Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/XAy_ofcAvnQkaEcULMh_zhoUVCg.roa
File:                     XAy_ofcAvnQkaEcULMh_zhoUVCg.roa (raw, json)
Hash identifier:          LjZl2Qe5BQnsWFUVqq7DKQUnCgrFNrfO4KH7NwP0nV8=
Subject key identifier:   5C:0C:BF:A1:F7:00:BE:74:24:68:47:14:2C:C8:7F:CE:1A:14:54:28
Certificate issuer:       /CN=4c403bc60b4a13c3daa3411ac923c6372d423eb8
Certificate serial:       018CC64A7078293A5C05E2D554CFE590E17D
Authority key identifier: 4C:40:3B:C6:0B:4A:13:C3:DA:A3:41:1A:C9:23:C6:37:2D:42:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/XAy_ofcAvnQkaEcULMh_zhoUVCg.roa
Signing time:             Mon 01 Jan 2024 18:30:16 +0000
ROA not before:           Mon 01 Jan 2024 18:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        185.36.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:70:78:29:3a:5c:05:e2:d5:54:cf:e5:90:e1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c403bc60b4a13c3daa3411ac923c6372d423eb8
        Validity
            Not Before: Jan  1 18:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c0cbfa1f700be74246847142cc87fce1a145428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b1:93:bb:c0:4d:b9:33:2a:d9:12:fa:4e:83:
                    79:95:e0:8e:8c:2f:b4:02:76:ef:fa:f2:0a:a9:e9:
                    ce:f9:76:9a:6a:80:d6:6e:60:b0:14:a8:f6:78:ab:
                    43:46:aa:46:be:75:de:a3:e1:b2:b7:fc:43:87:60:
                    a5:fd:52:d7:6d:3b:c1:f7:27:c2:91:5c:14:2b:93:
                    03:95:d5:4c:0b:2e:23:dd:ff:a5:4c:a4:b8:89:ab:
                    28:27:d6:a8:d0:8c:44:32:2f:42:aa:97:f5:d7:95:
                    7a:cf:b0:b8:10:9b:79:fb:ef:7a:41:53:d5:bc:77:
                    ae:66:ab:e5:97:f9:46:ed:e2:88:3d:78:99:8d:b3:
                    6a:09:d2:bd:89:06:f7:2b:a9:06:bf:16:13:f4:b2:
                    21:e0:7a:4d:78:a5:7e:52:14:2e:01:d4:2c:b0:f3:
                    cb:24:a0:fc:53:a1:af:c9:27:b0:67:c3:15:fb:6e:
                    bf:14:02:ce:61:06:f8:c7:97:d5:c2:7c:24:cd:04:
                    bd:5a:68:a7:8b:70:7b:23:91:44:27:d5:7f:e3:60:
                    40:fb:e6:fe:a8:93:3c:f5:cd:d2:32:fe:f5:a8:41:
                    33:d4:49:2a:a9:27:7b:88:b0:cd:eb:7e:a2:16:c4:
                    b8:75:8f:0e:db:7c:d6:8a:f9:37:20:26:56:1a:27:
                    bc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0C:BF:A1:F7:00:BE:74:24:68:47:14:2C:C8:7F:CE:1A:14:54:28
            X509v3 Authority Key Identifier:
                keyid:4C:40:3B:C6:0B:4A:13:C3:DA:A3:41:1A:C9:23:C6:37:2D:42:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TEA7xgtKE8Pao0EaySPGNy1CPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/XAy_ofcAvnQkaEcULMh_zhoUVCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/08b9c4-0afd-4876-9ef7-2e84b8d18e4e/1/TEA7xgtKE8Pao0EaySPGNy1CPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:7a:a0:c2:a0:c5:3a:59:cd:57:79:b1:dc:79:00:6d:b2:9d:
