Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/yXPBkgueyeLE4upcDUGYAqlRdaA.roa
File:                     yXPBkgueyeLE4upcDUGYAqlRdaA.roa (raw, json)
Hash identifier:          Q0wMY8CnWeloRPT4gGxKXzTAgwMigTsko0imfjLwokk=
Subject key identifier:   C9:73:C1:92:0B:9E:C9:E2:C4:E2:EA:5C:0D:41:98:02:A9:51:75:A0
Certificate issuer:       /CN=175a20608ace11e7511c8669560636730a9e2abf
Certificate serial:       018F29B2EA8D33763004B8E10785306078C3
Authority key identifier: 17:5A:20:60:8A:CE:11:E7:51:1C:86:69:56:06:36:73:0A:9E:2A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/yXPBkgueyeLE4upcDUGYAqlRdaA.roa
Signing time:             Mon 29 Apr 2024 11:52:22 +0000
ROA not before:           Mon 29 Apr 2024 11:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216263
IP address blocks:        185.86.211.0/24 maxlen: 24
                          2a13:c5c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:b2:ea:8d:33:76:30:04:b8:e1:07:85:30:60:78:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=175a20608ace11e7511c8669560636730a9e2abf
        Validity
            Not Before: Apr 29 11:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c973c1920b9ec9e2c4e2ea5c0d419802a95175a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fb:3e:b6:83:07:15:61:c0:7d:62:6f:00:88:
                    05:53:4a:9b:cb:30:a5:0a:35:ed:03:e2:7e:a6:73:
                    e1:c8:b1:1d:63:75:7f:2d:60:18:20:e3:ec:c8:0e:
                    bc:cb:64:52:5c:aa:f6:b1:3c:56:6a:71:a2:fa:1f:
                    6e:cb:de:f6:56:9b:f0:29:87:2d:30:d3:20:f9:24:
                    90:c7:63:78:66:2a:c3:47:89:e1:4d:f9:89:69:c2:
                    ca:6c:b0:25:69:ef:7d:4a:0d:1c:0a:f6:c3:d5:cf:
                    dc:5d:5f:66:ab:d1:23:92:20:52:0c:c2:ef:d9:dc:
                    d7:ac:c1:0d:5b:49:bc:ce:f3:a6:b1:1e:f1:85:4a:
                    ff:aa:c1:f9:15:d1:e6:74:d4:96:75:0b:83:11:43:
                    f3:43:d7:f3:7a:c3:2c:a4:ac:4a:e8:d3:72:02:30:
                    6f:df:ee:28:4e:a5:45:ff:b0:df:19:7f:0c:d6:f5:
                    b0:03:ef:f1:3b:d4:7c:a1:4b:ac:85:7d:00:c9:1c:
                    ea:05:ca:bd:a3:7a:33:64:56:32:a2:69:6a:31:e5:
                    54:3b:8a:78:29:74:cc:d3:4a:48:29:7b:a4:93:fb:
                    46:5f:f2:74:2f:83:6b:f9:d6:7b:88:5d:02:e8:3b:
                    d3:36:af:0b:72:1b:b9:29:f3:32:43:b0:4b:8e:55:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:73:C1:92:0B:9E:C9:E2:C4:E2:EA:5C:0D:41:98:02:A9:51:75:A0
            X509v3 Authority Key Identifier:
                keyid:17:5A:20:60:8A:CE:11:E7:51:1C:86:69:56:06:36:73:0A:9E:2A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/yXPBkgueyeLE4upcDUGYAqlRdaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.211.0/24
