Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/bOo0DP4R5eyxf1YemKvR4H4t9Sc.roa
File:                     bOo0DP4R5eyxf1YemKvR4H4t9Sc.roa (raw, json)
Hash identifier:          ifX7tQcwdRBlZx+g8nO+U5LIrXueEFXh5/1xHkDCk4Q=
Subject key identifier:   6C:EA:34:0C:FE:11:E5:EC:B1:7F:56:1E:98:AB:D1:E0:7E:2D:F5:27
Certificate issuer:       /CN=0e95c3ace366db41bcdc256c5d5b3be490a4f761
Certificate serial:       018CC6B906627B1B3FB071F70F8C5040D9BB
Authority key identifier: 0E:95:C3:AC:E3:66:DB:41:BC:DC:25:6C:5D:5B:3B:E4:90:A4:F7:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/bOo0DP4R5eyxf1YemKvR4H4t9Sc.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60903
IP address blocks:        185.128.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:06:62:7b:1b:3f:b0:71:f7:0f:8c:50:40:d9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e95c3ace366db41bcdc256c5d5b3be490a4f761
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cea340cfe11e5ecb17f561e98abd1e07e2df527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:38:41:93:d0:2a:1f:ab:4b:c0:e0:dd:11:e4:
                    07:26:26:99:46:05:8e:c1:7c:f3:f9:a9:e8:c1:6f:
                    1e:5e:e2:07:1f:97:0e:ff:51:94:d0:dc:00:a8:9f:
                    a3:72:43:97:b8:f2:19:fd:95:9a:17:bf:71:69:ff:
                    8c:37:84:00:50:86:e9:eb:f9:79:78:2e:1e:58:ac:
                    b8:a4:e2:cc:c0:f7:25:fd:dd:64:cd:17:78:4a:11:
                    66:15:b4:83:f0:31:83:3b:ef:5f:91:cb:c7:42:51:
                    7e:64:3a:8f:27:ca:e9:1a:3a:9e:ac:cd:86:bf:4a:
                    e3:99:fa:9b:12:6a:5f:32:5e:87:72:15:f7:00:4f:
                    62:89:9a:b5:9e:2e:e7:3d:57:ce:cb:cb:75:36:52:
                    1e:6c:07:4c:a6:a9:1a:c4:1e:64:43:73:ec:1f:0b:
                    9a:45:b0:60:bb:b1:e5:3b:49:9d:e5:20:3c:4e:f8:
                    eb:0b:54:46:88:1a:ed:6d:14:76:14:dd:6a:1e:6a:
                    86:71:cc:95:37:77:39:f4:12:81:64:e5:6b:32:21:
                    30:cb:8b:43:d4:71:22:e6:c3:16:11:af:62:cc:58:
                    28:59:7d:46:01:84:bf:d1:95:bc:af:6b:5f:bc:8c:
                    eb:da:5b:55:a5:e3:04:44:4a:c1:d9:1f:a3:fd:ce:
                    cb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EA:34:0C:FE:11:E5:EC:B1:7F:56:1E:98:AB:D1:E0:7E:2D:F5:27
            X509v3 Authority Key Identifier:
                keyid:0E:95:C3:AC:E3:66:DB:41:BC:DC:25:6C:5D:5B:3B:E4:90:A4:F7:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpXDrONm20G83CVsXVs75JCk92E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/bOo0DP4R5eyxf1YemKvR4H4t9Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1cd907-44d2-46b1-8bec-f53e51c0974f/1/DpXDrONm20G83CVsXVs75JCk92E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:b9:7d:6d:04:d5:da:d8:73:7d:56:06:42:5d:04:21:37:a0:
         04:89:20:22:c7:20:97:6f:b1:01:38:39:61:f8:9c:cf:9c:65:
         2e:dc:07:f7:4f:f7:23:a2:8d:ce:fe:ae:3f:e1:c1:1f:41:a5:
         1d:24:e1:a4:ca:d1:7a:a0:26:df:64:5f:b4:37:c5:5a:59:49:
         9f:02:3c:2d:60:c8:98:cb:08:0d:f9:20:7f:a3:2b:d8:8f:b9:
         65:16:7f:fd:87:d8:87:84:f4:35:25:18:59:b1:c0:90:bf:71:
         b5:8c:fe:6a:34:6c:2b:55:89:6e:34:95:e8:38:97:21:af:c1:
         6d:b6:bb:58:dc:53:40:7b:4d:37:29:4b:0c:ba:7e:80:11:4e:
         75:bb:7b:3a:25:87:72:f6:32:a4:39:e9:4a:af:0b:3d:b8:49:
         27:b9:d7:15:37:b0:fa:2b:e5:74:4f:3f:b4:c1:6b:5d:0f:8b:
         5c:a7:fe:c3:c6:6a:b5:5e:a2:1b:d3:58:b6:e4:7f:27:55:9b:
         ba:e8:ce:b7:11:07:b9:70:b6:be:bf:eb:9c:76:a1:96:9f:34:
         94:a2:4c:69:27:3d:c1:35:10:e2:9a:80:4c:14:09:fe:5f:2f:
         db:0c:65:ae:52:a5:94:81:b3:5d:05:d9:0e:56:fa:65:3e:cd:
         f8:b9:98:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQZiexs/sHH3D4xQQNm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTVjM2FjZTM2NmRiNDFiY2RjMjU2YzVkNWIzYmU0OTBh
NGY3NjEwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VhMzQwY2ZlMTFlNWVjYjE3ZjU2MWU5OGFiZDFlMDdlMmRmNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDhBk9AqH6tLwODdEeQHJiaZRgWO
wXzz+anowW8eXuIHH5cO/1GU0NwAqJ+jckOXuPIZ/ZWaF79xaf+MN4QAUIbp6/l5
eC4eWKy4pOLMwPcl/d1kzRd4ShFmFbSD8DGDO+9fkcvHQlF+ZDqPJ8rpGjqerM2G
v0rjmfqbEmpfMl6HchX3AE9iiZq1ni7nPVfOy8t1NlIebAdMpqkaxB5kQ3PsHwua
RbBgu7HlO0md5SA8TvjrC1RGiBrtbRR2FN1qHmqGccyVN3c59BKBZOVrMiEwy4tD
1HEi5sMWEa9izFgoWX1GAYS/0ZW8r2tfvIzr2ltVpeMERErB2R+j/c7LYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzqNAz+EeXssX9WHpir0eB+LfUnMB8GA1UdIwQY
MBaAFA6Vw6zjZttBvNwlbF1bO+SQpPdhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBYRHJPTm0yMEc4M0NWc1hWczc1SkNrOTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xY2Q5MDctNDRkMi00NmIxLThiZWMt
ZjUzZTUxYzA5NzRmLzEvYk9vMERQNFI1ZXl4ZjFZZW1LdlI0SDR0OVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xY2Q5MDctNDRkMi00NmIxLThiZWMtZjUzZTUxYzA5NzRm
LzEvRHBYRHJPTm0yMEc4M0NWc1hWczc1SkNrOTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYCgMA0G
CSqGSIb3DQEBCwUAA4IBAQBpuX1tBNXa2HN9VgZCXQQhN6AEiSAixyCXb7EBODlh
+JzPnGUu3Af3T/cjoo3O/q4/4cEfQaUdJOGkytF6oCbfZF+0N8VaWUmfAjwtYMiY
ywgN+SB/oyvYj7llFn/9h9iHhPQ1JRhZscCQv3G1jP5qNGwrVYluNJXoOJchr8Ft
trtY3FNAe003KUsMun6AEU51u3s6JYdy9jKkOelKrws9uEknudcVN7D6K+V0Tz+0
wWtdD4tcp/7Dxmq1XqIb01i25H8nVZu66M63EQe5cLa+v+ucdqGWnzSUokxpJz3B
NRDimoBMFAn+Xy/bDGWuUqWUgbNdBdkOVvplPs34uZjV
-----END CERTIFICATE-----