Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/d7-6yllUS8vN4jN78ehhIMzvWYo.roa
File:                     d7-6yllUS8vN4jN78ehhIMzvWYo.roa (raw, json)
Hash identifier:          2OZUQl9ww3KH8UYaFYbVtOSfH17OzSeg1ww1a5fTVEk=
Subject key identifier:   77:BF:BA:CA:59:54:4B:CB:CD:E2:33:7B:F1:E8:61:20:CC:EF:59:8A
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       018CC2DB205DAD76E30BA9E721B0AE52BF64
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/d7-6yllUS8vN4jN78ehhIMzvWYo.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        185.247.18.0/24 maxlen: 24
                          185.247.19.0/24 maxlen: 24
                          176.57.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:20:5d:ad:76:e3:0b:a9:e7:21:b0:ae:52:bf:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77bfbaca59544bcbcde2337bf1e86120ccef598a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:40:30:66:ec:14:6a:ec:0c:a0:6d:e2:53:b9:
                    75:50:ac:84:5a:01:f6:dc:7a:86:70:76:3a:81:bc:
                    67:af:db:d7:fb:38:69:5b:8d:61:4b:eb:59:8b:3b:
                    3e:82:ad:31:93:fc:2d:24:ec:ba:61:cd:22:b0:79:
                    10:4e:35:e3:56:11:f8:91:60:77:7a:87:0c:2b:19:
                    2d:f7:0c:7a:62:15:1f:c5:d4:1b:ab:49:04:97:f7:
                    a6:b3:72:46:59:79:8d:7b:e0:da:b2:7b:03:0d:e7:
                    50:bd:34:be:35:73:d6:7a:7d:bf:c7:07:81:ec:2d:
                    c4:e7:42:16:68:0b:65:52:bd:5b:12:4b:f1:e4:08:
                    d9:27:ea:a1:7f:68:b0:1b:68:49:2a:f5:ab:47:be:
                    cc:0b:2e:55:a2:dc:bb:87:8c:a1:a2:3b:23:0c:91:
                    98:e6:3b:73:7d:f8:b8:d7:50:5f:3c:38:ac:a7:35:
                    9f:df:c6:e6:68:ba:dc:15:11:d0:1d:8d:10:08:62:
                    9b:a2:47:bf:3a:43:8f:3c:17:b6:53:9a:fa:44:2e:
                    c1:d9:e5:63:83:55:9a:80:2b:52:a5:a4:41:23:dd:
                    ae:76:5c:5e:93:0b:0e:85:f0:75:b3:a4:fc:d1:43:
                    d4:19:a9:99:b0:19:4b:f6:f3:1f:21:3e:76:c2:a6:
                    0f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BF:BA:CA:59:54:4B:CB:CD:E2:33:7B:F1:E8:61:20:CC:EF:59:8A
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/d7-6yllUS8vN4jN78ehhIMzvWYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.212.0/24
                  185.247.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:4f:fe:e6:a6:19:50:44:37:5b:d1:f4:f7:c9:06:1d:56:63:
         cf:40:79:7d:05:bb:b6:ee:a5:6a:2d:c4:ba:61:fa:5f:79:dd:
         da:9e:44:86:01:dc:6c:e7:d3:7f:98:df:ed:85:37:ab:e9:8b:
         89:56:fa:61:04:f8:74:df:d7:3b:bb:8e:da:cf:92:60:77:2b:
         e3:47:29:fe:cb:af:98:49:84:3c:74:88:d8:c1:82:da:84:b2:
         be:8f:60:87:31:91:5f:e1:09:fa:76:20:1d:ad:6f:a4:d9:80:
         fc:1c:2d:aa:0f:a9:9c:e9:e8:5a:a6:7a:c1:a3:b6:6a:26:a3:
         19:2c:0c:d7:ad:b7:76:d8:c3:f5:b1:6f:11:1e:18:74:3d:15:
         0e:cf:c0:d4:2b:d0:20:5a:e4:f3:dd:bb:f6:f0:65:d1:82:c6:
         61:df:91:54:90:0d:f6:37:12:26:c0:cf:3a:0c:c5:ff:de:fb:
         a0:e9:84:06:2f:b4:ab:d5:2d:38:cf:af:52:9e:6e:d8:bf:8e:
         a0:db:96:52:8e:3d:84:11:c0:f3:62:3d:3e:fc:d5:97:1b:a9:
         a2:2e:3e:b7:65:4d:88:4f:55:78:de:ff:fe:78:b3:e0:cd:ee:
         5f:1b:da:68:f9:e6:38:7a:be:d2:9b:94:4b:e4:99:78:72:75:
         9d:35:56:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2yBdrXbjC6nnIbCuUr9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2JmYmFjYTU5NTQ0YmNiY2RlMjMzN2JmMWU4NjEyMGNjZWY1OThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEAwZuwUauwMoG3iU7l1UKyEWgH2
3HqGcHY6gbxnr9vX+zhpW41hS+tZizs+gq0xk/wtJOy6Yc0isHkQTjXjVhH4kWB3
eocMKxkt9wx6YhUfxdQbq0kEl/ems3JGWXmNe+DasnsDDedQvTS+NXPWen2/xweB
7C3E50IWaAtlUr1bEkvx5AjZJ+qhf2iwG2hJKvWrR77MCy5Voty7h4yhojsjDJGY
5jtzffi411BfPDispzWf38bmaLrcFRHQHY0QCGKboke/OkOPPBe2U5r6RC7B2eVj
g1WagCtSpaRBI92udlxekwsOhfB1s6T80UPUGamZsBlL9vMfIT52wqYPMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHe/uspZVEvLzeIze/HoYSDM71mKMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvZDctNnlsbFVTOHZONGpONzhlaGhJTXp2V1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsDnUAwQB
ufcSMA0GCSqGSIb3DQEBCwUAA4IBAQCmT/7mphlQRDdb0fT3yQYdVmPPQHl9Bbu2
7qVqLcS6Yfpfed3ankSGAdxs59N/mN/thTer6YuJVvphBPh039c7u47az5Jgdyvj
Ryn+y6+YSYQ8dIjYwYLahLK+j2CHMZFf4Qn6diAdrW+k2YD8HC2qD6mc6ehapnrB
o7ZqJqMZLAzXrbd22MP1sW8RHhh0PRUOz8DUK9AgWuTz3bv28GXRgsZh35FUkA32
NxImwM86DMX/3vug6YQGL7Sr1S04z69Snm7Yv46g25ZSjj2EEcDzYj0+/NWXG6mi
Lj63ZU2IT1V43v/+eLPgze5fG9po+eY4er7Sm5RL5Jl4cnWdNVZC
-----END CERTIFICATE-----