Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/bRwwXUHPXOSIslnwYc4NgMauIBo.roa
File:                     bRwwXUHPXOSIslnwYc4NgMauIBo.roa (raw, json)
Hash identifier:          TOR5Z9LRFjZMNaLDrRSZE7IV6D0rfeyr1PXRhZ047Hs=
Subject key identifier:   6D:1C:30:5D:41:CF:5C:E4:88:B2:59:F0:61:CE:0D:80:C6:AE:20:1A
Certificate issuer:       /CN=7913f8c13ba8290f60da63ba89e935b275893adb
Certificate serial:       018F53DBADD692B8485BBEC6B67738BF1BC2
Authority key identifier: 79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/bRwwXUHPXOSIslnwYc4NgMauIBo.roa
Signing time:             Tue 07 May 2024 16:20:56 +0000
ROA not before:           Tue 07 May 2024 16:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.78.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:db:ad:d6:92:b8:48:5b:be:c6:b6:77:38:bf:1b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7913f8c13ba8290f60da63ba89e935b275893adb
        Validity
            Not Before: May  7 16:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1c305d41cf5ce488b259f061ce0d80c6ae201a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:59:52:ee:bd:c9:d8:28:fd:cd:be:63:62:2c:
                    15:45:13:9f:d5:63:5d:9f:cc:0d:7d:44:0a:ca:2e:
                    e3:72:b3:34:fa:cd:ca:56:46:10:48:65:98:ea:d6:
                    18:16:ed:70:3b:d6:e1:d2:30:07:dc:9d:d6:12:c1:
                    16:8f:20:ed:3c:b6:8f:6f:e9:4a:bb:09:ce:b1:7d:
                    3d:ca:64:cf:0c:88:68:56:17:1b:38:19:c1:a5:46:
                    46:df:7b:a8:ec:e8:f9:7c:8e:ab:96:58:f4:8e:ee:
                    f6:2f:ae:5c:29:4e:1c:74:59:a3:29:52:5d:14:6a:
                    0f:dd:e6:88:d0:3e:48:11:22:1f:0e:eb:2e:59:37:
                    bf:ba:4e:0f:2a:a7:99:6e:97:f4:46:8d:97:fb:2c:
                    7d:c5:1a:d8:36:7f:10:12:5a:18:f7:92:82:16:7b:
                    2b:ee:60:eb:d7:86:7d:23:6b:68:9d:0d:73:cc:32:
                    a7:d7:a5:83:aa:d1:bf:62:44:a4:84:61:53:c1:f8:
                    32:dd:de:73:45:3d:1e:dd:89:84:e0:2f:bb:8a:49:
                    72:0a:50:c2:93:89:9f:33:44:02:a8:1e:e3:ea:c6:
                    d4:0a:10:28:55:eb:20:96:97:64:73:b0:a2:4e:ac:
                    a5:f4:41:91:ea:ab:3d:a3:f6:a2:3c:bc:ed:e8:32:
                    be:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1C:30:5D:41:CF:5C:E4:88:B2:59:F0:61:CE:0D:80:C6:AE:20:1A
            X509v3 Authority Key Identifier:
                keyid:79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/bRwwXUHPXOSIslnwYc4NgMauIBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:83:ff:63:e7:b3:4a:84:c7:96:a3:51:99:5f:11:15:f6:2e:
         3e:7b:cf:0b:41:ac:13:0e:3c:bb:9e:3a:e4:c8:a2:5f:c5:aa:
         60:73:7b:b9:ef:02:70:a9:2c:ff:f7:2e:66:07:b9:39:65:33:
         2b:8b:8c:cb:d2:f2:c4:9b:74:32:9c:27:c9:b3:70:75:61:75:
         e9:03:f8:4e:03:22:78:7b:a8:80:1e:11:8b:f0:72:86:35:5c:
         0e:bc:9b:3e:c7:28:1d:58:75:7d:8b:c7:28:71:4d:40:77:e4:
         cd:c0:bc:62:d3:96:c3:41:50:e3:ec:d0:1d:e0:ae:8a:7c:c8:
         79:e6:fd:bb:a6:bf:75:f1:c2:b8:7e:88:3e:57:f8:6f:9f:fc:
         d7:c7:3f:3c:0b:b8:40:6a:ef:35:bf:78:53:54:e5:1c:e9:fb:
         6b:db:f9:30:7d:14:e0:ee:fe:60:a6:54:15:36:2c:40:80:0a:
         d2:ae:4b:e7:7e:7e:c1:cc:46:0a:09:7d:7d:7b:7f:e2:6b:d0:
         79:13:1c:25:aa:08:73:83:2d:7c:a5:c7:58:b5:8b:da:18:0b:
         f7:1c:99:c2:27:9f:90:e2:ab:84:b1:8b:d4:f2:d1:fc:8e:09:
         59:c2:7d:63:84:c7:ca:59:67:a9:1d:04:ab:07:c2:f4:b2:3f:
         a5:4f:17:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9T263WkrhIW77Gtnc4vxvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTNmOGMxM2JhODI5MGY2MGRhNjNiYTg5ZTkzNWIyNzU4
OTNhZGIwHhcNMjQwNTA3MTYyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFjMzA1ZDQxY2Y1Y2U0ODhiMjU5ZjA2MWNlMGQ4MGM2YWUyMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAillS7r3J2Cj9zb5jYiwVRROf1WNd
n8wNfUQKyi7jcrM0+s3KVkYQSGWY6tYYFu1wO9bh0jAH3J3WEsEWjyDtPLaPb+lK
uwnOsX09ymTPDIhoVhcbOBnBpUZG33uo7Oj5fI6rllj0ju72L65cKU4cdFmjKVJd
FGoP3eaI0D5IESIfDusuWTe/uk4PKqeZbpf0Ro2X+yx9xRrYNn8QEloY95KCFnsr
7mDr14Z9I2tonQ1zzDKn16WDqtG/YkSkhGFTwfgy3d5zRT0e3YmE4C+7iklyClDC
k4mfM0QCqB7j6sbUChAoVesglpdkc7CiTqyl9EGR6qs9o/aiPLzt6DK+0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0cMF1Bz1zkiLJZ8GHODYDGriAaMB8GA1UdIwQY
MBaAFHkT+ME7qCkPYNpjuonpNbJ1iTrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTIt
ZmUxY2YzMDhhMDA4LzEvYlJ3d1hVSFBYT1NJc2xud1ljNE5nTWF1SUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTItZmUxY2YzMDhhMDA4
LzEvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU7IMA0G
CSqGSIb3DQEBCwUAA4IBAQCOg/9j57NKhMeWo1GZXxEV9i4+e88LQawTDjy7njrk
yKJfxapgc3u57wJwqSz/9y5mB7k5ZTMri4zL0vLEm3QynCfJs3B1YXXpA/hOAyJ4
e6iAHhGL8HKGNVwOvJs+xygdWHV9i8cocU1Ad+TNwLxi05bDQVDj7NAd4K6KfMh5
5v27pr918cK4fog+V/hvn/zXxz88C7hAau81v3hTVOUc6ftr2/kwfRTg7v5gplQV
NixAgArSrkvnfn7BzEYKCX19e3/ia9B5Exwlqghzgy18pcdYtYvaGAv3HJnCJ5+Q
4quEsYvU8tH8jglZwn1jhMfKWWepHQSrB8L0sj+lTxeW
-----END CERTIFICATE-----