                IPv6:
                  2a13:c5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:a9:dd:46:b3:af:13:4c:91:73:14:bd:90:33:3b:f3:49:92:
         19:53:1e:9f:14:1e:e9:b3:d2:85:5c:1b:06:f8:65:5b:98:0c:
         b7:c3:78:7e:39:88:44:cc:e7:25:41:c4:88:51:82:ea:81:04:
         90:59:09:80:fe:3f:6c:ff:84:b2:34:09:45:59:7f:f5:8f:99:
         b0:76:03:33:38:48:6c:1e:3f:75:2b:6e:f0:cf:ee:32:25:2e:
         29:fb:9d:6d:13:a3:b5:0a:d4:1a:9f:86:e8:96:9e:d8:93:ee:
         a5:6a:c0:05:c2:5a:cb:d8:47:e4:b5:ae:54:a5:64:91:77:af:
         d4:f2:e3:4a:ff:bf:8a:53:14:a5:27:80:fd:41:15:6a:b4:e0:
         b5:2f:ab:2d:67:c0:05:54:67:72:e0:d6:d9:90:e5:08:5b:27:
         14:51:44:8b:a3:23:03:2b:f9:17:24:91:db:b5:17:e9:24:9e:
         e4:6b:ab:b5:26:6c:f1:99:34:e6:8b:38:11:92:73:c5:6f:aa:
         da:a1:96:e6:b2:d2:de:74:f8:00:58:94:59:3b:87:be:bd:ff:
         62:05:f9:94:c6:c0:84:08:29:19:28:fa:e1:55:ab:0c:10:a7:
         f6:9a:19:90:b9:be:a6:f0:ea:37:02:a7:70:55:3b:43:7a:65:
         dd:e8:17:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8psuqNM3YwBLjhB4UwYHjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NWEyMDYwOGFjZTExZTc1MTFjODY2OTU2MDYzNjczMGE5
ZTJhYmYwHhcNMjQwNDI5MTE1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTczYzE5MjBiOWVjOWUyYzRlMmVhNWMwZDQxOTgwMmE5NTE3NWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfs+toMHFWHAfWJvAIgFU0qbyzCl
CjXtA+J+pnPhyLEdY3V/LWAYIOPsyA68y2RSXKr2sTxWanGi+h9uy972VpvwKYct
MNMg+SSQx2N4ZirDR4nhTfmJacLKbLAlae99Sg0cCvbD1c/cXV9mq9EjkiBSDMLv
2dzXrMENW0m8zvOmsR7xhUr/qsH5FdHmdNSWdQuDEUPzQ9fzesMspKxK6NNyAjBv
3+4oTqVF/7DfGX8M1vWwA+/xO9R8oUushX0AyRzqBcq9o3ozZFYyomlqMeVUO4p4
KXTM00pIKXukk/tGX/J0L4Nr+dZ7iF0C6DvTNq8Lchu5KfMyQ7BLjlUTPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMlzwZILnsnixOLqXA1BmAKpUXWgMB8GA1UdIwQY
MBaAFBdaIGCKzhHnURyGaVYGNnMKniq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFvZ1lJck9FZWRSSElacFZnWTJjd3FlS3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83ZTlhMTgtMDYyOS00MWViLWE2ODEt
YTYwNWNhZDU1MDg2LzEveVhQQmtndWV5ZUxFNHVwY0RVR1lBcWxSZGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83ZTlhMTgtMDYyOS00MWViLWE2ODEtYTYwNWNhZDU1MDg2
LzEvRjFvZ1lJck9FZWRSSElacFZnWTJjd3FlS3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVbTMA0E
AgACMAcDBQAqE8XAMA0GCSqGSIb3DQEBCwUAA4IBAQA3qd1Gs68TTJFzFL2QMzvz
SZIZUx6fFB7ps9KFXBsG+GVbmAy3w3h+OYhEzOclQcSIUYLqgQSQWQmA/j9s/4Sy
NAlFWX/1j5mwdgMzOEhsHj91K27wz+4yJS4p+51tE6O1CtQan4bolp7Yk+6lasAF
wlrL2Efkta5UpWSRd6/U8uNK/7+KUxSlJ4D9QRVqtOC1L6stZ8AFVGdy4NbZkOUI
WycUUUSLoyMDK/kXJJHbtRfpJJ7ka6u1JmzxmTTmizgRknPFb6raoZbmstLedPgA
WJRZO4e+vf9iBfmUxsCECCkZKPrhVasMEKf2mhmQub6m8Oo3AqdwVTtDemXd6Bd3
-----END CERTIFICATE-----