Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/i8gjEzsGyQeCtDGC80jCNNsB1zQ.roa
File:                     i8gjEzsGyQeCtDGC80jCNNsB1zQ.roa (raw, json)
Hash identifier:          pT/cZ1HAiQhCCypmOvWafW6C0AgRfE5fV3gnB/lXqSg=
Subject key identifier:   8B:C8:23:13:3B:06:C9:07:82:B4:31:82:F3:48:C2:34:DB:01:D7:34
Certificate issuer:       /CN=9b6b7b3ea60efb4a579a4f5e237ea7a88d3bc078
Certificate serial:       018CC6B9319DE397D1D61393C88AB2F0C8EA
Authority key identifier: 9B:6B:7B:3E:A6:0E:FB:4A:57:9A:4F:5E:23:7E:A7:A8:8D:3B:C0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2t7PqYO-0pXmk9eI36nqI07wHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/i8gjEzsGyQeCtDGC80jCNNsB1zQ.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209964
IP address blocks:        185.6.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/m2t7PqYO-0pXmk9eI36nqI07wHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/m2t7PqYO-0pXmk9eI36nqI07wHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2t7PqYO-0pXmk9eI36nqI07wHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:31:9d:e3:97:d1:d6:13:93:c8:8a:b2:f0:c8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b6b7b3ea60efb4a579a4f5e237ea7a88d3bc078
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bc823133b06c90782b43182f348c234db01d734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:85:37:cd:b4:74:b5:fb:b2:75:a0:c8:57:d1:
                    1b:88:10:2d:94:1c:f0:b1:06:54:ff:84:31:4c:ad:
                    57:9a:c7:b5:e8:b1:51:29:65:85:4b:9c:9f:ea:69:
                    48:6b:50:02:3c:e8:b6:5a:aa:84:ce:ca:e8:69:e9:
                    cb:30:2a:1e:84:70:2a:bb:4f:ad:1c:ce:dd:84:56:
                    38:db:0c:36:9d:90:b6:0c:9e:65:8e:74:a8:3f:52:
                    cd:20:12:b2:1e:d1:45:6d:37:0b:45:ab:e9:b1:aa:
                    fd:a3:72:3f:15:2f:ab:c9:9d:c9:ee:74:07:6f:8e:
                    d7:13:eb:33:ee:1e:69:e1:b3:ed:9b:df:de:11:32:
                    fc:5c:67:fe:71:60:bc:4e:29:6a:d7:08:29:7b:82:
                    86:b5:3f:d9:a1:e5:fd:a6:47:84:91:31:7b:12:e8:
                    0f:ac:d7:f6:d7:49:b7:d0:02:42:b9:c0:f1:a9:51:
                    f0:e1:88:11:2f:70:34:b0:7f:ea:19:83:38:ea:24:
                    dd:b2:b2:07:c6:e5:75:36:a7:0c:d9:ee:7c:86:c4:
                    79:b8:f7:b5:ca:82:b8:60:21:a7:b9:89:f3:ca:16:
                    d3:45:eb:6f:3d:e9:dd:df:40:13:cd:8b:51:4a:b4:
                    60:c3:9d:4d:20:0c:a6:56:21:b4:94:eb:b8:57:2a:
                    67:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C8:23:13:3B:06:C9:07:82:B4:31:82:F3:48:C2:34:DB:01:D7:34
            X509v3 Authority Key Identifier:
                keyid:9B:6B:7B:3E:A6:0E:FB:4A:57:9A:4F:5E:23:7E:A7:A8:8D:3B:C0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2t7PqYO-0pXmk9eI36nqI07wHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/i8gjEzsGyQeCtDGC80jCNNsB1zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/e27d71-efbc-47ef-9840-e74d8d1d4e02/1/m2t7PqYO-0pXmk9eI36nqI07wHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:22:3a:5c:c9:27:c8:cb:a9:3d:cc:73:e6:85:e4:99:38:2b:
         a3:65:ba:9c:13:b7:37:19:97:99:61:c3:96:79:a2:26:cb:aa:
         72:e9:94:6f:ca:8d:32:95:6e:a9:d7:60:8f:85:ee:ed:8e:ae:
         ce:97:4a:f2:90:78:08:a1:69:82:7a:ca:8a:f9:9c:07:8c:32:
         b7:21:0f:fb:20:c4:cf:92:c9:5c:91:b5:2e:59:25:15:79:86:
         9f:24:4d:8f:d2:07:77:45:af:87:36:19:3e:af:5a:9d:81:f3:
         9b:fa:2c:14:2b:94:0e:f4:a6:60:81:7c:7b:e0:50:8c:43:be:
         a0:20:f4:b4:29:97:e0:b9:fb:b3:27:70:7b:e4:ff:49:07:70:
         71:87:33:a0:c4:1b:4f:c7:0d:28:b5:ab:53:8d:f1:75:dc:91:
         ec:b7:7a:c1:7e:42:a9:2f:f6:70:9a:d8:9e:32:b4:c5:a3:b0:
         52:33:9c:76:b8:97:43:42:38:81:9d:8c:f2:88:f1:b7:76:47:
         aa:d7:3e:5c:e7:5c:95:c7:9b:c3:75:ac:47:b0:fc:6c:be:84:
         58:82:c6:bf:24:0e:5c:40:24:fc:60:e3:05:8d:2b:42:7e:34:
         2b:66:9d:e3:1e:75:02:e2:cf:6e:04:9e:86:3c:a4:7d:a7:1c:
         40:65:71:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTGd45fR1hOTyIqy8MjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNmI3YjNlYTYwZWZiNGE1NzlhNGY1ZTIzN2VhN2E4OGQz
YmMwNzgwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmM4MjMxMzNiMDZjOTA3ODJiNDMxODJmMzQ4YzIzNGRiMDFkNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYU3zbR0tfuydaDIV9EbiBAtlBzw
sQZU/4QxTK1Xmse16LFRKWWFS5yf6mlIa1ACPOi2WqqEzsroaenLMCoehHAqu0+t
HM7dhFY42ww2nZC2DJ5ljnSoP1LNIBKyHtFFbTcLRavpsar9o3I/FS+ryZ3J7nQH
b47XE+sz7h5p4bPtm9/eETL8XGf+cWC8Tilq1wgpe4KGtT/ZoeX9pkeEkTF7EugP
rNf210m30AJCucDxqVHw4YgRL3A0sH/qGYM46iTdsrIHxuV1NqcM2e58hsR5uPe1
yoK4YCGnuYnzyhbTRetvPend30ATzYtRSrRgw51NIAymViG0lOu4VypnpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvIIxM7BskHgrQxgvNIwjTbAdc0MB8GA1UdIwQY
MBaAFJtrez6mDvtKV5pPXiN+p6iNO8B4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJ0N1BxWU8tMHBYbWs5ZUkzNm5xSTA3d0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lMjdkNzEtZWZiYy00N2VmLTk4NDAt
ZTc0ZDhkMWQ0ZTAyLzEvaThnakV6c0d5UWVDdERHQzgwakNOTnNCMXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lMjdkNzEtZWZiYy00N2VmLTk4NDAtZTc0ZDhkMWQ0ZTAy
LzEvbTJ0N1BxWU8tMHBYbWs5ZUkzNm5xSTA3d0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCeIjpcySfIy6k9zHPmheSZOCujZbqcE7c3GZeZYcOW
eaImy6py6ZRvyo0ylW6p12CPhe7tjq7Ol0rykHgIoWmCesqK+ZwHjDK3IQ/7IMTP
kslckbUuWSUVeYafJE2P0gd3Ra+HNhk+r1qdgfOb+iwUK5QO9KZggXx74FCMQ76g
IPS0KZfgufuzJ3B75P9JB3BxhzOgxBtPxw0otatTjfF13JHst3rBfkKpL/Zwmtie
MrTFo7BSM5x2uJdDQjiBnYzyiPG3dkeq1z5c51yVx5vDdaxHsPxsvoRYgsa/JA5c
QCT8YOMFjStCfjQrZp3jHnUC4s9uBJ6GPKR9pxxAZXE2
-----END CERTIFICATE-----