Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/ByYqgeOnQVy35uePtgD4RRkbG_g.roa
File:                     ByYqgeOnQVy35uePtgD4RRkbG_g.roa (raw, json)
Hash identifier:          soNRfiktb4idTu6vUcTstHZl9iEWFNY687fFTRfkVBg=
Subject key identifier:   07:26:2A:81:E3:A7:41:5C:B7:E6:E7:8F:B6:00:F8:45:19:1B:1B:F8
Certificate issuer:       /CN=bc31247f359a6d492dc9943ae0f00fc8be216c78
Certificate serial:       018CC9BC092CE6D31302042E968AF4C9DEC2
Authority key identifier: BC:31:24:7F:35:9A:6D:49:2D:C9:94:3A:E0:F0:0F:C8:BE:21:6C:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDEkfzWabUktyZQ64PAPyL4hbHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/ByYqgeOnQVy35uePtgD4RRkbG_g.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        185.19.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/vDEkfzWabUktyZQ64PAPyL4hbHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/vDEkfzWabUktyZQ64PAPyL4hbHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDEkfzWabUktyZQ64PAPyL4hbHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:09:2c:e6:d3:13:02:04:2e:96:8a:f4:c9:de:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc31247f359a6d492dc9943ae0f00fc8be216c78
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07262a81e3a7415cb7e6e78fb600f845191b1bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5e:41:0e:47:ee:8b:18:25:e3:10:30:eb:cd:
                    4f:dc:0c:b6:31:6c:85:28:54:a6:d1:9f:6a:ff:2d:
                    3a:67:fe:dd:db:8a:e7:e2:e2:48:3c:d0:2e:1e:9b:
                    ad:3b:10:cb:e7:d8:6d:ce:72:b7:90:d3:9d:37:55:
                    d9:8a:8f:0d:d8:84:bd:0e:0e:16:2c:4d:ac:55:97:
                    ba:66:19:99:42:bb:99:fe:86:34:ad:6b:68:c1:55:
                    e7:71:c6:75:b3:7c:5b:25:e2:dd:ef:78:5c:81:a2:
                    db:85:b1:52:7c:6f:72:58:68:af:a7:82:f1:76:4e:
                    1f:fc:96:74:b8:f6:cd:7d:83:a0:aa:af:cf:9d:79:
                    c8:52:82:82:b2:bd:75:86:3f:8e:6c:9d:d9:8b:7f:
                    31:c6:69:6b:a7:b7:4b:f2:12:67:b5:99:70:69:f4:
                    42:4f:12:4f:63:bb:48:55:97:58:c2:8c:e8:c3:79:
                    ad:21:b2:1a:28:b6:ae:bf:d3:a8:40:07:2e:48:66:
                    cf:89:73:7f:9c:35:03:5a:2b:73:4a:ba:01:83:be:
                    2f:10:85:e2:87:79:3f:99:b8:23:db:a2:71:77:f7:
                    33:95:cb:5c:81:f6:9f:72:34:3b:e4:7b:74:95:9e:
                    65:91:f0:c1:5c:b3:38:d0:e6:7d:0c:25:68:57:e5:
                    58:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:26:2A:81:E3:A7:41:5C:B7:E6:E7:8F:B6:00:F8:45:19:1B:1B:F8
            X509v3 Authority Key Identifier:
                keyid:BC:31:24:7F:35:9A:6D:49:2D:C9:94:3A:E0:F0:0F:C8:BE:21:6C:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDEkfzWabUktyZQ64PAPyL4hbHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/ByYqgeOnQVy35uePtgD4RRkbG_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/346bef-0a5e-4400-9f84-56805ca11c33/1/vDEkfzWabUktyZQ64PAPyL4hbHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5f:3d:dd:b3:ef:ab:35:7c:c9:5b:31:50:b3:23:bd:e4:c1:
         10:53:b3:6e:06:2f:00:02:68:8b:b8:7c:42:80:e5:ee:e9:c3:
         98:2e:a8:8f:24:e0:5c:08:75:a5:1d:5d:cd:39:0e:1c:58:45:
         15:da:47:e6:36:90:46:0c:04:99:91:26:d9:8a:bd:63:55:9e:
         79:1b:45:a0:c0:0a:68:24:38:0c:2b:77:2f:78:f9:04:7c:54:
         03:89:46:5a:89:a6:83:97:03:a6:ce:9e:64:53:c4:83:16:51:
         50:47:76:d7:07:5a:c9:92:c7:e0:69:50:5b:bc:b2:cb:47:85:
         c9:26:9d:72:f1:1d:4d:f7:bb:f7:71:6b:77:0f:26:e5:aa:89:
         c8:ec:53:93:87:9c:16:fb:19:72:20:2a:eb:b7:4f:d7:16:d6:
         36:77:43:40:cb:79:a9:26:0c:71:c8:23:92:00:09:32:9b:a2:
         31:e7:e8:c5:4a:be:82:ac:19:85:35:85:9a:84:20:3c:98:8e:
         3c:c7:3f:10:91:8b:6b:e4:6b:d0:9e:2d:63:3b:bd:e0:73:52:
         c9:43:bb:8b:dd:00:20:c7:32:6a:11:52:45:47:60:fd:48:51:
         b9:50:cb:47:4c:cb:50:01:e6:a9:04:47:b7:2a:07:5a:fa:eb:
         8a:da:f6:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAks5tMTAgQulor0yd7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMzEyNDdmMzU5YTZkNDkyZGM5OTQzYWUwZjAwZmM4YmUy
MTZjNzgwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzI2MmE4MWUzYTc0MTVjYjdlNmU3OGZiNjAwZjg0NTE5MWIxYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz15BDkfuixgl4xAw681P3Ay2MWyF
KFSm0Z9q/y06Z/7d24rn4uJIPNAuHputOxDL59htznK3kNOdN1XZio8N2IS9Dg4W
LE2sVZe6ZhmZQruZ/oY0rWtowVXnccZ1s3xbJeLd73hcgaLbhbFSfG9yWGivp4Lx
dk4f/JZ0uPbNfYOgqq/PnXnIUoKCsr11hj+ObJ3Zi38xxmlrp7dL8hJntZlwafRC
TxJPY7tIVZdYwozow3mtIbIaKLauv9OoQAcuSGbPiXN/nDUDWitzSroBg74vEIXi
h3k/mbgj26Jxd/czlctcgfafcjQ75Ht0lZ5lkfDBXLM40OZ9DCVoV+VYCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcmKoHjp0Fct+bnj7YA+EUZGxv4MB8GA1UdIwQY
MBaAFLwxJH81mm1JLcmUOuDwD8i+IWx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRFa2Z6V2FiVWt0eVpRNjRQQVB5TDRoYkhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zNDZiZWYtMGE1ZS00NDAwLTlmODQt
NTY4MDVjYTExYzMzLzEvQnlZcWdlT25RVnkzNXVlUHRnRDRSUmtiR19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zNDZiZWYtMGE1ZS00NDAwLTlmODQtNTY4MDVjYTExYzMz
LzEvdkRFa2Z6V2FiVWt0eVpRNjRQQVB5TDRoYkhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRO6MA0G
CSqGSIb3DQEBCwUAA4IBAQCnXz3ds++rNXzJWzFQsyO95MEQU7NuBi8AAmiLuHxC
gOXu6cOYLqiPJOBcCHWlHV3NOQ4cWEUV2kfmNpBGDASZkSbZir1jVZ55G0WgwApo
JDgMK3cvePkEfFQDiUZaiaaDlwOmzp5kU8SDFlFQR3bXB1rJksfgaVBbvLLLR4XJ
Jp1y8R1N97v3cWt3DyblqonI7FOTh5wW+xlyICrrt0/XFtY2d0NAy3mpJgxxyCOS
AAkym6Ix5+jFSr6CrBmFNYWahCA8mI48xz8QkYtr5GvQni1jO73gc1LJQ7uL3QAg
xzJqEVJFR2D9SFG5UMtHTMtQAeapBEe3Kgda+uuK2vZp
-----END CERTIFICATE-----