Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/72jh0UTBGXFwYjPM4OHckwBZ8vQ.roa
File:                     72jh0UTBGXFwYjPM4OHckwBZ8vQ.roa (raw, json)
Hash identifier:          wUujGeovMZP9es46HWZ1PnagLxeVjnTA2P8Xa4R3Fto=
Subject key identifier:   EF:68:E1:D1:44:C1:19:71:70:62:33:CC:E0:E1:DC:93:00:59:F2:F4
Certificate issuer:       /CN=869b3600fd738e698d12fef20e106e6a94e3b674
Certificate serial:       018CC425492FA1E2803F4B2F4F2257FB3F39
Authority key identifier: 86:9B:36:00:FD:73:8E:69:8D:12:FE:F2:0E:10:6E:6A:94:E3:B6:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hps2AP1zjmmNEv7yDhBuapTjtnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/72jh0UTBGXFwYjPM4OHckwBZ8vQ.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50635
IP address blocks:        195.191.186.0/24 maxlen: 24
                          195.191.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/hps2AP1zjmmNEv7yDhBuapTjtnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/hps2AP1zjmmNEv7yDhBuapTjtnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hps2AP1zjmmNEv7yDhBuapTjtnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:49:2f:a1:e2:80:3f:4b:2f:4f:22:57:fb:3f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=869b3600fd738e698d12fef20e106e6a94e3b674
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef68e1d144c11971706233cce0e1dc930059f2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:96:3b:50:6d:a8:09:b0:39:10:4e:f9:ac:98:
                    c0:ca:db:32:54:21:e0:07:b0:27:57:18:d4:91:fe:
                    fa:fe:a6:b3:29:7a:2f:43:44:75:c4:ea:37:e1:c2:
                    a0:5b:b8:38:ad:6d:bd:c8:64:86:e6:77:f6:8a:64:
                    23:a0:15:1f:56:aa:40:75:b0:e7:2b:27:34:dc:4e:
                    38:03:8d:45:50:1a:ed:89:2e:e1:58:56:98:f8:c2:
                    9e:e5:87:41:30:7c:8b:05:e6:32:0a:e4:93:a3:d8:
                    86:6e:fd:71:4f:f9:04:f2:02:30:de:19:52:d9:6d:
                    2e:5c:24:a1:1b:ca:0e:80:46:8a:fb:76:ac:76:ab:
                    75:33:d7:cf:77:09:32:1e:85:39:e4:5a:e2:24:4d:
                    9d:5d:8b:22:b5:e3:fa:c3:14:30:7e:e0:d2:f0:ff:
                    f4:2f:82:c3:15:86:ba:2f:e6:8d:58:6e:ea:7a:bf:
                    77:a3:c9:d8:65:76:12:e4:f6:07:43:f3:fa:69:7e:
                    ef:f4:40:14:84:65:7f:66:13:a1:e8:31:9a:ab:fc:
                    1e:8e:a9:f8:af:29:a6:6f:ae:bf:a8:2f:59:d1:b1:
                    6b:33:9e:73:43:94:c1:75:b9:9c:5f:47:53:61:cb:
                    54:42:55:c2:93:4d:16:38:c7:19:c5:d9:36:ad:2c:
                    c0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:68:E1:D1:44:C1:19:71:70:62:33:CC:E0:E1:DC:93:00:59:F2:F4
            X509v3 Authority Key Identifier:
