Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/AOLZSHvfpjhNqjWCSjD0TE9Wufc.roa
File:                     AOLZSHvfpjhNqjWCSjD0TE9Wufc.roa (raw, json)
Hash identifier:          /DnyMebhNBpuE58/HwUch9gRC/e2Ly6Ox4udE89hvZ8=
Subject key identifier:   00:E2:D9:48:7B:DF:A6:38:4D:AA:35:82:4A:30:F4:4C:4F:56:B9:F7
Certificate issuer:       /CN=ff0696719401ebb1ddbba9ad4fb8c66f14ef70a5
Certificate serial:       018CC26D47742EEF570CD8F70BCB915CEF8A
Authority key identifier: FF:06:96:71:94:01:EB:B1:DD:BB:A9:AD:4F:B8:C6:6F:14:EF:70:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_waWcZQB67Hdu6mtT7jGbxTvcKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/AOLZSHvfpjhNqjWCSjD0TE9Wufc.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48952
IP address blocks:        185.161.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/_waWcZQB67Hdu6mtT7jGbxTvcKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/_waWcZQB67Hdu6mtT7jGbxTvcKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_waWcZQB67Hdu6mtT7jGbxTvcKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:74:2e:ef:57:0c:d8:f7:0b:cb:91:5c:ef:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff0696719401ebb1ddbba9ad4fb8c66f14ef70a5
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00e2d9487bdfa6384daa35824a30f44c4f56b9f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f8:08:9c:3c:a4:5d:0b:7a:52:9d:c1:57:7c:
                    5c:d7:bc:92:11:99:39:23:ec:e7:7e:f6:5c:06:a4:
                    9e:d6:9a:e5:b6:92:be:e2:fe:3a:1f:83:6f:e9:ac:
                    32:03:8f:f4:7d:e6:e4:b6:d7:e4:29:a2:eb:49:c1:
                    ca:d1:11:01:49:ac:35:0d:81:79:05:2f:20:eb:09:
                    07:40:a9:16:cf:39:37:d0:6c:ad:b8:c5:94:b9:91:
                    fb:64:89:79:06:2a:d8:81:20:c1:62:ca:96:96:f8:
                    b4:2e:30:26:b5:27:58:f3:40:20:28:46:04:de:7e:
                    17:6d:36:b9:93:51:bd:7f:36:87:90:6d:d5:b2:10:
                    03:d7:92:35:1f:ee:8a:65:ce:13:28:69:d1:70:f7:
                    34:d4:a8:10:26:90:ea:07:fd:1d:58:c3:9d:a1:ab:
                    f8:9d:ba:45:3b:70:d8:76:cc:21:f9:e3:c3:19:ba:
                    1d:43:4c:f1:58:d0:1e:da:94:f4:6b:ca:a1:4f:bd:
                    51:27:fb:08:75:e6:ca:e1:84:16:e7:e3:55:dd:a2:
                    cb:c8:c5:6c:15:d8:05:8e:9d:9e:1c:57:e9:21:f9:
                    a6:aa:b5:f5:bd:2d:3e:6d:18:c8:d0:95:fd:b9:82:
                    9a:fc:c5:07:d5:4c:73:9a:e2:35:18:f4:c0:be:83:
                    88:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E2:D9:48:7B:DF:A6:38:4D:AA:35:82:4A:30:F4:4C:4F:56:B9:F7
            X509v3 Authority Key Identifier:
