Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/TB11murHrcaRhHlrPeUhmhi6in4.roa
File:                     TB11murHrcaRhHlrPeUhmhi6in4.roa (raw, json)
Hash identifier:          w+8IMO9RftvFS3I332mBIlzt6o6aCCz2fd4LotyAYFI=
Subject key identifier:   4C:1D:75:9A:EA:C7:AD:C6:91:84:79:6B:3D:E5:21:9A:18:BA:8A:7E
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       018CCA2BD93D09FCD98E3E61B5419262FCE6
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/TB11murHrcaRhHlrPeUhmhi6in4.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206382
IP address blocks:        185.186.130.0/23 maxlen: 23
                          185.186.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d9:3d:09:fc:d9:8e:3e:61:b5:41:92:62:fc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c1d759aeac7adc69184796b3de5219a18ba8a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:00:80:c1:78:5a:03:49:2f:29:78:3f:66:fd:
                    9f:6d:b5:c6:2a:c1:62:bb:56:34:88:b8:c8:80:3f:
                    34:b4:ff:b6:48:02:e3:26:83:9c:4e:9c:4e:20:0e:
                    9d:e7:ab:52:6c:ff:a9:48:e9:35:a1:e5:2c:30:f9:
                    17:d0:d3:a8:2d:bb:49:c5:01:15:8e:9a:9c:e1:9f:
                    2d:4c:3d:3b:8b:f9:88:c0:fe:aa:5d:cb:90:f3:0c:
                    fa:7c:32:f2:82:42:51:8f:f7:28:a1:e9:23:79:b0:
                    f5:1a:33:8b:cf:12:3f:5d:4d:44:77:26:a5:74:65:
                    28:73:5c:75:27:fe:77:36:f4:0c:72:98:6e:a5:53:
                    af:bc:d9:02:48:51:b8:53:c3:44:c9:c4:8d:ce:5b:
                    00:d5:1b:1a:74:a0:70:15:be:3f:5d:96:9b:ba:86:
                    06:34:9f:89:51:9b:63:09:63:f1:90:50:f5:9f:86:
                    d7:89:78:1e:8c:a2:ff:7c:22:55:17:2c:85:32:72:
                    da:1b:b2:1c:c4:54:3a:cc:b5:27:9d:82:20:d7:ac:
                    fc:9a:61:67:4b:b5:94:e1:e5:b5:bb:e6:78:a7:89:
                    4a:06:f1:dd:26:07:e5:27:39:2a:35:bc:5a:78:70:
                    1f:97:e1:c7:73:9b:7c:6d:ae:99:be:7f:60:93:16:
                    0a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1D:75:9A:EA:C7:AD:C6:91:84:79:6B:3D:E5:21:9A:18:BA:8A:7E
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/TB11murHrcaRhHlrPeUhmhi6in4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.129.0-185.186.131.255

    Signature Algorithm: sha256WithRSAEncryption
         88:50:24:7c:11:5a:ee:57:72:59:e8:73:98:e4:2a:7b:47:7e:
         e9:ac:8f:07:bc:4e:ae:97:c5:dd:5f:9e:e6:e4:46:aa:0e:5f:
         92:55:97:e1:48:11:1c:27:ce:1f:32:e8:fa:bc:2c:2f:ab:2f:
         16:f1:6e:92:f7:ac:1b:74:7b:f5:dd:a7:fb:bc:9f:fe:92:85:
         29:02:f1:65:ea:53:48:7c:ec:47:ec:85:c5:ff:e4:d9:c9:61:
         ee:4e:35:56:6c:01:34:35:0e:5c:fc:d6:4f:81:2d:05:7d:af:
         c6:a6:6a:d4:dc:d3:92:9f:bf:e0:a6:00:ed:cc:7f:0f:54:b8:
         3b:c4:3d:86:73:64:bc:ca:00:56:e3:ce:cc:db:0a:66:ed:fd:
         67:f6:0f:60:a4:34:1d:5c:f9:21:7b:5b:76:46:81:bd:e8:bb:
         69:b2:d0:63:c4:ac:68:a4:1a:c3:b3:29:65:f8:fc:3c:23:d6:
         42:6d:be:54:0f:44:9b:2c:56:86:5e:3b:3c:8a:79:e6:97:8d:
         38:85:b2:7c:cd:91:21:ca:9e:60:f1:64:ee:7d:c9:e9:02:f3:
         c8:ce:7a:cf:30:f8:2b:52:22:19:91:06:1e:99:5c:62:97:c5:
         53:b1:74:83:90:3b:1e:54:4c:e0:07:04:21:8d:8c:b7:60:0a:
         72:cf:0a:97
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKK9k9CfzZjj5htUGSYvzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFkNzU5YWVhYzdhZGM2OTE4NDc5NmIzZGU1MjE5YTE4YmE4YTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQCAwXhaA0kvKXg/Zv2fbbXGKsFi
u1Y0iLjIgD80tP+2SALjJoOcTpxOIA6d56tSbP+pSOk1oeUsMPkX0NOoLbtJxQEV
jpqc4Z8tTD07i/mIwP6qXcuQ8wz6fDLygkJRj/cooekjebD1GjOLzxI/XU1Edyal
dGUoc1x1J/53NvQMcphupVOvvNkCSFG4U8NEycSNzlsA1RsadKBwFb4/XZabuoYG
NJ+JUZtjCWPxkFD1n4bXiXgejKL/fCJVFyyFMnLaG7IcxFQ6zLUnnYIg16z8mmFn
S7WU4eW1u+Z4p4lKBvHdJgflJzkqNbxaeHAfl+HHc5t8ba6Zvn9gkxYK+QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEwddZrqx63GkYR5az3lIZoYuop+MB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvVEIxMW11ckhyY2FSaEhsclBlVWhtaGk2aW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5uoED
BAK5uoAwDQYJKoZIhvcNAQELBQADggEBAIhQJHwRWu5Xclnoc5jkKntHfumsjwe8
Tq6Xxd1fnubkRqoOX5JVl+FIERwnzh8y6Pq8LC+rLxbxbpL3rBt0e/Xdp/u8n/6S
hSkC8WXqU0h87EfshcX/5NnJYe5ONVZsATQ1Dlz81k+BLQV9r8amatTc05Kfv+Cm
AO3Mfw9UuDvEPYZzZLzKAFbjzszbCmbt/Wf2D2CkNB1c+SF7W3ZGgb3ou2my0GPE
rGikGsOzKWX4/Dwj1kJtvlQPRJssVoZeOzyKeeaXjTiFsnzNkSHKnmDxZO59yekC
88jOes8w+CtSIhmRBh6ZXGKXxVOxdIOQOx5UTOAHBCGNjLdgCnLPCpc=
-----END CERTIFICATE-----