Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/06qSC5z-wufAcMKAS9cpcamZlgs.roa
File:                     06qSC5z-wufAcMKAS9cpcamZlgs.roa (raw, json)
Hash identifier:          sacbpgcPog8FHq/TN5YtCBj9ayn+2Z1n7rttcBVJ+K4=
Subject key identifier:   D3:AA:92:0B:9C:FE:C2:E7:C0:70:C2:80:4B:D7:29:71:A9:99:96:0B
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       018CC64B83721917316964E5FDEFEFF3E246
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/06qSC5z-wufAcMKAS9cpcamZlgs.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        185.134.120.0/24 maxlen: 32
                          83.217.10.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:72:19:17:31:69:64:e5:fd:ef:ef:f3:e2:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3aa920b9cfec2e7c070c2804bd72971a999960b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b5:d4:1e:6f:ae:62:d1:7b:e8:1c:cc:c7:5f:
                    54:37:b7:68:15:d6:f6:ca:f7:e8:76:d6:d3:15:73:
                    fc:23:26:a9:84:59:c9:77:c6:45:39:4a:a9:3a:e3:
                    6e:3f:bf:ee:8d:79:eb:56:a3:bc:1e:f5:87:d0:11:
                    55:77:45:74:35:29:c5:d6:4f:97:ee:f3:4d:43:93:
                    e3:ce:4a:77:ba:5a:d7:f7:15:20:80:ee:0d:aa:36:
                    92:8d:45:9a:07:54:11:47:89:9f:9b:6d:6f:36:08:
                    09:eb:e9:35:c2:13:e8:a2:e6:79:aa:7a:2f:db:e0:
                    be:9a:95:3e:60:78:33:46:19:d9:64:cd:68:60:98:
                    e7:4b:86:b0:ff:d1:80:9d:39:60:76:8f:5d:4c:5d:
                    bf:54:37:08:4b:ac:4e:97:44:67:5c:ca:e4:b6:42:
                    74:cd:b8:00:9b:48:a0:dc:48:f0:87:0a:fb:54:81:
                    73:71:73:9c:02:d0:06:b3:c7:12:3e:eb:63:ba:de:
                    83:d4:24:3c:ad:65:5b:03:46:37:c5:1a:8a:dc:ee:
                    ab:1a:95:25:4e:16:e7:27:d7:50:29:e8:ae:ba:01:
                    f0:4b:05:3d:9c:d3:b7:62:4c:eb:9a:4d:76:99:29:
                    b3:bd:a2:10:db:d0:b5:eb:ba:61:58:c0:be:6f:95:
                    38:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:AA:92:0B:9C:FE:C2:E7:C0:70:C2:80:4B:D7:29:71:A9:99:96:0B
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/06qSC5z-wufAcMKAS9cpcamZlgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.10.0/24
                  185.134.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:11:03:ec:e8:ad:f2:e8:c4:ee:8a:43:09:f9:0e:6e:83:26:
         25:4c:51:eb:23:13:ec:28:48:ca:90:87:57:0c:2a:fd:61:55:
         26:20:b1:7b:34:b2:15:c4:ac:4d:52:11:44:56:dd:46:3d:04:
         d5:d4:ec:3e:22:af:03:fb:eb:99:a2:53:48:9f:d5:e0:b1:21:
         40:3f:35:1f:c6:17:8a:f7:31:56:26:37:ee:ef:fc:53:61:18:
         af:65:96:35:fc:5d:bd:29:2b:c6:84:27:93:36:28:52:c7:e5:
         cb:5e:7c:34:e6:3f:a9:e6:94:ad:a1:53:d2:cf:05:e1:d2:86:
         29:05:f0:be:9f:dd:e9:86:80:aa:ef:6f:07:48:b7:4c:c6:e9:
         c2:74:0c:12:3c:a1:dc:25:3f:e7:40:c7:01:62:8d:8e:0c:cd:
         8d:69:6d:db:1c:ec:4d:f2:b2:aa:1d:58:18:c8:0f:3e:a2:f4:
         8a:89:81:4f:2f:08:15:f5:dc:a8:53:82:8f:64:9d:84:af:1d:
         1e:5b:a3:f5:92:20:57:c4:74:27:19:0a:72:2a:b2:21:a0:89:
         16:4b:f7:cd:06:88:df:c6:be:79:92:7a:b0:58:d7:e2:6c:48:
         51:16:cf:4f:02:ad:73:ee:92:6f:a6:71:6f:29:43:f2:df:8b:
         d9:70:ee:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4NyGRcxaWTl/e/v8+JGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2FhOTIwYjljZmVjMmU3YzA3MGMyODA0YmQ3Mjk3MWE5OTk5NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLXUHm+uYtF76BzMx19UN7doFdb2
yvfodtbTFXP8IyaphFnJd8ZFOUqpOuNuP7/ujXnrVqO8HvWH0BFVd0V0NSnF1k+X
7vNNQ5Pjzkp3ulrX9xUggO4NqjaSjUWaB1QRR4mfm21vNggJ6+k1whPoouZ5qnov
2+C+mpU+YHgzRhnZZM1oYJjnS4aw/9GAnTlgdo9dTF2/VDcIS6xOl0RnXMrktkJ0
zbgAm0ig3Ejwhwr7VIFzcXOcAtAGs8cSPutjut6D1CQ8rWVbA0Y3xRqK3O6rGpUl
ThbnJ9dQKeiuugHwSwU9nNO3Ykzrmk12mSmzvaIQ29C167phWMC+b5U4cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNOqkguc/sLnwHDCgEvXKXGpmZYLMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvMDZxU0M1ei13dWZBY01LQVM5Y3BjYW1abGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU9kKAwQA
uYZ4MA0GCSqGSIb3DQEBCwUAA4IBAQC0EQPs6K3y6MTuikMJ+Q5ugyYlTFHrIxPs
KEjKkIdXDCr9YVUmILF7NLIVxKxNUhFEVt1GPQTV1Ow+Iq8D++uZolNIn9XgsSFA
PzUfxheK9zFWJjfu7/xTYRivZZY1/F29KSvGhCeTNihSx+XLXnw05j+p5pStoVPS
zwXh0oYpBfC+n93phoCq728HSLdMxunCdAwSPKHcJT/nQMcBYo2ODM2NaW3bHOxN
8rKqHVgYyA8+ovSKiYFPLwgV9dyoU4KPZJ2Erx0eW6P1kiBXxHQnGQpyKrIhoIkW
S/fNBojfxr55knqwWNfibEhRFs9PAq1z7pJvpnFvKUPy34vZcO70
-----END CERTIFICATE-----