Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/1w3n9ZVb_Fv5mHDAxyi72eHwqnw.roa
File:                     1w3n9ZVb_Fv5mHDAxyi72eHwqnw.roa (raw, json)
Hash identifier:          W5B3S1dMOHTWpto06OQfsvG2KE57vBbZit/AeDL4eZ4=
Subject key identifier:   D7:0D:E7:F5:95:5B:FC:5B:F9:98:70:C0:C7:28:BB:D9:E1:F0:AA:7C
Certificate issuer:       /CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
Certificate serial:       018CCA99257A8CDE942C0F52A8A68867B919
Authority key identifier: E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/1w3n9ZVb_Fv5mHDAxyi72eHwqnw.roa
Signing time:             Tue 02 Jan 2024 14:34:43 +0000
ROA not before:           Tue 02 Jan 2024 14:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204870
IP address blocks:        185.174.154.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:25:7a:8c:de:94:2c:0f:52:a8:a6:88:67:b9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
        Validity
            Not Before: Jan  2 14:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d70de7f5955bfc5bf99870c0c728bbd9e1f0aa7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6a:9b:e3:5e:5c:2a:24:db:e5:d9:a3:50:2d:
                    49:53:0d:09:84:3b:78:a8:70:19:dd:21:74:3d:03:
                    7c:31:50:a8:f5:67:c8:af:3f:e0:24:97:d5:c3:87:
                    13:c1:3d:d7:16:ae:d3:ca:3e:e8:45:80:78:80:a3:
                    90:91:51:d9:41:02:66:4d:f3:57:12:7a:9e:51:a7:
                    c6:ca:ad:e1:60:06:bf:0e:d5:d2:41:35:5e:f7:af:
                    7a:ca:4f:1e:f8:56:7d:c8:a1:0e:ed:c5:5b:d8:19:
                    f3:a0:ed:f3:95:e8:2d:ef:a8:68:ed:46:8f:00:29:
                    ee:8c:d9:ef:2d:43:ad:29:34:7a:a7:ce:95:42:fd:
                    3a:b1:7b:61:e0:f8:52:a2:a1:78:e7:ee:77:74:b3:
                    d4:cb:a3:51:ba:b3:45:f4:1f:16:ae:1c:75:a1:45:
                    fa:33:e7:b5:22:59:30:3b:39:37:7c:5f:8d:00:27:
                    ea:85:cf:e5:71:72:5c:2f:5e:cb:b1:d5:fd:50:60:
                    b2:54:18:70:0b:ae:f5:fb:be:ab:58:89:e2:de:19:
                    b2:7c:d0:8f:f2:43:90:85:97:54:dc:e0:83:36:67:
                    a9:a2:76:e8:02:b4:3e:ee:4a:ad:65:9f:ba:17:d9:
                    a3:bc:66:d6:ce:cb:f4:86:31:e8:91:68:15:62:1e:
                    3f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:0D:E7:F5:95:5B:FC:5B:F9:98:70:C0:C7:28:BB:D9:E1:F0:AA:7C
            X509v3 Authority Key Identifier:
                keyid:E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/1w3n9ZVb_Fv5mHDAxyi72eHwqnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:d9:45:bc:86:83:1d:3a:ce:16:9a:ed:58:6b:cc:89:12:e9:
         6e:f0:6d:a6:c7:bc:6d:f5:d2:b4:09:18:d0:94:3f:69:50:e2:
         25:85:10:fc:84:8b:87:bd:17:50:a7:be:7f:9d:81:e7:ca:ba:
         26:8f:a9:ec:4c:d3:3a:ba:15:ca:26:48:39:cf:bb:d6:0d:f5:
         18:bf:00:9a:c4:5b:91:f2:5c:fd:5b:da:ca:f9:ed:84:c0:2b:
         a6:80:0a:b3:cb:7a:04:62:39:e6:a8:81:f7:9c:54:37:9e:83:
         d8:90:11:15:98:8c:1e:eb:0f:9b:ce:a1:0e:12:c0:c7:01:96:
         b9:70:3d:27:64:bf:d6:7b:2c:fd:28:aa:16:05:7e:14:35:fa:
         78:12:99:4b:e7:b7:5f:27:63:ea:d9:6c:62:1d:f0:0c:18:9b:
         e9:12:3a:fd:b3:fd:fd:88:f8:9f:94:3c:8a:a5:d4:8e:f4:83:
         fa:54:a3:d1:2d:fc:3d:c3:6f:48:84:c5:ae:37:67:0c:ed:7e:
         b7:52:b0:8a:85:46:a0:36:01:f4:cb:31:cd:8f:c1:5a:66:8a:
         ed:5a:a8:c2:bc:f2:f3:f5:6b:a4:ca:eb:95:bd:88:2a:58:29:
         60:83:b1:1b:20:60:2a:67:89:79:34:a8:57:b1:b8:e3:b8:27:
         a2:cc:71:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmSV6jN6ULA9SqKaIZ7kZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZThmNTZiYzFmNTAxMDI5MTY4MWJjMmQ4YzAyZjlhY2Jm
NzE0YTAwHhcNMjQwMTAyMTQzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzBkZTdmNTk1NWJmYzViZjk5ODcwYzBjNzI4YmJkOWUxZjBhYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmqb415cKiTb5dmjUC1JUw0JhDt4
qHAZ3SF0PQN8MVCo9WfIrz/gJJfVw4cTwT3XFq7Tyj7oRYB4gKOQkVHZQQJmTfNX
EnqeUafGyq3hYAa/DtXSQTVe9696yk8e+FZ9yKEO7cVb2BnzoO3zlegt76ho7UaP
ACnujNnvLUOtKTR6p86VQv06sXth4PhSoqF45+53dLPUy6NRurNF9B8Wrhx1oUX6
M+e1IlkwOzk3fF+NACfqhc/lcXJcL17LsdX9UGCyVBhwC671+76rWIni3hmyfNCP
8kOQhZdU3OCDNmeponboArQ+7kqtZZ+6F9mjvGbWzsv0hjHokWgVYh4/lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcN5/WVW/xb+ZhwwMcou9nh8Kp8MB8GA1UdIwQY
MBaAFOLo9WvB9QECkWgbwtjAL5rL9xSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTct
NDQ3ZWRjNGY5YWY2LzEvMXczbjlaVmJfRnY1bUhEQXh5aTcyZUh3cW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTctNDQ3ZWRjNGY5YWY2
LzEvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBua6aMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2UW8hoMdOs4Wmu1Ya8yJEulu8G2mx7xt9dK0CRjQ
lD9pUOIlhRD8hIuHvRdQp75/nYHnyromj6nsTNM6uhXKJkg5z7vWDfUYvwCaxFuR
8lz9W9rK+e2EwCumgAqzy3oEYjnmqIH3nFQ3noPYkBEVmIwe6w+bzqEOEsDHAZa5
cD0nZL/Weyz9KKoWBX4UNfp4EplL57dfJ2Pq2WxiHfAMGJvpEjr9s/39iPiflDyK
pdSO9IP6VKPRLfw9w29IhMWuN2cM7X63UrCKhUagNgH0yzHNj8FaZortWqjCvPLz
9WukyuuVvYgqWClgg7EbIGAqZ4l5NKhXsbjjuCeizHFk
-----END CERTIFICATE-----