Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/h5w3O0aSJVyA_h0KvQTI6v153wg.roa
File:                     h5w3O0aSJVyA_h0KvQTI6v153wg.roa (raw, json)
Hash identifier:          KHHkqVei8SiRTf1sZfet/7zxq5LDAmj48PZrV9GdC1g=
Subject key identifier:   87:9C:37:3B:46:92:25:5C:80:FE:1D:0A:BD:04:C8:EA:FD:79:DF:08
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018D4A3FEC5390369B670CAFF6ADDFB02A87
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/h5w3O0aSJVyA_h0KvQTI6v153wg.roa
Signing time:             Sat 27 Jan 2024 09:28:39 +0000
ROA not before:           Sat 27 Jan 2024 09:28:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        185.191.22.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:4a:3f:ec:53:90:36:9b:67:0c:af:f6:ad:df:b0:2a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan 27 09:28:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=879c373b4692255c80fe1d0abd04c8eafd79df08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4c:7f:13:2e:e0:3e:c5:51:77:35:e5:33:d6:
                    fa:4a:57:d6:34:0c:10:fe:81:b7:58:27:a5:8c:30:
                    3e:dd:72:b8:80:0c:b0:cb:b1:e7:99:ad:ba:ef:71:
                    f8:e4:38:ef:67:71:32:8e:aa:8a:9a:15:f2:d3:9c:
                    ad:04:a1:02:8c:cb:f8:fb:35:04:68:a6:d2:4b:79:
                    67:aa:0d:68:db:d1:e3:be:e0:da:4b:21:7d:fb:26:
                    f1:33:8b:5a:bf:a4:71:f0:1a:ad:b9:30:92:ce:7b:
                    a9:c1:8e:5e:26:97:1f:aa:0f:7a:aa:31:51:00:48:
                    87:f1:3a:c9:31:7e:c5:56:04:5d:e2:b4:2e:ae:bb:
                    46:1e:b7:2f:28:a7:29:5e:4c:3e:ec:19:90:3d:f8:
                    90:66:7c:91:fa:7c:bd:9f:fe:8e:7a:d6:79:59:ea:
                    2c:f7:47:07:42:a3:27:1c:c2:c4:7b:9c:4b:be:cc:
                    91:d3:33:3c:bf:af:75:7d:ce:03:e9:b2:16:4c:9b:
                    81:5c:cf:9f:d9:6e:0f:9c:f7:ac:9e:c2:af:1e:11:
                    65:42:84:43:9d:e8:fb:20:17:e8:c1:4a:e4:09:7f:
                    e7:ed:76:25:36:0e:e2:08:e8:23:85:2c:df:66:9a:
                    ec:8a:d0:ac:d5:af:21:cf:87:55:a6:f7:9d:6e:f0:
                    6f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:9C:37:3B:46:92:25:5C:80:FE:1D:0A:BD:04:C8:EA:FD:79:DF:08
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/h5w3O0aSJVyA_h0KvQTI6v153wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:fe:3e:f4:51:b0:a7:47:8c:e7:e3:3f:32:4e:11:30:ab:bb:
         f8:1a:9e:b8:61:65:2d:ba:75:fc:d9:b5:e9:6e:8a:2f:86:5b:
         eb:63:cb:94:f5:2c:c4:50:80:57:54:47:cc:2d:99:f1:3d:d0:
         b9:ab:e9:7a:ee:88:bd:cc:ec:b3:04:0a:b3:70:28:a3:b8:a2:
         0b:68:02:ff:90:5d:e9:4a:89:f8:37:d5:52:3c:8e:e5:4b:ae:
         33:ef:ca:eb:a0:11:9d:79:0f:b1:60:30:3e:01:6a:a3:68:26:
         eb:0c:84:8d:63:23:62:1b:6e:d7:e3:b8:91:ba:17:d3:b6:c3:
         be:c2:38:fb:b1:48:04:ba:1b:66:36:4f:98:8a:ee:6e:b6:1f:
         ea:3f:5c:f5:41:a4:16:20:41:01:57:fc:24:39:58:52:00:c5:
         09:12:db:61:8b:7b:97:20:89:5b:82:05:45:ea:0a:e1:3b:3a:
         34:1b:7b:5c:9e:43:72:de:fe:95:02:7e:aa:61:6c:32:e4:85:
         a1:79:ac:a8:5d:ca:9b:27:81:9e:3d:ff:4b:a5:72:d7:a2:e0:
         50:8e:0a:a2:4a:ef:7c:ec:c8:57:cb:ad:0b:2e:ab:70:f1:d5:
         2b:82:8a:e7:ef:4c:3b:7a:07:a3:54:08:61:e4:54:c3:c1:88:
         cb:36:f9:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1KP+xTkDabZwyv9q3fsCqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwMTI3MDkyODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzljMzczYjQ2OTIyNTVjODBmZTFkMGFiZDA0YzhlYWZkNzlkZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUx/Ey7gPsVRdzXlM9b6SlfWNAwQ
/oG3WCeljDA+3XK4gAywy7Hnma2673H45DjvZ3EyjqqKmhXy05ytBKECjMv4+zUE
aKbSS3lnqg1o29HjvuDaSyF9+ybxM4tav6Rx8BqtuTCSznupwY5eJpcfqg96qjFR
AEiH8TrJMX7FVgRd4rQurrtGHrcvKKcpXkw+7BmQPfiQZnyR+ny9n/6OetZ5Weos
90cHQqMnHMLEe5xLvsyR0zM8v691fc4D6bIWTJuBXM+f2W4PnPesnsKvHhFlQoRD
nej7IBfowUrkCX/n7XYlNg7iCOgjhSzfZprsitCs1a8hz4dVpvedbvBvUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIecNztGkiVcgP4dCr0EyOr9ed8IMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvaDV3M08wYVNKVnlBX2gwS3ZRVEk2djE1M3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub8WMA0G
CSqGSIb3DQEBCwUAA4IBAQBm/j70UbCnR4zn4z8yThEwq7v4Gp64YWUtunX82bXp
boovhlvrY8uU9SzEUIBXVEfMLZnxPdC5q+l67oi9zOyzBAqzcCijuKILaAL/kF3p
Son4N9VSPI7lS64z78rroBGdeQ+xYDA+AWqjaCbrDISNYyNiG27X47iRuhfTtsO+
wjj7sUgEuhtmNk+Yiu5uth/qP1z1QaQWIEEBV/wkOVhSAMUJEtthi3uXIIlbggVF
6grhOzo0G3tcnkNy3v6VAn6qYWwy5IWheayoXcqbJ4GePf9LpXLXouBQjgqiSu98
7MhXy60LLqtw8dUrgorn70w7egejVAhh5FTDwYjLNvnV
-----END CERTIFICATE-----