Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/bOtAZUIH1GBd3lCpABCup7nxc_k.roa
File:                     bOtAZUIH1GBd3lCpABCup7nxc_k.roa (raw, json)
Hash identifier:          gh1+bC/A5QA3t7702qpBdfmtxneA+2zZBc61JKd8M+M=
Subject key identifier:   6C:EB:40:65:42:07:D4:60:5D:DE:50:A9:00:10:AE:A7:B9:F1:73:F9
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCD7E907631B0B11C19340621C5BC4
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/bOtAZUIH1GBd3lCpABCup7nxc_k.roa
Signing time:             Mon 01 Jan 2024 16:30:33 +0000
ROA not before:           Mon 01 Jan 2024 16:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20940
IP address blocks:        185.225.251.0/24 maxlen: 24
                          185.225.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d7:e9:07:63:1b:0b:11:c1:93:40:62:1c:5b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ceb40654207d4605dde50a90010aea7b9f173f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e0:b3:7d:f1:e8:c3:66:9a:a1:32:5b:85:51:
                    71:18:e9:a6:bb:bb:e4:90:7b:65:2a:c8:00:c7:af:
                    73:11:95:b7:94:9b:51:e5:7a:19:0c:80:ed:ac:ea:
                    88:80:04:14:69:ac:72:f3:18:fa:e8:d0:df:06:72:
                    12:be:53:5b:e2:80:b1:db:d1:14:20:df:21:00:75:
                    0c:f8:18:d5:ce:25:22:59:70:2a:e8:cd:a3:f3:82:
                    db:76:2b:7c:ee:df:31:f6:ef:9c:01:9b:c0:bc:31:
                    eb:fb:07:fc:64:23:c6:fb:82:16:af:f9:7f:48:97:
                    4d:22:c0:bf:07:9d:69:75:6b:de:f0:55:b5:4f:c4:
                    a1:70:8f:ee:53:48:b5:56:14:3c:5e:ce:d5:d4:95:
                    87:a3:c5:e1:c9:1e:cd:95:fb:b4:79:26:b6:25:8d:
                    1c:21:cd:53:d8:54:2a:37:32:4b:e3:e0:f0:0f:6e:
                    08:9e:a8:a6:c9:10:ca:60:50:a5:d7:72:3b:8b:67:
                    88:40:3f:94:98:48:71:79:eb:48:d5:2f:8a:27:f7:
                    f1:65:46:96:e9:37:c1:5c:92:d5:57:60:cc:03:72:
                    ec:43:f0:c0:37:7d:f5:e1:f3:27:82:b6:db:5a:52:
                    8e:ba:00:f0:31:c9:41:86:ff:ce:32:df:db:79:4e:
                    d2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EB:40:65:42:07:D4:60:5D:DE:50:A9:00:10:AE:A7:B9:F1:73:F9
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/bOtAZUIH1GBd3lCpABCup7nxc_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:bf:4c:b8:46:b3:94:8c:f1:e0:72:44:66:64:0d:8e:59:6a:
         c3:86:5d:1e:bb:94:88:ec:87:c2:95:3c:7c:11:9a:c8:f0:cb:
         f3:e8:fb:16:9b:3c:25:16:6a:50:48:27:ad:47:35:91:b3:ae:
         db:7d:2e:ee:cf:6d:7f:ce:f3:8e:c0:d3:73:64:a5:32:d2:e4:
         f7:f6:aa:77:ea:f5:70:a7:2f:cf:17:db:45:2c:58:4f:3c:fc:
         16:b5:82:f3:1d:b7:ec:ac:9a:03:e9:5c:79:85:a9:fd:31:b0:
         62:a5:8c:35:6e:df:9f:69:0a:e2:f2:b2:25:31:cb:4c:8e:cc:
         ae:cd:f1:61:61:05:d7:88:95:c4:7d:67:3a:7b:42:9d:df:36:
         6e:17:51:3c:1e:1e:1a:c1:e0:74:b4:7d:eb:b8:5a:db:73:a5:
         bc:cb:e0:7d:84:c8:4d:e0:5b:6b:86:e9:86:9d:a5:e9:20:8d:
         c8:16:44:57:d0:21:7c:96:cb:0d:68:20:02:7f:9b:81:c3:11:
         65:67:06:e3:be:8f:27:b6:4b:7a:e4:af:c2:9b:fd:43:32:19:
         08:c0:1a:4a:a0:9d:d2:a9:3a:65:a5:85:1f:e0:73:dd:78:c4:
         0f:4d:bb:29:2a:c2:2e:5b:ad:a4:ba:b9:bc:53:ba:85:3c:7f:
         9d:31:8d:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NfpB2MbCxHBk0BiHFvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ViNDA2NTQyMDdkNDYwNWRkZTUwYTkwMDEwYWVhN2I5ZjE3M2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuCzffHow2aaoTJbhVFxGOmmu7vk
kHtlKsgAx69zEZW3lJtR5XoZDIDtrOqIgAQUaaxy8xj66NDfBnISvlNb4oCx29EU
IN8hAHUM+BjVziUiWXAq6M2j84Lbdit87t8x9u+cAZvAvDHr+wf8ZCPG+4IWr/l/
SJdNIsC/B51pdWve8FW1T8ShcI/uU0i1VhQ8Xs7V1JWHo8XhyR7Nlfu0eSa2JY0c
Ic1T2FQqNzJL4+DwD24InqimyRDKYFCl13I7i2eIQD+UmEhxeetI1S+KJ/fxZUaW
6TfBXJLVV2DMA3LsQ/DAN3314fMngrbbWlKOugDwMclBhv/OMt/beU7SDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzrQGVCB9RgXd5QqQAQrqe58XP5MB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvYk90QVpVSUgxR0JkM2xDcEFCQ3VwN254Y19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueH6MA0G
CSqGSIb3DQEBCwUAA4IBAQBtv0y4RrOUjPHgckRmZA2OWWrDhl0eu5SI7IfClTx8
EZrI8Mvz6PsWmzwlFmpQSCetRzWRs67bfS7uz21/zvOOwNNzZKUy0uT39qp36vVw
py/PF9tFLFhPPPwWtYLzHbfsrJoD6Vx5han9MbBipYw1bt+faQri8rIlMctMjsyu
zfFhYQXXiJXEfWc6e0Kd3zZuF1E8Hh4aweB0tH3ruFrbc6W8y+B9hMhN4FtrhumG
naXpII3IFkRX0CF8lssNaCACf5uBwxFlZwbjvo8ntkt65K/Cm/1DMhkIwBpKoJ3S
qTplpYUf4HPdeMQPTbspKsIuW62kurm8U7qFPH+dMY3P
-----END CERTIFICATE-----