Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/dfU5Tt4am3J_hHUteYpGdU46gBg.roa
File:                     dfU5Tt4am3J_hHUteYpGdU46gBg.roa (raw, json)
Hash identifier:          Lu4UdnmhraDSNY2Rehq+wkU4Juhg1cFoWaYtPIbxrlc=
Subject key identifier:   75:F5:39:4E:DE:1A:9B:72:7F:84:75:2D:79:8A:46:75:4E:3A:80:18
Certificate issuer:       /CN=29e46e75865e8d4a081e4b5dda46d3c94003679b
Certificate serial:       018CC6B786B4E0DD157F3CD2752D0C16541E
Authority key identifier: 29:E4:6E:75:86:5E:8D:4A:08:1E:4B:5D:DA:46:D3:C9:40:03:67:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KeRudYZejUoIHktd2kbTyUADZ5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/dfU5Tt4am3J_hHUteYpGdU46gBg.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43783
IP address blocks:        185.167.56.0/22 maxlen: 22
                          185.167.56.0/24 maxlen: 24
                          185.167.58.0/24 maxlen: 24
                          185.167.57.0/24 maxlen: 24
                          185.167.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/KeRudYZejUoIHktd2kbTyUADZ5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/KeRudYZejUoIHktd2kbTyUADZ5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KeRudYZejUoIHktd2kbTyUADZ5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:86:b4:e0:dd:15:7f:3c:d2:75:2d:0c:16:54:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29e46e75865e8d4a081e4b5dda46d3c94003679b
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75f5394ede1a9b727f84752d798a46754e3a8018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:94:a0:e7:be:77:c4:46:7b:80:0b:20:e1:fa:
                    19:07:6e:ad:e8:ca:8c:a9:77:f0:a6:67:05:f1:a6:
                    aa:69:e9:50:f5:84:70:eb:b1:59:6b:a2:6d:f6:cf:
                    ec:d5:0f:11:f4:48:51:e7:63:a2:f9:e0:3e:58:5e:
                    d5:76:be:f0:24:56:91:a9:59:2b:c8:9a:95:a7:ec:
                    0d:36:89:5b:f1:8e:d8:08:bb:a6:b0:d0:6b:ec:df:
                    52:a6:9e:f8:ed:11:22:4b:21:1a:21:04:ab:9d:e0:
                    4d:3f:a8:3e:cf:48:c5:fe:b6:01:5a:54:a2:ec:22:
                    8b:6e:bd:82:b2:b8:f7:e9:79:80:c5:03:4e:48:c9:
                    c2:2a:65:75:3e:8d:74:65:84:12:0d:f1:c6:3e:9a:
                    0b:96:57:a0:68:1b:21:b4:37:df:34:e1:fb:de:2f:
                    51:75:ff:6f:a7:8f:33:51:9f:f3:2f:7e:43:66:c5:
                    42:8a:bb:40:96:97:0b:89:1c:0e:b8:0c:ea:3b:8b:
                    4a:8c:44:da:e6:8e:5f:a6:9b:de:76:2d:0c:4f:7a:
                    10:77:a0:3f:a4:05:2e:4c:3c:5e:bd:f5:14:e0:f8:
                    a6:10:55:28:32:68:29:d3:11:96:1c:cd:f6:60:c1:
                    1f:31:d4:da:47:9b:d7:d4:7b:d4:88:fe:9c:db:4c:
                    0c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F5:39:4E:DE:1A:9B:72:7F:84:75:2D:79:8A:46:75:4E:3A:80:18
            X509v3 Authority Key Identifier:
