Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/1-YAYvIwHPm012P3OE_sYBiZGgRE.roa
File:                     1-YAYvIwHPm012P3OE_sYBiZGgRE.roa (raw, json)
Hash identifier:          E2Pin0SosuOE3LPVpTvl5rUoXTQN8yzQiAXQaPoYS+I=
Subject key identifier:   F9:80:18:BC:8C:07:3E:6D:35:D8:FD:CE:13:FB:18:06:26:46:81:11
Certificate issuer:       /CN=656cc25012e3a4c8b1626dd757c7b0510e457341
Certificate serial:       018CC3B72B73278C6FB8D69FB082F9016B91
Authority key identifier: 65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/1-YAYvIwHPm012P3OE_sYBiZGgRE.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.170.189.0/24 maxlen: 24
                          185.170.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2b:73:27:8c:6f:b8:d6:9f:b0:82:f9:01:6b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656cc25012e3a4c8b1626dd757c7b0510e457341
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f98018bc8c073e6d35d8fdce13fb180626468111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1f:79:09:ea:26:e8:ce:16:ed:81:94:92:6c:
                    1a:75:fb:e2:6d:09:84:8d:79:08:3d:2b:28:e9:01:
                    8a:5e:1f:e7:74:69:9c:c2:c0:2b:ac:67:bb:99:2f:
                    f0:c4:39:c1:5e:6e:d6:97:d0:c7:a6:c9:94:29:56:
                    53:03:74:dc:76:86:59:30:8b:ad:26:ec:98:67:d4:
                    d4:d7:9e:e8:48:6a:a0:f1:6f:01:f3:a0:72:42:a8:
                    2a:d6:fd:f3:b4:ae:bb:fc:85:f1:db:c6:77:dc:81:
                    04:b0:ae:19:49:d4:b1:be:83:0c:31:46:a3:76:1b:
                    30:05:cd:85:d6:4e:3e:4a:07:96:ae:0a:0f:85:1e:
                    e6:1d:f1:56:0e:73:93:e1:79:73:d5:68:b0:0e:24:
                    3e:d9:88:eb:a9:51:2c:23:27:66:1a:ad:a7:99:8b:
                    01:5a:4b:99:98:ac:49:3c:c5:db:97:d4:09:d7:c2:
                    43:40:31:5c:63:33:7c:0c:6d:57:58:52:8d:f4:da:
                    db:15:45:a6:5f:d9:ec:9e:f5:96:7a:80:b8:7e:d7:
                    2d:ed:82:59:32:f2:93:85:28:c8:28:97:56:2b:e7:
                    50:e0:53:9e:b0:a6:04:0c:df:12:c6:4d:8c:96:95:
                    27:36:85:ab:5f:aa:fa:20:dd:f3:19:e2:da:00:16:
                    d2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:80:18:BC:8C:07:3E:6D:35:D8:FD:CE:13:FB:18:06:26:46:81:11
            X509v3 Authority Key Identifier:
                keyid:65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/1-YAYvIwHPm012P3OE_sYBiZGgRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:f8:6e:86:a2:d6:4b:cc:f2:49:bc:50:67:2f:db:1e:f9:10:
         0b:86:38:d9:1a:0c:23:d3:94:02:b3:22:3b:08:39:e4:d9:7c:
         b7:86:c9:08:0b:38:32:6b:e5:9d:5b:be:c6:35:98:29:f0:3e:
         6c:c2:4c:39:03:ca:88:45:78:64:c7:2c:98:d9:ef:60:be:a4:
         e2:09:2a:56:88:d4:ce:01:da:a1:97:4b:d0:94:74:dd:a9:e4:
         3a:9a:72:c3:a6:3b:71:78:bf:d0:12:fc:9c:72:b7:d1:2e:da:
         7b:7f:78:30:50:25:ba:db:58:f6:0f:de:f2:ee:23:88:c6:d1:
         1d:aa:1f:28:6c:49:b0:62:44:54:be:86:f1:75:22:25:e6:22:
         f9:a2:36:b9:0b:02:c4:03:ab:5d:e3:61:6e:30:b6:0c:91:d5:
         d0:6e:8f:24:5d:ba:70:d0:4c:72:5e:fb:ea:55:19:d4:71:a9:
         7c:18:1f:07:30:47:0e:99:56:54:c5:10:fb:44:04:8f:8f:e3:
         6c:d1:c4:5e:bc:9a:05:b0:4a:21:cc:e5:e8:79:d9:64:99:5c:
         aa:0c:ab:4a:69:dd:3c:ec:a5:ba:83:12:68:03:f5:b1:09:09:
         40:79:07:b7:1f:e4:cd:00:98:d1:50:63:31:a6:3a:a8:d0:0a:
         be:9b:22:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtytzJ4xvuNafsIL5AWuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmNjMjUwMTJlM2E0YzhiMTYyNmRkNzU3YzdiMDUxMGU0
NTczNDEwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTgwMThiYzhjMDczZTZkMzVkOGZkY2UxM2ZiMTgwNjI2NDY4MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx95Ceom6M4W7YGUkmwadfvibQmE
jXkIPSso6QGKXh/ndGmcwsArrGe7mS/wxDnBXm7Wl9DHpsmUKVZTA3TcdoZZMIut
JuyYZ9TU157oSGqg8W8B86ByQqgq1v3ztK67/IXx28Z33IEEsK4ZSdSxvoMMMUaj
dhswBc2F1k4+SgeWrgoPhR7mHfFWDnOT4Xlz1WiwDiQ+2YjrqVEsIydmGq2nmYsB
WkuZmKxJPMXbl9QJ18JDQDFcYzN8DG1XWFKN9NrbFUWmX9nsnvWWeoC4ftct7YJZ
MvKThSjIKJdWK+dQ4FOesKYEDN8Sxk2MlpUnNoWrX6r6IN3zGeLaABbSCQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmAGLyMBz5tNdj9zhP7GAYmRoERMB8GA1UdIwQY
MBaAFGVswlAS46TIsWJt11fHsFEORXNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWld6Q1VCTGpwTWl4WW0zWFY4ZXdVUTVGYzBFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ZGI0NmQtYmMyZC00NWQ3LWEyNzkt
ODIwMzI1ZjUzY2NiLzEvMS1ZQVl2SXdIUG0wMTJQM09FX3NZQmlaR2dSRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWIvNmRiNDZkLWJjMmQtNDVkNy1hMjc5LTgyMDMyNWY1M2Nj
Yi8xL1pXekNVQkxqcE1peFltM1hWOGV3VVE1RmMwRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmqvDAN
BgkqhkiG9w0BAQsFAAOCAQEAXPhuhqLWS8zySbxQZy/bHvkQC4Y42RoMI9OUArMi
Owg55Nl8t4bJCAs4MmvlnVu+xjWYKfA+bMJMOQPKiEV4ZMcsmNnvYL6k4gkqVojU
zgHaoZdL0JR03ankOppyw6Y7cXi/0BL8nHK30S7ae394MFAluttY9g/e8u4jiMbR
HaofKGxJsGJEVL6G8XUiJeYi+aI2uQsCxAOrXeNhbjC2DJHV0G6PJF26cNBMcl77
6lUZ1HGpfBgfBzBHDplWVMUQ+0QEj4/jbNHEXryaBbBKIczl6HnZZJlcqgyrSmnd
POyluoMSaAP1sQkJQHkHtx/kzQCY0VBjMaY6qNAKvpsivA==
-----END CERTIFICATE-----