Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/tU7fzsrGeOPK4_CPJgJsDWm-cvc.roa
File:                     tU7fzsrGeOPK4_CPJgJsDWm-cvc.roa (raw, json)
Hash identifier:          tCeJWeHsI+K+JtrgqnRJ75OdYTkfVXxt4+VjaF53sNc=
Subject key identifier:   B5:4E:DF:CE:CA:C6:78:E3:CA:E3:F0:8F:26:02:6C:0D:69:BE:72:F7
Certificate issuer:       /CN=9b129de9eba6b47516f0a155734205abbb98b7c2
Certificate serial:       018CC6B914208EC8A4CF488A1031014D2804
Authority key identifier: 9B:12:9D:E9:EB:A6:B4:75:16:F0:A1:55:73:42:05:AB:BB:98:B7:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/tU7fzsrGeOPK4_CPJgJsDWm-cvc.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205732
IP address blocks:        185.208.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:14:20:8e:c8:a4:cf:48:8a:10:31:01:4d:28:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b129de9eba6b47516f0a155734205abbb98b7c2
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b54edfcecac678e3cae3f08f26026c0d69be72f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f2:ea:7d:ad:97:70:99:34:c0:fe:04:a3:8d:
                    05:7d:94:c9:c0:e9:b4:2d:e3:2d:eb:e8:f1:2b:07:
                    1a:4a:90:8e:d3:93:98:ba:46:8d:bf:eb:36:bd:e8:
                    06:95:9e:a7:50:07:68:9b:e3:39:8e:d8:7f:c3:c8:
                    ba:41:f4:12:2f:37:1e:68:6b:86:2b:30:91:ed:e2:
                    07:b7:7f:54:d3:01:60:93:2a:74:72:57:43:2a:4f:
                    a9:d7:a3:0c:72:2c:cd:95:40:bd:c5:72:26:1b:74:
                    4b:f4:ac:2a:60:77:8f:55:62:8a:2e:d7:0a:a9:8d:
                    ae:20:f0:42:b3:2c:12:86:20:9a:06:b0:f0:78:4f:
                    ce:e6:84:84:ef:14:9a:66:3f:e8:6f:59:c3:00:53:
                    d6:3f:ed:c4:9f:8a:b9:6f:e4:d0:46:90:61:d2:77:
                    5d:8c:49:a4:40:06:a1:0a:6f:c7:72:65:30:6e:06:
                    f8:37:82:07:92:90:f4:dc:fd:ef:18:27:f0:8a:ba:
                    26:7a:ba:49:f0:20:2e:f9:83:91:6b:cc:da:34:b4:
                    eb:bc:16:52:0d:78:95:ee:f5:04:bd:01:54:00:5d:
                    10:b5:ef:12:ec:02:5d:50:d7:f5:2c:f1:42:49:ed:
                    35:d0:7f:32:54:fd:13:e3:0f:dc:79:d0:b0:85:0b:
                    f0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:4E:DF:CE:CA:C6:78:E3:CA:E3:F0:8F:26:02:6C:0D:69:BE:72:F7
            X509v3 Authority Key Identifier:
                keyid:9B:12:9D:E9:EB:A6:B4:75:16:F0:A1:55:73:42:05:AB:BB:98:B7:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxKd6eumtHUW8KFVc0IFq7uYt8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/tU7fzsrGeOPK4_CPJgJsDWm-cvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/5b373e-d314-4459-b858-cf1d1f007a36/1/mxKd6eumtHUW8KFVc0IFq7uYt8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a9:02:ea:8e:b8:2f:85:82:38:7a:aa:94:42:36:29:98:69:
