Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/tmTtY7ydB1g_ic0YxhFwrbbeGyY.roa
File:                     tmTtY7ydB1g_ic0YxhFwrbbeGyY.roa (raw, json)
Hash identifier:          j61oJrWP8W2v5QGrdLd3e8tFQG+C57Ftl7n4+aioxVk=
Subject key identifier:   B6:64:ED:63:BC:9D:07:58:3F:89:CD:18:C6:11:70:AD:B6:DE:1B:26
Certificate issuer:       /CN=786758bea68f0825cf16e66fb02ee7bca454bae2
Certificate serial:       018CC6B91EE160BEAAED668EC4F5C65F01B7
Authority key identifier: 78:67:58:BE:A6:8F:08:25:CF:16:E6:6F:B0:2E:E7:BC:A4:54:BA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/tmTtY7ydB1g_ic0YxhFwrbbeGyY.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201912
IP address blocks:        185.162.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 09:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1e:e1:60:be:aa:ed:66:8e:c4:f5:c6:5f:01:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=786758bea68f0825cf16e66fb02ee7bca454bae2
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b664ed63bc9d07583f89cd18c61170adb6de1b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:17:d8:96:a5:a3:08:95:31:cb:eb:78:d5:56:
                    ec:e3:9c:5f:04:bb:03:49:a6:6c:44:ae:3d:04:86:
                    41:f3:75:89:b9:9b:fc:00:48:c7:fa:46:86:e5:02:
                    d3:70:67:f4:de:56:57:4a:d2:83:10:17:c5:6b:8e:
                    16:dc:74:9a:54:5e:49:8e:c8:8e:7c:47:47:e3:76:
                    67:68:0a:55:3c:6d:08:ce:e6:11:1a:9b:13:34:ef:
                    b0:e2:c4:1b:bb:13:9a:77:e3:b1:53:9e:60:88:a8:
                    14:a6:b8:1d:6e:a2:ef:15:16:e5:58:94:35:bf:ac:
                    c4:1e:57:b6:f0:a4:9e:e8:f8:0e:4f:9d:52:36:e2:
                    a6:f3:df:84:0c:da:79:5a:1d:fe:b5:a3:92:a3:3b:
                    bb:92:78:aa:df:1d:68:bb:c6:cc:4d:c1:60:9b:25:
                    8e:9b:89:c0:e4:75:13:e9:9a:46:c1:36:99:45:3c:
                    c1:22:e3:e8:d5:ba:c7:b7:27:6d:9d:f1:80:c9:7b:
                    8c:04:59:34:7e:ac:94:47:c2:a1:b0:8c:94:12:8f:
                    46:e8:e7:9b:1a:df:7e:c6:2b:49:8a:97:67:7d:d1:
                    23:f4:9b:2c:06:98:db:45:6e:a1:c7:26:a6:39:1c:
                    f6:ec:9e:71:81:0a:27:16:d0:95:8a:56:8b:ea:23:
                    cf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:64:ED:63:BC:9D:07:58:3F:89:CD:18:C6:11:70:AD:B6:DE:1B:26
            X509v3 Authority Key Identifier:
                keyid:78:67:58:BE:A6:8F:08:25:CF:16:E6:6F:B0:2E:E7:BC:A4:54:BA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/tmTtY7ydB1g_ic0YxhFwrbbeGyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:b6:a3:c5:f5:04:f1:70:c8:8e:4a:14:eb:7d:a6:57:f0:31:
