Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/t9rcBJTVTRPNNBy1VJl3R2zSgVg.roa
File:                     t9rcBJTVTRPNNBy1VJl3R2zSgVg.roa (raw, json)
Hash identifier:          rzFOlVAG9zjz3zcXHyxYzcMPokVfi8+a/YWJZx0owHU=
Subject key identifier:   B7:DA:DC:04:94:D5:4D:13:CD:34:1C:B5:54:99:77:47:6C:D2:81:58
Certificate issuer:       /CN=9b1f123b5ba4bc1b7793b9e9fa1b43dac49a660a
Certificate serial:       018CC801EDF9C357A2B309300835DE61245E
Authority key identifier: 9B:1F:12:3B:5B:A4:BC:1B:77:93:B9:E9:FA:1B:43:DA:C4:9A:66:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mx8SO1ukvBt3k7np-htD2sSaZgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/t9rcBJTVTRPNNBy1VJl3R2zSgVg.roa
Signing time:             Tue 02 Jan 2024 02:30:18 +0000
ROA not before:           Tue 02 Jan 2024 02:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210655
IP address blocks:        185.130.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/mx8SO1ukvBt3k7np-htD2sSaZgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/mx8SO1ukvBt3k7np-htD2sSaZgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mx8SO1ukvBt3k7np-htD2sSaZgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ed:f9:c3:57:a2:b3:09:30:08:35:de:61:24:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b1f123b5ba4bc1b7793b9e9fa1b43dac49a660a
        Validity
            Not Before: Jan  2 02:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7dadc0494d54d13cd341cb5549977476cd28158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c7:5c:84:52:65:9b:78:c6:b8:60:2f:f2:1c:
                    3e:e2:bf:14:bd:7c:c6:99:a5:b0:e7:7b:88:b6:ee:
                    53:09:2d:cd:72:f5:63:94:07:35:f0:7e:db:52:89:
                    30:92:b8:13:68:37:97:fa:b6:0f:70:b0:1d:43:54:
                    15:ec:e0:3a:3c:ed:59:8a:aa:cf:66:b3:9e:92:3b:
                    5e:c3:1a:c1:12:d3:08:1b:9c:f7:e3:2c:a7:59:34:
                    3f:0a:ad:92:94:dc:32:6b:c6:b1:1b:50:f5:c0:05:
                    a2:2f:bc:a9:bf:af:2a:6f:9c:63:ba:f3:2c:e8:65:
                    fc:23:40:0d:8c:0f:1f:37:ee:b2:6c:dd:95:4b:25:
                    53:47:92:4e:64:f8:b3:54:f2:a4:c9:cb:e5:55:20:
                    36:f8:ba:e0:f4:eb:0b:be:5c:ca:2a:fa:07:24:55:
                    6a:28:6d:ee:31:e6:0e:30:bc:d2:28:1a:de:04:4c:
                    d6:88:c7:a1:8b:b1:3e:b2:b6:c0:c9:93:ea:e0:bf:
                    68:46:02:91:9a:00:89:8b:fe:81:a0:ee:c7:30:8d:
                    b8:2a:63:97:67:fb:00:d3:a2:54:1b:ee:b1:5a:ea:
                    88:93:fe:86:4d:30:77:9d:34:4d:38:e7:a9:0d:e2:
                    3c:36:56:b1:0b:d6:f6:4d:0b:05:b5:da:f5:9d:0b:
                    39:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:DA:DC:04:94:D5:4D:13:CD:34:1C:B5:54:99:77:47:6C:D2:81:58
            X509v3 Authority Key Identifier:
