Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/lT9TooZZOWGiUdn68QuKf011ycw.roa
File:                     lT9TooZZOWGiUdn68QuKf011ycw.roa (raw, json)
Hash identifier:          sPPQ02QuJcVUnBpou56ZsQCflCUMr8Vkr7PxqhbrE3s=
Subject key identifier:   95:3F:53:A2:86:59:39:61:A2:51:D9:FA:F1:0B:8A:7F:4D:75:C9:CC
Certificate issuer:       /CN=a3a82ee9aa1106ed720d63c3844e666440e34438
Certificate serial:       018CC64B06BF1706130A2627879AD5D429EC
Authority key identifier: A3:A8:2E:E9:AA:11:06:ED:72:0D:63:C3:84:4E:66:64:40:E3:44:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6gu6aoRBu1yDWPDhE5mZEDjRDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/lT9TooZZOWGiUdn68QuKf011ycw.roa
Signing time:             Mon 01 Jan 2024 18:30:54 +0000
ROA not before:           Mon 01 Jan 2024 18:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12826
IP address blocks:        185.23.132.0/24 maxlen: 24
                          185.23.132.0/23 maxlen: 23
                          185.23.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/o6gu6aoRBu1yDWPDhE5mZEDjRDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/o6gu6aoRBu1yDWPDhE5mZEDjRDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6gu6aoRBu1yDWPDhE5mZEDjRDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:06:bf:17:06:13:0a:26:27:87:9a:d5:d4:29:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3a82ee9aa1106ed720d63c3844e666440e34438
        Validity
            Not Before: Jan  1 18:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=953f53a286593961a251d9faf10b8a7f4d75c9cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:17:ea:2d:b7:cd:02:b8:d2:c8:ca:74:71:92:
                    71:0e:c8:6a:cd:2d:04:e0:c9:a8:af:f5:57:73:bd:
                    04:62:0f:0e:01:33:c3:e9:a0:0f:78:94:7e:d1:f9:
                    6e:9b:eb:e4:b0:19:cb:51:df:27:25:aa:3a:0a:f0:
                    f1:81:65:a8:41:a8:17:c2:19:7b:1d:f6:12:d6:32:
                    ad:fe:a4:96:28:e9:89:ed:7f:91:10:1b:7b:7b:57:
                    6b:91:b3:1a:31:23:d7:28:6c:a5:c1:54:35:0f:47:
                    b7:ee:4e:bb:11:da:ce:2f:49:93:d3:21:6f:76:f6:
                    9f:69:01:bf:1b:94:cc:17:c0:d0:f2:40:2b:84:7b:
                    ab:c8:a4:25:11:10:88:7a:7f:bb:96:84:be:af:70:
                    92:46:e7:54:1d:fd:86:10:de:b8:18:c6:74:5b:0a:
                    11:33:44:60:b7:8e:5e:89:4b:b8:96:0b:0a:ec:1d:
                    2b:27:d0:dc:2e:cc:60:c4:01:f8:8e:ae:c2:61:b3:
                    ca:5a:00:e9:c8:94:77:0f:ad:0e:e8:2e:ba:27:09:
                    11:e0:21:b8:ac:57:dd:3c:c2:84:48:13:b1:01:d9:
                    db:eb:4a:f0:58:ca:93:3d:1a:bb:e5:4d:bb:5f:37:
                    01:54:48:45:1b:33:2a:7c:6b:b3:3a:85:5f:71:60:
                    0c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:3F:53:A2:86:59:39:61:A2:51:D9:FA:F1:0B:8A:7F:4D:75:C9:CC
            X509v3 Authority Key Identifier:
                keyid:A3:A8:2E:E9:AA:11:06:ED:72:0D:63:C3:84:4E:66:64:40:E3:44:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6gu6aoRBu1yDWPDhE5mZEDjRDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/lT9TooZZOWGiUdn68QuKf011ycw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/c720b4-1acb-4703-bc24-467e009daed0/1/o6gu6aoRBu1yDWPDhE5mZEDjRDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:cd:f9:36:4e:15:f5:10:bc:05:92:fb:19:c0:f7:22:92:7f:
         be:ce:c3:a9:30:01:a0:0d:62:e2:58:47:72:27:b6:7a:a6:00:
         6a:2f:43:ee:93:e8:6b:4e:f8:a8:5f:33:d5:fc:6b:fe:8e:ce:
         cc:62:e7:10:82:2d:ab:c6:06:86:43:28:64:9c:3c:7d:99:42:
         2a:b7:fe:fb:22:76:b1:43:22:fb:7f:b4:7d:8b:f3:c0:9b:89:
         30:7e:9d:9b:d1:31:e2:6c:e4:dc:0f:9e:5b:bc:b3:71:29:e1:
         11:df:47:98:d9:06:ea:12:ad:8b:f5:77:70:6c:7d:6c:d7:cd:
         b5:1f:bb:cc:7d:a6:8a:f0:0c:63:a0:22:52:92:d1:5d:4f:87:
         91:55:b7:48:f5:3e:c0:e3:75:d3:1c:f2:42:76:c2:91:5a:c3:
         f8:e0:64:f5:52:51:e9:96:82:f7:e3:43:42:a2:de:0c:6f:e3:
         df:77:50:cd:5d:10:26:37:91:e0:81:e6:93:e0:96:7a:ac:c5:
         e6:4e:93:2b:51:bd:dd:7a:bc:f9:ef:04:94:91:6e:2d:b9:15:
         9f:3d:a1:a9:08:56:69:a6:c9:15:a6:29:5a:71:6e:94:db:f6:
         a1:5e:f3:d8:c9:7c:61:80:4c:f4:87:83:45:b8:08:22:d6:67:
         49:db:33:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwa/FwYTCiYnh5rV1CnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYTgyZWU5YWExMTA2ZWQ3MjBkNjNjMzg0NGU2NjY0NDBl
MzQ0MzgwHhcNMjQwMTAxMTgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTNmNTNhMjg2NTkzOTYxYTI1MWQ5ZmFmMTBiOGE3ZjRkNzVjOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohfqLbfNArjSyMp0cZJxDshqzS0E
4Mmor/VXc70EYg8OATPD6aAPeJR+0flum+vksBnLUd8nJao6CvDxgWWoQagXwhl7
HfYS1jKt/qSWKOmJ7X+REBt7e1drkbMaMSPXKGylwVQ1D0e37k67EdrOL0mT0yFv
dvafaQG/G5TMF8DQ8kArhHuryKQlERCIen+7loS+r3CSRudUHf2GEN64GMZ0WwoR
M0Rgt45eiUu4lgsK7B0rJ9DcLsxgxAH4jq7CYbPKWgDpyJR3D60O6C66JwkR4CG4
rFfdPMKESBOxAdnb60rwWMqTPRq75U27XzcBVEhFGzMqfGuzOoVfcWAMGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU/U6KGWTlholHZ+vELin9NdcnMMB8GA1UdIwQY
MBaAFKOoLumqEQbtcg1jw4ROZmRA40Q4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZndTZhb1JCdTF5RFdQRGhFNW1aRURqUkRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9jNzIwYjQtMWFjYi00NzAzLWJjMjQt
NDY3ZTAwOWRhZWQwLzEvbFQ5VG9vWlpPV0dpVWRuNjhRdUtmMDExeWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9jNzIwYjQtMWFjYi00NzAzLWJjMjQtNDY3ZTAwOWRhZWQw
LzEvbzZndTZhb1JCdTF5RFdQRGhFNW1aRURqUkRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuReEMA0G
CSqGSIb3DQEBCwUAA4IBAQC3zfk2ThX1ELwFkvsZwPcikn++zsOpMAGgDWLiWEdy
J7Z6pgBqL0Puk+hrTvioXzPV/Gv+js7MYucQgi2rxgaGQyhknDx9mUIqt/77Inax
QyL7f7R9i/PAm4kwfp2b0THibOTcD55bvLNxKeER30eY2QbqEq2L9XdwbH1s1821
H7vMfaaK8AxjoCJSktFdT4eRVbdI9T7A43XTHPJCdsKRWsP44GT1UlHploL340NC
ot4Mb+Pfd1DNXRAmN5HggeaT4JZ6rMXmTpMrUb3derz57wSUkW4tuRWfPaGpCFZp
pskVpilacW6U2/ahXvPYyXxhgEz0h4NFuAgi1mdJ2zML
-----END CERTIFICATE-----