Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/OWwSYtsosCE3y_zHoGJu97q0yW0.roa
File:                     OWwSYtsosCE3y_zHoGJu97q0yW0.roa (raw, json)
Hash identifier:          7vQ27muShD2kla71+bprcjC3oZqEnNGiGGXcLsDHXAM=
Subject key identifier:   39:6C:12:62:DB:28:B0:21:37:CB:FC:C7:A0:62:6E:F7:BA:B4:C9:6D
Certificate issuer:       /CN=b3749ea1b9979bff2cd3066948f835dd54cedec0
Certificate serial:       018CC26D14827F6BEDC32D28EE7002DBBFC5
Authority key identifier: B3:74:9E:A1:B9:97:9B:FF:2C:D3:06:69:48:F8:35:DD:54:CE:DE:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s3SeobmXm_8s0wZpSPg13VTO3sA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/OWwSYtsosCE3y_zHoGJu97q0yW0.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39591
IP address blocks:        185.181.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/s3SeobmXm_8s0wZpSPg13VTO3sA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/s3SeobmXm_8s0wZpSPg13VTO3sA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s3SeobmXm_8s0wZpSPg13VTO3sA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:14:82:7f:6b:ed:c3:2d:28:ee:70:02:db:bf:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3749ea1b9979bff2cd3066948f835dd54cedec0
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396c1262db28b02137cbfcc7a0626ef7bab4c96d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:78:9c:83:af:c2:9e:8c:48:5a:a2:3a:2d:
                    e8:79:61:be:f7:2f:44:cf:cc:8c:aa:22:04:df:5d:
                    a7:e3:99:93:23:39:26:de:92:6e:d4:35:09:90:b4:
                    e6:06:90:55:7c:ee:30:c2:bd:19:ab:d7:52:08:9b:
                    d5:87:8c:14:72:46:b3:52:6e:7a:b1:3e:91:fc:a0:
                    9b:41:a9:4b:d7:11:38:02:57:f3:46:c9:f5:5b:0f:
                    45:59:4b:06:b1:38:48:72:82:a2:66:d1:42:50:e4:
                    6f:4b:9e:bc:e7:b7:0c:6a:5d:c0:fe:a0:a1:e3:ef:
                    94:54:32:26:fa:db:6e:47:93:c8:6d:5c:ac:e3:56:
                    b1:45:5c:cc:75:b9:ea:6e:b2:40:c9:0e:a2:66:21:
                    24:49:5e:65:4f:28:c8:80:3f:e4:30:95:24:92:2d:
                    c3:0a:05:a0:fb:f8:5c:ab:57:36:6e:9a:df:73:7c:
                    a7:e0:83:c5:14:92:2d:a1:9c:a7:f7:5b:7d:52:ed:
                    ed:c0:4e:8a:5e:77:dd:d2:51:61:6f:86:ea:93:00:
                    0a:d9:7f:e5:fc:eb:82:1b:88:62:2c:68:c9:af:52:
                    12:3c:13:1e:d6:b7:e0:77:c6:89:e1:72:fb:14:e8:
                    5e:4b:9b:f6:ab:53:21:a5:d5:b3:07:aa:d6:32:16:
                    f6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6C:12:62:DB:28:B0:21:37:CB:FC:C7:A0:62:6E:F7:BA:B4:C9:6D
            X509v3 Authority Key Identifier:
                keyid:B3:74:9E:A1:B9:97:9B:FF:2C:D3:06:69:48:F8:35:DD:54:CE:DE:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s3SeobmXm_8s0wZpSPg13VTO3sA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/OWwSYtsosCE3y_zHoGJu97q0yW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/ac37c3-cc4f-4456-b958-e35909018a33/1/s3SeobmXm_8s0wZpSPg13VTO3sA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:29:16:03:c5:38:d5:a0:61:b3:4f:ee:bb:2c:b7:1a:71:5f:
         30:d4:ac:90:cf:9a:4a:36:20:05:d6:14:17:73:b1:dd:ee:90:
         0c:2b:7a:14:09:2b:a5:77:fd:f1:ae:f0:b0:f8:73:03:c3:18:
         94:da:ec:d1:47:78:1f:51:6e:60:06:9b:78:8d:87:ee:ab:55:
         71:79:d8:b2:68:99:d9:ae:7a:86:de:94:a1:28:2c:ca:dd:51:
         8a:d8:a1:bd:e0:43:b4:f7:46:36:35:0a:7d:ca:ac:bf:76:6f:
         46:7f:b1:07:f0:b4:56:e5:b5:21:70:cd:39:82:28:ac:22:68:
         b8:9f:1d:ff:33:88:3f:64:d0:42:a1:6a:e4:21:98:b1:97:ba:
         02:e4:9f:d7:08:80:0e:62:d6:93:d6:01:a0:c1:fd:58:1f:cb:
         39:a3:db:57:16:dc:89:bb:d0:64:02:61:b2:10:3a:99:1b:23:
         75:48:e9:8c:07:25:db:ed:7c:17:0d:84:ff:65:9f:c6:c8:5f:
         94:11:d6:1f:1e:04:87:52:d5:30:be:9e:72:a1:11:51:e5:01:
         18:f4:a1:56:5c:58:39:9d:aa:fb:0d:7b:b3:d3:e9:eb:62:c4:
         f9:8d:9b:b4:0c:c7:1a:c0:db:4c:3b:97:e5:b2:bb:9c:42:eb:
         cb:de:69:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRSCf2vtwy0o7nAC27/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNzQ5ZWExYjk5NzliZmYyY2QzMDY2OTQ4ZjgzNWRkNTRj
ZWRlYzAwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZjMTI2MmRiMjhiMDIxMzdjYmZjYzdhMDYyNmVmN2JhYjRjOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDB4nIOvwp6MSFqiOi3oeWG+9y9E
z8yMqiIE312n45mTIzkm3pJu1DUJkLTmBpBVfO4wwr0Zq9dSCJvVh4wUckazUm56
sT6R/KCbQalL1xE4AlfzRsn1Ww9FWUsGsThIcoKiZtFCUORvS56857cMal3A/qCh
4++UVDIm+ttuR5PIbVys41axRVzMdbnqbrJAyQ6iZiEkSV5lTyjIgD/kMJUkki3D
CgWg+/hcq1c2bprfc3yn4IPFFJItoZyn91t9Uu3twE6KXnfd0lFhb4bqkwAK2X/l
/OuCG4hiLGjJr1ISPBMe1rfgd8aJ4XL7FOheS5v2q1MhpdWzB6rWMhb2uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlsEmLbKLAhN8v8x6Bibve6tMltMB8GA1UdIwQY
MBaAFLN0nqG5l5v/LNMGaUj4Nd1Uzt7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczNTZW9ibVhtXzhzMHdacFNQZzEzVlRPM3NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9hYzM3YzMtY2M0Zi00NDU2LWI5NTgt
ZTM1OTA5MDE4YTMzLzEvT1d3U1l0c29zQ0UzeV96SG9HSnU5N3EweVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9hYzM3YzMtY2M0Zi00NDU2LWI5NTgtZTM1OTA5MDE4YTMz
LzEvczNTZW9ibVhtXzhzMHdacFNQZzEzVlRPM3NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubWMMA0G
CSqGSIb3DQEBCwUAA4IBAQCpKRYDxTjVoGGzT+67LLcacV8w1KyQz5pKNiAF1hQX
c7Hd7pAMK3oUCSuld/3xrvCw+HMDwxiU2uzRR3gfUW5gBpt4jYfuq1VxediyaJnZ
rnqG3pShKCzK3VGK2KG94EO090Y2NQp9yqy/dm9Gf7EH8LRW5bUhcM05giisImi4
nx3/M4g/ZNBCoWrkIZixl7oC5J/XCIAOYtaT1gGgwf1YH8s5o9tXFtyJu9BkAmGy
EDqZGyN1SOmMByXb7XwXDYT/ZZ/GyF+UEdYfHgSHUtUwvp5yoRFR5QEY9KFWXFg5
nar7DXuz0+nrYsT5jZu0DMcawNtMO5flsrucQuvL3mmC
-----END CERTIFICATE-----