                keyid:86:9B:36:00:FD:73:8E:69:8D:12:FE:F2:0E:10:6E:6A:94:E3:B6:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hps2AP1zjmmNEv7yDhBuapTjtnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/72jh0UTBGXFwYjPM4OHckwBZ8vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/609976-1ace-444f-bcb5-4243e88bd76c/1/hps2AP1zjmmNEv7yDhBuapTjtnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:1b:ab:01:57:20:f3:4a:6d:b5:d0:99:ed:ba:14:45:9f:4b:
         f2:ed:b8:7e:87:1c:72:7f:54:c9:ce:99:bc:ca:49:71:e6:15:
         4d:dc:b6:9a:ea:28:bd:de:33:1d:ee:3a:93:c2:1f:08:2f:75:
         a1:87:b1:02:59:41:96:a7:ff:26:ca:fc:b3:cb:0e:74:80:16:
         5a:b0:87:15:dd:0c:62:69:81:e5:77:26:ac:b1:9a:6c:d5:e3:
         fb:e8:f0:ed:55:aa:37:af:94:ac:66:c9:3d:a1:0b:96:e5:c2:
         2b:8b:eb:08:0a:db:83:43:de:71:32:da:f0:ae:95:4a:8f:18:
         04:42:02:aa:2b:25:9b:58:17:45:8a:c9:88:80:c7:3f:20:3e:
         9d:98:8b:06:fa:d2:3e:10:cb:0f:4d:69:cf:8b:14:a3:7c:1f:
         c9:a7:cc:ee:b9:8e:2d:ca:ed:ce:a7:d2:c5:12:05:91:f4:b4:
         88:11:9c:9e:7c:e9:c4:8e:17:06:68:66:05:d2:62:87:9a:ad:
         94:98:ac:15:d9:24:12:47:c2:2c:81:0c:f4:dd:a8:2e:96:d7:
         6e:5d:9f:61:55:79:ee:12:86:0f:12:16:24:dd:6f:a8:72:dd:
         66:cd:c4:cc:c1:3b:33:c5:fe:0d:fc:80:b4:41:7f:33:05:7d:
         51:bf:cd:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUkvoeKAP0svTyJX+z85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2OWIzNjAwZmQ3MzhlNjk4ZDEyZmVmMjBlMTA2ZTZhOTRl
M2I2NzQwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY4ZTFkMTQ0YzExOTcxNzA2MjMzY2NlMGUxZGM5MzAwNTlmMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpY7UG2oCbA5EE75rJjAytsyVCHg
B7AnVxjUkf76/qazKXovQ0R1xOo34cKgW7g4rW29yGSG5nf2imQjoBUfVqpAdbDn
Kyc03E44A41FUBrtiS7hWFaY+MKe5YdBMHyLBeYyCuSTo9iGbv1xT/kE8gIw3hlS
2W0uXCShG8oOgEaK+3asdqt1M9fPdwkyHoU55FriJE2dXYsiteP6wxQwfuDS8P/0
L4LDFYa6L+aNWG7qer93o8nYZXYS5PYHQ/P6aX7v9EAUhGV/ZhOh6DGaq/wejqn4
rymmb66/qC9Z0bFrM55zQ5TBdbmcX0dTYctUQlXCk00WOMcZxdk2rSzAtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9o4dFEwRlxcGIzzODh3JMAWfL0MB8GA1UdIwQY
MBaAFIabNgD9c45pjRL+8g4QbmqU47Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHBzMkFQMXpqbW1ORXY3eURoQnVhcFRqdG5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy82MDk5NzYtMWFjZS00NDRmLWJjYjUt
NDI0M2U4OGJkNzZjLzEvNzJqaDBVVEJHWEZ3WWpQTTRPSGNrd0JaOHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy82MDk5NzYtMWFjZS00NDRmLWJjYjUtNDI0M2U4OGJkNzZj
LzEvaHBzMkFQMXpqbW1ORXY3eURoQnVhcFRqdG5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7+6MA0G
CSqGSIb3DQEBCwUAA4IBAQCjG6sBVyDzSm210JntuhRFn0vy7bh+hxxyf1TJzpm8
yklx5hVN3Laa6ii93jMd7jqTwh8IL3Whh7ECWUGWp/8myvyzyw50gBZasIcV3Qxi
aYHldyassZps1eP76PDtVao3r5SsZsk9oQuW5cIri+sICtuDQ95xMtrwrpVKjxgE
QgKqKyWbWBdFismIgMc/ID6dmIsG+tI+EMsPTWnPixSjfB/Jp8zuuY4tyu3Op9LF
EgWR9LSIEZyefOnEjhcGaGYF0mKHmq2UmKwV2SQSR8IsgQz03agultduXZ9hVXnu
EoYPEhYk3W+oct1mzcTMwTszxf4N/IC0QX8zBX1Rv83i
-----END CERTIFICATE-----