                keyid:FF:06:96:71:94:01:EB:B1:DD:BB:A9:AD:4F:B8:C6:6F:14:EF:70:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_waWcZQB67Hdu6mtT7jGbxTvcKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/AOLZSHvfpjhNqjWCSjD0TE9Wufc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e673cf-27d7-4169-8c6f-9901565dd853/1/_waWcZQB67Hdu6mtT7jGbxTvcKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:69:41:6f:41:e8:84:42:a9:32:a8:7c:de:5c:b9:03:07:fb:
         d4:03:63:1f:f5:de:6f:03:91:ad:6b:97:69:d2:d7:67:b6:dc:
         ac:ce:6a:57:a6:70:49:dd:14:da:b8:57:7f:d4:e8:a7:34:07:
         62:35:59:78:68:40:a5:c2:ff:fe:29:15:16:b1:f0:ff:f4:da:
         ec:95:8d:09:c5:37:3b:38:d0:49:3f:f9:7d:22:32:9f:df:c3:
         29:d7:6d:cf:92:9a:98:b4:7d:0a:84:4b:6c:33:27:24:31:9d:
         ee:c4:76:41:e9:57:54:ac:79:6c:1b:59:ab:87:67:c5:ec:7c:
         4b:06:96:64:12:5a:7d:0e:4c:18:ce:68:12:01:4d:ec:af:73:
         fd:6c:a0:65:52:d9:4e:0f:16:d9:02:ee:02:cb:5c:1d:33:e1:
         ba:58:3f:44:48:95:3d:13:41:4e:6b:14:fe:af:84:4d:85:13:
         7e:de:da:09:bb:9a:87:00:1d:f1:be:b2:6f:7e:e9:61:25:3a:
         61:bc:b2:bc:aa:9a:27:0c:9f:22:47:bf:41:9f:f2:ee:8e:5d:
         c6:68:a4:6d:31:5a:f9:3d:0f:89:90:08:f3:5a:ad:45:ee:46:
         96:c4:5b:8b:e2:7e:7b:79:f2:c4:f6:93:9d:67:ee:a7:fc:04:
         96:f0:76:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUd0Lu9XDNj3C8uRXO+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMDY5NjcxOTQwMWViYjFkZGJiYTlhZDRmYjhjNjZmMTRl
ZjcwYTUwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGUyZDk0ODdiZGZhNjM4NGRhYTM1ODI0YTMwZjQ0YzRmNTZiOWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvgInDykXQt6Up3BV3xc17ySEZk5
I+znfvZcBqSe1prltpK+4v46H4Nv6awyA4/0febkttfkKaLrScHK0REBSaw1DYF5
BS8g6wkHQKkWzzk30GytuMWUuZH7ZIl5BirYgSDBYsqWlvi0LjAmtSdY80AgKEYE
3n4XbTa5k1G9fzaHkG3VshAD15I1H+6KZc4TKGnRcPc01KgQJpDqB/0dWMOdoav4
nbpFO3DYdswh+ePDGbodQ0zxWNAe2pT0a8qhT71RJ/sIdebK4YQW5+NV3aLLyMVs
FdgFjp2eHFfpIfmmqrX1vS0+bRjI0JX9uYKa/MUH1UxzmuI1GPTAvoOIZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADi2Uh736Y4Tao1gkow9ExPVrn3MB8GA1UdIwQY
MBaAFP8GlnGUAeux3buprU+4xm8U73ClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3dhV2NaUUI2N0hkdTZtdFQ3akdieFR2Y0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lNjczY2YtMjdkNy00MTY5LThjNmYt
OTkwMTU2NWRkODUzLzEvQU9MWlNIdmZwamhOcWpXQ1NqRDBURTlXdWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lNjczY2YtMjdkNy00MTY5LThjNmYtOTkwMTU2NWRkODUz
LzEvX3dhV2NaUUI2N0hkdTZtdFQ3akdieFR2Y0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaEoMA0G
CSqGSIb3DQEBCwUAA4IBAQBnaUFvQeiEQqkyqHzeXLkDB/vUA2Mf9d5vA5Gta5dp
0tdnttyszmpXpnBJ3RTauFd/1OinNAdiNVl4aEClwv/+KRUWsfD/9NrslY0JxTc7
ONBJP/l9IjKf38Mp123PkpqYtH0KhEtsMyckMZ3uxHZB6VdUrHlsG1mrh2fF7HxL
BpZkElp9DkwYzmgSAU3sr3P9bKBlUtlODxbZAu4Cy1wdM+G6WD9ESJU9E0FOaxT+
r4RNhRN+3toJu5qHAB3xvrJvfulhJTphvLK8qponDJ8iR79Bn/Lujl3GaKRtMVr5
PQ+JkAjzWq1F7kaWxFuL4n57efLE9pOdZ+6n/ASW8HYc
-----END CERTIFICATE-----