Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/hsI4pEE3EY6z43xDiYhgoJOv_tk.roa
File:                     hsI4pEE3EY6z43xDiYhgoJOv_tk.roa (raw, json)
Hash identifier:          uLt9gBDufxrISHG9o1jQTdi6VyvEx7vLVjNncRhsiaA=
Subject key identifier:   86:C2:38:A4:41:37:11:8E:B3:E3:7C:43:89:88:60:A0:93:AF:FE:D9
Certificate issuer:       /CN=6988519de918185fb6e1ebafd1e0835caa1132e4
Certificate serial:       018CC3B70B7DC8664F75F1E70228D0D894C5
Authority key identifier: 69:88:51:9D:E9:18:18:5F:B6:E1:EB:AF:D1:E0:83:5C:AA:11:32:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYhRnekYGF-24euv0eCDXKoRMuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/hsI4pEE3EY6z43xDiYhgoJOv_tk.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        178.249.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/aYhRnekYGF-24euv0eCDXKoRMuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/aYhRnekYGF-24euv0eCDXKoRMuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYhRnekYGF-24euv0eCDXKoRMuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 21:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0b:7d:c8:66:4f:75:f1:e7:02:28:d0:d8:94:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6988519de918185fb6e1ebafd1e0835caa1132e4
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86c238a44137118eb3e37c43898860a093affed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:22:d9:c2:25:72:03:48:83:2d:81:84:30:55:
                    d9:f4:ba:87:42:57:d1:f3:70:db:2a:d9:e8:00:27:
                    27:3f:5d:47:ea:b1:e6:9a:7f:e7:ae:92:51:ee:5a:
                    bc:c7:a9:36:a4:c3:ac:2c:f7:98:44:29:cc:b0:e6:
                    b2:24:2b:c8:86:1a:85:ac:e7:7b:16:04:c2:17:35:
                    17:f2:db:83:2d:c7:dc:cf:96:ec:0f:7c:b1:56:7e:
                    23:7f:f8:5d:c7:89:d6:f1:ec:db:f2:b9:e6:7f:ec:
                    14:ef:b1:02:cc:a7:7a:40:fe:4b:c2:ad:c9:23:5f:
                    9b:d8:4e:33:d0:4d:39:08:ad:93:04:b4:8f:ca:8a:
                    6a:40:ae:64:92:85:03:a7:56:2a:72:24:e6:9d:0d:
                    ca:96:64:41:a0:45:e8:f3:9d:e2:f2:75:1d:20:7c:
                    e2:f3:67:d6:4f:f1:44:fc:82:92:0e:07:2d:fa:f1:
                    65:c0:a9:0e:e4:eb:3d:1e:5e:56:46:c4:bf:4d:e6:
                    76:27:a4:70:8c:80:c4:a8:98:8d:b6:0a:d7:d5:d1:
                    02:02:de:c0:a0:cf:5a:ae:cd:4a:01:13:d9:28:8f:
                    eb:df:8f:4a:40:0a:81:76:d2:8c:94:52:4c:98:26:
                    9f:e3:38:81:ad:9f:57:6f:7a:05:c8:53:cf:6d:98:
                    bb:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C2:38:A4:41:37:11:8E:B3:E3:7C:43:89:88:60:A0:93:AF:FE:D9
            X509v3 Authority Key Identifier:
                keyid:69:88:51:9D:E9:18:18:5F:B6:E1:EB:AF:D1:E0:83:5C:AA:11:32:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYhRnekYGF-24euv0eCDXKoRMuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/hsI4pEE3EY6z43xDiYhgoJOv_tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/515240-b594-469b-a992-ec72d6ada04a/1/aYhRnekYGF-24euv0eCDXKoRMuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.249.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:2e:9b:60:c0:4e:68:d7:8d:3c:02:e4:91:15:05:8c:89:37:
         85:df:09:14:a1:bf:bc:87:24:fa:8b:58:2f:f6:61:d9:6d:eb:
         c9:8f:12:9f:fc:72:b1:04:50:8c:bf:0d:09:20:5b:ff:13:2e:
         c2:de:87:fe:c7:32:de:49:2c:f4:3c:20:e7:7d:93:ea:0c:9c:
         9b:57:0d:65:85:aa:fc:87:85:80:2f:39:43:61:e5:ec:d3:2f:
         d1:92:47:3b:70:98:d1:5d:f8:81:f4:44:0c:11:98:1f:a6:00:
         fa:18:1d:80:06:21:d2:00:ff:01:c5:f5:b3:08:40:8a:b3:38:
         ad:9f:b5:a7:f7:ae:a4:d2:11:87:61:fd:11:10:34:a4:84:dd:
         78:23:65:fd:78:11:4c:65:d2:c4:51:46:af:98:11:24:35:4e:
         0d:c0:da:a8:2f:34:b7:4b:07:a6:e7:b1:eb:cd:f6:3c:f4:1c:
         9d:dc:7a:f9:48:5e:bd:b1:df:d7:f6:69:7e:ff:54:1d:38:98:
         f1:4c:ae:66:e1:48:32:7e:75:c6:1e:f1:5c:63:70:7b:b6:cc:
         33:5f:50:b2:58:76:af:c5:70:56:a0:d2:90:65:e7:f7:30:99:
         51:94:0b:3f:ed:8d:ab:81:87:6e:6a:26:c7:fa:a0:03:cf:93:
         b0:1d:be:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwt9yGZPdfHnAijQ2JTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODg1MTlkZTkxODE4NWZiNmUxZWJhZmQxZTA4MzVjYWEx
MTMyZTQwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmMyMzhhNDQxMzcxMThlYjNlMzdjNDM4OTg4NjBhMDkzYWZmZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSLZwiVyA0iDLYGEMFXZ9LqHQlfR
83DbKtnoACcnP11H6rHmmn/nrpJR7lq8x6k2pMOsLPeYRCnMsOayJCvIhhqFrOd7
FgTCFzUX8tuDLcfcz5bsD3yxVn4jf/hdx4nW8ezb8rnmf+wU77ECzKd6QP5Lwq3J
I1+b2E4z0E05CK2TBLSPyopqQK5kkoUDp1YqciTmnQ3KlmRBoEXo853i8nUdIHzi
82fWT/FE/IKSDgct+vFlwKkO5Os9Hl5WRsS/TeZ2J6RwjIDEqJiNtgrX1dECAt7A
oM9ars1KARPZKI/r349KQAqBdtKMlFJMmCaf4ziBrZ9Xb3oFyFPPbZi7jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbCOKRBNxGOs+N8Q4mIYKCTr/7ZMB8GA1UdIwQY
MBaAFGmIUZ3pGBhftuHrr9Hgg1yqETLkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVloUm5la1lHRi0yNGV1djBlQ0RYS29STXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS81MTUyNDAtYjU5NC00NjliLWE5OTIt
ZWM3MmQ2YWRhMDRhLzEvaHNJNHBFRTNFWTZ6NDN4RGlZaGdvSk92X3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS81MTUyNDAtYjU5NC00NjliLWE5OTItZWM3MmQ2YWRhMDRh
LzEvYVloUm5la1lHRi0yNGV1djBlQ0RYS29STXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsvmMMA0G
CSqGSIb3DQEBCwUAA4IBAQBwLptgwE5o1408AuSRFQWMiTeF3wkUob+8hyT6i1gv
9mHZbevJjxKf/HKxBFCMvw0JIFv/Ey7C3of+xzLeSSz0PCDnfZPqDJybVw1lhar8
h4WALzlDYeXs0y/Rkkc7cJjRXfiB9EQMEZgfpgD6GB2ABiHSAP8BxfWzCECKszit
n7Wn966k0hGHYf0REDSkhN14I2X9eBFMZdLEUUavmBEkNU4NwNqoLzS3Swem57Hr
zfY89Byd3Hr5SF69sd/X9ml+/1QdOJjxTK5m4UgyfnXGHvFcY3B7tswzX1CyWHav
xXBWoNKQZef3MJlRlAs/7Y2rgYduaibH+qADz5OwHb6s
-----END CERTIFICATE-----