         44:4d:c7:ec:4e:f4:d9:60:76:0c:d3:d7:e0:5f:1c:00:53:65:
         af:78:2a:1a:ad:e5:20:89:09:1f:41:af:3b:3f:8b:19:60:6e:
         a0:0e:a4:70:96:08:05:a4:c7:85:89:97:15:f4:87:e1:07:cc:
         a0:e4:6b:db:b6:06:d1:c4:2d:7f:ef:e5:3b:60:20:be:f7:cb:
         e5:1e:f7:54:5c:3b:27:e9:ad:4d:a1:f1:8a:d7:a9:ec:20:87:
         5a:a9:7f:f7:92:b4:e3:a9:62:b2:4e:06:19:69:9d:f0:72:d3:
         d0:90:b1:ed:03:ff:f7:47:58:0b:66:b8:c7:1e:3b:7b:f7:cb:
         61:9e:f9:55:0d:49:e3:8c:3e:b7:58:7a:7f:cb:d8:0a:4d:f5:
         ba:7b:28:cb:85:12:5d:b8:0c:fa:6f:45:7c:81:d7:7f:2b:e3:
         3b:61:e9:c1:1e:9e:92:37:e3:18:ee:25:47:3a:54:6e:ee:de:
         87:74:d3:f0:f0:18:d4:f0:de:06:14:84:ad:7a:08:60:ca:5d:
         42:57:99:dd:2d:44:65:2a:ef:9d:60:95:ee:c8:14:d6:7c:8c:
         e8:19:bd:ca:de:ec:7c:e4:a9:3d:6c:3b:a7:90:e3:3b:91:41:
         c5:f0:f2:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnB4KTpcBeLVVM/lkOF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNDAzYmM2MGI0YTEzYzNkYWEzNDExYWM5MjNjNjM3MmQ0
MjNlYjgwHhcNMjQwMTAxMTgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBjYmZhMWY3MDBiZTc0MjQ2ODQ3MTQyY2M4N2ZjZTFhMTQ1NDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bGTu8BNuTMq2RL6ToN5leCOjC+0
Anbv+vIKqenO+XaaaoDWbmCwFKj2eKtDRqpGvnXeo+Gyt/xDh2Cl/VLXbTvB9yfC
kVwUK5MDldVMCy4j3f+lTKS4iasoJ9ao0IxEMi9Cqpf115V6z7C4EJt5++96QVPV
vHeuZqvll/lG7eKIPXiZjbNqCdK9iQb3K6kGvxYT9LIh4HpNeKV+UhQuAdQssPPL
JKD8U6GvySewZ8MV+26/FALOYQb4x5fVwnwkzQS9Wmini3B7I5FEJ9V/42BA++b+
qJM89c3SMv71qEEz1EkqqSd7iLDN636iFsS4dY8O23zWivk3ICZWGie8cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwMv6H3AL50JGhHFCzIf84aFFQoMB8GA1UdIwQY
MBaAFExAO8YLShPD2qNBGskjxjctQj64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEVBN3hndEtFOFBhbzBFYXlTUEdOeTFDUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8wOGI5YzQtMGFmZC00ODc2LTllZjct
MmU4NGI4ZDE4ZTRlLzEvWEF5X29mY0F2blFrYUVjVUxNaF96aG9VVkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8wOGI5YzQtMGFmZC00ODc2LTllZjctMmU4NGI4ZDE4ZTRl
LzEvVEVBN3hndEtFOFBhbzBFYXlTUEdOeTFDUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSQpMA0G
CSqGSIb3DQEBCwUAA4IBAQBweqDCoMU6Wc1XebHceQBtsp1ETcfsTvTZYHYM09fg
XxwAU2WveCoareUgiQkfQa87P4sZYG6gDqRwlggFpMeFiZcV9IfhB8yg5GvbtgbR
xC1/7+U7YCC+98vlHvdUXDsn6a1NofGK16nsIIdaqX/3krTjqWKyTgYZaZ3wctPQ
kLHtA//3R1gLZrjHHjt798thnvlVDUnjjD63WHp/y9gKTfW6eyjLhRJduAz6b0V8
gdd/K+M7YenBHp6SN+MY7iVHOlRu7t6HdNPw8BjU8N4GFISteghgyl1CV5ndLURl
Ku+dYJXuyBTWfIzoGb3K3ux85Kk9bDunkOM7kUHF8PIS
-----END CERTIFICATE-----