Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/KYwcGAjfxYnsp_bTy-AWwKHEB_k.roa
File:                     KYwcGAjfxYnsp_bTy-AWwKHEB_k.roa (raw, json)
Hash identifier:          PN9FlS5v1JShactkdJEjMs7RzvDZg9NaKuIk9cKsh7k=
Subject key identifier:   29:8C:1C:18:08:DF:C5:89:EC:A7:F6:D3:CB:E0:16:C0:A1:C4:07:F9
Certificate issuer:       /CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
Certificate serial:       018CC6B7F79DEAB6B69D3377B67C8976D126
Authority key identifier: E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/KYwcGAjfxYnsp_bTy-AWwKHEB_k.roa
Signing time:             Mon 01 Jan 2024 20:29:54 +0000
ROA not before:           Mon 01 Jan 2024 20:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212036
IP address blocks:        185.226.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:f7:9d:ea:b6:b6:9d:33:77:b6:7c:89:76:d1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
        Validity
            Not Before: Jan  1 20:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=298c1c1808dfc589eca7f6d3cbe016c0a1c407f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4d:1f:46:2b:92:98:2d:01:ec:08:68:c0:87:
                    ed:15:df:32:dc:9d:d3:b1:f7:e3:88:91:22:9d:d0:
                    2a:63:e5:7a:74:e4:83:f3:e8:86:e3:c4:9f:c5:11:
                    04:e0:d8:8b:63:17:83:95:79:2e:bb:f5:26:d7:ca:
                    21:4a:89:db:91:4e:a3:ea:77:39:4b:c9:6a:60:7b:
                    d2:fd:ef:c3:a1:93:89:07:15:52:5f:c2:76:c0:8e:
                    cb:76:7d:35:38:f0:e0:c3:28:e9:92:8d:02:43:e7:
                    fb:39:31:94:c6:b1:aa:04:63:de:07:92:ef:ed:24:
                    f9:b1:49:85:5f:18:e7:0e:6c:ed:4b:f1:9f:9b:8a:
                    a0:30:5e:d8:29:34:63:a0:21:ab:cd:9a:ca:6e:c4:
                    b9:b4:94:30:3e:c9:11:d8:d3:25:b0:87:c8:66:8a:
                    2e:30:14:b6:8b:d3:9d:50:e3:cf:3e:0d:68:1d:3c:
                    b6:e9:ad:53:47:90:1e:ab:39:6e:18:b3:6c:00:78:
                    98:11:37:6e:d3:13:fd:41:a8:78:3a:80:a4:90:2d:
                    33:c5:fe:bc:9b:58:48:cd:f9:49:16:62:39:84:e0:
                    b4:d7:6c:14:51:d6:ca:9c:d7:af:0b:e8:bd:5d:43:
                    21:ec:f2:49:a6:42:a0:05:b9:fe:86:ff:38:81:ae:
                    de:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8C:1C:18:08:DF:C5:89:EC:A7:F6:D3:CB:E0:16:C0:A1:C4:07:F9
            X509v3 Authority Key Identifier:
                keyid:E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/KYwcGAjfxYnsp_bTy-AWwKHEB_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:e9:b1:a4:90:ce:3b:1f:0a:68:36:7c:f4:78:10:a4:09:0d:
         c0:3d:82:b0:48:05:17:d6:0f:b0:ff:5e:e5:a5:b4:38:9a:04:
         5b:2f:6e:64:0e:a3:35:29:b3:f9:28:f5:93:4e:cb:ec:cc:d7:
         bd:ad:e5:7c:fd:d3:ae:9e:4b:ba:9f:39:25:e7:05:e9:1c:49:
         f7:aa:39:8c:cf:13:20:6e:b1:c0:46:b8:0b:5b:1b:82:39:3a:
         d7:06:88:88:6a:ca:f4:e2:7a:93:7d:7f:f1:8e:24:87:d5:62:
         a9:98:4d:c1:e5:10:0d:24:8a:a8:97:25:9d:8a:ce:69:ed:f1:
         d4:bf:95:fa:22:bb:61:a8:e5:33:f6:75:ee:13:25:c5:a4:f0:
         c1:7d:82:48:4b:5d:47:0d:d1:49:7f:94:1e:20:fd:88:b7:1e:
         93:e3:9c:7b:ed:cc:74:a2:9c:68:4e:da:4e:aa:a3:d4:8a:5a:
         6b:eb:e9:66:9d:e0:d3:28:9f:77:c4:b4:d4:4e:4c:2d:9d:05:
         08:f1:c7:87:8c:17:aa:74:c6:1f:f8:30:ab:76:dd:6e:0a:49:
         09:ac:30:a5:3d:49:62:64:ba:35:cf:cc:9d:2a:03:62:e1:78:
         a8:3e:c9:0f:13:8a:a0:33:e2:61:f8:09:d9:f7:ca:a1:74:69:
         d9:d3:e1:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/ed6ra2nTN3tnyJdtEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjkxZGJhZmEzYThkZTA3MGIwNzAyMmRlOWFkZjc0MzQx
ZmI0ZjIwHhcNMjQwMTAxMjAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOThjMWMxODA4ZGZjNTg5ZWNhN2Y2ZDNjYmUwMTZjMGExYzQwN2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU0fRiuSmC0B7AhowIftFd8y3J3T
sffjiJEindAqY+V6dOSD8+iG48SfxREE4NiLYxeDlXkuu/Um18ohSonbkU6j6nc5
S8lqYHvS/e/DoZOJBxVSX8J2wI7Ldn01OPDgwyjpko0CQ+f7OTGUxrGqBGPeB5Lv
7ST5sUmFXxjnDmztS/Gfm4qgMF7YKTRjoCGrzZrKbsS5tJQwPskR2NMlsIfIZoou
MBS2i9OdUOPPPg1oHTy26a1TR5AeqzluGLNsAHiYETdu0xP9Qah4OoCkkC0zxf68
m1hIzflJFmI5hOC012wUUdbKnNevC+i9XUMh7PJJpkKgBbn+hv84ga7ezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmMHBgI38WJ7Kf208vgFsChxAf5MB8GA1UdIwQY
MBaAFOBpHbr6Oo3gcLBwIt6a33Q0H7TyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQt
ZmQ0OWViM2YxOWIxLzEvS1l3Y0dBamZ4WW5zcF9iVHktQVd3S0hFQl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQtZmQ0OWViM2YxOWIx
LzEvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueJhMA0G
CSqGSIb3DQEBCwUAA4IBAQBu6bGkkM47HwpoNnz0eBCkCQ3APYKwSAUX1g+w/17l
pbQ4mgRbL25kDqM1KbP5KPWTTsvszNe9reV8/dOunku6nzkl5wXpHEn3qjmMzxMg
brHARrgLWxuCOTrXBoiIasr04nqTfX/xjiSH1WKpmE3B5RANJIqolyWdis5p7fHU
v5X6IrthqOUz9nXuEyXFpPDBfYJIS11HDdFJf5QeIP2Itx6T45x77cx0opxoTtpO
qqPUilpr6+lmneDTKJ93xLTUTkwtnQUI8ceHjBeqdMYf+DCrdt1uCkkJrDClPUli
ZLo1z8ydKgNi4XioPskPE4qgM+Jh+AnZ98qhdGnZ0+H0
-----END CERTIFICATE-----