGsP35OLAepdTu+gCEgipLqeZHHq+wCRgW
-----END CERTIFICATE-----