Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/pah_5xSv1VGM2Njqc0nehwtz5xE.roa
File:                     pah_5xSv1VGM2Njqc0nehwtz5xE.roa (raw, json)
Hash identifier:          1VqNOYd8gsUEsMkjcF9TMAT4XIX0B/vY7N7W879HHKQ=
Subject key identifier:   A5:A8:7F:E7:14:AF:D5:51:8C:D8:D8:EA:73:49:DE:87:0B:73:E7:11
Certificate issuer:       /CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
Certificate serial:       018CC2DB46C5C141D8192A515ED43E4233E4
Authority key identifier: 12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/pah_5xSv1VGM2Njqc0nehwtz5xE.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.88.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:c5:c1:41:d8:19:2a:51:5e:d4:3e:42:33:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5a87fe714afd5518cd8d8ea7349de870b73e711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:93:ae:bf:95:65:f1:9f:d1:56:74:d8:f9:0a:
                    96:b7:7e:ef:b2:b3:6e:11:d2:0c:69:d6:5c:53:3d:
                    2e:db:94:75:51:e4:a8:21:d8:19:80:1c:0a:ee:b9:
                    38:88:39:c1:6d:99:aa:fc:29:9d:4b:04:18:ba:83:
                    3a:36:b0:b5:59:60:3c:ee:ab:57:fd:91:08:ef:49:
                    08:2e:e6:fd:16:37:22:74:cc:3d:e1:5b:57:fb:4a:
                    b1:e2:d0:8e:8f:3d:57:82:58:34:2a:ea:70:58:5a:
                    17:50:1f:b9:ce:c3:78:ae:14:7c:33:e4:73:49:3a:
                    88:a8:36:1a:ac:df:37:0b:99:71:9e:88:25:8a:e7:
                    e0:af:e7:5e:b4:70:77:9d:06:2f:28:32:d5:d9:2a:
                    12:db:9d:7b:31:56:90:8a:3c:8b:71:b5:a8:ba:39:
                    8b:cd:87:bf:7f:95:d5:8a:2c:f8:b4:8d:40:a4:44:
                    5d:44:6d:ef:e0:60:65:10:07:d4:ad:7e:de:08:7d:
                    ca:b6:47:a5:58:aa:22:75:ff:25:54:7e:39:9d:e6:
                    17:f7:ac:15:1c:5c:a1:61:99:85:34:e6:be:bb:10:
                    66:b8:9b:ad:31:c3:43:40:1f:5f:ce:ea:a6:48:3f:
                    75:a1:0d:d8:e7:4c:ad:d7:15:43:d1:60:bb:12:aa:
                    5b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A8:7F:E7:14:AF:D5:51:8C:D8:D8:EA:73:49:DE:87:0B:73:E7:11
            X509v3 Authority Key Identifier:
                keyid:12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/pah_5xSv1VGM2Njqc0nehwtz5xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:9d:2d:fd:21:46:a3:b0:6e:b7:4b:0e:25:c6:1c:bf:9b:6a:
         0b:84:b1:35:1b:02:6a:0b:91:d9:1f:86:60:92:d9:0c:f0:eb:
         ad:a1:73:ef:7e:bc:ce:d3:98:ba:70:d0:c2:f8:2e:bd:65:58:
         22:42:71:56:8e:e9:b7:10:5d:26:18:52:be:34:61:b3:7d:37:
         1a:d9:e2:df:b7:98:ea:be:3e:42:de:85:71:68:cd:b2:3c:50:
         10:4e:5e:ef:6d:2e:91:d1:b4:71:d7:3d:a5:c3:de:46:ec:67:
         54:19:cf:fd:a9:06:66:2c:1c:2e:5e:5a:a3:8b:98:91:99:2f:
         52:f2:47:80:79:56:6c:34:34:72:0f:af:18:24:11:a9:7e:31:
         d5:3b:e1:dc:31:ba:eb:ad:9d:7a:87:d6:93:b6:49:06:fd:0d:
         ef:97:fb:e9:62:29:04:44:ef:e2:b4:4e:a8:a9:29:7e:88:ea:
         f7:51:c9:14:f3:a9:3a:db:64:58:38:78:4b:f1:10:41:14:d2:
         8f:92:c5:08:f1:d7:d2:8a:05:b4:b3:bf:c6:1b:2c:6a:f0:61:
         d4:ec:8c:0c:38:32:43:ee:04:53:04:da:56:e1:75:35:e8:71:
         a1:0f:f3:9b:40:4c:ae:c8:0a:70:08:11:f1:5f:ec:bf:3b:2d:
         20:2d:02:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20bFwUHYGSpRXtQ+QjPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMzBjZDhlMTNjODZkOGVmODM1YzFhYWM3ZDVmOTUzNDU1
YzAzNWMwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE4N2ZlNzE0YWZkNTUxOGNkOGQ4ZWE3MzQ5ZGU4NzBiNzNlNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopOuv5Vl8Z/RVnTY+QqWt37vsrNu
EdIMadZcUz0u25R1UeSoIdgZgBwK7rk4iDnBbZmq/CmdSwQYuoM6NrC1WWA87qtX
/ZEI70kILub9FjcidMw94VtX+0qx4tCOjz1Xglg0KupwWFoXUB+5zsN4rhR8M+Rz
STqIqDYarN83C5lxnogliufgr+detHB3nQYvKDLV2SoS2517MVaQijyLcbWoujmL
zYe/f5XViiz4tI1ApERdRG3v4GBlEAfUrX7eCH3KtkelWKoidf8lVH45neYX96wV
HFyhYZmFNOa+uxBmuJutMcNDQB9fzuqmSD91oQ3Y50yt1xVD0WC7EqpbyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWof+cUr9VRjNjY6nNJ3ocLc+cRMB8GA1UdIwQY
MBaAFBIwzY4TyG2O+DXBqsfV+VNFXANcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQt
MDFmYjQ2YTQzM2UxLzEvcGFoXzV4U3YxVkdNMk5qcWMwbmVod3R6NXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQtMDFmYjQ2YTQzM2Ux
LzEvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuViUMA0G
CSqGSIb3DQEBCwUAA4IBAQBDnS39IUajsG63Sw4lxhy/m2oLhLE1GwJqC5HZH4Zg
ktkM8OutoXPvfrzO05i6cNDC+C69ZVgiQnFWjum3EF0mGFK+NGGzfTca2eLft5jq
vj5C3oVxaM2yPFAQTl7vbS6R0bRx1z2lw95G7GdUGc/9qQZmLBwuXlqji5iRmS9S
8keAeVZsNDRyD68YJBGpfjHVO+HcMbrrrZ16h9aTtkkG/Q3vl/vpYikERO/itE6o
qSl+iOr3UckU86k622RYOHhL8RBBFNKPksUI8dfSigW0s7/GGyxq8GHU7IwMODJD
7gRTBNpW4XU16HGhD/ObQEyuyApwCBHxX+y/Oy0gLQID
-----END CERTIFICATE-----