Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/u9Huanlrj6PO-ZN10m45evRB8Mk.roa
File:                     u9Huanlrj6PO-ZN10m45evRB8Mk.roa (raw, json)
Hash identifier:          p/+pS4cBnOAgrMcFmUjgSPpLpNaJ2sh7jnbAAkbitgE=
Subject key identifier:   BB:D1:EE:6A:79:6B:8F:A3:CE:F9:93:75:D2:6E:39:7A:F4:41:F0:C9
Certificate issuer:       /CN=ad3b529c9dc9526f099bf16ac89dcc8adfe18240
Certificate serial:       018CC94C2694984EECB525D57382C4E94601
Authority key identifier: AD:3B:52:9C:9D:C9:52:6F:09:9B:F1:6A:C8:9D:CC:8A:DF:E1:82:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/u9Huanlrj6PO-ZN10m45evRB8Mk.roa
Signing time:             Tue 02 Jan 2024 08:31:00 +0000
ROA not before:           Tue 02 Jan 2024 08:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        185.161.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:26:94:98:4e:ec:b5:25:d5:73:82:c4:e9:46:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad3b529c9dc9526f099bf16ac89dcc8adfe18240
        Validity
            Not Before: Jan  2 08:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbd1ee6a796b8fa3cef99375d26e397af441f0c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e6:d6:87:19:7c:15:a6:18:c1:b9:62:72:e6:
                    ec:52:ef:aa:51:8b:be:a5:d4:82:7b:e4:0c:f3:f4:
                    a6:a5:ae:76:49:a8:96:dd:53:51:eb:64:55:02:43:
                    2f:44:ef:78:00:75:46:ff:33:d9:c2:b9:07:75:55:
                    8f:9e:27:aa:68:98:d4:f1:70:53:d1:44:49:c9:01:
                    48:66:50:77:f8:c8:ea:b2:61:62:18:4c:4d:9a:7b:
                    c2:3b:c4:99:f6:3f:78:e1:6d:28:2c:89:86:78:ba:
                    4c:28:12:8b:41:35:e7:93:36:c6:9e:d2:eb:5d:14:
                    41:61:9e:32:25:d1:8b:37:2f:a5:ca:fe:c9:61:0a:
                    b5:45:ea:9f:f9:7e:c0:03:28:0b:24:15:91:ef:2b:
                    d1:8f:44:cc:fa:eb:f4:96:84:84:88:49:13:92:20:
                    07:d9:29:0c:e3:81:82:28:40:ac:a9:bb:8a:7c:fe:
                    75:49:49:ce:5e:a4:92:9e:31:c0:b9:9a:c7:af:3e:
                    ab:0d:37:d1:2a:08:c9:43:b1:e5:28:59:4d:c1:5a:
                    86:d6:0a:77:51:34:f5:e5:fc:6f:bc:e0:22:9b:4c:
                    39:78:e0:1b:db:5f:d0:53:3b:43:f9:46:c2:83:76:
                    00:fd:64:c8:dd:38:ce:2c:7a:4b:af:f7:8b:98:c0:
                    3a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D1:EE:6A:79:6B:8F:A3:CE:F9:93:75:D2:6E:39:7A:F4:41:F0:C9
            X509v3 Authority Key Identifier:
                keyid:AD:3B:52:9C:9D:C9:52:6F:09:9B:F1:6A:C8:9D:CC:8A:DF:E1:82:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/u9Huanlrj6PO-ZN10m45evRB8Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a63fd8-9b36-496d-b6e2-b20ebe595475/1/rTtSnJ3JUm8Jm_FqyJ3Mit_hgkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:ff:a1:06:e9:2c:41:53:13:6e:f2:a3:b9:55:4e:8c:24:46:
