Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/mPu8paiLKcJR1E7QWfaXZ9WufK8.roa
File:                     mPu8paiLKcJR1E7QWfaXZ9WufK8.roa (raw, json)
Hash identifier:          KfJSG1tj/Qb3yTVeeYawck7EtkKHqcjK+GsS8sV/MJ4=
Subject key identifier:   98:FB:BC:A5:A8:8B:29:C2:51:D4:4E:D0:59:F6:97:67:D5:AE:7C:AF
Certificate issuer:       /CN=c8e2d1f3257cfae0ffe673c1f77534653312f06b
Certificate serial:       018CC794FCEE9D2DC50C27EEE630BC62803B
Authority key identifier: C8:E2:D1:F3:25:7C:FA:E0:FF:E6:73:C1:F7:75:34:65:33:12:F0:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/mPu8paiLKcJR1E7QWfaXZ9WufK8.roa
Signing time:             Tue 02 Jan 2024 00:31:19 +0000
ROA not before:           Tue 02 Jan 2024 00:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207181
IP address blocks:        185.162.208.0/22 maxlen: 22
                          185.162.209.0/24 maxlen: 24
                          185.162.211.0/24 maxlen: 24
                          185.162.208.0/24 maxlen: 24
                          185.162.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:fc:ee:9d:2d:c5:0c:27:ee:e6:30:bc:62:80:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8e2d1f3257cfae0ffe673c1f77534653312f06b
        Validity
            Not Before: Jan  2 00:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98fbbca5a88b29c251d44ed059f69767d5ae7caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4a:28:fa:32:e3:cc:92:ce:09:2d:d4:89:bf:
                    ff:1a:70:de:4e:c9:b6:2c:8e:7c:33:e9:90:36:4d:
                    48:e0:0f:4d:7a:2b:f7:2b:8f:cd:55:d6:ef:64:6e:
                    01:e1:77:e3:e6:4e:08:28:df:48:5e:9a:98:f3:ad:
                    1a:af:41:c5:35:12:17:52:31:e3:bf:6a:df:4e:46:
                    9f:66:9c:ca:63:e5:c5:48:f1:66:8d:a6:db:ca:49:
                    eb:d6:c8:59:e4:77:be:9b:53:4e:95:ac:bc:a1:ed:
                    97:74:d9:1d:f3:c4:7f:cb:1c:71:b4:c1:cf:23:01:
                    74:96:c8:02:e5:05:6c:b9:8f:1b:f2:6a:15:80:c6:
                    29:de:d9:05:32:0d:02:86:d6:38:fa:2e:9f:a2:95:
                    c0:84:b3:7d:f4:c2:54:d9:59:f4:17:6a:e6:15:02:
                    5b:60:6f:dd:58:a2:e8:b1:71:03:a8:f7:30:35:1f:
                    cf:1c:3c:36:ff:87:bd:fb:ba:f6:12:e4:94:d1:78:
                    e8:b1:90:36:dd:46:13:46:2b:a3:27:39:4e:f2:69:
                    ab:e1:81:40:ab:62:38:0e:a3:91:c0:53:ad:26:48:
                    22:a1:eb:a2:15:57:fe:f1:c9:65:02:29:bf:f3:db:
                    3e:4e:d8:62:2f:59:86:9c:c8:23:3b:cf:65:b4:68:
                    62:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FB:BC:A5:A8:8B:29:C2:51:D4:4E:D0:59:F6:97:67:D5:AE:7C:AF
            X509v3 Authority Key Identifier:
                keyid:C8:E2:D1:F3:25:7C:FA:E0:FF:E6:73:C1:F7:75:34:65:33:12:F0:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/mPu8paiLKcJR1E7QWfaXZ9WufK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/d0e824-f7d3-4f0d-bdd4-b9628a24d9d1/1/yOLR8yV8-uD_5nPB93U0ZTMS8Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:5a:ba:21:29:93:89:dc:73:4e:38:51:03:dd:56:73:a1:ed:
         ec:c9:ae:85:a2:b8:af:f0:02:e1:62:5c:82:e6:88:41:4b:2f:
         b1:e1:4b:24:c5:de:63:5f:49:47:4f:6e:38:80:d9:1f:42:9d:
         c9:5f:f1:48:c0:2f:13:e7:4f:66:49:d5:56:fa:a6:47:07:a6:
         45:8a:d3:a1:f9:79:17:d7:98:8b:d0:a8:35:65:56:62:ab:ae:
         e9:cf:f9:c5:32:af:b6:1d:47:c8:8b:43:b6:ad:1f:32:6c:0f:
         f8:e3:c9:8f:95:2a:66:1a:44:39:ed:9d:37:59:7c:90:fd:db:
         29:f7:c8:47:34:20:77:dc:51:be:b3:c1:fc:a7:0b:12:d6:2d:
         41:6a:c2:08:92:b1:7e:bb:17:47:79:f0:80:f3:15:b7:c4:b1:
         c3:52:4d:77:77:4f:18:ce:5f:d4:22:90:5d:80:63:4d:1b:a5:
         25:98:78:a4:c3:7c:4c:92:85:4c:52:6e:a7:34:bb:43:66:86:
         ab:91:8d:e5:00:08:a4:77:9b:3f:cf:c7:f0:0a:d2:5b:df:3e:
         b4:18:b1:76:69:9f:c1:df:6d:45:07:e2:77:39:70:03:1e:ed:
         10:dd:b1:f5:87:c2:ca:fd:0b:ea:d8:36:9a:8a:23:2d:57:6d:
         3a:2a:0e:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPzunS3FDCfu5jC8YoA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZTJkMWYzMjU3Y2ZhZTBmZmU2NzNjMWY3NzUzNDY1MzMx
MmYwNmIwHhcNMjQwMTAyMDAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZiYmNhNWE4OGIyOWMyNTFkNDRlZDA1OWY2OTc2N2Q1YWU3Y2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Eoo+jLjzJLOCS3Uib//GnDeTsm2
LI58M+mQNk1I4A9Neiv3K4/NVdbvZG4B4Xfj5k4IKN9IXpqY860ar0HFNRIXUjHj
v2rfTkafZpzKY+XFSPFmjabbyknr1shZ5He+m1NOlay8oe2XdNkd88R/yxxxtMHP
IwF0lsgC5QVsuY8b8moVgMYp3tkFMg0ChtY4+i6fopXAhLN99MJU2Vn0F2rmFQJb
YG/dWKLosXEDqPcwNR/PHDw2/4e9+7r2EuSU0XjosZA23UYTRiujJzlO8mmr4YFA
q2I4DqORwFOtJkgioeuiFVf+8cllAim/89s+TthiL1mGnMgjO89ltGhilwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJj7vKWoiynCUdRO0Fn2l2fVrnyvMB8GA1UdIwQY
MBaAFMji0fMlfPrg/+Zzwfd1NGUzEvBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU9MUjh5VjgtdURfNW5QQjkzVTBaVE1TOEdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9kMGU4MjQtZjdkMy00ZjBkLWJkZDQt
Yjk2MjhhMjRkOWQxLzEvbVB1OHBhaUxLY0pSMUU3UVdmYVhaOVd1Zks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9kMGU4MjQtZjdkMy00ZjBkLWJkZDQtYjk2MjhhMjRkOWQx
LzEveU9MUjh5VjgtdURfNW5QQjkzVTBaVE1TOEdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaLQMA0G
CSqGSIb3DQEBCwUAA4IBAQA7WrohKZOJ3HNOOFED3VZzoe3sya6Foriv8ALhYlyC
5ohBSy+x4Uskxd5jX0lHT244gNkfQp3JX/FIwC8T509mSdVW+qZHB6ZFitOh+XkX
15iL0Kg1ZVZiq67pz/nFMq+2HUfIi0O2rR8ybA/448mPlSpmGkQ57Z03WXyQ/dsp
98hHNCB33FG+s8H8pwsS1i1BasIIkrF+uxdHefCA8xW3xLHDUk13d08Yzl/UIpBd
gGNNG6UlmHikw3xMkoVMUm6nNLtDZoarkY3lAAikd5s/z8fwCtJb3z60GLF2aZ/B
321FB+J3OXADHu0Q3bH1h8LK/Qvq2DaaiiMtV206Kg7f
-----END CERTIFICATE-----