Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OpE1AWGp_P_-Pe0LeSclsB7v2mw.roa
File:                     OpE1AWGp_P_-Pe0LeSclsB7v2mw.roa (raw, json)
Hash identifier:          +klOU5IoJpoRJG3A04XJTb6UWWzwzjtFeF/ZueNO49E=
Subject key identifier:   3A:91:35:01:61:A9:FC:FF:FE:3D:ED:0B:79:27:25:B0:1E:EF:DA:6C
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CD7DEBE9EA131A4306FDEF9EDC96611A3
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OpE1AWGp_P_-Pe0LeSclsB7v2mw.roa
Signing time:             Fri 05 Jan 2024 04:25:48 +0000
ROA not before:           Fri 05 Jan 2024 04:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200136
IP address blocks:        185.132.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d7:de:be:9e:a1:31:a4:30:6f:de:f9:ed:c9:66:11:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  5 04:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a91350161a9fcfffe3ded0b792725b01eefda6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ea:c1:15:c7:15:5f:40:6f:e4:51:72:2f:05:
                    9e:73:45:cd:3c:c1:30:62:aa:11:78:d1:d4:fe:6b:
                    1f:56:16:ac:a0:99:3c:1d:e6:ba:e7:c9:27:64:ee:
                    04:b2:72:e9:ce:7a:bc:40:ef:91:06:e0:b1:9f:58:
                    56:87:0e:fa:98:87:36:3c:48:ed:ae:69:e6:ff:3b:
                    ba:8b:5d:00:37:ab:4b:06:ef:91:88:68:a2:81:cc:
                    18:ee:df:82:56:9c:16:f3:dc:11:35:23:41:53:17:
                    92:27:2a:5f:18:e7:2f:7d:73:fa:fd:cd:7e:49:c5:
                    50:ba:6b:89:ec:48:5b:f6:4b:00:47:15:29:5f:3f:
                    ee:b8:37:3b:49:1e:aa:b5:91:78:50:19:66:48:a0:
                    e7:86:72:b4:42:8f:79:15:f2:ce:b5:86:ac:db:a6:
                    de:21:2a:6c:31:2f:a6:7c:06:a4:da:ac:25:cc:6b:
                    2d:ce:7e:c5:5a:4f:65:cf:82:31:f5:e6:86:b7:34:
                    67:a9:6b:7e:49:d8:e0:49:53:c8:9b:32:a5:39:11:
                    75:ea:9e:8b:5a:01:76:27:5b:f4:de:d5:4b:c9:31:
                    40:7b:78:f1:e6:96:05:52:a1:78:5f:b9:34:ca:f8:
                    16:fd:02:64:37:87:e2:b2:5e:c9:f2:7c:a5:be:8b:
                    a4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:91:35:01:61:A9:FC:FF:FE:3D:ED:0B:79:27:25:B0:1E:EF:DA:6C
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/OpE1AWGp_P_-Pe0LeSclsB7v2mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:ff:67:ee:32:46:17:57:39:2e:03:d8:52:8d:22:63:c9:37:
         8f:47:da:4c:3c:a9:fe:89:fd:6d:bf:99:d1:e7:1b:21:bb:33:
         17:d5:17:57:e1:d9:8c:90:5c:9b:1e:22:03:07:b2:c7:b4:b2:
         28:d7:c2:f6:c0:01:67:b1:16:54:fa:1e:73:96:2b:8c:66:1b:
         9f:e5:63:01:87:e6:28:cd:fd:7c:7d:99:df:ab:1d:f4:6d:3f:
         d8:23:c6:df:9e:3e:b0:42:a4:da:12:e2:e9:68:37:4d:37:af:
         07:c7:9d:2b:de:0f:f9:33:1f:4b:e9:02:47:25:31:69:4e:42:
         c0:f6:00:92:a7:a8:d3:4b:02:87:7a:7f:57:b4:4c:16:22:90:
         01:ca:5d:69:87:21:df:95:91:eb:ed:d5:29:18:ec:a0:c8:7f:
         fc:0f:46:00:bf:27:3e:fe:da:03:05:80:93:8e:b3:e4:cd:6d:
         ab:bb:d1:3d:66:5e:fa:52:f7:ad:20:54:57:93:86:0c:01:41:
         52:0d:8c:1f:0b:c3:f5:d3:eb:19:38:dd:53:2c:cf:78:20:f6:
         46:26:85:df:99:4b:38:6e:89:f8:e3:cb:eb:d7:45:e3:a9:15:
         ed:2f:7d:f3:11:9d:fd:4a:52:9d:c5:c8:d2:92:42:4c:cc:58:
         a4:e2:c9:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzX3r6eoTGkMG/e+e3JZhGjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTA1MDQyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTkxMzUwMTYxYTlmY2ZmZmUzZGVkMGI3OTI3MjViMDFlZWZkYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOrBFccVX0Bv5FFyLwWec0XNPMEw
YqoReNHU/msfVhasoJk8Hea658knZO4EsnLpznq8QO+RBuCxn1hWhw76mIc2PEjt
rmnm/zu6i10AN6tLBu+RiGiigcwY7t+CVpwW89wRNSNBUxeSJypfGOcvfXP6/c1+
ScVQumuJ7Ehb9ksARxUpXz/uuDc7SR6qtZF4UBlmSKDnhnK0Qo95FfLOtYas26be
ISpsMS+mfAak2qwlzGstzn7FWk9lz4Ix9eaGtzRnqWt+SdjgSVPImzKlORF16p6L
WgF2J1v03tVLyTFAe3jx5pYFUqF4X7k0yvgW/QJkN4fisl7J8nylvoukFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqRNQFhqfz//j3tC3knJbAe79psMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvT3BFMUFXR3BfUF8tUGUwTGVTY2xzQjd2Mm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYQ1MA0G
CSqGSIb3DQEBCwUAA4IBAQBF/2fuMkYXVzkuA9hSjSJjyTePR9pMPKn+if1tv5nR
5xshuzMX1RdX4dmMkFybHiIDB7LHtLIo18L2wAFnsRZU+h5zliuMZhuf5WMBh+Yo
zf18fZnfqx30bT/YI8bfnj6wQqTaEuLpaDdNN68Hx50r3g/5Mx9L6QJHJTFpTkLA
9gCSp6jTSwKHen9XtEwWIpAByl1phyHflZHr7dUpGOygyH/8D0YAvyc+/toDBYCT
jrPkzW2ru9E9Zl76UvetIFRXk4YMAUFSDYwfC8P10+sZON1TLM94IPZGJoXfmUs4
bon448vr10XjqRXtL33zEZ39SlKdxcjSkkJMzFik4snS
-----END CERTIFICATE-----