Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/xGaSqKv1HnrtRpHNKCZxjX0gaug.roa
File:                     xGaSqKv1HnrtRpHNKCZxjX0gaug.roa (raw, json)
Hash identifier:          mU7JH6Sx5ARiC0/krLxIuDmrPcE6wC2v7Fb6B6Unj9w=
Subject key identifier:   C4:66:92:A8:AB:F5:1E:7A:ED:46:91:CD:28:26:71:8D:7D:20:6A:E8
Certificate issuer:       /CN=29d950bc184557bf504cf2b7c94a7dcec0876d66
Certificate serial:       018CC726FCC0B03B7523B11E8B13D805DB7F
Authority key identifier: 29:D9:50:BC:18:45:57:BF:50:4C:F2:B7:C9:4A:7D:CE:C0:87:6D:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdlQvBhFV79QTPK3yUp9zsCHbWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/xGaSqKv1HnrtRpHNKCZxjX0gaug.roa
Signing time:             Mon 01 Jan 2024 22:31:10 +0000
ROA not before:           Mon 01 Jan 2024 22:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15907
IP address blocks:        185.114.188.0/22 maxlen: 22
                          2a06:7140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/KdlQvBhFV79QTPK3yUp9zsCHbWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/KdlQvBhFV79QTPK3yUp9zsCHbWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdlQvBhFV79QTPK3yUp9zsCHbWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fc:c0:b0:3b:75:23:b1:1e:8b:13:d8:05:db:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d950bc184557bf504cf2b7c94a7dcec0876d66
        Validity
            Not Before: Jan  1 22:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c46692a8abf51e7aed4691cd2826718d7d206ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bb:ff:c8:9b:1b:bb:74:7a:4b:89:3c:f1:2c:
                    25:e6:f9:d5:f8:a9:d2:c4:30:0b:63:98:ce:ba:20:
                    08:0d:62:2f:ae:de:cd:d6:36:d0:29:8b:e3:05:93:
                    d0:98:16:60:89:db:80:9c:16:c2:0d:8c:62:84:b8:
                    26:fc:f9:8b:7d:ab:64:55:d3:b9:11:f0:1c:f7:ea:
                    6b:cf:67:cf:be:89:a8:82:32:61:81:dc:e6:68:48:
                    bc:0b:af:7d:35:42:50:99:fb:35:8d:a3:cf:21:45:
                    ad:11:2b:b1:17:94:a3:1e:5d:35:e0:ed:f2:d7:3f:
                    a1:b8:d7:b3:45:b1:f3:13:76:50:2d:cf:17:6b:70:
                    8f:6b:64:b8:56:70:00:31:fe:9a:bf:80:f7:f4:38:
                    ac:a4:96:62:c5:68:03:e0:bc:6c:de:60:34:e6:1e:
                    c5:50:21:c5:60:50:e1:0e:44:9e:03:a5:c5:7c:7c:
                    56:9c:81:43:85:17:bd:20:e7:4c:f4:1d:4d:c1:e1:
                    34:63:20:b4:8c:5e:2e:9c:84:0b:ed:ee:a7:f6:45:
                    5f:7e:74:84:ca:01:d7:36:b0:a3:c7:4e:72:81:cd:
                    d4:b3:74:06:49:b8:a1:cc:ab:0f:0e:a4:f8:c7:bb:
                    ef:fd:cf:49:d2:39:77:50:e1:34:58:51:43:59:95:
                    a3:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:66:92:A8:AB:F5:1E:7A:ED:46:91:CD:28:26:71:8D:7D:20:6A:E8
            X509v3 Authority Key Identifier:
                keyid:29:D9:50:BC:18:45:57:BF:50:4C:F2:B7:C9:4A:7D:CE:C0:87:6D:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdlQvBhFV79QTPK3yUp9zsCHbWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/xGaSqKv1HnrtRpHNKCZxjX0gaug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/772fea-4715-4010-8c1e-dee66a35506c/1/KdlQvBhFV79QTPK3yUp9zsCHbWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.188.0/22
                IPv6:
                  2a06:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:0e:a1:6b:06:8f:b1:3e:07:4e:4f:70:21:07:44:08:8e:7b:
         05:26:02:bb:36:e1:6e:49:5c:34:40:58:d0:c9:90:1e:1d:74:
         f0:f1:e9:8b:2c:be:26:32:e5:f4:a2:b5:4f:e6:84:99:bd:c2:
         53:a2:f5:6a:e4:83:c2:7c:e0:aa:13:5d:1d:dc:a7:76:14:b3:
         d8:73:40:44:6f:e2:fc:fc:c3:82:7a:e9:e5:1b:49:08:54:dc:
         83:62:30:f7:da:da:b2:95:e6:8e:ed:d4:18:e5:bd:e8:3a:fc:
         69:b3:54:bc:7f:a4:cb:3a:7f:96:58:b8:e0:11:67:b4:dc:8d:
         09:02:05:c6:93:86:4f:e2:5d:fb:b5:07:52:3a:78:ee:22:e3:
         ac:ae:67:a3:dd:d7:c7:ef:4c:fd:d9:cd:d7:9b:e0:20:d5:dd:
         dd:26:c8:c2:1f:5f:2c:03:ff:f7:e1:7b:9f:14:33:25:2f:24:
         fe:8e:8d:24:7c:3f:fb:0a:b4:9a:fd:0a:60:32:77:c8:4d:33:
         ca:70:61:47:33:84:44:e5:63:b2:f2:a6:16:7b:6d:3b:75:77:
         4c:21:11:12:cf:55:66:ce:11:33:c7:e9:23:07:fc:72:d3:88:
         f7:c5:41:be:26:d6:9e:b1:94:60:b6:57:72:3a:69:b5:41:cb:
         df:0c:1c:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvzAsDt1I7EeixPYBdt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDk1MGJjMTg0NTU3YmY1MDRjZjJiN2M5NGE3ZGNlYzA4
NzZkNjYwHhcNMjQwMTAxMjIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY2OTJhOGFiZjUxZTdhZWQ0NjkxY2QyODI2NzE4ZDdkMjA2YWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrv/yJsbu3R6S4k88Swl5vnV+KnS
xDALY5jOuiAIDWIvrt7N1jbQKYvjBZPQmBZgiduAnBbCDYxihLgm/PmLfatkVdO5
EfAc9+prz2fPvomogjJhgdzmaEi8C699NUJQmfs1jaPPIUWtESuxF5SjHl014O3y
1z+huNezRbHzE3ZQLc8Xa3CPa2S4VnAAMf6av4D39DispJZixWgD4Lxs3mA05h7F
UCHFYFDhDkSeA6XFfHxWnIFDhRe9IOdM9B1NweE0YyC0jF4unIQL7e6n9kVffnSE
ygHXNrCjx05ygc3Us3QGSbihzKsPDqT4x7vv/c9J0jl3UOE0WFFDWZWjXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMRmkqir9R567UaRzSgmcY19IGroMB8GA1UdIwQY
MBaAFCnZULwYRVe/UEzyt8lKfc7Ah21mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RsUXZCaEZWNzlRVFBLM3lVcDl6c0NIYldZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi83NzJmZWEtNDcxNS00MDEwLThjMWUt
ZGVlNjZhMzU1MDZjLzEveEdhU3FLdjFIbnJ0UnBITktDWnhqWDBnYXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi83NzJmZWEtNDcxNS00MDEwLThjMWUtZGVlNjZhMzU1MDZj
LzEvS2RsUXZCaEZWNzlRVFBLM3lVcDl6c0NIYldZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXK8MA0E
AgACMAcDBQMqBnFAMA0GCSqGSIb3DQEBCwUAA4IBAQAVDqFrBo+xPgdOT3AhB0QI
jnsFJgK7NuFuSVw0QFjQyZAeHXTw8emLLL4mMuX0orVP5oSZvcJTovVq5IPCfOCq
E10d3Kd2FLPYc0BEb+L8/MOCeunlG0kIVNyDYjD32tqyleaO7dQY5b3oOvxps1S8
f6TLOn+WWLjgEWe03I0JAgXGk4ZP4l37tQdSOnjuIuOsrmej3dfH70z92c3Xm+Ag
1d3dJsjCH18sA//34XufFDMlLyT+jo0kfD/7CrSa/QpgMnfITTPKcGFHM4RE5WOy
8qYWe207dXdMIRESz1VmzhEzx+kjB/xy04j3xUG+JtaesZRgtldyOmm1QcvfDByt
-----END CERTIFICATE-----