Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/YIHAmsItjloj1TrEuaeW0SMaGyY.roa
File:                     YIHAmsItjloj1TrEuaeW0SMaGyY.roa (raw, json)
Hash identifier:          aoDv3AuLgw9RMQOXIdreiEHqLPt5TTOhQF6zF4gJo7o=
Subject key identifier:   60:81:C0:9A:C2:2D:8E:5A:23:D5:3A:C4:B9:A7:96:D1:23:1A:1B:26
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       01914508B7900AF35D8D06C0D13AF7304DFD
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/YIHAmsItjloj1TrEuaeW0SMaGyY.roa
Signing time:             Mon 12 Aug 2024 05:21:24 +0000
ROA not before:           Mon 12 Aug 2024 05:21:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34871
IP address blocks:        185.240.148.0/23 maxlen: 23
                          185.240.148.0/24 maxlen: 24
                          185.240.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:08:b7:90:0a:f3:5d:8d:06:c0:d1:3a:f7:30:4d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Aug 12 05:21:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6081c09ac22d8e5a23d53ac4b9a796d1231a1b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:19:9d:3b:13:5a:f6:a4:23:d9:48:c6:34:a7:
                    98:97:c6:90:f0:f4:96:65:e4:ff:65:7a:6b:87:4e:
                    3d:e4:91:42:f0:1c:8c:f6:1f:77:fa:17:81:e0:fd:
                    c9:38:15:17:af:6a:3c:12:05:cf:42:25:a3:38:32:
                    6b:d8:ef:1e:6a:1b:e3:0e:42:14:36:e3:72:79:0f:
                    50:73:c6:e7:74:ff:f7:a1:3c:4c:d8:f3:6d:cf:0b:
                    8a:cf:64:68:aa:f1:6f:ef:d0:46:b2:e6:8b:49:7f:
                    27:b1:8d:a2:5b:e9:58:61:74:c2:28:9f:6a:c2:35:
                    f3:d2:de:86:28:6e:e8:ca:0b:87:c4:de:d7:8f:4b:
                    88:24:9f:bf:24:a1:cb:c8:c5:6c:7d:29:b3:6e:fa:
                    9a:8c:4c:4e:ef:09:96:26:14:14:fe:68:f8:9c:97:
                    9e:b6:71:3b:a6:e4:89:1a:77:10:43:51:05:96:7c:
                    5a:6e:38:51:f6:92:ab:2f:07:9d:2e:1a:19:09:40:
                    2f:8b:76:bc:68:f2:b8:c4:28:9f:02:f1:6b:7d:a4:
                    96:47:37:f5:3b:9d:84:00:8a:53:b5:d0:d4:d7:b0:
                    42:ed:d7:22:40:10:e5:9c:3b:86:60:fb:37:2f:6c:
                    37:6f:46:5c:57:a6:fa:56:0a:65:d6:52:5b:88:7e:
                    17:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:81:C0:9A:C2:2D:8E:5A:23:D5:3A:C4:B9:A7:96:D1:23:1A:1B:26
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/YIHAmsItjloj1TrEuaeW0SMaGyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.148.0/23
                  185.240.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:4a:d4:50:90:82:63:40:18:1f:e7:69:04:a4:b4:dc:ec:25:
         d3:65:ed:eb:0b:d7:b9:4a:f4:9f:92:a7:7f:35:99:ba:68:d1:
         b1:5a:36:3a:36:52:4a:89:51:1e:ea:18:46:90:11:a4:0d:c2:
         24:4c:fc:bc:5b:4c:23:21:5a:fe:50:d6:4c:5a:4f:dc:55:0d:
         08:6f:45:eb:d6:bb:50:c2:16:1d:c0:aa:07:63:2a:ec:6e:5d:
         e3:f6:51:78:6e:76:40:16:83:f8:07:04:1a:88:a8:28:c3:4a:
         f7:9e:cd:aa:f0:60:8c:12:31:2d:e2:80:a9:c2:ff:b2:d9:62:
         bc:7a:54:75:00:9b:1f:03:43:c2:b2:19:0b:a4:e7:63:f8:f3:
         1d:40:6e:c7:5f:67:01:a2:5e:e5:0c:1c:b1:69:df:e4:96:a2:
         cf:80:03:5d:55:db:fa:58:b0:8a:f7:b0:d3:57:45:28:9f:f9:
         5d:74:c4:1f:a1:9a:e0:cc:ec:46:7a:74:af:1a:27:bd:05:26:
         e4:03:97:34:e4:cb:b8:26:1e:25:44:ea:2e:40:71:d3:a3:43:
         da:f0:4b:10:8a:8b:b2:91:fe:a4:90:68:8e:f0:66:16:57:13:
         c5:5f:55:67:e4:29:9c:59:54:f9:a7:76:a8:44:89:45:ad:c0:
         81:a5:9f:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFFCLeQCvNdjQbA0Tr3ME39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjQwODEyMDUyMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDgxYzA5YWMyMmQ4ZTVhMjNkNTNhYzRiOWE3OTZkMTIzMWExYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRmdOxNa9qQj2UjGNKeYl8aQ8PSW
ZeT/ZXprh0495JFC8ByM9h93+heB4P3JOBUXr2o8EgXPQiWjODJr2O8eahvjDkIU
NuNyeQ9Qc8bndP/3oTxM2PNtzwuKz2RoqvFv79BGsuaLSX8nsY2iW+lYYXTCKJ9q
wjXz0t6GKG7oyguHxN7Xj0uIJJ+/JKHLyMVsfSmzbvqajExO7wmWJhQU/mj4nJee
tnE7puSJGncQQ1EFlnxabjhR9pKrLwedLhoZCUAvi3a8aPK4xCifAvFrfaSWRzf1
O52EAIpTtdDU17BC7dciQBDlnDuGYPs3L2w3b0ZcV6b6Vgpl1lJbiH4XdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGCBwJrCLY5aI9U6xLmnltEjGhsmMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvWUlIQW1zSXRqbG9qMVRyRXVhZVcwU01hR3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBufCUAwQA
ufCXMA0GCSqGSIb3DQEBCwUAA4IBAQAwStRQkIJjQBgf52kEpLTc7CXTZe3rC9e5
SvSfkqd/NZm6aNGxWjY6NlJKiVEe6hhGkBGkDcIkTPy8W0wjIVr+UNZMWk/cVQ0I
b0Xr1rtQwhYdwKoHYyrsbl3j9lF4bnZAFoP4BwQaiKgow0r3ns2q8GCMEjEt4oCp
wv+y2WK8elR1AJsfA0PCshkLpOdj+PMdQG7HX2cBol7lDByxad/klqLPgANdVdv6
WLCK97DTV0Uon/lddMQfoZrgzOxGenSvGie9BSbkA5c05Mu4Jh4lROouQHHTo0Pa
8EsQiouykf6kkGiO8GYWVxPFX1Vn5CmcWVT5p3aoRIlFrcCBpZ+o
-----END CERTIFICATE-----