Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/0xL6TyDfROMag54isEDYw0KFAn4.roa
File:                     0xL6TyDfROMag54isEDYw0KFAn4.roa (raw, json)
Hash identifier:          Taqqp+oVWOiohukIRo7yiigD/trHO7UpnU3xGb32Vik=
Subject key identifier:   D3:12:FA:4F:20:DF:44:E3:1A:83:9E:22:B0:40:D8:C3:42:85:02:7E
Certificate issuer:       /CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Certificate serial:       018CC50148C2BBCB960E9AAEAAADE9526500
Authority key identifier: 56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/0xL6TyDfROMag54isEDYw0KFAn4.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        185.118.69.0/24 maxlen: 24
                          185.118.70.0/24 maxlen: 24
                          185.118.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 03:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:48:c2:bb:cb:96:0e:9a:ae:aa:ad:e9:52:65:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d312fa4f20df44e31a839e22b040d8c34285027e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4c:16:3a:f3:ef:31:4d:da:8c:8f:da:05:f8:
                    07:63:0b:4c:48:49:35:22:d0:0d:92:f4:a5:5b:74:
                    52:21:a8:66:67:06:ee:53:61:2b:92:fd:4c:a7:80:
                    85:24:c9:b4:81:ad:e4:ed:68:f2:37:8f:65:2c:55:
                    25:9a:4d:1b:6e:5b:f4:e8:79:bf:eb:44:13:f0:23:
                    83:8b:ca:36:9a:b7:1b:18:3e:4e:2c:64:11:fc:68:
                    b1:3c:d9:1e:00:ed:28:98:39:36:33:f2:cf:0a:19:
                    9e:37:86:14:c0:96:30:0e:c0:75:43:c6:0e:81:e1:
                    b3:17:88:57:89:2b:6c:e7:b8:ae:4a:81:36:0a:ea:
                    26:50:61:0a:97:4b:b5:89:1b:64:83:d9:04:9d:96:
                    7d:d7:6c:2b:b2:8b:d6:28:c5:63:03:ac:bd:7c:c1:
                    b2:dd:0d:71:6c:06:3b:bc:11:57:8f:19:fa:fc:ac:
                    21:37:dc:b1:44:63:86:e1:c0:7b:3d:52:f6:25:d5:
                    6e:d4:2b:7b:ff:cf:4e:86:e8:d3:78:8b:49:65:fc:
                    48:0b:54:e2:49:d4:09:1d:b0:1d:18:ad:a5:23:be:
                    21:58:d5:7d:ad:61:5c:8d:72:f2:35:12:6b:a3:fe:
                    01:5c:0f:46:c4:9a:a3:9a:35:d1:c3:a6:cc:0e:f7:
                    dd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:12:FA:4F:20:DF:44:E3:1A:83:9E:22:B0:40:D8:C3:42:85:02:7E
            X509v3 Authority Key Identifier:
                keyid:56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/0xL6TyDfROMag54isEDYw0KFAn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.69.0-185.118.71.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:e0:4e:8a:15:29:fd:d2:27:99:b6:2d:6c:4a:fc:c2:35:fa:
         1a:59:25:be:a0:2b:4d:aa:f6:b1:1f:c4:83:e7:99:bd:fa:bf:
         7e:57:01:1d:8e:8e:6f:a0:e7:c6:67:e4:76:26:ba:31:e7:ac:
         b5:17:bd:98:58:e7:31:ed:e2:37:12:3b:ee:7c:61:f9:92:3d:
         a8:9f:1e:54:ca:79:ba:f4:28:b3:1f:62:5e:4d:f6:ae:5a:33:
         90:9e:7a:1f:de:7e:ed:bd:3a:ca:0b:57:e8:51:a5:a3:79:b1:
         f1:d5:98:6e:93:e0:b2:df:5a:97:f4:a9:9b:97:e1:a4:ce:5e:
         42:13:a9:61:f3:9b:e6:4d:e7:f8:56:5b:db:69:25:6c:70:1c:
         68:bb:dc:ad:54:ec:11:4e:02:62:fc:3d:a3:18:13:4a:61:71:
         5b:bb:56:90:6a:74:46:67:89:9e:27:60:05:c7:27:44:98:28:
         d8:19:89:bb:59:04:8f:7e:5a:e7:94:b2:15:0a:11:55:0b:59:
         11:3d:54:a1:ff:cb:65:a8:bc:9a:85:3d:6a:ca:39:39:5a:19:
         37:aa:93:8d:8d:81:aa:cd:f0:a9:45:2a:30:f4:68:ea:b1:ad:
         9d:2b:55:f3:06:c1:11:c4:99:c9:6c:50:6f:28:6d:ef:63:74:
         f9:d8:cd:dd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFAUjCu8uWDpquqq3pUmUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2N2FjOWJmMGJlOTFlMGE0ODY2NGVjOGI2YTY3NzA5NTdh
MjEwMjAwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzEyZmE0ZjIwZGY0NGUzMWE4MzllMjJiMDQwZDhjMzQyODUwMjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEwWOvPvMU3ajI/aBfgHYwtMSEk1
ItANkvSlW3RSIahmZwbuU2Erkv1Mp4CFJMm0ga3k7WjyN49lLFUlmk0bblv06Hm/
60QT8CODi8o2mrcbGD5OLGQR/GixPNkeAO0omDk2M/LPChmeN4YUwJYwDsB1Q8YO
geGzF4hXiSts57iuSoE2CuomUGEKl0u1iRtkg9kEnZZ912wrsovWKMVjA6y9fMGy
3Q1xbAY7vBFXjxn6/KwhN9yxRGOG4cB7PVL2JdVu1Ct7/89OhujTeItJZfxIC1Ti
SdQJHbAdGK2lI74hWNV9rWFcjXLyNRJro/4BXA9GxJqjmjXRw6bMDvfdVQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNMS+k8g30TjGoOeIrBA2MNChQJ+MB8GA1UdIwQY
MBaAFFZ6yb8L6R4KSGZOyLamdwlXohAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUt
MDE4ODljYzAzZWJhLzEvMHhMNlR5RGZST01hZzU0aXNFRFl3MEtGQW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUtMDE4ODljYzAzZWJh
LzEvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5dkUD
BAO5dkAwDQYJKoZIhvcNAQELBQADggEBAB3gTooVKf3SJ5m2LWxK/MI1+hpZJb6g
K02q9rEfxIPnmb36v35XAR2Ojm+g58Zn5HYmujHnrLUXvZhY5zHt4jcSO+58YfmS
PaifHlTKebr0KLMfYl5N9q5aM5Ceeh/efu29OsoLV+hRpaN5sfHVmG6T4LLfWpf0
qZuX4aTOXkITqWHzm+ZN5/hWW9tpJWxwHGi73K1U7BFOAmL8PaMYE0phcVu7VpBq
dEZniZ4nYAXHJ0SYKNgZibtZBI9+WueUshUKEVULWRE9VKH/y2WovJqFPWrKOTla
GTeqk42NgarN8KlFKjD0aOqxrZ0rVfMGwRHEmclsUG8obe9jdPnYzd0=
-----END CERTIFICATE-----