Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/KtuKlVVzb0vNX3-3d_LM1zzzkmg.roa
File:                     KtuKlVVzb0vNX3-3d_LM1zzzkmg.roa (raw, json)
Hash identifier:          Hii3JDmb4VYupPUAWgMNi2HcFSUGSLha0z2q/avJPkE=
Subject key identifier:   2A:DB:8A:95:55:73:6F:4B:CD:5F:7F:B7:77:F2:CC:D7:3C:F3:92:68
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018CC7270701FE756B0234A1B9706B60D4E4
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/KtuKlVVzb0vNX3-3d_LM1zzzkmg.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        185.189.35.0/24 maxlen: 24
                          185.189.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:07:01:fe:75:6b:02:34:a1:b9:70:6b:60:d4:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2adb8a9555736f4bcd5f7fb777f2ccd73cf39268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:54:35:ac:10:b4:ff:04:7c:7b:ee:e8:31:9a:
                    80:63:00:e0:7f:38:60:91:3d:0d:7a:6e:4c:26:74:
                    e4:6f:c6:75:5e:2f:67:d9:01:b2:26:20:2b:3d:d9:
                    1b:a4:52:b6:ea:77:1d:40:3d:e3:70:bd:36:6b:af:
                    c2:06:bf:fb:11:d1:e2:77:55:6d:42:a2:b8:ce:7a:
                    db:75:c3:74:08:04:5a:d8:0a:c1:69:11:e0:fa:7c:
                    25:9a:ec:cb:38:1a:a5:f0:00:d2:ba:62:8b:7a:0a:
                    d7:7f:f5:f0:bd:c7:46:92:fb:8b:8c:a9:fd:ba:44:
                    a8:51:d5:00:5e:53:a0:b3:c4:37:0f:8e:02:7f:56:
                    7e:e0:6e:92:d2:e0:96:d1:d5:7c:95:cd:a8:4f:8e:
                    f0:0c:bd:52:b9:70:cc:07:53:e5:22:4c:6c:33:76:
                    d3:6a:a3:e1:d9:b3:53:93:4e:51:39:81:bb:03:15:
                    27:12:8f:80:eb:77:99:c7:a7:68:1b:47:a3:d1:98:
                    c0:88:2c:b6:cf:d0:b2:e3:a4:fd:1b:18:16:0c:0d:
                    a3:7b:68:1d:15:c6:5d:1b:0a:b2:5f:9b:40:67:26:
                    9b:da:6c:87:39:64:48:35:23:85:7d:30:41:d8:cd:
                    0e:fe:4d:90:8e:ea:ef:6f:a9:be:8f:f1:30:41:30:
                    44:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DB:8A:95:55:73:6F:4B:CD:5F:7F:B7:77:F2:CC:D7:3C:F3:92:68
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/KtuKlVVzb0vNX3-3d_LM1zzzkmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:67:2e:2a:1d:63:b6:4b:0e:c2:c6:ff:0a:48:73:28:fb:ba:
         bf:13:16:de:ea:48:6c:36:fc:db:76:74:fd:e1:3e:fc:e8:a3:
         b7:3d:7e:05:4c:f3:61:df:9c:6c:55:47:a9:8e:5e:c8:59:10:
         74:2c:de:2a:b7:67:44:64:48:7b:b2:a1:47:b1:6e:b4:62:e0:
         73:f6:88:0a:f2:35:73:0a:44:8b:7a:b5:77:25:30:ca:d5:c1:
         de:05:1e:a3:fb:6a:c0:8c:e1:36:fc:c4:0c:2f:76:00:5d:e6:
         00:53:74:b8:cf:99:fb:ed:23:cc:52:d6:c4:7a:d0:cb:f8:61:
         7c:3b:18:88:21:95:b6:44:50:a7:15:bf:78:92:97:72:4b:d6:
         89:a8:39:d5:b1:9d:25:f0:85:0a:63:f4:2c:86:48:9f:3b:72:
         02:d4:cd:ed:21:90:76:de:6b:94:4d:39:ca:a4:d3:f8:a7:cf:
         08:8f:44:26:8d:ca:0e:2c:35:49:05:96:28:ea:22:4d:45:64:
         15:5b:65:78:46:2d:32:04:3d:76:2a:9f:af:5f:ce:bb:60:04:
         45:f6:da:9e:53:2d:23:9a:04:62:ee:02:fc:11:5b:bd:20:24:
         33:6a:57:0d:43:e4:2e:4b:fd:6c:45:ea:8e:aa:dd:09:21:c6:
         f9:cd:63:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwcB/nVrAjShuXBrYNTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRiOGE5NTU1NzM2ZjRiY2Q1ZjdmYjc3N2YyY2NkNzNjZjM5MjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFQ1rBC0/wR8e+7oMZqAYwDgfzhg
kT0Nem5MJnTkb8Z1Xi9n2QGyJiArPdkbpFK26ncdQD3jcL02a6/CBr/7EdHid1Vt
QqK4znrbdcN0CARa2ArBaRHg+nwlmuzLOBql8ADSumKLegrXf/XwvcdGkvuLjKn9
ukSoUdUAXlOgs8Q3D44Cf1Z+4G6S0uCW0dV8lc2oT47wDL1SuXDMB1PlIkxsM3bT
aqPh2bNTk05ROYG7AxUnEo+A63eZx6doG0ej0ZjAiCy2z9Cy46T9GxgWDA2je2gd
FcZdGwqyX5tAZyab2myHOWRINSOFfTBB2M0O/k2Qjurvb6m+j/EwQTBENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrbipVVc29LzV9/t3fyzNc885JoMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvS3R1S2xWVnpiMHZOWDMtM2RfTE0xenp6a21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub0iMA0G
CSqGSIb3DQEBCwUAA4IBAQAbZy4qHWO2Sw7Cxv8KSHMo+7q/Exbe6khsNvzbdnT9
4T786KO3PX4FTPNh35xsVUepjl7IWRB0LN4qt2dEZEh7sqFHsW60YuBz9ogK8jVz
CkSLerV3JTDK1cHeBR6j+2rAjOE2/MQML3YAXeYAU3S4z5n77SPMUtbEetDL+GF8
OxiIIZW2RFCnFb94kpdyS9aJqDnVsZ0l8IUKY/QshkifO3IC1M3tIZB23muUTTnK
pNP4p88Ij0QmjcoOLDVJBZYo6iJNRWQVW2V4Ri0yBD12Kp+vX867YARF9tqeUy0j
mgRi7gL8EVu9ICQzalcNQ+QuS/1sReqOqt0JIcb5zWP4
-----END CERTIFICATE-----