         66:dc:03:d6:d1:dd:23:31:c4:35:6c:e7:44:f9:69:cf:5b:9f:
         65:8f:be:a6:ea:7e:d5:14:c2:a9:9b:68:19:2d:da:72:30:db:
         ac:72:50:8f:9e:c4:e5:df:e7:9b:e3:60:4d:1d:a5:79:41:7e:
         a3:9d:d4:ef:cf:f5:45:ee:0e:26:24:19:4d:f7:12:e8:69:1f:
         dd:bc:29:79:5d:f9:6e:f1:1e:68:42:1d:34:8f:47:9c:e5:f4:
         2f:e6:63:5e:86:97:54:d9:37:03:3a:d4:46:df:0b:40:e3:e3:
         f9:f8:36:29:d3:be:a0:66:a7:62:d8:53:90:2e:81:f6:81:9d:
         5a:84:92:7f:d6:4d:c8:8b:ea:bb:5b:39:f8:63:b4:ab:13:67:
         9b:d7:84:dc:bc:03:25:3f:0b:69:4e:59:c8:d3:4f:9f:0c:60:
         5a:4a:14:0f:82:23:48:d4:93:22:a6:ff:bf:2a:95:e1:72:fe:
         1e:47:35:d3:db:b2:c6:35:74:d8:a2:39:79:09:73:dc:3c:7c:
         b2:5c:a9:2b:6a:1d:2f:a4:c3:a3:4d:06:1a:ff:44:e2:c0:20:
         f9:1b:29:f9:95:48:4c:3f:d2:6f:c6:11:38:f4:79:cd:b8:29:
         29:3b:7d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuR7hYL6q7WaOxPXGXwG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4Njc1OGJlYTY4ZjA4MjVjZjE2ZTY2ZmIwMmVlN2JjYTQ1
NGJhZTIwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjY0ZWQ2M2JjOWQwNzU4M2Y4OWNkMThjNjExNzBhZGI2ZGUxYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihfYlqWjCJUxy+t41Vbs45xfBLsD
SaZsRK49BIZB83WJuZv8AEjH+kaG5QLTcGf03lZXStKDEBfFa44W3HSaVF5JjsiO
fEdH43ZnaApVPG0IzuYRGpsTNO+w4sQbuxOad+OxU55giKgUprgdbqLvFRblWJQ1
v6zEHle28KSe6PgOT51SNuKm89+EDNp5Wh3+taOSozu7kniq3x1ou8bMTcFgmyWO
m4nA5HUT6ZpGwTaZRTzBIuPo1brHtydtnfGAyXuMBFk0fqyUR8KhsIyUEo9G6Oeb
Gt9+xitJipdnfdEj9JssBpjbRW6hxyamORz27J5xgQonFtCVilaL6iPPDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZk7WO8nQdYP4nNGMYRcK223hsmMB8GA1UdIwQY
MBaAFHhnWL6mjwglzxbmb7Au57ykVLriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUdkWXZxYVBDQ1hQRnVadnNDN252S1JVdXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83ODNmNTItMDM0ZC00NmQzLWIwMzEt
ZWVkNDVjOTM3NzVlLzEvdG1UdFk3eWRCMWdfaWMwWXhoRndyYmJlR3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83ODNmNTItMDM0ZC00NmQzLWIwMzEtZWVkNDVjOTM3NzVl
LzEvZUdkWXZxYVBDQ1hQRnVadnNDN252S1JVdXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaJoMA0G
CSqGSIb3DQEBCwUAA4IBAQB9tqPF9QTxcMiOShTrfaZX8DFm3APW0d0jMcQ1bOdE
+WnPW59lj76m6n7VFMKpm2gZLdpyMNusclCPnsTl3+eb42BNHaV5QX6jndTvz/VF
7g4mJBlN9xLoaR/dvCl5Xflu8R5oQh00j0ec5fQv5mNehpdU2TcDOtRG3wtA4+P5
+DYp076gZqdi2FOQLoH2gZ1ahJJ/1k3Ii+q7Wzn4Y7SrE2eb14TcvAMlPwtpTlnI
00+fDGBaShQPgiNI1JMipv+/KpXhcv4eRzXT27LGNXTYojl5CXPcPHyyXKkrah0v
pMOjTQYa/0TiwCD5Gyn5lUhMP9JvxhE49HnNuCkpO33v
-----END CERTIFICATE-----