                keyid:29:E4:6E:75:86:5E:8D:4A:08:1E:4B:5D:DA:46:D3:C9:40:03:67:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KeRudYZejUoIHktd2kbTyUADZ5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/dfU5Tt4am3J_hHUteYpGdU46gBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/d2354a-f3c2-41d5-b292-a9d267acf664/1/KeRudYZejUoIHktd2kbTyUADZ5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:99:ec:a5:61:d8:3b:ba:f5:db:0e:06:d2:bd:ea:a8:e9:4d:
         bf:3e:ce:33:a9:f3:11:6e:cb:d3:fd:6f:ec:9d:ac:b6:b0:2b:
         80:82:af:32:90:3e:66:56:30:89:bd:b9:44:9b:ea:cf:8a:15:
         1b:b3:4b:cf:ff:da:fd:57:b1:7e:81:71:94:1f:c7:44:36:80:
         80:43:04:aa:f2:7c:df:cf:65:16:c8:1f:3e:9b:f8:39:43:a0:
         a5:e0:1d:c3:d8:f2:c1:2e:0d:05:cc:0b:55:13:9e:59:a0:0f:
         33:52:bf:99:f2:d4:c9:a5:e4:39:2f:b2:60:29:5b:aa:e7:a2:
         ff:c3:e1:17:e8:f0:6a:67:d2:cd:b7:b3:15:88:ee:69:1b:58:
         18:24:be:4b:77:21:18:0a:2b:fc:c7:7f:83:eb:4f:0b:d4:67:
         04:57:f4:a2:c8:03:12:e4:8b:d8:b2:5d:a4:93:4a:b0:70:a9:
         52:69:e6:d4:40:5d:6f:2f:f6:fa:98:06:7f:6a:a3:94:e3:95:
         88:92:97:66:27:6b:6d:83:c4:55:9a:ae:e4:6a:a1:d4:e9:e8:
         fc:ee:7c:fb:d0:15:b7:94:96:1f:5c:be:5d:4f:7d:df:15:83:
         3c:26:80:e1:ce:2f:ef:4f:96:20:40:52:94:a3:4a:1d:5d:a2:
         a7:f9:10:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4a04N0VfzzSdS0MFlQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZTQ2ZTc1ODY1ZThkNGEwODFlNGI1ZGRhNDZkM2M5NDAw
MzY3OWIwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWY1Mzk0ZWRlMWE5YjcyN2Y4NDc1MmQ3OThhNDY3NTRlM2E4MDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJSg5753xEZ7gAsg4foZB26t6MqM
qXfwpmcF8aaqaelQ9YRw67FZa6Jt9s/s1Q8R9EhR52Oi+eA+WF7Vdr7wJFaRqVkr
yJqVp+wNNolb8Y7YCLumsNBr7N9Spp747REiSyEaIQSrneBNP6g+z0jF/rYBWlSi
7CKLbr2Csrj36XmAxQNOSMnCKmV1Po10ZYQSDfHGPpoLllegaBshtDffNOH73i9R
df9vp48zUZ/zL35DZsVCirtAlpcLiRwOuAzqO4tKjETa5o5fppvedi0MT3oQd6A/
pAUuTDxevfUU4PimEFUoMmgp0xGWHM32YMEfMdTaR5vX1HvUiP6c20wMWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX1OU7eGptyf4R1LXmKRnVOOoAYMB8GA1UdIwQY
MBaAFCnkbnWGXo1KCB5LXdpG08lAA2ebMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2VSdWRZWmVqVW9JSGt0ZDJrYlR5VUFEWjVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9kMjM1NGEtZjNjMi00MWQ1LWIyOTIt
YTlkMjY3YWNmNjY0LzEvZGZVNVR0NGFtM0pfaEhVdGVZcEdkVTQ2Z0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9kMjM1NGEtZjNjMi00MWQ1LWIyOTItYTlkMjY3YWNmNjY0
LzEvS2VSdWRZWmVqVW9JSGt0ZDJrYlR5VUFEWjVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuac4MA0G
CSqGSIb3DQEBCwUAA4IBAQBlmeylYdg7uvXbDgbSveqo6U2/Ps4zqfMRbsvT/W/s
nay2sCuAgq8ykD5mVjCJvblEm+rPihUbs0vP/9r9V7F+gXGUH8dENoCAQwSq8nzf
z2UWyB8+m/g5Q6Cl4B3D2PLBLg0FzAtVE55ZoA8zUr+Z8tTJpeQ5L7JgKVuq56L/
w+EX6PBqZ9LNt7MViO5pG1gYJL5LdyEYCiv8x3+D608L1GcEV/SiyAMS5IvYsl2k
k0qwcKlSaebUQF1vL/b6mAZ/aqOU45WIkpdmJ2ttg8RVmq7kaqHU6ej87nz70BW3
lJYfXL5dT33fFYM8JoDhzi/vT5YgQFKUo0odXaKn+RAh
-----END CERTIFICATE-----