Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/xbB6ucyKhW1_i_JcmupxaHGhuak.roa
File:                     xbB6ucyKhW1_i_JcmupxaHGhuak.roa (raw, json)
Hash identifier:          9nOdxX9jju16uBCzR9UKDRIUXKh6RreqwnTB8OB6Ieo=
Subject key identifier:   C5:B0:7A:B9:CC:8A:85:6D:7F:8B:F2:5C:9A:EA:71:68:71:A1:B9:A9
Certificate issuer:       /CN=70847f8221897d6e952e86ea2c339abaacc131f5
Certificate serial:       018CC6B7941C295F44A829D23A359EC9A68C
Authority key identifier: 70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/xbB6ucyKhW1_i_JcmupxaHGhuak.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9051
IP address blocks:        185.38.28.0/22 maxlen: 24
                          185.95.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:1c:29:5f:44:a8:29:d2:3a:35:9e:c9:a6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70847f8221897d6e952e86ea2c339abaacc131f5
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5b07ab9cc8a856d7f8bf25c9aea716871a1b9a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:37:d5:ce:9f:79:5e:d5:75:4b:9d:94:50:fe:
                    99:20:fc:fb:f1:b9:8c:8f:06:74:98:c4:7a:7f:27:
                    b9:32:e6:1a:4f:e0:3c:fe:44:b1:43:86:6f:0e:bf:
                    30:31:8d:ae:39:eb:27:0c:6c:99:49:c7:be:44:31:
                    2b:77:70:6e:47:20:4e:43:99:65:ef:b7:ad:bf:6e:
                    45:bf:21:22:90:ff:a5:b7:35:d0:e0:19:ad:99:58:
                    e8:1d:74:ca:42:c3:78:72:29:8f:c7:4b:80:71:1d:
                    b6:ff:a9:8e:21:49:86:62:b6:70:7b:83:c0:dd:41:
                    14:f6:58:27:11:42:7e:5e:aa:ff:f3:74:de:26:c5:
                    2f:28:2e:9c:83:c4:19:55:1e:12:1e:14:da:05:ac:
                    8d:8a:57:fd:f5:6b:b3:b2:49:e0:85:37:2e:7f:3f:
                    90:e4:54:39:0d:5f:33:25:89:74:81:c4:65:54:65:
                    74:a7:9e:3b:ed:f3:87:b6:b3:a3:a6:db:6a:f5:72:
                    b8:c5:a3:ce:21:ab:18:2c:af:61:2b:64:50:ef:ef:
                    c4:0b:85:26:c9:4a:0d:09:8b:9c:84:b5:32:1b:09:
                    68:be:a9:b2:22:08:89:d6:66:e1:b9:90:12:9b:85:
                    10:d9:76:56:6a:11:85:72:db:b1:59:3b:1c:95:dd:
                    8e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B0:7A:B9:CC:8A:85:6D:7F:8B:F2:5C:9A:EA:71:68:71:A1:B9:A9
            X509v3 Authority Key Identifier:
                keyid:70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/xbB6ucyKhW1_i_JcmupxaHGhuak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.28.0/22
                  185.95.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:a3:a6:53:fa:de:1f:c5:2f:b8:a0:b4:c0:dc:cb:8a:59:b6:
         53:81:0f:3d:a4:c3:0a:cf:c9:bd:a8:5d:c7:81:37:e2:e8:02:
         73:b7:11:3a:72:ce:89:87:a7:eb:a6:af:96:69:1a:74:9e:14:
         8f:b0:d0:98:26:dc:0e:53:3d:29:1b:a8:d5:fc:74:ad:dd:91:
         58:43:58:94:05:a7:90:b7:1f:f1:48:19:63:6a:70:51:30:be:
         0c:d2:e9:5c:f4:0c:cc:ff:d3:49:b4:a8:bb:5c:01:79:bc:67:
         b1:44:25:85:15:0b:ff:14:80:44:f1:71:b1:fc:57:7f:2b:e1:
         d0:a0:0a:98:0f:b8:2f:f4:c1:f2:56:b7:b6:45:d5:f1:3a:8e:
         e5:6b:fc:57:35:2e:21:8a:26:05:4f:a0:1c:91:9d:83:11:32:
         ad:ea:b7:0b:bc:d6:e4:ee:0c:1c:97:77:d1:4d:50:45:de:28:
         bc:ec:17:f8:eb:86:24:91:d5:c3:0c:db:70:55:ed:4b:da:51:
         55:db:8b:57:86:98:9f:ab:a9:fc:57:2e:01:01:39:2b:66:3c:
         b8:90:60:28:9b:e8:78:20:dd:9a:87:ce:ca:c6:5a:ba:c0:e0:
         a2:5b:8b:c2:05:81:de:c1:4e:88:ad:58:13:07:a5:2b:c8:22:
         b0:76:71:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt5QcKV9EqCnSOjWeyaaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODQ3ZjgyMjE4OTdkNmU5NTJlODZlYTJjMzM5YWJhYWNj
MTMxZjUwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIwN2FiOWNjOGE4NTZkN2Y4YmYyNWM5YWVhNzE2ODcxYTFiOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDfVzp95XtV1S52UUP6ZIPz78bmM
jwZ0mMR6fye5MuYaT+A8/kSxQ4ZvDr8wMY2uOesnDGyZSce+RDErd3BuRyBOQ5ll
77etv25FvyEikP+ltzXQ4BmtmVjoHXTKQsN4cimPx0uAcR22/6mOIUmGYrZwe4PA
3UEU9lgnEUJ+Xqr/83TeJsUvKC6cg8QZVR4SHhTaBayNilf99WuzsknghTcufz+Q
5FQ5DV8zJYl0gcRlVGV0p5477fOHtrOjpttq9XK4xaPOIasYLK9hK2RQ7+/EC4Um
yUoNCYuchLUyGwlovqmyIgiJ1mbhuZASm4UQ2XZWahGFctuxWTscld2OuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMWwernMioVtf4vyXJrqcWhxobmpMB8GA1UdIwQY
MBaAFHCEf4IhiX1ulS6G6iwzmrqswTH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgt
NmU4Nzg0YTdhZDA5LzEveGJCNnVjeUtoVzFfaV9KY211cHhhSEdodWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgtNmU4Nzg0YTdhZDA5
LzEvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSYcAwQC
uV/8MA0GCSqGSIb3DQEBCwUAA4IBAQCro6ZT+t4fxS+4oLTA3MuKWbZTgQ89pMMK
z8m9qF3HgTfi6AJztxE6cs6Jh6frpq+WaRp0nhSPsNCYJtwOUz0pG6jV/HSt3ZFY
Q1iUBaeQtx/xSBljanBRML4M0ulc9AzM/9NJtKi7XAF5vGexRCWFFQv/FIBE8XGx
/Fd/K+HQoAqYD7gv9MHyVre2RdXxOo7la/xXNS4hiiYFT6AckZ2DETKt6rcLvNbk
7gwcl3fRTVBF3ii87Bf464YkkdXDDNtwVe1L2lFV24tXhpifq6n8Vy4BATkrZjy4
kGAom+h4IN2ah87Kxlq6wOCiW4vCBYHewU6IrVgTB6UryCKwdnFn
-----END CERTIFICATE-----