Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/mmhUC8yDo3GA_xcX-H0dxAwTUv8.roa
File:                     mmhUC8yDo3GA_xcX-H0dxAwTUv8.roa (raw, json)
Hash identifier:          PVdCfJGBdzSz9vsVphkWbhS9nKzXeLf0DSm46BWLv7Y=
Subject key identifier:   9A:68:54:0B:CC:83:A3:71:80:FF:17:17:F8:7D:1D:C4:0C:13:52:FF
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018F1E6B6960174F5070922F8F3891151DB5
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/mmhUC8yDo3GA_xcX-H0dxAwTUv8.roa
Signing time:             Sat 27 Apr 2024 07:18:26 +0000
ROA not before:           Sat 27 Apr 2024 07:18:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.126.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1e:6b:69:60:17:4f:50:70:92:2f:8f:38:91:15:1d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Apr 27 07:18:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a68540bcc83a37180ff1717f87d1dc40c1352ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c9:aa:b8:11:52:e3:c2:4e:72:d1:15:de:58:
                    fe:f4:06:5b:3a:21:ef:ed:3c:32:10:03:0c:44:1f:
                    35:04:b0:fc:93:3b:34:39:65:9f:35:27:a3:95:b7:
                    83:74:59:48:ba:df:9f:ef:e4:cf:aa:f6:c8:42:15:
                    ae:cd:4a:0f:fe:6c:2d:42:4a:54:14:2d:02:26:e1:
                    33:63:2a:b3:f3:12:ce:9f:0d:88:b5:a7:75:cd:44:
                    f9:ee:8c:03:cc:dc:ec:7a:32:71:9f:e6:66:9d:c0:
                    80:86:15:87:e9:26:e4:70:af:ba:15:de:03:e2:29:
                    f8:c8:54:0d:8b:c0:8c:c7:a2:70:2f:7b:f2:8d:36:
                    45:af:2e:35:f4:c0:5f:43:91:08:34:3c:a7:5a:9e:
                    71:3e:7f:27:74:c6:35:ae:8b:fc:d0:2f:ef:7e:b6:
                    d6:8d:2c:38:5c:84:7b:42:79:75:c7:3f:60:a7:3b:
                    7f:0b:5e:f9:99:a4:a3:ee:ab:da:b8:41:06:56:e2:
                    b6:8c:79:d6:2d:07:94:ce:ea:c5:34:41:92:f4:3c:
                    06:59:17:68:fa:20:af:3a:df:d1:7c:ee:d7:64:c0:
                    95:41:2d:46:13:aa:0a:af:9b:1e:fe:b5:6f:c3:33:
                    0a:70:bf:c6:bf:42:9a:2a:c0:c2:4e:9c:c3:f2:14:
                    b1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:68:54:0B:CC:83:A3:71:80:FF:17:17:F8:7D:1D:C4:0C:13:52:FF
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/mmhUC8yDo3GA_xcX-H0dxAwTUv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:9f:8d:ac:2f:69:51:da:8a:76:1c:69:b8:72:63:b0:b3:19:
         de:f1:98:ab:ed:d8:47:6f:2d:46:87:70:1a:1d:a6:2b:8a:64:
         58:a5:85:cb:9b:16:fc:d3:42:ca:9d:73:cc:a0:70:31:22:74:
         81:7b:70:80:b5:49:17:7e:81:6d:2b:80:f2:7d:d1:bb:e6:8c:
         1f:5a:47:7c:1c:4a:d3:4d:9e:de:2e:d1:0e:7a:05:37:a2:5e:
         d7:4c:bf:f2:e0:53:cc:b7:47:2c:ba:57:03:23:32:c2:31:79:
         14:bc:30:53:24:2d:d2:d5:dc:0c:b1:56:6e:44:9e:09:8e:3a:
         a0:2d:a8:c3:8d:bd:81:41:a8:74:27:5c:83:72:cd:0e:1d:80:
         bf:2d:78:77:52:45:5c:d2:e8:78:b6:f0:93:6c:4d:98:9b:7f:
         ed:96:03:0c:82:54:3b:53:48:89:3f:57:25:3b:03:f1:4f:26:
         41:3d:f0:7f:af:f9:0b:8b:a4:07:4d:af:0c:53:5b:96:1a:db:
         3b:8a:f3:9a:00:b8:ae:a8:a8:0c:68:22:82:e3:69:4b:2e:ba:
         77:80:dd:57:e6:60:b8:e8:9a:5f:5b:49:6b:75:03:f7:38:3f:
         2a:35:78:fb:45:ea:ec:63:eb:a2:18:9f:07:9d:fd:2f:9f:62:
         da:ea:37:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ea2lgF09QcJIvjziRFR21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwNDI3MDcxODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTY4NTQwYmNjODNhMzcxODBmZjE3MTdmODdkMWRjNDBjMTM1MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcmquBFS48JOctEV3lj+9AZbOiHv
7TwyEAMMRB81BLD8kzs0OWWfNSejlbeDdFlIut+f7+TPqvbIQhWuzUoP/mwtQkpU
FC0CJuEzYyqz8xLOnw2Itad1zUT57owDzNzsejJxn+ZmncCAhhWH6SbkcK+6Fd4D
4in4yFQNi8CMx6JwL3vyjTZFry419MBfQ5EINDynWp5xPn8ndMY1rov80C/vfrbW
jSw4XIR7Qnl1xz9gpzt/C175maSj7qvauEEGVuK2jHnWLQeUzurFNEGS9DwGWRdo
+iCvOt/RfO7XZMCVQS1GE6oKr5se/rVvwzMKcL/Gv0KaKsDCTpzD8hSxBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpoVAvMg6NxgP8XF/h9HcQME1L/MB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvbW1oVUM4eURvM0dBX3hjWC1IMGR4QXdUVXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6cMA0G
CSqGSIb3DQEBCwUAA4IBAQCMn42sL2lR2op2HGm4cmOwsxne8Zir7dhHby1Gh3Aa
HaYrimRYpYXLmxb800LKnXPMoHAxInSBe3CAtUkXfoFtK4DyfdG75owfWkd8HErT
TZ7eLtEOegU3ol7XTL/y4FPMt0csulcDIzLCMXkUvDBTJC3S1dwMsVZuRJ4Jjjqg
LajDjb2BQah0J1yDcs0OHYC/LXh3UkVc0uh4tvCTbE2Ym3/tlgMMglQ7U0iJP1cl
OwPxTyZBPfB/r/kLi6QHTa8MU1uWGts7ivOaALiuqKgMaCKC42lLLrp3gN1X5mC4
6JpfW0lrdQP3OD8qNXj7RersY+uiGJ8Hnf0vn2La6jft
-----END CERTIFICATE-----