Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/4Juh98zB09NV8kg3RGMlo173coc.roa
File:                     4Juh98zB09NV8kg3RGMlo173coc.roa (raw, json)
Hash identifier:          R3z17HeYmoxXlr9TYVgL/5u2RxnHii5pQgfxoGpjVQo=
Subject key identifier:   E0:9B:A1:F7:CC:C1:D3:D3:55:F2:48:37:44:63:25:A3:5E:F7:72:87
Certificate issuer:       /CN=b83973bce4a1923a751d36a91d447e0c5c1698fd
Certificate serial:       018CC6B7D8AD42AB7E2CA0FE151C80932997
Authority key identifier: B8:39:73:BC:E4:A1:92:3A:75:1D:36:A9:1D:44:7E:0C:5C:16:98:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/4Juh98zB09NV8kg3RGMlo173coc.roa
Signing time:             Mon 01 Jan 2024 20:29:46 +0000
ROA not before:           Mon 01 Jan 2024 20:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199188
IP address blocks:        185.187.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d8:ad:42:ab:7e:2c:a0:fe:15:1c:80:93:29:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b83973bce4a1923a751d36a91d447e0c5c1698fd
        Validity
            Not Before: Jan  1 20:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e09ba1f7ccc1d3d355f24837446325a35ef77287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:7f:87:81:91:70:51:c7:ca:f7:23:47:28:37:
                    93:ae:bd:84:a4:0d:46:98:b2:4e:d3:b9:eb:87:92:
                    43:2a:cf:84:ee:51:49:6b:83:e8:84:2e:ec:a8:90:
                    ed:67:71:76:c7:94:d1:b9:93:db:d4:24:58:9c:ca:
                    0f:b0:47:6b:d6:5d:a9:e3:4c:79:ef:ab:ab:01:75:
                    ab:93:0a:8c:cb:f4:42:de:d9:da:bc:17:11:47:8b:
                    96:84:27:31:40:93:eb:f2:77:09:30:8c:10:cd:b4:
                    13:a3:e2:30:e1:62:a0:bc:09:69:47:3a:b5:52:79:
                    6e:f2:df:a1:15:b3:ad:8a:de:04:8d:fe:57:ba:83:
                    72:dc:00:f1:30:d0:4d:3f:ae:39:7b:0d:d1:37:d3:
                    84:4a:a3:04:b7:e8:1e:b4:6d:5c:60:97:e7:e5:21:
                    a9:23:15:5a:21:0a:e3:d7:11:f2:13:ff:79:3e:e3:
                    1e:af:e8:7c:82:08:65:06:c9:59:2a:56:d5:e1:d4:
                    d6:de:83:85:0d:18:d7:bc:86:57:6a:c2:ff:a5:44:
                    ea:d8:1a:af:12:c9:5b:bb:4d:21:63:a4:7d:06:fc:
                    9c:5d:ab:3a:bd:66:88:ba:e0:b8:19:bf:0d:0c:4f:
                    1e:62:fd:53:7f:c9:71:f3:0b:00:8c:f9:e3:6b:48:
                    10:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:9B:A1:F7:CC:C1:D3:D3:55:F2:48:37:44:63:25:A3:5E:F7:72:87
            X509v3 Authority Key Identifier:
                keyid:B8:39:73:BC:E4:A1:92:3A:75:1D:36:A9:1D:44:7E:0C:5C:16:98:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uDlzvOShkjp1HTapHUR-DFwWmP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/4Juh98zB09NV8kg3RGMlo173coc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d916da-8d84-4934-95d7-d8506c95fed8/1/uDlzvOShkjp1HTapHUR-DFwWmP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:f8:83:0b:4c:46:dd:6e:11:db:fd:57:87:40:e5:1c:4d:03:
