Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/dFAKweD9dViC2qkneovHavg2-Qs.roa
File:                     dFAKweD9dViC2qkneovHavg2-Qs.roa (raw, json)
Hash identifier:          zfgCkOEo2ewcM1vCpH9uh/303z5dYEa5d8f8fA4SPFA=
Subject key identifier:   74:50:0A:C1:E0:FD:75:58:82:DA:A9:27:7A:8B:C7:6A:F8:36:F9:0B
Certificate issuer:       /CN=51a2c2c06ddb84669a89a99fb8756095134c8766
Certificate serial:       0192D824177A88472713A328A1EC641621DB
Authority key identifier: 51:A2:C2:C0:6D:DB:84:66:9A:89:A9:9F:B8:75:60:95:13:4C:87:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UaLCwG3bhGaaiamfuHVglRNMh2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/dFAKweD9dViC2qkneovHavg2-Qs.roa
Signing time:             Tue 29 Oct 2024 11:58:16 +0000
ROA not before:           Tue 29 Oct 2024 11:58:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47164
IP address blocks:        185.192.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/UaLCwG3bhGaaiamfuHVglRNMh2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/UaLCwG3bhGaaiamfuHVglRNMh2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UaLCwG3bhGaaiamfuHVglRNMh2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:24:17:7a:88:47:27:13:a3:28:a1:ec:64:16:21:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51a2c2c06ddb84669a89a99fb8756095134c8766
        Validity
            Not Before: Oct 29 11:58:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74500ac1e0fd755882daa9277a8bc76af836f90b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:55:32:17:21:a5:50:30:91:82:50:43:f4:ea:
                    8d:05:6c:8b:e7:4d:28:41:d0:69:f9:d3:2c:89:f2:
                    6b:58:04:d2:3e:4e:ad:f8:9a:33:d1:de:53:f5:65:
                    16:af:c5:04:0a:3a:c2:9d:6f:fa:9b:63:ab:62:5b:
                    eb:12:f9:65:93:31:32:f1:b5:6e:2a:91:93:12:46:
                    9f:29:63:b5:7f:61:09:6e:80:53:7e:db:6d:9e:ce:
                    ec:4e:aa:e6:76:16:ac:bd:ea:cc:bf:c5:1e:b6:6c:
                    82:22:38:d4:1a:cc:02:34:9e:82:a0:c1:ce:cb:c9:
                    44:4d:8d:5f:bb:12:c0:f7:ea:91:4b:9b:c0:4f:cd:
                    bb:ba:5d:47:50:be:cf:fd:b3:76:c1:63:40:61:4d:
                    05:72:73:d4:fa:f9:3a:b3:5e:a2:21:10:71:91:20:
                    1b:50:dc:3b:b6:a0:cb:a0:7c:99:b2:89:a9:66:cf:
                    5d:3d:36:a1:5c:e0:b3:5f:d0:d5:82:4c:38:26:59:
                    b1:f1:08:fc:17:9e:03:7c:94:54:c9:e9:94:a3:3a:
                    8c:9e:3f:93:35:bd:fa:2c:5b:ec:e5:aa:1e:a0:e8:
                    20:5d:6c:9b:5a:a5:2d:d2:1a:86:d6:47:28:86:a3:
                    1f:ec:d3:8b:ee:78:7c:14:3b:1b:ae:1e:15:f3:a2:
                    11:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:50:0A:C1:E0:FD:75:58:82:DA:A9:27:7A:8B:C7:6A:F8:36:F9:0B
            X509v3 Authority Key Identifier:
                keyid:51:A2:C2:C0:6D:DB:84:66:9A:89:A9:9F:B8:75:60:95:13:4C:87:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UaLCwG3bhGaaiamfuHVglRNMh2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/dFAKweD9dViC2qkneovHavg2-Qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/6af319-5f93-43db-8b27-7054ea6a60d6/1/UaLCwG3bhGaaiamfuHVglRNMh2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:db:c1:6a:1f:4e:84:11:6d:f3:6c:46:78:d0:06:9e:2f:51:
         e6:2a:66:70:14:ed:b8:bb:f3:9d:23:59:3e:66:0c:88:46:f3:
         e2:f0:c9:52:ea:04:28:32:e5:ff:29:f4:5c:dc:2c:7f:59:53:
         50:3c:bc:64:ef:ee:86:b6:e3:bf:c1:14:7c:7d:32:44:10:b6:
         b1:72:ca:11:25:f6:17:e5:99:a9:4d:dc:c2:6a:bd:c5:18:69:
         64:19:f5:f4:db:60:6f:93:9f:72:e8:83:99:d9:46:20:bd:40:
         af:1e:75:89:66:08:bb:ae:36:fc:b1:c8:0d:f3:67:5d:fc:cb:
         dd:5f:5a:bd:0a:c5:39:29:53:23:5f:2f:fb:50:68:7a:69:9d:
         c1:18:08:7f:ca:f1:85:2f:21:59:66:7b:e6:d9:28:4c:8b:f9:
         2b:be:f9:6d:cd:e8:8e:e0:e0:79:23:64:24:49:f6:92:41:45:
         68:9c:3e:f3:e2:38:1a:19:32:85:51:62:95:54:fa:a7:58:d4:
         96:73:4c:2c:10:7c:07:c3:6a:04:f8:f5:0b:de:a5:d6:d5:6e:
         19:22:cd:a5:a4:8d:fc:b1:9d:c9:aa:dd:94:a3:96:8d:6f:ab:
         0f:73:61:95:fb:1d:70:b8:ee:ad:2e:5c:89:77:97:02:03:da:
         9a:fc:bf:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLYJBd6iEcnE6MooexkFiHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYTJjMmMwNmRkYjg0NjY5YTg5YTk5ZmI4NzU2MDk1MTM0
Yzg3NjYwHhcNMjQxMDI5MTE1ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDUwMGFjMWUwZmQ3NTU4ODJkYWE5Mjc3YThiYzc2YWY4MzZmOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFUyFyGlUDCRglBD9OqNBWyL500o
QdBp+dMsifJrWATSPk6t+Joz0d5T9WUWr8UECjrCnW/6m2OrYlvrEvllkzEy8bVu
KpGTEkafKWO1f2EJboBTftttns7sTqrmdhasverMv8UetmyCIjjUGswCNJ6CoMHO
y8lETY1fuxLA9+qRS5vAT827ul1HUL7P/bN2wWNAYU0FcnPU+vk6s16iIRBxkSAb
UNw7tqDLoHyZsompZs9dPTahXOCzX9DVgkw4Jlmx8Qj8F54DfJRUyemUozqMnj+T
Nb36LFvs5aoeoOggXWybWqUt0hqG1kcohqMf7NOL7nh8FDsbrh4V86IRwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRQCsHg/XVYgtqpJ3qLx2r4NvkLMB8GA1UdIwQY
MBaAFFGiwsBt24Rmmompn7h1YJUTTIdmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWFMQ3dHM2JoR2FhaWFtZnVIVmdsUk5NaDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy82YWYzMTktNWY5My00M2RiLThiMjct
NzA1NGVhNmE2MGQ2LzEvZEZBS3dlRDlkVmlDMnFrbmVvdkhhdmcyLVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy82YWYzMTktNWY5My00M2RiLThiMjctNzA1NGVhNmE2MGQ2
LzEvVWFMQ3dHM2JoR2FhaWFtZnVIVmdsUk5NaDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucC1MA0G
CSqGSIb3DQEBCwUAA4IBAQDW28FqH06EEW3zbEZ40AaeL1HmKmZwFO24u/OdI1k+
ZgyIRvPi8MlS6gQoMuX/KfRc3Cx/WVNQPLxk7+6GtuO/wRR8fTJEELaxcsoRJfYX
5ZmpTdzCar3FGGlkGfX022Bvk59y6IOZ2UYgvUCvHnWJZgi7rjb8scgN82dd/Mvd
X1q9CsU5KVMjXy/7UGh6aZ3BGAh/yvGFLyFZZnvm2ShMi/krvvltzeiO4OB5I2Qk
SfaSQUVonD7z4jgaGTKFUWKVVPqnWNSWc0wsEHwHw2oE+PUL3qXW1W4ZIs2lpI38
sZ3Jqt2Uo5aNb6sPc2GV+x1wuO6tLlyJd5cCA9qa/L+Q
-----END CERTIFICATE-----