Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/UrIC9K77bsZJrGkrV12-HUzS4cc.roa
File:                     UrIC9K77bsZJrGkrV12-HUzS4cc.roa (raw, json)
Hash identifier:          NnslkIJLLH4TyF9j/7kNuwdptL4oEpIbbkFU2TOwHks=
Subject key identifier:   52:B2:02:F4:AE:FB:6E:C6:49:AC:69:2B:57:5D:BE:1D:4C:D2:E1:C7
Certificate issuer:       /CN=b6ae61814f7150c9b8117f498cab94db72a8339c
Certificate serial:       018EF64ED8173B9DBDB8C49BFE2FDD56A43E
Authority key identifier: B6:AE:61:81:4F:71:50:C9:B8:11:7F:49:8C:AB:94:DB:72:A8:33:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/UrIC9K77bsZJrGkrV12-HUzS4cc.roa
Signing time:             Fri 19 Apr 2024 12:22:25 +0000
ROA not before:           Fri 19 Apr 2024 12:22:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        185.214.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:4e:d8:17:3b:9d:bd:b8:c4:9b:fe:2f:dd:56:a4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ae61814f7150c9b8117f498cab94db72a8339c
        Validity
            Not Before: Apr 19 12:22:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52b202f4aefb6ec649ac692b575dbe1d4cd2e1c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:05:e6:b5:28:8c:82:8a:f3:ef:e9:3f:a7:e3:
                    7d:75:50:49:d6:e6:98:b7:71:b0:97:b1:f9:95:5e:
                    16:dd:05:40:6f:4f:0e:a2:63:df:f0:af:59:0d:7a:
                    08:36:15:03:92:f8:d0:23:f1:3f:1d:8f:72:50:c1:
                    6c:fd:22:ce:f4:b8:47:30:c0:79:e8:cb:88:79:93:
                    26:d8:8b:08:c2:c1:7b:73:be:98:04:4c:e1:1a:e7:
                    45:e4:32:42:6c:bc:3e:f5:5a:fd:ea:7a:ff:b3:22:
                    a2:a7:45:f6:c1:b7:f9:64:13:67:01:2e:c6:4b:76:
                    7d:00:a5:16:90:3d:32:c4:6c:3f:e6:9c:f1:8e:2e:
                    e5:7a:0d:41:47:f2:d2:4b:f6:58:32:07:13:27:7c:
                    39:87:6d:fa:4e:a3:f3:6b:b1:05:b6:db:be:45:59:
                    79:34:62:24:a7:1f:72:73:2a:f4:0d:c5:75:8a:85:
                    7f:5c:37:94:82:f6:d4:fa:b2:5e:4e:ff:99:b1:28:
                    94:9d:c0:83:6c:46:97:3c:62:82:ae:d5:8c:52:66:
                    da:ba:ee:8b:1e:bc:7e:09:2f:08:be:c6:25:c3:33:
                    f0:7f:fe:6e:ab:d7:3e:ff:91:a5:46:aa:f3:45:fb:
                    9f:fe:fb:eb:ce:26:71:ba:a4:33:79:cb:cf:7b:41:
                    d1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B2:02:F4:AE:FB:6E:C6:49:AC:69:2B:57:5D:BE:1D:4C:D2:E1:C7
            X509v3 Authority Key Identifier:
                keyid:B6:AE:61:81:4F:71:50:C9:B8:11:7F:49:8C:AB:94:DB:72:A8:33:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/UrIC9K77bsZJrGkrV12-HUzS4cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e3:0d:3e:67:01:89:6c:2d:36:fd:3a:f1:d3:d9:7d:69:00:
         63:68:9e:2e:67:fd:08:9f:b3:c8:51:f6:d5:51:24:2f:40:25:
         3b:b3:40:a3:b2:de:9f:fa:dc:35:ee:ba:23:9f:dc:07:10:d8:
         61:49:03:18:54:44:dc:74:28:54:d4:13:60:6b:5c:58:2f:8b:
         35:a7:d1:a7:58:f4:de:cc:0d:98:15:be:ab:89:74:38:23:18:
         ae:a3:9c:f0:87:02:03:94:ab:77:25:8e:03:36:5c:d9:1c:48:
         0e:c6:3f:ad:a7:d4:43:8f:04:95:b7:5e:65:7c:fd:1c:bf:11:
         44:74:85:74:88:17:b2:15:8a:e4:cc:97:f1:fb:df:01:1c:29:
         32:8a:9b:9f:11:a3:40:3b:6b:86:ce:6f:27:f5:b8:af:a9:a3:
         db:0c:25:55:a4:e9:f7:16:97:66:7c:21:2d:81:54:21:42:55:
         f5:fe:b0:c1:e4:ac:c2:d3:d2:23:17:7a:5a:b3:5d:2b:1d:b0:
         6e:1f:40:eb:0a:28:7f:dd:12:3e:f0:19:5c:71:e1:01:e5:2a:
         0f:f6:f4:e8:82:9a:fa:6c:29:c8:66:d0:fe:91:38:58:c9:3e:
         2d:b2:00:9f:24:ab:cf:59:b5:cc:af:f4:6d:28:32:43:50:8e:
         66:25:27:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72TtgXO529uMSb/i/dVqQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YWU2MTgxNGY3MTUwYzliODExN2Y0OThjYWI5NGRiNzJh
ODMzOWMwHhcNMjQwNDE5MTIyMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmIyMDJmNGFlZmI2ZWM2NDlhYzY5MmI1NzVkYmUxZDRjZDJlMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgXmtSiMgorz7+k/p+N9dVBJ1uaY
t3Gwl7H5lV4W3QVAb08OomPf8K9ZDXoINhUDkvjQI/E/HY9yUMFs/SLO9LhHMMB5
6MuIeZMm2IsIwsF7c76YBEzhGudF5DJCbLw+9Vr96nr/syKip0X2wbf5ZBNnAS7G
S3Z9AKUWkD0yxGw/5pzxji7leg1BR/LSS/ZYMgcTJ3w5h236TqPza7EFttu+RVl5
NGIkpx9ycyr0DcV1ioV/XDeUgvbU+rJeTv+ZsSiUncCDbEaXPGKCrtWMUmbauu6L
Hrx+CS8IvsYlwzPwf/5uq9c+/5GlRqrzRfuf/vvrziZxuqQzecvPe0HRdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKyAvSu+27GSaxpK1ddvh1M0uHHMB8GA1UdIwQY
MBaAFLauYYFPcVDJuBF/SYyrlNtyqDOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHE1aGdVOXhVTW00RVg5SmpLdVUyM0tvTTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZGU4YjAtNmNjNS00NThiLWIyM2Ut
MTZlMTBkNzJiNTY3LzEvVXJJQzlLNzdic1pKckdrclYxMi1IVXpTNGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZGU4YjAtNmNjNS00NThiLWIyM2UtMTZlMTBkNzJiNTY3
LzEvdHE1aGdVOXhVTW00RVg5SmpLdVUyM0tvTTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudamMA0G
CSqGSIb3DQEBCwUAA4IBAQAL4w0+ZwGJbC02/Trx09l9aQBjaJ4uZ/0In7PIUfbV
USQvQCU7s0Cjst6f+tw17rojn9wHENhhSQMYVETcdChU1BNga1xYL4s1p9GnWPTe
zA2YFb6riXQ4Ixiuo5zwhwIDlKt3JY4DNlzZHEgOxj+tp9RDjwSVt15lfP0cvxFE
dIV0iBeyFYrkzJfx+98BHCkyipufEaNAO2uGzm8n9bivqaPbDCVVpOn3FpdmfCEt
gVQhQlX1/rDB5KzC09IjF3pas10rHbBuH0DrCih/3RI+8BlcceEB5SoP9vTogpr6
bCnIZtD+kThYyT4tsgCfJKvPWbXMr/RtKDJDUI5mJSdh
-----END CERTIFICATE-----