                keyid:9B:1F:12:3B:5B:A4:BC:1B:77:93:B9:E9:FA:1B:43:DA:C4:9A:66:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mx8SO1ukvBt3k7np-htD2sSaZgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/t9rcBJTVTRPNNBy1VJl3R2zSgVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/523eb8-3677-4c9f-b6bd-7c5e7e324530/1/mx8SO1ukvBt3k7np-htD2sSaZgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:b1:9e:9d:b3:b1:38:99:4d:32:cb:7f:c8:5e:f6:08:b8:1b:
         a4:22:20:62:55:42:bc:59:75:72:4c:be:71:ad:df:19:a5:86:
         4f:55:69:f5:5d:2d:70:b1:90:4b:af:57:82:ca:5a:3f:a4:87:
         7a:35:a5:af:25:22:cd:93:d2:ed:47:06:03:61:07:47:7b:ba:
         59:df:76:e2:d6:be:6e:4a:3f:12:56:4b:28:41:df:68:e2:ac:
         b7:95:ec:8e:a5:18:19:9d:e9:61:cd:28:da:94:39:44:43:21:
         c0:d6:7c:ca:5a:28:7c:2b:b3:e1:77:3f:4d:0b:75:27:a7:e6:
         40:fe:bb:4c:1b:30:d4:21:e7:3e:a4:5f:6c:64:e7:bd:f7:c5:
         49:7d:44:7d:04:32:a3:95:c6:54:eb:fc:6b:24:16:51:4b:b3:
         ad:d8:43:12:af:5d:37:70:80:69:0d:4e:e7:87:4a:08:03:d2:
         56:c0:77:58:ee:09:a8:ef:ae:fc:2e:a5:5f:d8:ee:e5:62:76:
         44:15:7a:a8:16:bb:79:03:04:b1:9a:d1:4c:39:a9:52:35:0c:
         47:38:0f:5b:23:e0:e4:c1:40:ca:ef:43:8b:d2:8a:22:26:aa:
         37:ff:80:08:96:62:9d:4c:e7:60:4f:78:0b:d0:ef:ca:83:14:
         b5:ee:d4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAe35w1eiswkwCDXeYSReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMWYxMjNiNWJhNGJjMWI3NzkzYjllOWZhMWI0M2RhYzQ5
YTY2MGEwHhcNMjQwMTAyMDIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2RhZGMwNDk0ZDU0ZDEzY2QzNDFjYjU1NDk5Nzc0NzZjZDI4MTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8dchFJlm3jGuGAv8hw+4r8UvXzG
maWw53uItu5TCS3NcvVjlAc18H7bUokwkrgTaDeX+rYPcLAdQ1QV7OA6PO1ZiqrP
ZrOekjtewxrBEtMIG5z34yynWTQ/Cq2SlNwya8axG1D1wAWiL7ypv68qb5xjuvMs
6GX8I0ANjA8fN+6ybN2VSyVTR5JOZPizVPKkycvlVSA2+Lrg9OsLvlzKKvoHJFVq
KG3uMeYOMLzSKBreBEzWiMehi7E+srbAyZPq4L9oRgKRmgCJi/6BoO7HMI24KmOX
Z/sA06JUG+6xWuqIk/6GTTB3nTRNOOepDeI8NlaxC9b2TQsFtdr1nQs54wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfa3ASU1U0TzTQctVSZd0ds0oFYMB8GA1UdIwQY
MBaAFJsfEjtbpLwbd5O56fobQ9rEmmYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXg4U08xdWt2QnQzazducC1odEQyc1NhWmdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81MjNlYjgtMzY3Ny00YzlmLWI2YmQt
N2M1ZTdlMzI0NTMwLzEvdDlyY0JKVFZUUlBOTkJ5MVZKbDNSMnpTZ1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81MjNlYjgtMzY3Ny00YzlmLWI2YmQtN2M1ZTdlMzI0NTMw
LzEvbXg4U08xdWt2QnQzazducC1odEQyc1NhWmdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYJaMA0G
CSqGSIb3DQEBCwUAA4IBAQC+sZ6ds7E4mU0yy3/IXvYIuBukIiBiVUK8WXVyTL5x
rd8ZpYZPVWn1XS1wsZBLr1eCylo/pId6NaWvJSLNk9LtRwYDYQdHe7pZ33bi1r5u
Sj8SVksoQd9o4qy3leyOpRgZnelhzSjalDlEQyHA1nzKWih8K7Phdz9NC3Unp+ZA
/rtMGzDUIec+pF9sZOe998VJfUR9BDKjlcZU6/xrJBZRS7Ot2EMSr103cIBpDU7n
h0oIA9JWwHdY7gmo7678LqVf2O7lYnZEFXqoFrt5AwSxmtFMOalSNQxHOA9bI+Dk
wUDK70OL0ooiJqo3/4AIlmKdTOdgT3gL0O/KgxS17tRv
-----END CERTIFICATE-----