Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/c86EWGmb8_g_XtI1fw0a5cUb3Kg.roa
File:                     c86EWGmb8_g_XtI1fw0a5cUb3Kg.roa (raw, json)
Hash identifier:          7cxjKcy0PbV7Bt35+rvvzzaLzJwpAUh9I+0vnxiQQ5U=
Subject key identifier:   73:CE:84:58:69:9B:F3:F8:3F:5E:D2:35:7F:0D:1A:E5:C5:1B:DC:A8
Certificate issuer:       /CN=c3358e5c4f80a8206ccc5103bf2ebe3a4e96a0f1
Certificate serial:       01905996E2E4020A92BE0529244473D0B44E
Authority key identifier: C3:35:8E:5C:4F:80:A8:20:6C:CC:51:03:BF:2E:BE:3A:4E:96:A0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wzWOXE-AqCBszFEDvy6-Ok6WoPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/c86EWGmb8_g_XtI1fw0a5cUb3Kg.roa
Signing time:             Thu 27 Jun 2024 12:06:18 +0000
ROA not before:           Thu 27 Jun 2024 12:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205276
IP address blocks:        185.172.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/wzWOXE-AqCBszFEDvy6-Ok6WoPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/wzWOXE-AqCBszFEDvy6-Ok6WoPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wzWOXE-AqCBszFEDvy6-Ok6WoPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:96:e2:e4:02:0a:92:be:05:29:24:44:73:d0:b4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3358e5c4f80a8206ccc5103bf2ebe3a4e96a0f1
        Validity
            Not Before: Jun 27 12:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73ce8458699bf3f83f5ed2357f0d1ae5c51bdca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7f:a4:f5:f0:db:42:b4:97:4e:fa:47:83:3a:
                    eb:63:64:2e:b7:fa:3b:39:a5:bb:ef:55:04:e2:9f:
                    cc:0b:94:25:2d:57:ee:21:93:cb:7d:2b:d4:42:31:
                    29:91:cb:61:90:a8:dc:ef:f8:06:3f:38:bd:73:6b:
                    a4:74:e9:dd:7c:0d:6e:a3:83:27:e6:2e:14:b9:c4:
                    37:64:1b:48:d4:5b:69:45:dc:7a:19:8e:84:ff:00:
                    22:73:4c:34:0d:35:af:38:92:be:a0:a0:46:76:53:
                    9e:45:5c:d1:7f:f5:84:da:51:3c:b4:cc:03:67:fb:
                    3a:05:3c:40:5c:a4:ac:03:5f:fb:61:df:31:96:66:
                    e5:bc:68:44:b7:6e:4d:26:d0:27:a3:b1:3e:44:23:
                    bd:b2:4a:4b:ac:af:bc:5e:50:e8:99:00:fe:1c:25:
                    08:fe:40:0d:4d:0b:0d:6f:85:ff:30:ec:bf:7b:1d:
                    08:a4:8a:bb:72:e4:46:1d:bd:49:43:7f:be:12:a8:
                    d9:38:01:e0:03:d9:56:81:43:11:93:c3:fa:c2:d1:
                    24:62:c5:45:b9:73:25:7a:cc:20:ef:60:4f:0a:f2:
                    ac:88:d2:af:85:26:5a:b8:bb:5b:f3:36:84:73:fc:
                    84:22:d6:3c:3d:fc:4e:3e:eb:3a:81:21:35:50:bd:
                    a1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:CE:84:58:69:9B:F3:F8:3F:5E:D2:35:7F:0D:1A:E5:C5:1B:DC:A8
            X509v3 Authority Key Identifier:
                keyid:C3:35:8E:5C:4F:80:A8:20:6C:CC:51:03:BF:2E:BE:3A:4E:96:A0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wzWOXE-AqCBszFEDvy6-Ok6WoPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/c86EWGmb8_g_XtI1fw0a5cUb3Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/650c41-7804-4a24-934e-0dba7fa6a403/1/wzWOXE-AqCBszFEDvy6-Ok6WoPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:b5:55:64:02:3d:e0:a1:c3:3f:cf:73:c4:59:fb:f8:b5:fd:
         23:72:d3:78:e2:d8:22:2f:ed:a4:3f:a8:06:a7:58:35:f7:65:
         9f:f1:c2:2d:c8:be:2c:ed:77:0a:80:14:8d:29:12:70:8a:34:
         f7:3c:2e:c4:00:54:c0:cf:be:7b:96:a3:52:59:ed:b3:98:46:
         34:c6:4d:1c:df:f4:2c:1e:7e:b5:e4:8a:ca:46:16:43:a4:3f:
         bf:7e:3f:83:86:36:e0:1f:e4:87:64:9b:49:1d:c6:21:81:8e:
         23:04:7d:c7:94:b5:ee:62:47:d6:8c:98:21:58:25:2a:69:10:
         a7:97:b7:ff:1e:28:28:1e:18:fa:8c:dd:b2:95:8a:b1:40:0e:
         bf:ae:cc:3a:78:32:4b:78:ae:e9:09:e6:56:88:a2:88:57:b8:
         ef:1a:53:28:9e:d7:6c:3c:ae:8b:88:e5:a5:19:8b:a0:b8:bd:
         b1:a3:d6:17:63:4c:36:be:50:8c:7d:84:74:91:ee:c3:a6:7c:
         d5:ea:5b:c4:7b:6d:6b:dc:48:bb:1a:cd:aa:3a:da:6a:4d:62:
         3b:41:f7:cd:e7:74:c2:50:d5:6e:53:76:49:3b:42:c4:53:53:
         8e:53:2b:d7:84:de:08:5a:e0:9c:82:05:d1:55:33:3e:77:cd:
         68:90:10:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBZluLkAgqSvgUpJERz0LROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMzU4ZTVjNGY4MGE4MjA2Y2NjNTEwM2JmMmViZTNhNGU5
NmEwZjEwHhcNMjQwNjI3MTIwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2NlODQ1ODY5OWJmM2Y4M2Y1ZWQyMzU3ZjBkMWFlNWM1MWJkY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH+k9fDbQrSXTvpHgzrrY2Qut/o7
OaW771UE4p/MC5QlLVfuIZPLfSvUQjEpkcthkKjc7/gGPzi9c2ukdOndfA1uo4Mn
5i4UucQ3ZBtI1FtpRdx6GY6E/wAic0w0DTWvOJK+oKBGdlOeRVzRf/WE2lE8tMwD
Z/s6BTxAXKSsA1/7Yd8xlmblvGhEt25NJtAno7E+RCO9skpLrK+8XlDomQD+HCUI
/kANTQsNb4X/MOy/ex0IpIq7cuRGHb1JQ3++EqjZOAHgA9lWgUMRk8P6wtEkYsVF
uXMleswg72BPCvKsiNKvhSZauLtb8zaEc/yEItY8PfxOPus6gSE1UL2hAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPOhFhpm/P4P17SNX8NGuXFG9yoMB8GA1UdIwQY
MBaAFMM1jlxPgKggbMxRA78uvjpOlqDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3pXT1hFLUFxQ0JzekZFRHZ5Ni1PazZXb1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82NTBjNDEtNzgwNC00YTI0LTkzNGUt
MGRiYTdmYTZhNDAzLzEvYzg2RVdHbWI4X2dfWHRJMWZ3MGE1Y1ViM0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82NTBjNDEtNzgwNC00YTI0LTkzNGUtMGRiYTdmYTZhNDAz
LzEvd3pXT1hFLUFxQ0JzekZFRHZ5Ni1PazZXb1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuazIMA0G
CSqGSIb3DQEBCwUAA4IBAQCftVVkAj3gocM/z3PEWfv4tf0jctN44tgiL+2kP6gG
p1g192Wf8cItyL4s7XcKgBSNKRJwijT3PC7EAFTAz757lqNSWe2zmEY0xk0c3/Qs
Hn615IrKRhZDpD+/fj+DhjbgH+SHZJtJHcYhgY4jBH3HlLXuYkfWjJghWCUqaRCn
l7f/HigoHhj6jN2ylYqxQA6/rsw6eDJLeK7pCeZWiKKIV7jvGlMontdsPK6LiOWl
GYuguL2xo9YXY0w2vlCMfYR0ke7DpnzV6lvEe21r3Ei7Gs2qOtpqTWI7QffN53TC
UNVuU3ZJO0LEU1OOUyvXhN4IWuCcggXRVTM+d81okBDH
-----END CERTIFICATE-----