         81:21:27:c3:12:2e:bc:85:ed:72:0a:0a:28:53:f1:e2:19:97:
         0d:a8:81:da:2b:e6:df:9e:8e:60:68:99:c9:a0:96:9d:46:f6:
         a5:fb:c9:92:77:e7:b2:eb:45:70:4e:bd:15:71:e5:54:e1:e9:
         cf:50:fb:ef:0b:70:b7:6d:f8:56:15:59:5b:15:9f:aa:05:51:
         d6:1d:32:a1:6b:ac:b5:ab:7d:1b:78:7b:11:24:29:bb:c2:33:
         67:da:b3:3a:bf:e8:64:8c:31:cb:27:39:dd:de:05:bc:3f:ff:
         b9:33:73:f8:e2:07:d1:85:7e:e8:c4:30:8c:c0:1d:a6:46:45:
         7f:f1:b6:46:b3:f6:54:69:d1:68:9a:fa:98:6a:3c:b6:72:7b:
         2d:ac:3e:a2:37:9d:e5:f5:0e:63:5c:3e:48:1b:38:51:d7:e8:
         68:da:70:f3:52:28:3b:d7:8f:46:50:0a:d0:74:63:0b:f5:16:
         16:e0:78:93:67:8a:cb:c2:d6:1c:40:08:f6:40:df:93:1e:17:
         c7:c4:26:53:02:06:19:54:dc:8c:08:b2:30:8d:c9:94:8e:5d:
         a8:9c:34:99:f6:0e:b6:4e:9c:e0:9c:8a:e9:98:9f:37:9f:b3:
         7a:fd:73:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTCaUmE7stSXVc4LE6UYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkM2I1MjljOWRjOTUyNmYwOTliZjE2YWM4OWRjYzhhZGZl
MTgyNDAwHhcNMjQwMTAyMDgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQxZWU2YTc5NmI4ZmEzY2VmOTkzNzVkMjZlMzk3YWY0NDFmMGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ebWhxl8FaYYwblicubsUu+qUYu+
pdSCe+QM8/Smpa52SaiW3VNR62RVAkMvRO94AHVG/zPZwrkHdVWPnieqaJjU8XBT
0URJyQFIZlB3+MjqsmFiGExNmnvCO8SZ9j944W0oLImGeLpMKBKLQTXnkzbGntLr
XRRBYZ4yJdGLNy+lyv7JYQq1Reqf+X7AAygLJBWR7yvRj0TM+uv0loSEiEkTkiAH
2SkM44GCKECsqbuKfP51SUnOXqSSnjHAuZrHrz6rDTfRKgjJQ7HlKFlNwVqG1gp3
UTT15fxvvOAim0w5eOAb21/QUztD+UbCg3YA/WTI3TjOLHpLr/eLmMA6pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvR7mp5a4+jzvmTddJuOXr0QfDJMB8GA1UdIwQY
MBaAFK07UpydyVJvCZvxasidzIrf4YJAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclR0U25KM0pVbThKbV9GcXlKM01pdF9oZ2tBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hNjNmZDgtOWIzNi00OTZkLWI2ZTIt
YjIwZWJlNTk1NDc1LzEvdTlIdWFubHJqNlBPLVpOMTBtNDVldlJCOE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hNjNmZDgtOWIzNi00OTZkLWI2ZTItYjIwZWJlNTk1NDc1
LzEvclR0U25KM0pVbThKbV9GcXlKM01pdF9oZ2tBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaGMMA0G
CSqGSIb3DQEBCwUAA4IBAQAu/6EG6SxBUxNu8qO5VU6MJEaBISfDEi68he1yCgoo
U/HiGZcNqIHaK+bfno5gaJnJoJadRval+8mSd+ey60VwTr0VceVU4enPUPvvC3C3
bfhWFVlbFZ+qBVHWHTKha6y1q30beHsRJCm7wjNn2rM6v+hkjDHLJznd3gW8P/+5
M3P44gfRhX7oxDCMwB2mRkV/8bZGs/ZUadFomvqYajy2cnstrD6iN53l9Q5jXD5I
GzhR1+ho2nDzUig7149GUArQdGML9RYW4HiTZ4rLwtYcQAj2QN+THhfHxCZTAgYZ
VNyMCLIwjcmUjl2onDSZ9g62TpzgnIrpmJ83n7N6/XO+
-----END CERTIFICATE-----