Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/0iPIn0B4eFrd1fYhl3B_QMoabOA.roa
File:                     0iPIn0B4eFrd1fYhl3B_QMoabOA.roa (raw, json)
Hash identifier:          kLKjUt/phM+9IAnWlKGnGFf7oYR4x+MlZl4ycv/p2m4=
Subject key identifier:   D2:23:C8:9F:40:78:78:5A:DD:D5:F6:21:97:70:7F:40:CA:1A:6C:E0
Certificate issuer:       /CN=23ef9de2152aef1b2a62a31fb2f35e8590b3ad84
Certificate serial:       018CC8010D57C90929CF6398C2C4A0703F74
Authority key identifier: 23:EF:9D:E2:15:2A:EF:1B:2A:62:A3:1F:B2:F3:5E:85:90:B3:AD:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I--d4hUq7xsqYqMfsvNehZCzrYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/0iPIn0B4eFrd1fYhl3B_QMoabOA.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208244
IP address blocks:        5.180.115.0/24 maxlen: 24
                          83.171.196.0/22 maxlen: 22
                          146.19.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/I--d4hUq7xsqYqMfsvNehZCzrYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/I--d4hUq7xsqYqMfsvNehZCzrYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I--d4hUq7xsqYqMfsvNehZCzrYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0d:57:c9:09:29:cf:63:98:c2:c4:a0:70:3f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ef9de2152aef1b2a62a31fb2f35e8590b3ad84
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d223c89f4078785addd5f62197707f40ca1a6ce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:6a:11:5b:5a:29:7b:8f:cf:a3:67:51:3f:
                    22:02:da:e5:09:5d:e5:ce:c7:0e:1d:b2:1d:eb:bd:
                    02:86:b4:94:0a:b1:2e:a3:55:46:f3:aa:92:b7:73:
                    fe:d8:06:7b:96:62:f7:7e:3d:9a:a5:7e:75:b0:25:
                    42:1b:18:47:e3:51:ed:89:f7:ba:18:2e:f3:ff:cc:
                    68:aa:5c:a2:cb:dc:97:08:e6:5d:c3:00:ed:f9:b2:
                    c9:03:8e:38:df:0f:e5:03:3b:3a:14:8e:81:40:e0:
                    4a:a8:0b:67:58:a1:39:57:60:d4:52:ef:59:b4:ac:
                    a3:a9:7f:ff:1b:34:08:8b:30:cf:8f:9a:a9:9d:d3:
                    24:34:ca:10:41:75:cf:51:82:72:76:8a:a2:a5:a3:
                    52:d1:e8:6b:d0:40:d9:56:db:36:0a:ff:0a:16:cb:
                    8b:5c:02:4a:05:3f:9c:ad:a8:1e:b8:15:dd:ce:fa:
                    f9:0b:2b:f6:bd:17:07:32:74:66:69:ce:b3:b4:10:
                    0f:81:92:e6:71:8d:2e:4e:13:ce:57:6a:f2:af:1b:
                    e1:3c:a9:73:20:2b:a0:04:23:c3:d6:0e:ac:2a:a6:
                    bb:cd:fa:86:2b:39:ec:fa:b4:68:93:e1:f2:57:cc:
                    a7:86:0c:1c:ea:05:c9:fb:82:fa:9a:44:0f:cc:31:
                    57:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:23:C8:9F:40:78:78:5A:DD:D5:F6:21:97:70:7F:40:CA:1A:6C:E0
            X509v3 Authority Key Identifier:
                keyid:23:EF:9D:E2:15:2A:EF:1B:2A:62:A3:1F:B2:F3:5E:85:90:B3:AD:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I--d4hUq7xsqYqMfsvNehZCzrYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/0iPIn0B4eFrd1fYhl3B_QMoabOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c3f3cc-c56b-4d35-b77f-3bc6eb0a347f/1/I--d4hUq7xsqYqMfsvNehZCzrYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.115.0/24
                  83.171.196.0/22
                  146.19.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:5e:6f:43:18:77:ec:a2:03:25:ae:df:f5:0d:1c:e3:bd:49:
         73:79:ee:c1:b6:a6:79:46:d5:47:6a:11:26:2e:23:27:34:b0:
         e3:69:a3:11:91:45:0e:8f:6e:a5:b7:7c:e0:03:ee:74:bf:48:
         f8:6c:81:57:1a:0a:4f:01:6b:ab:0f:b2:73:0b:ff:bf:e9:91:
         43:29:1e:b6:53:2c:09:a1:5b:e2:b1:6e:79:b5:0a:3e:f7:68:
         5e:52:fe:2a:37:17:ea:26:75:2c:2c:5b:18:5c:a2:19:93:5a:
         02:ab:5b:65:f8:74:56:61:5f:3f:fa:9d:a0:6c:35:25:ed:3a:
         60:aa:5c:03:df:0b:c1:f6:5b:37:95:52:9d:9c:ca:20:63:83:
         1f:32:e2:af:ef:02:d6:a3:db:d6:6f:eb:ee:36:6f:c3:61:0d:
         c5:7f:fa:7e:da:1b:7e:dc:b7:a8:c9:7a:97:4e:92:94:85:f7:
         a9:72:91:ac:c8:6a:af:e4:b8:88:ce:c7:d9:2b:b0:7c:f5:3a:
         b1:b7:b9:61:4a:92:8f:f6:00:6c:58:bf:16:9e:30:d5:f4:4e:
         c4:f9:f9:52:56:6c:c8:6f:bb:47:97:22:bf:85:1a:03:24:54:
         be:ea:f2:90:d0:43:38:53:42:de:a1:5f:22:49:49:e5:a9:79:
         6f:52:fd:3f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAQ1XyQkpz2OYwsSgcD90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZWY5ZGUyMTUyYWVmMWIyYTYyYTMxZmIyZjM1ZTg1OTBi
M2FkODQwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIzYzg5ZjQwNzg3ODVhZGRkNWY2MjE5NzcwN2Y0MGNhMWE2Y2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArClqEVtaKXuPz6NnUT8iAtrlCV3l
zscOHbId670ChrSUCrEuo1VG86qSt3P+2AZ7lmL3fj2apX51sCVCGxhH41Htife6
GC7z/8xoqlyiy9yXCOZdwwDt+bLJA4443w/lAzs6FI6BQOBKqAtnWKE5V2DUUu9Z
tKyjqX//GzQIizDPj5qpndMkNMoQQXXPUYJydoqipaNS0ehr0EDZVts2Cv8KFsuL
XAJKBT+crageuBXdzvr5Cyv2vRcHMnRmac6ztBAPgZLmcY0uThPOV2ryrxvhPKlz
ICugBCPD1g6sKqa7zfqGKzns+rRok+HyV8ynhgwc6gXJ+4L6mkQPzDFX3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNIjyJ9AeHha3dX2IZdwf0DKGmzgMB8GA1UdIwQY
MBaAFCPvneIVKu8bKmKjH7LzXoWQs62EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS0tZDRoVXE3eHNxWXFNZnN2TmVoWkN6cllRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jM2YzY2MtYzU2Yi00ZDM1LWI3N2Yt
M2JjNmViMGEzNDdmLzEvMGlQSW4wQjRlRnJkMWZZaGwzQl9RTW9hYk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jM2YzY2MtYzU2Yi00ZDM1LWI3N2YtM2JjNmViMGEzNDdm
LzEvSS0tZDRoVXE3eHNxWXFNZnN2TmVoWkN6cllRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbRzAwQC
U6vEAwQAkhPbMA0GCSqGSIb3DQEBCwUAA4IBAQBQXm9DGHfsogMlrt/1DRzjvUlz
ee7BtqZ5RtVHahEmLiMnNLDjaaMRkUUOj26lt3zgA+50v0j4bIFXGgpPAWurD7Jz
C/+/6ZFDKR62UywJoVvisW55tQo+92heUv4qNxfqJnUsLFsYXKIZk1oCq1tl+HRW
YV8/+p2gbDUl7TpgqlwD3wvB9ls3lVKdnMogY4MfMuKv7wLWo9vWb+vuNm/DYQ3F
f/p+2ht+3LeoyXqXTpKUhfepcpGsyGqv5LiIzsfZK7B89Tqxt7lhSpKP9gBsWL8W
njDV9E7E+flSVmzIb7tHlyK/hRoDJFS+6vKQ0EM4U0LeoV8iSUnlqXlvUv0/
-----END CERTIFICATE-----