         21:31:c2:2b:fd:bb:76:c9:ea:50:04:fa:54:08:e7:2f:f3:36:
         d7:d7:73:73:0a:3b:cd:ee:a9:db:b0:4e:2d:55:d8:d4:d6:70:
         00:43:94:ac:22:83:92:12:db:7b:66:6b:9f:3f:61:30:29:f0:
         7c:fc:40:a2:8e:37:82:5b:f3:35:7f:fb:96:f1:4e:30:cc:64:
         1c:30:39:f5:a0:ba:62:f1:d0:c0:84:b9:80:f9:78:55:30:d6:
         ea:b4:a7:9c:d2:b9:62:b8:83:ff:95:81:4b:60:4a:56:79:54:
         11:06:82:1b:a5:5f:a2:d4:5e:99:16:2c:b4:95:ad:07:55:1a:
         61:e0:56:e8:66:d9:b5:4d:41:be:4f:61:3e:13:cc:7a:1d:a0:
         7a:d4:5e:dc:09:bc:dc:57:24:d3:12:4a:14:07:78:19:5e:b4:
         bf:f6:52:d4:de:69:9c:d3:68:85:a9:4c:57:95:a3:28:9d:13:
         2a:ae:9e:15:09:c3:bd:91:0a:e4:e6:05:de:82:6b:18:61:bd:
         94:9c:b9:2f:bf:c0:8b:17:6a:eb:70:cc:4d:5f:38:03:45:f5:
         01:6b:9b:e1:10:9c:c0:e7:f3:0b:35:01:bd:5b:1d:ec:e0:6c:
         b8:19:23:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRQgjsikz0iKEDEBTSgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTI5ZGU5ZWJhNmI0NzUxNmYwYTE1NTczNDIwNWFiYmI5
OGI3YzIwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTRlZGZjZWNhYzY3OGUzY2FlM2YwOGYyNjAyNmMwZDY5YmU3MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPLqfa2XcJk0wP4Eo40FfZTJwOm0
LeMt6+jxKwcaSpCO05OYukaNv+s2vegGlZ6nUAdom+M5jth/w8i6QfQSLzceaGuG
KzCR7eIHt39U0wFgkyp0cldDKk+p16MMcizNlUC9xXImG3RL9KwqYHePVWKKLtcK
qY2uIPBCsywShiCaBrDweE/O5oSE7xSaZj/ob1nDAFPWP+3En4q5b+TQRpBh0ndd
jEmkQAahCm/HcmUwbgb4N4IHkpD03P3vGCfwiromerpJ8CAu+YORa8zaNLTrvBZS
DXiV7vUEvQFUAF0Qte8S7AJdUNf1LPFCSe010H8yVP0T4w/cedCwhQvwhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVO387KxnjjyuPwjyYCbA1pvnL3MB8GA1UdIwQY
MBaAFJsSnenrprR1FvChVXNCBau7mLfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhLZDZldW10SFVXOEtGVmMwSUZxN3VZdDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81YjM3M2UtZDMxNC00NDU5LWI4NTgt
Y2YxZDFmMDA3YTM2LzEvdFU3ZnpzckdlT1BLNF9DUEpnSnNEV20tY3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81YjM3M2UtZDMxNC00NDU5LWI4NTgtY2YxZDFmMDA3YTM2
LzEvbXhLZDZldW10SFVXOEtGVmMwSUZxN3VZdDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudBpMA0G
CSqGSIb3DQEBCwUAA4IBAQAGqQLqjrgvhYI4eqqUQjYpmGkhMcIr/bt2yepQBPpU
COcv8zbX13NzCjvN7qnbsE4tVdjU1nAAQ5SsIoOSEtt7ZmufP2EwKfB8/ECijjeC
W/M1f/uW8U4wzGQcMDn1oLpi8dDAhLmA+XhVMNbqtKec0rliuIP/lYFLYEpWeVQR
BoIbpV+i1F6ZFiy0la0HVRph4FboZtm1TUG+T2E+E8x6HaB61F7cCbzcVyTTEkoU
B3gZXrS/9lLU3mmc02iFqUxXlaMonRMqrp4VCcO9kQrk5gXegmsYYb2UnLkvv8CL
F2rrcMxNXzgDRfUBa5vhEJzA5/MLNQG9Wx3s4Gy4GSOa
-----END CERTIFICATE-----