Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xB73OBsZmuzN79Vhtf8kryCcWmk.roa
File:                     xB73OBsZmuzN79Vhtf8kryCcWmk.roa (raw, json)
Hash identifier:          CLrSn3OQsqOlGN5weo45FfFYrug0K8N6/ukDZBW/AM0=
Subject key identifier:   C4:1E:F7:38:1B:19:9A:EC:CD:EF:D5:61:B5:FF:24:AF:20:9C:5A:69
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01973B084E09307F6E30F904A8092BD20BC7
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xB73OBsZmuzN79Vhtf8kryCcWmk.roa
Signing time:             Wed 04 Jun 2025 13:01:29 +0000
ROA not before:           Wed 04 Jun 2025 13:01:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.138.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 04:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:08:4e:09:30:7f:6e:30:f9:04:a8:09:2b:d2:0b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jun  4 13:01:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c41ef7381b199aeccdefd561b5ff24af209c5a69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:88:bd:00:8e:a5:05:2c:3e:bf:63:bf:60:65:
                    f9:69:f1:cd:e4:e1:51:7c:25:94:9b:e8:8d:bb:37:
                    35:59:2a:8b:fa:97:6f:66:ae:80:8e:ac:c8:54:57:
                    9f:e4:43:cb:80:a3:a0:8d:2d:4c:e3:7a:29:d1:3d:
                    03:d5:25:bd:28:d1:8f:26:5f:e9:d8:80:cb:18:ec:
                    b1:5a:bc:38:14:07:f2:4d:c4:f0:c8:bc:37:bf:66:
                    7f:7e:5c:67:7d:de:68:dc:98:04:bc:cf:b3:0e:27:
                    48:43:27:bf:bf:ea:2e:08:e4:51:61:d4:02:d5:13:
                    36:e5:6c:38:78:e0:3b:3e:c3:dd:19:c3:70:9f:c8:
                    1a:a0:2f:b8:8e:8b:10:3c:ad:71:e8:ba:33:05:80:
                    a4:a5:61:51:f8:1b:c0:df:b9:7e:be:1f:f8:b1:ee:
                    32:3c:8b:b2:c9:5b:ba:e6:f4:16:6c:fb:0f:bd:f7:
                    71:26:3a:c1:6d:57:68:fe:bd:44:60:73:77:e9:e9:
                    1d:e8:1f:31:37:e9:39:ab:5e:3f:79:bf:68:36:42:
                    21:d7:18:d8:5e:0f:05:aa:4d:f6:56:7d:79:54:47:
                    bc:a0:d0:25:7b:fe:b2:14:fd:f4:a4:ca:c0:02:8d:
                    6e:c0:fb:1c:6c:12:fd:8a:fa:98:c0:8e:4f:2d:d4:
                    b7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1E:F7:38:1B:19:9A:EC:CD:EF:D5:61:B5:FF:24:AF:20:9C:5A:69
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xB73OBsZmuzN79Vhtf8kryCcWmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:1a:dd:34:46:0a:4e:49:18:b6:d5:67:0b:15:c5:c7:ff:9c:
         2f:54:a2:21:6f:77:1f:af:a8:3b:76:a1:93:0c:5e:ed:d6:2f:
         34:4b:22:51:e2:76:83:63:12:5b:21:d2:d1:39:86:95:cd:9b:
         28:9d:18:a2:2f:f1:c1:32:6c:60:38:f2:37:5f:e5:67:28:e5:
         f8:9d:17:d3:b6:22:33:53:34:26:16:fd:09:44:08:f7:87:5f:
         d4:62:b4:36:7b:55:ae:40:c9:3a:e0:17:c0:19:aa:b9:c2:28:
         b4:63:ba:b2:b7:a0:2e:7e:f8:e9:27:33:cc:36:00:64:e2:ea:
         68:be:21:f6:82:a0:12:2d:07:ac:db:d2:2d:44:d8:f7:e6:27:
         53:44:5c:bf:36:f2:06:52:68:45:81:a5:27:1c:d2:50:5d:ff:
         46:1f:cf:09:ad:d7:22:87:2e:c1:47:87:71:0f:19:40:72:c1:
         a8:8a:e3:22:bd:f8:6f:a2:a6:a5:b5:9c:33:11:6c:3c:02:f2:
         9e:02:c6:72:d5:16:c6:6d:d2:c1:26:ce:58:8e:ce:cf:44:c4:
         27:69:c2:b7:57:2b:4d:31:2e:46:65:4e:84:3f:eb:8f:5f:97:
         d0:42:0b:e5:79:4a:0d:b5:6c:29:8f:2f:fe:97:9a:80:7d:d3:
         6f:1c:25:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7CE4JMH9uMPkEqAkr0gvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwNjA0MTMwMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDFlZjczODFiMTk5YWVjY2RlZmQ1NjFiNWZmMjRhZjIwOWM1YTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYi9AI6lBSw+v2O/YGX5afHN5OFR
fCWUm+iNuzc1WSqL+pdvZq6AjqzIVFef5EPLgKOgjS1M43op0T0D1SW9KNGPJl/p
2IDLGOyxWrw4FAfyTcTwyLw3v2Z/flxnfd5o3JgEvM+zDidIQye/v+ouCORRYdQC
1RM25Ww4eOA7PsPdGcNwn8gaoC+4josQPK1x6LozBYCkpWFR+BvA37l+vh/4se4y
PIuyyVu65vQWbPsPvfdxJjrBbVdo/r1EYHN36ekd6B8xN+k5q14/eb9oNkIh1xjY
Xg8Fqk32Vn15VEe8oNAle/6yFP30pMrAAo1uwPscbBL9ivqYwI5PLdS3yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQe9zgbGZrsze/VYbX/JK8gnFppMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEveEI3M09Cc1ptdXpONzlWaHRmOGtyeUNjV21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrqMA0G
CSqGSIb3DQEBCwUAA4IBAQBVGt00RgpOSRi21WcLFcXH/5wvVKIhb3cfr6g7dqGT
DF7t1i80SyJR4naDYxJbIdLROYaVzZsonRiiL/HBMmxgOPI3X+VnKOX4nRfTtiIz
UzQmFv0JRAj3h1/UYrQ2e1WuQMk64BfAGaq5wii0Y7qyt6AufvjpJzPMNgBk4upo
viH2gqASLQes29ItRNj35idTRFy/NvIGUmhFgaUnHNJQXf9GH88Jrdcihy7BR4dx
DxlAcsGoiuMivfhvoqaltZwzEWw8AvKeAsZy1RbGbdLBJs5Yjs7PRMQnacK3VytN
MS5GZU6EP+uPX5fQQgvleUoNtWwpjy/+l5qAfdNvHCX4
-----END CERTIFICATE-----