Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/kGd5vj6B3XCbMoLiJw6qlDU96YI.roa
File:                     kGd5vj6B3XCbMoLiJw6qlDU96YI.roa (raw, json)
Hash identifier:          19nuYXH8f+94sglRKWddZBihDgVJPx8neljogENCZCA=
Subject key identifier:   90:67:79:BE:3E:81:DD:70:9B:32:82:E2:27:0E:AA:94:35:3D:E9:82
Certificate issuer:       /CN=8b9b0163eee9e792aaa16b7d5105d347211f3123
Certificate serial:       018CC8DECE6DD245FF6B835F5C5DF37E4C86
Authority key identifier: 8B:9B:01:63:EE:E9:E7:92:AA:A1:6B:7D:51:05:D3:47:21:1F:31:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5sBY-7p55KqoWt9UQXTRyEfMSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/kGd5vj6B3XCbMoLiJw6qlDU96YI.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50873
IP address blocks:        185.237.176.0/24 maxlen: 24
                          2a0c:1b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/i5sBY-7p55KqoWt9UQXTRyEfMSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/i5sBY-7p55KqoWt9UQXTRyEfMSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5sBY-7p55KqoWt9UQXTRyEfMSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ce:6d:d2:45:ff:6b:83:5f:5c:5d:f3:7e:4c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b9b0163eee9e792aaa16b7d5105d347211f3123
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=906779be3e81dd709b3282e2270eaa94353de982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5d:77:67:a3:02:ea:a7:38:52:45:00:5b:1f:
                    9c:0d:df:a7:06:37:2a:95:24:0a:3c:10:fe:7a:11:
                    bb:ee:36:c6:56:4f:d1:3a:6c:50:37:25:a5:96:cf:
                    12:76:5e:eb:c2:70:1c:3a:44:9d:44:4e:09:4f:36:
                    3b:0e:d6:8a:16:d1:3e:1e:80:c0:e7:55:e6:70:0b:
                    bd:8c:fa:19:b9:5e:f9:d3:44:85:e5:f3:83:1f:04:
                    c6:03:b2:1e:d8:fc:1d:c3:53:f5:0b:32:f8:14:d1:
                    a0:d1:73:d0:8f:c2:25:4f:1e:97:ca:91:9f:6a:66:
                    3e:68:34:cf:ce:c1:9f:36:df:4d:5f:b4:15:c4:f7:
                    85:3d:33:e9:ca:7c:23:a1:f8:72:07:c4:6e:0d:2f:
                    41:d0:8e:99:ea:5b:c2:fc:17:72:ba:6d:9b:42:3d:
                    02:2e:67:83:2c:d2:09:0a:4d:e6:bd:cf:77:ad:a7:
                    7e:32:8d:fb:65:be:24:30:cb:69:03:37:64:07:e2:
                    58:e3:61:1e:db:a7:e4:0b:c6:aa:ee:bd:16:de:ff:
                    43:61:d7:72:78:cb:16:c6:71:98:1e:fb:60:f6:db:
                    a6:73:6e:45:7c:41:29:2e:97:0f:df:3d:2c:62:92:
                    55:cf:fd:53:e3:d4:be:f1:1e:0e:79:b6:43:1c:78:
                    8e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:67:79:BE:3E:81:DD:70:9B:32:82:E2:27:0E:AA:94:35:3D:E9:82
            X509v3 Authority Key Identifier:
                keyid:8B:9B:01:63:EE:E9:E7:92:AA:A1:6B:7D:51:05:D3:47:21:1F:31:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5sBY-7p55KqoWt9UQXTRyEfMSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/kGd5vj6B3XCbMoLiJw6qlDU96YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/2b800e-6953-4009-b195-41b26607bf36/1/i5sBY-7p55KqoWt9UQXTRyEfMSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.176.0/24
                IPv6:
                  2a0c:1b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d5:df:8c:79:38:a5:e0:7e:1b:89:eb:54:c6:cc:29:d1:be:94:
         6e:15:75:78:f6:10:00:3b:95:d4:b0:cc:c4:19:39:f5:02:ab:
         e0:b5:1d:d1:db:a9:80:97:17:64:b7:9d:96:8b:d8:c1:a7:e0:
         75:84:9e:81:7a:ca:b7:66:13:a2:71:df:11:84:0c:f4:11:5f:
         e8:4c:a3:ed:16:8b:78:c4:ec:5f:11:84:b9:e2:4a:11:76:08:
         44:21:f9:d9:e5:f8:1c:21:50:a3:06:33:5c:47:df:ab:8e:3c:
         81:3f:a2:7f:5d:c4:f7:a3:46:51:e7:9c:ce:60:ae:0d:32:4c:
         19:97:7a:81:68:bb:1b:42:36:6d:66:f5:ba:96:5a:eb:53:4b:
         15:ba:3a:7a:e5:3c:e7:1d:46:3e:e2:e2:f8:37:21:58:08:e3:
         8c:80:b1:ac:75:1d:a6:e9:d7:8d:54:3c:a8:84:b6:a6:53:ca:
         c9:b1:e4:69:c1:fe:43:3b:46:db:5b:a1:21:cc:82:61:b9:32:
         59:86:16:30:15:99:13:98:71:35:8d:d3:56:5d:bb:5e:ef:8e:
         12:6e:00:12:3c:80:48:1a:0f:80:55:f4:77:00:18:8e:26:d6:
         cc:8c:e3:0c:16:ab:22:4f:6a:41:a1:93:a0:78:a0:30:df:73:
         50:2d:7f:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3s5t0kX/a4NfXF3zfkyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOWIwMTYzZWVlOWU3OTJhYWExNmI3ZDUxMDVkMzQ3MjEx
ZjMxMjMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDY3NzliZTNlODFkZDcwOWIzMjgyZTIyNzBlYWE5NDM1M2RlOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF13Z6MC6qc4UkUAWx+cDd+nBjcq
lSQKPBD+ehG77jbGVk/ROmxQNyWlls8Sdl7rwnAcOkSdRE4JTzY7DtaKFtE+HoDA
51XmcAu9jPoZuV7500SF5fODHwTGA7Ie2Pwdw1P1CzL4FNGg0XPQj8IlTx6XypGf
amY+aDTPzsGfNt9NX7QVxPeFPTPpynwjofhyB8RuDS9B0I6Z6lvC/Bdyum2bQj0C
LmeDLNIJCk3mvc93rad+Mo37Zb4kMMtpAzdkB+JY42Ee26fkC8aq7r0W3v9DYddy
eMsWxnGYHvtg9tumc25FfEEpLpcP3z0sYpJVz/1T49S+8R4OebZDHHiOaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJBneb4+gd1wmzKC4icOqpQ1PemCMB8GA1UdIwQY
MBaAFIubAWPu6eeSqqFrfVEF00chHzEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVzQlktN3A1NUtxb1d0OVVRWFRSeUVmTVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yYjgwMGUtNjk1My00MDA5LWIxOTUt
NDFiMjY2MDdiZjM2LzEva0dkNXZqNkIzWENiTW9MaUp3NnFsRFU5NllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yYjgwMGUtNjk1My00MDA5LWIxOTUtNDFiMjY2MDdiZjM2
LzEvaTVzQlktN3A1NUtxb1d0OVVRWFRSeUVmTVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAue2wMA0E
AgACMAcDBQMqDBuAMA0GCSqGSIb3DQEBCwUAA4IBAQDV34x5OKXgfhuJ61TGzCnR
vpRuFXV49hAAO5XUsMzEGTn1AqvgtR3R26mAlxdkt52Wi9jBp+B1hJ6Besq3ZhOi
cd8RhAz0EV/oTKPtFot4xOxfEYS54koRdghEIfnZ5fgcIVCjBjNcR9+rjjyBP6J/
XcT3o0ZR55zOYK4NMkwZl3qBaLsbQjZtZvW6llrrU0sVujp65TznHUY+4uL4NyFY
COOMgLGsdR2m6deNVDyohLamU8rJseRpwf5DO0bbW6EhzIJhuTJZhhYwFZkTmHE1
jdNWXbte744SbgASPIBIGg+AVfR3ABiOJtbMjOMMFqsiT2pBoZOgeKAw33NQLX/f
-----END CERTIFICATE-----