Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/y82bj7yPjubw2QDdXLWZ8xn_zjg.roa
File:                     y82bj7yPjubw2QDdXLWZ8xn_zjg.roa (raw, json)
Hash identifier:          l+DyYCFxsTaD5jUJFyFQgcvoEeuc9aX7yhsegqBMh/Q=
Subject key identifier:   CB:CD:9B:8F:BC:8F:8E:E6:F0:D9:00:DD:5C:B5:99:F3:19:FF:CE:38
Certificate issuer:       /CN=8ec1f7d0530682e1b68e3bfe5a8744ee51ad335d
Certificate serial:       018CC8015768547CE7D4ABE909C69E969AD1
Authority key identifier: 8E:C1:F7:D0:53:06:82:E1:B6:8E:3B:FE:5A:87:44:EE:51:AD:33:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jsH30FMGguG2jjv-WodE7lGtM10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/y82bj7yPjubw2QDdXLWZ8xn_zjg.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61956
IP address blocks:        185.47.120.0/22 maxlen: 22
                          185.47.122.0/23 maxlen: 23
                          2a01:8be0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/jsH30FMGguG2jjv-WodE7lGtM10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/jsH30FMGguG2jjv-WodE7lGtM10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jsH30FMGguG2jjv-WodE7lGtM10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:57:68:54:7c:e7:d4:ab:e9:09:c6:9e:96:9a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ec1f7d0530682e1b68e3bfe5a8744ee51ad335d
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbcd9b8fbc8f8ee6f0d900dd5cb599f319ffce38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:09:06:11:e8:e6:14:d4:51:91:0f:fe:5b:59:
                    d6:89:f9:5d:2c:5a:03:a1:69:4d:87:52:f1:a1:0d:
                    26:c3:a4:e5:af:17:09:94:7a:94:c3:54:37:b6:ef:
                    d7:b9:d7:f4:8a:b5:58:76:4d:24:0b:5a:55:1e:5c:
                    dc:f3:05:a6:75:03:f9:a6:7c:4f:c1:1b:f8:de:2e:
                    c2:58:f8:ca:c7:49:b8:d4:28:a6:43:d6:5f:da:53:
                    04:17:70:83:ae:d9:d8:37:d6:0f:0b:7d:de:eb:1b:
                    b0:c6:f3:40:b7:f4:22:1a:f3:25:d9:be:10:c8:9e:
                    ef:e5:55:a8:10:50:32:fc:de:ed:f9:0e:2e:78:13:
                    9d:6c:98:83:e9:bb:cd:a5:75:ce:b3:84:30:80:0e:
                    35:cd:2e:97:b6:75:66:f0:8c:86:59:0d:47:e2:80:
                    aa:6c:00:1c:76:b4:6c:2a:41:cf:d6:e4:d6:16:d0:
                    63:5f:b4:2e:a4:47:f5:3e:21:ef:ad:f3:1d:35:40:
                    b9:d7:fe:69:92:72:c9:fe:04:76:dd:0c:79:90:9e:
                    45:c1:f7:5c:a7:7f:63:96:3d:d8:da:0f:9d:bc:93:
                    89:fe:f4:c7:7a:79:ef:79:5a:b6:d7:78:a6:7e:8b:
                    95:b6:2e:6b:af:75:7f:b2:90:19:77:c4:d8:3a:b0:
                    41:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CD:9B:8F:BC:8F:8E:E6:F0:D9:00:DD:5C:B5:99:F3:19:FF:CE:38
            X509v3 Authority Key Identifier:
                keyid:8E:C1:F7:D0:53:06:82:E1:B6:8E:3B:FE:5A:87:44:EE:51:AD:33:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jsH30FMGguG2jjv-WodE7lGtM10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/y82bj7yPjubw2QDdXLWZ8xn_zjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/918a33-6766-4795-8573-aee698af68b7/1/jsH30FMGguG2jjv-WodE7lGtM10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.120.0/22
                IPv6:
                  2a01:8be0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d5:91:19:95:44:fa:b1:81:d4:cc:97:0f:5b:23:46:57:06:02:
         d0:20:0e:59:ef:c4:50:61:74:83:f2:e4:7e:f4:bf:e3:d4:b5:
         a2:05:38:f6:06:6f:27:26:a1:60:9d:d1:ec:f6:b7:bf:61:f1:
         f4:10:84:8e:be:0d:ff:29:e2:8a:bf:ad:67:55:12:e4:18:30:
         82:c7:25:67:c7:a7:3f:57:76:18:3a:8e:06:fd:83:f9:20:58:
         ef:79:0f:48:a0:41:e8:ce:ed:5a:5c:55:03:91:5b:da:04:96:
         5f:b2:81:e8:fe:2c:36:56:fc:e6:c5:1b:42:63:68:3f:01:df:
         75:91:f6:d8:30:06:54:14:ab:5e:aa:a6:93:36:0f:63:ff:ab:
         ab:19:b8:14:53:78:e6:be:cd:05:b8:30:2d:f7:c2:6e:37:0a:
         5b:15:9d:7c:89:42:f5:06:ff:23:9f:b2:c0:28:97:e4:f9:18:
         d4:a0:e6:e6:0f:bb:5e:93:bb:20:97:86:f0:a9:8b:3e:16:67:
         84:d1:60:ae:2c:6a:78:d5:89:02:4f:d3:76:a5:a4:38:09:d6:
         8a:4a:12:c5:b7:0c:61:9f:ca:3a:da:13:ef:3e:23:dd:c2:23:
         67:b3:0a:17:e8:1e:f9:6c:e8:02:64:aa:92:01:a8:fa:a7:5f:
         7a:54:10:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAVdoVHzn1KvpCcaelprRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYzFmN2QwNTMwNjgyZTFiNjhlM2JmZTVhODc0NGVlNTFh
ZDMzNWQwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNkOWI4ZmJjOGY4ZWU2ZjBkOTAwZGQ1Y2I1OTlmMzE5ZmZjZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAkGEejmFNRRkQ/+W1nWifldLFoD
oWlNh1LxoQ0mw6TlrxcJlHqUw1Q3tu/Xudf0irVYdk0kC1pVHlzc8wWmdQP5pnxP
wRv43i7CWPjKx0m41CimQ9Zf2lMEF3CDrtnYN9YPC33e6xuwxvNAt/QiGvMl2b4Q
yJ7v5VWoEFAy/N7t+Q4ueBOdbJiD6bvNpXXOs4QwgA41zS6XtnVm8IyGWQ1H4oCq
bAAcdrRsKkHP1uTWFtBjX7QupEf1PiHvrfMdNUC51/5pknLJ/gR23Qx5kJ5Fwfdc
p39jlj3Y2g+dvJOJ/vTHennveVq213imfouVti5rr3V/spAZd8TYOrBB3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMvNm4+8j47m8NkA3Vy1mfMZ/844MB8GA1UdIwQY
MBaAFI7B99BTBoLhto47/lqHRO5RrTNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanNIMzBGTUdndUcyamp2LVdvZEU3bEd0TTEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85MThhMzMtNjc2Ni00Nzk1LTg1NzMt
YWVlNjk4YWY2OGI3LzEveTgyYmo3eVBqdWJ3MlFEZFhMV1o4eG5fempnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85MThhMzMtNjc2Ni00Nzk1LTg1NzMtYWVlNjk4YWY2OGI3
LzEvanNIMzBGTUdndUcyamp2LVdvZEU3bEd0TTEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS94MA0E
AgACMAcDBQMqAYvgMA0GCSqGSIb3DQEBCwUAA4IBAQDVkRmVRPqxgdTMlw9bI0ZX
BgLQIA5Z78RQYXSD8uR+9L/j1LWiBTj2Bm8nJqFgndHs9re/YfH0EISOvg3/KeKK
v61nVRLkGDCCxyVnx6c/V3YYOo4G/YP5IFjveQ9IoEHozu1aXFUDkVvaBJZfsoHo
/iw2VvzmxRtCY2g/Ad91kfbYMAZUFKteqqaTNg9j/6urGbgUU3jmvs0FuDAt98Ju
NwpbFZ18iUL1Bv8jn7LAKJfk+RjUoObmD7tek7sgl4bwqYs+FmeE0WCuLGp41YkC
T9N2paQ4CdaKShLFtwxhn8o62hPvPiPdwiNnswoX6B75bOgCZKqSAaj6p196VBBO
-----END CERTIFICATE-----