Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/prTtt8UeW6vaIBf_yLpLK1hPYqs.roa
File:                     prTtt8UeW6vaIBf_yLpLK1hPYqs.roa (raw, json)
Hash identifier:          oaJAGpKpwNsAbNb1yVNMFgsl7FwcJB+ZzevJj+mVP+A=
Subject key identifier:   A6:B4:ED:B7:C5:1E:5B:AB:DA:20:17:FF:C8:BA:4B:2B:58:4F:62:AB
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       018CC72740DAF225762CFCEC39C5040825C9
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/prTtt8UeW6vaIBf_yLpLK1hPYqs.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210721
IP address blocks:        194.183.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:40:da:f2:25:76:2c:fc:ec:39:c5:04:08:25:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6b4edb7c51e5babda2017ffc8ba4b2b584f62ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:be:8f:2c:af:b0:9d:b0:7f:ed:91:00:a0:9f:
                    cf:33:47:d2:b2:b0:cf:62:45:39:94:51:a5:94:4d:
                    34:35:d4:dc:6e:3e:2b:66:fb:4d:0a:64:12:12:8b:
                    95:4a:2b:c2:59:06:e4:73:20:17:5f:d1:c9:2e:c1:
                    60:e1:83:3f:9b:d9:5d:5f:d1:5f:e5:c2:89:34:ae:
                    0e:5b:95:af:f3:11:09:6a:42:bc:12:cf:d7:8f:33:
                    ee:39:33:9e:48:21:50:9f:7b:cb:98:73:60:fa:ab:
                    9e:36:a1:ed:8a:a4:52:c9:79:5c:3c:02:dd:9f:12:
                    5e:55:40:b8:87:c0:38:df:5f:f6:43:b9:f7:d3:ef:
                    46:24:c9:4d:52:8d:1f:0e:68:09:ad:f6:f5:4b:dd:
                    0f:c5:b9:90:02:b0:6f:fd:52:a7:f0:f7:fb:61:06:
                    49:3a:ae:16:3b:64:c5:eb:77:37:c1:20:f0:e2:cf:
                    f6:ef:77:97:e1:25:1d:cc:ce:cf:a4:bb:a2:90:13:
                    35:a8:51:46:f8:d4:dd:09:89:c9:35:7e:79:0d:c1:
                    dd:23:9b:be:87:01:d8:0f:94:60:32:b5:32:35:f0:
                    98:26:41:de:00:10:fe:b9:3c:83:3e:fb:39:2d:ff:
                    51:01:ca:90:b9:3b:8a:1c:70:03:59:a9:ac:a5:64:
                    31:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B4:ED:B7:C5:1E:5B:AB:DA:20:17:FF:C8:BA:4B:2B:58:4F:62:AB
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/prTtt8UeW6vaIBf_yLpLK1hPYqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.183.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:66:60:69:86:11:01:7e:8f:de:86:9f:7b:49:25:a2:04:d7:
         58:94:3a:2e:b2:e4:2a:7e:1b:6a:3d:35:8d:32:c4:fc:a3:d9:
         1f:74:ad:0e:bd:33:e6:f3:f9:4f:d2:23:5f:19:08:2e:14:c6:
         db:34:bd:55:67:a8:ff:c7:b7:ef:af:c2:0c:2f:f8:1a:8b:aa:
         e8:cb:2f:ca:6e:ce:65:8f:57:e6:19:c6:b9:74:8f:ba:b2:8a:
         50:a8:36:bd:e0:4e:cd:a6:9b:6b:e3:13:04:7c:10:02:b0:a5:
         f3:3c:5d:80:97:f0:df:8d:d7:8a:fc:1b:5a:3f:49:2a:aa:fb:
         c3:61:01:c1:a5:a4:6f:b0:72:0b:6d:7e:17:ae:44:8e:e2:73:
         76:63:cb:4e:f4:de:81:66:7f:33:0e:fc:24:38:ac:cb:c1:5f:
         e4:1f:16:87:2b:a1:cd:80:53:de:dc:6a:91:d7:04:2f:e7:60:
         bd:78:3a:0c:ed:39:05:64:6b:d8:d1:0f:75:c0:9e:aa:fb:19:
         b4:1b:27:c4:3a:9a:54:ea:ef:bd:37:71:6f:36:e9:db:56:26:
         b1:a1:3c:1d:92:a4:bc:58:d5:eb:7c:77:45:c4:d2:0f:ca:77:
         f6:93:ae:a6:84:7a:3b:10:a5:86:13:cf:d6:5f:82:af:23:c0:
         30:1b:99:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0Da8iV2LPzsOcUECCXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI0ZWRiN2M1MWU1YmFiZGEyMDE3ZmZjOGJhNGIyYjU4NGY2MmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh76PLK+wnbB/7ZEAoJ/PM0fSsrDP
YkU5lFGllE00NdTcbj4rZvtNCmQSEouVSivCWQbkcyAXX9HJLsFg4YM/m9ldX9Ff
5cKJNK4OW5Wv8xEJakK8Es/XjzPuOTOeSCFQn3vLmHNg+queNqHtiqRSyXlcPALd
nxJeVUC4h8A431/2Q7n30+9GJMlNUo0fDmgJrfb1S90PxbmQArBv/VKn8Pf7YQZJ
Oq4WO2TF63c3wSDw4s/273eX4SUdzM7PpLuikBM1qFFG+NTdCYnJNX55DcHdI5u+
hwHYD5RgMrUyNfCYJkHeABD+uTyDPvs5Lf9RAcqQuTuKHHADWamspWQxjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKa07bfFHlur2iAX/8i6SytYT2KrMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvcHJUdHQ4VWVXNnZhSUJmX3lMcExLMWhQWXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrehMA0G
CSqGSIb3DQEBCwUAA4IBAQC8ZmBphhEBfo/ehp97SSWiBNdYlDousuQqfhtqPTWN
MsT8o9kfdK0OvTPm8/lP0iNfGQguFMbbNL1VZ6j/x7fvr8IML/gai6royy/Kbs5l
j1fmGca5dI+6sopQqDa94E7Npptr4xMEfBACsKXzPF2Al/DfjdeK/BtaP0kqqvvD
YQHBpaRvsHILbX4XrkSO4nN2Y8tO9N6BZn8zDvwkOKzLwV/kHxaHK6HNgFPe3GqR
1wQv52C9eDoM7TkFZGvY0Q91wJ6q+xm0GyfEOppU6u+9N3FvNunbViaxoTwdkqS8
WNXrfHdFxNIPynf2k66mhHo7EKWGE8/WX4KvI8AwG5ni
-----END CERTIFICATE-----