Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/z8wFHcF7NLSbEzwnisx-No4hVvc.roa
File:                     z8wFHcF7NLSbEzwnisx-No4hVvc.roa (raw, json)
Hash identifier:          +8Ni+4/M3cKKplKn4ugaR4kb6clVsf+wT7vTUwpP4R0=
Subject key identifier:   CF:CC:05:1D:C1:7B:34:B4:9B:13:3C:27:8A:CC:7E:36:8E:21:56:F7
Certificate issuer:       /CN=964335563d9b6f9e3e28de368d85988bc141371e
Certificate serial:       018CC9BC6AEEAB58081C0E56834AD16F3A32
Authority key identifier: 96:43:35:56:3D:9B:6F:9E:3E:28:DE:36:8D:85:98:8B:C1:41:37:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/z8wFHcF7NLSbEzwnisx-No4hVvc.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206608
IP address blocks:        185.180.81.0/24 maxlen: 24
                          185.180.80.0/22 maxlen: 22
                          185.180.80.0/24 maxlen: 24
                          185.180.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6a:ee:ab:58:08:1c:0e:56:83:4a:d1:6f:3a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=964335563d9b6f9e3e28de368d85988bc141371e
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfcc051dc17b34b49b133c278acc7e368e2156f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:d1:aa:7e:c8:85:45:97:64:ba:b6:d0:cb:
                    e3:70:f5:9d:53:09:71:c7:d3:32:45:b8:0c:e6:f1:
                    4f:12:3b:53:f2:40:07:9b:1a:87:c2:e0:cd:f0:f9:
                    92:14:cd:74:34:cd:80:2b:70:a2:a9:be:9a:67:4d:
                    d1:b6:61:e8:4d:01:66:91:c0:77:10:ef:97:a0:8b:
                    ae:7c:4e:29:bc:d7:bd:82:30:dd:1d:58:b6:13:7a:
                    65:82:4f:63:bf:6a:1f:4e:a0:44:b8:23:0d:52:cc:
                    0e:c8:18:89:ef:ff:26:57:8e:33:f6:66:d9:c1:5d:
                    b7:c3:1d:b9:cb:4a:c5:55:9d:4f:42:15:f3:e7:03:
                    6a:be:26:80:9e:a1:4e:26:67:2b:be:cb:7f:c5:ce:
                    f9:58:d4:37:d8:32:4d:2c:0b:d0:b5:91:af:b9:26:
                    b5:2b:a8:3c:de:59:90:d1:56:fb:43:21:79:24:36:
                    3d:d9:f9:16:49:df:63:90:aa:6c:32:e8:52:79:fa:
                    3d:4b:6c:07:bd:0c:e0:b4:37:2e:0d:b2:32:b0:fd:
                    24:8f:f8:17:e2:47:0e:05:47:6d:c1:89:ed:a1:6e:
                    d4:b8:9b:ef:89:e4:0c:17:bb:66:8a:c5:54:c1:23:
                    d0:de:15:3b:56:2f:09:d1:0a:99:51:99:6b:ad:8f:
                    44:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CC:05:1D:C1:7B:34:B4:9B:13:3C:27:8A:CC:7E:36:8E:21:56:F7
            X509v3 Authority Key Identifier:
                keyid:96:43:35:56:3D:9B:6F:9E:3E:28:DE:36:8D:85:98:8B:C1:41:37:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/z8wFHcF7NLSbEzwnisx-No4hVvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:51:ae:3d:bf:3b:59:cf:09:39:ea:73:77:d7:b9:07:ae:8b:
         20:c3:48:77:46:4b:16:6b:c9:2d:c0:10:87:2b:44:6b:8b:19:
         b6:62:a1:bc:4c:36:3c:c2:fe:94:6b:2f:9b:8b:e7:ca:a0:50:
         d5:52:22:01:17:77:51:39:d1:0b:4c:56:c6:e5:44:2c:ef:0e:
         3c:0a:e3:ef:7e:b7:16:4c:ae:4a:d7:14:09:68:ca:e1:b5:12:
         bd:89:be:00:b9:3d:c1:d8:ac:6c:34:60:8d:06:cb:7b:3d:67:
         a3:e2:ee:85:33:e1:20:bd:fe:13:fe:72:88:2c:3f:92:b0:db:
         3b:d8:11:0d:59:c4:43:cf:ee:15:e1:3e:f9:8c:de:5a:a6:22:
         d2:ce:25:75:33:aa:24:3f:f7:c3:c2:62:53:bf:d2:76:62:9b:
         5e:51:8d:7d:17:27:08:3c:83:99:6a:f2:69:b4:71:5b:e2:a5:
         cc:8b:40:d0:45:ca:78:51:64:1d:ff:07:d1:6b:aa:f9:fc:1c:
         2d:e5:8d:f6:e1:69:2c:d2:f9:e2:ff:87:ae:69:09:8a:ec:10:
         1c:c3:04:01:f9:84:b1:e7:01:c5:ac:c8:25:8d:a8:9a:19:55:
         e2:01:4b:3b:df:05:3d:a2:56:91:c2:3c:8d:6f:ff:f6:31:fd:
         63:fa:a4:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGruq1gIHA5Wg0rRbzoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NDMzNTU2M2Q5YjZmOWUzZTI4ZGUzNjhkODU5ODhiYzE0
MTM3MWUwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNjMDUxZGMxN2IzNGI0OWIxMzNjMjc4YWNjN2UzNjhlMjE1NmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbfRqn7IhUWXZLq20MvjcPWdUwlx
x9MyRbgM5vFPEjtT8kAHmxqHwuDN8PmSFM10NM2AK3Ciqb6aZ03RtmHoTQFmkcB3
EO+XoIuufE4pvNe9gjDdHVi2E3plgk9jv2ofTqBEuCMNUswOyBiJ7/8mV44z9mbZ
wV23wx25y0rFVZ1PQhXz5wNqviaAnqFOJmcrvst/xc75WNQ32DJNLAvQtZGvuSa1
K6g83lmQ0Vb7QyF5JDY92fkWSd9jkKpsMuhSefo9S2wHvQzgtDcuDbIysP0kj/gX
4kcOBUdtwYntoW7UuJvvieQMF7tmisVUwSPQ3hU7Vi8J0QqZUZlrrY9E3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/MBR3BezS0mxM8J4rMfjaOIVb3MB8GA1UdIwQY
MBaAFJZDNVY9m2+ePijeNo2FmIvBQTceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGtNMVZqMmJiNTQtS040MmpZV1lpOEZCTng0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xODZhOTMtOGU5My00NjUyLTkyODkt
N2VkNTFjYTVhZjUxLzEvejh3RkhjRjdOTFNiRXp3bmlzeC1ObzRoVnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xODZhOTMtOGU5My00NjUyLTkyODktN2VkNTFjYTVhZjUx
LzEvbGtNMVZqMmJiNTQtS040MmpZV1lpOEZCTng0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubRQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLUa49vztZzwk56nN317kHrosgw0h3RksWa8ktwBCH
K0Rrixm2YqG8TDY8wv6Uay+bi+fKoFDVUiIBF3dROdELTFbG5UQs7w48CuPvfrcW
TK5K1xQJaMrhtRK9ib4AuT3B2KxsNGCNBst7PWej4u6FM+Egvf4T/nKILD+SsNs7
2BENWcRDz+4V4T75jN5apiLSziV1M6okP/fDwmJTv9J2YpteUY19FycIPIOZavJp
tHFb4qXMi0DQRcp4UWQd/wfRa6r5/Bwt5Y324Wks0vni/4euaQmK7BAcwwQB+YSx
5wHFrMgljaiaGVXiAUs73wU9olaRwjyNb//2Mf1j+qSV
-----END CERTIFICATE-----