Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/bsDQwEI382LY-7BCZbYdX6bAeOo.roa
File:                     bsDQwEI382LY-7BCZbYdX6bAeOo.roa (raw, json)
Hash identifier:          9n5QRQY4ySpa9LCk8JK1RkbuP191wQ350bumvshxkw4=
Subject key identifier:   6E:C0:D0:C0:42:37:F3:62:D8:FB:B0:42:65:B6:1D:5F:A6:C0:78:EA
Certificate issuer:       /CN=a8d534ba3cb424cf5c5e3ba254ba2325080658b0
Certificate serial:       018CC3489641F486BFFD6FC54C2D5F0694A1
Authority key identifier: A8:D5:34:BA:3C:B4:24:CF:5C:5E:3B:A2:54:BA:23:25:08:06:58:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qNU0ujy0JM9cXjuiVLojJQgGWLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/bsDQwEI382LY-7BCZbYdX6bAeOo.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.171.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/qNU0ujy0JM9cXjuiVLojJQgGWLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/qNU0ujy0JM9cXjuiVLojJQgGWLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qNU0ujy0JM9cXjuiVLojJQgGWLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:96:41:f4:86:bf:fd:6f:c5:4c:2d:5f:06:94:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8d534ba3cb424cf5c5e3ba254ba2325080658b0
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ec0d0c04237f362d8fbb04265b61d5fa6c078ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:0e:08:5a:14:28:31:df:53:96:92:31:4a:
                    4c:d0:91:54:09:4e:76:2f:01:f3:06:13:e7:e2:cc:
                    c7:07:dd:44:f2:ec:1d:29:fa:c4:50:18:cf:a5:62:
                    44:0a:88:37:f9:00:de:d0:5a:96:b4:f2:9b:95:8e:
                    76:4d:df:e6:3f:5f:a6:78:c1:00:df:58:f0:f0:ae:
                    3e:d8:70:82:24:98:f6:b4:cf:8f:ca:89:4f:29:53:
                    98:bb:35:ee:91:b0:b6:d7:0e:b5:33:80:a3:ec:a8:
                    64:a1:6c:80:71:cb:ee:08:31:c6:c6:66:74:da:36:
                    a5:16:17:a7:a4:4a:d7:d8:be:6b:fc:bc:5b:8e:9c:
                    ac:ff:f7:ee:5f:41:c0:09:81:89:b5:9c:88:43:63:
                    3c:03:fe:25:dd:89:84:0e:8b:10:42:af:45:ad:25:
                    49:89:ed:18:bb:e9:13:d9:42:de:7c:58:f4:fc:77:
                    90:6b:f1:da:b4:62:95:d4:ac:d8:b2:17:38:99:9e:
                    92:58:6a:5f:b1:d5:7a:8a:97:69:f9:0f:3c:c6:ad:
                    af:db:6f:fe:1d:f2:bf:8e:47:af:3c:93:fb:59:d5:
                    d8:ea:7c:ea:2e:97:22:f8:01:2f:24:09:28:4b:44:
                    4d:17:4d:13:24:fc:34:aa:ea:d3:81:64:b1:9e:a1:
                    a4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C0:D0:C0:42:37:F3:62:D8:FB:B0:42:65:B6:1D:5F:A6:C0:78:EA
            X509v3 Authority Key Identifier:
                keyid:A8:D5:34:BA:3C:B4:24:CF:5C:5E:3B:A2:54:BA:23:25:08:06:58:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qNU0ujy0JM9cXjuiVLojJQgGWLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/bsDQwEI382LY-7BCZbYdX6bAeOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/73724a-1d0a-49c3-ac67-e77aed6f6e3a/1/qNU0ujy0JM9cXjuiVLojJQgGWLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:06:8d:01:d1:4a:45:c5:91:49:cf:75:fc:9f:20:6b:27:ea:
         bc:dd:95:fd:22:ad:e7:63:10:5c:7e:19:e4:cc:d8:8d:39:0f:
         e3:91:54:78:4c:92:e8:7f:28:70:75:a4:87:61:a2:91:44:de:
         e5:36:e0:12:0b:f9:af:c3:d0:d7:e7:5f:07:7d:a4:36:e9:1f:
         a3:b5:41:3d:49:0d:ae:cc:ce:c5:83:1c:34:51:42:9d:8c:93:
         f9:a0:61:7b:40:18:bb:43:23:21:a5:30:14:ee:01:8e:6e:fc:
         c6:c8:f7:97:bc:b2:cf:86:ff:e5:84:f1:3b:85:5e:c5:72:e0:
         3d:7b:cd:a3:28:87:80:fb:8a:07:63:ec:05:cd:cf:23:df:e9:
         25:09:59:0f:4d:84:06:07:48:ee:b8:7e:12:5b:92:54:7d:c7:
         03:b3:74:b8:5b:54:62:89:e0:d6:91:00:71:56:57:31:70:81:
         c9:77:ed:01:6b:8d:15:f2:ca:a5:8c:b8:75:fb:94:07:b8:1f:
         5a:d3:bd:45:9a:08:57:a4:ba:5d:ac:68:98:d3:19:eb:23:9f:
         58:c4:b9:35:e0:11:97:1e:21:be:a7:9e:6a:88:4b:6d:40:df:
         88:48:37:22:ce:fe:57:67:c5:a9:b5:e2:f9:b1:76:1e:a1:63:
         cc:aa:91:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJZB9Ia//W/FTC1fBpShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZDUzNGJhM2NiNDI0Y2Y1YzVlM2JhMjU0YmEyMzI1MDgw
NjU4YjAwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWMwZDBjMDQyMzdmMzYyZDhmYmIwNDI2NWI2MWQ1ZmE2YzA3OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiMOCFoUKDHfU5aSMUpM0JFUCU52
LwHzBhPn4szHB91E8uwdKfrEUBjPpWJECog3+QDe0FqWtPKblY52Td/mP1+meMEA
31jw8K4+2HCCJJj2tM+PyolPKVOYuzXukbC21w61M4Cj7KhkoWyAccvuCDHGxmZ0
2jalFhenpErX2L5r/Lxbjpys//fuX0HACYGJtZyIQ2M8A/4l3YmEDosQQq9FrSVJ
ie0Yu+kT2ULefFj0/HeQa/HatGKV1KzYshc4mZ6SWGpfsdV6ipdp+Q88xq2v22/+
HfK/jkevPJP7WdXY6nzqLpci+AEvJAkoS0RNF00TJPw0qurTgWSxnqGk9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7A0MBCN/Ni2PuwQmW2HV+mwHjqMB8GA1UdIwQY
MBaAFKjVNLo8tCTPXF47olS6IyUIBliwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5VMHVqeTBKTTljWGp1aVZMb2pKUWdHV0xBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83MzcyNGEtMWQwYS00OWMzLWFjNjct
ZTc3YWVkNmY2ZTNhLzEvYnNEUXdFSTM4MkxZLTdCQ1piWWRYNmJBZU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83MzcyNGEtMWQwYS00OWMzLWFjNjctZTc3YWVkNmY2ZTNh
LzEvcU5VMHVqeTBKTTljWGp1aVZMb2pKUWdHV0xBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuauhMA0G
CSqGSIb3DQEBCwUAA4IBAQByBo0B0UpFxZFJz3X8nyBrJ+q83ZX9Iq3nYxBcfhnk
zNiNOQ/jkVR4TJLofyhwdaSHYaKRRN7lNuASC/mvw9DX518HfaQ26R+jtUE9SQ2u
zM7Fgxw0UUKdjJP5oGF7QBi7QyMhpTAU7gGObvzGyPeXvLLPhv/lhPE7hV7FcuA9
e82jKIeA+4oHY+wFzc8j3+klCVkPTYQGB0juuH4SW5JUfccDs3S4W1RiieDWkQBx
VlcxcIHJd+0Ba40V8sqljLh1+5QHuB9a071FmghXpLpdrGiY0xnrI59YxLk14BGX
HiG+p55qiEttQN+ISDcizv5XZ8WpteL5sXYeoWPMqpHP
-----END CERTIFICATE-----