         47:da:cb:0b:65:8f:32:05:82:cb:46:0f:c8:c5:69:8d:25:92:
         21:ba:29:a9:ca:ef:d8:7f:0e:30:b7:1c:7b:81:d4:93:6b:c9:
         30:64:5e:2f:f8:7e:6b:77:c1:d6:c3:97:c1:6f:74:88:02:50:
         5f:03:49:74:de:b1:e3:21:f6:47:ad:8e:d9:45:69:9c:a8:c4:
         5c:60:9c:05:99:f5:85:4c:39:29:1a:3d:5c:01:51:55:0e:e7:
         df:99:50:0f:2c:ba:a8:a7:91:f0:31:dd:0b:2c:ea:32:62:62:
         ec:14:c2:c4:3e:ff:ee:bf:55:ec:38:b5:8d:5f:2d:4d:82:aa:
         13:9f:1a:ac:36:fd:30:fe:16:fc:89:43:98:d1:56:6b:c8:6b:
         82:48:0a:ab:e5:fa:fd:8b:ab:73:8e:cc:a1:e3:22:4a:87:a3:
         e1:bf:56:f9:e3:b2:bf:56:f5:c5:94:a7:38:0a:51:ee:77:00:
         8a:00:bf:37:61:06:4a:0c:e7:f4:41:81:e1:bd:95:be:09:45:
         97:73:a4:a6:24:d7:2e:86:5e:e3:9b:5c:d7:7a:49:a1:1f:d4:
         34:c2:af:71:31:26:ca:72:ec:59:b5:9f:c3:88:38:f2:b7:36:
         94:6c:26:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9itQqt+LKD+FRyAkymXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4Mzk3M2JjZTRhMTkyM2E3NTFkMzZhOTFkNDQ3ZTBjNWMx
Njk4ZmQwHhcNMjQwMTAxMjAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDliYTFmN2NjYzFkM2QzNTVmMjQ4Mzc0NDYzMjVhMzVlZjc3Mjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3+HgZFwUcfK9yNHKDeTrr2EpA1G
mLJO07nrh5JDKs+E7lFJa4PohC7sqJDtZ3F2x5TRuZPb1CRYnMoPsEdr1l2p40x5
76urAXWrkwqMy/RC3tnavBcRR4uWhCcxQJPr8ncJMIwQzbQTo+Iw4WKgvAlpRzq1
Unlu8t+hFbOtit4Ejf5XuoNy3ADxMNBNP645ew3RN9OESqMEt+getG1cYJfn5SGp
IxVaIQrj1xHyE/95PuMer+h8gghlBslZKlbV4dTW3oOFDRjXvIZXasL/pUTq2Bqv
Eslbu00hY6R9BvycXas6vWaIuuC4Gb8NDE8eYv1Tf8lx8wsAjPnja0gQYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCboffMwdPTVfJIN0RjJaNe93KHMB8GA1UdIwQY
MBaAFLg5c7zkoZI6dR02qR1EfgxcFpj9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdURsenZPU2hranAxSFRhcEhVUi1ERndXbVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kOTE2ZGEtOGQ4NC00OTM0LTk1ZDct
ZDg1MDZjOTVmZWQ4LzEvNEp1aDk4ekIwOU5WOGtnM1JHTWxvMTczY29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kOTE2ZGEtOGQ4NC00OTM0LTk1ZDctZDg1MDZjOTVmZWQ4
LzEvdURsenZPU2hranAxSFRhcEhVUi1ERndXbVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubuUMA0G
CSqGSIb3DQEBCwUAA4IBAQBp+IMLTEbdbhHb/VeHQOUcTQNH2ssLZY8yBYLLRg/I
xWmNJZIhuimpyu/Yfw4wtxx7gdSTa8kwZF4v+H5rd8HWw5fBb3SIAlBfA0l03rHj
IfZHrY7ZRWmcqMRcYJwFmfWFTDkpGj1cAVFVDuffmVAPLLqop5HwMd0LLOoyYmLs
FMLEPv/uv1XsOLWNXy1NgqoTnxqsNv0w/hb8iUOY0VZryGuCSAqr5fr9i6tzjsyh
4yJKh6Phv1b547K/VvXFlKc4ClHudwCKAL83YQZKDOf0QYHhvZW+CUWXc6SmJNcu
hl7jm1zXekmhH9Q0wq9xMSbKcuxZtZ/DiDjytzaUbCYT
-----END CERTIFICATE-----