Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/4EPwSBuCr2Myig3q53sADtC5kXE.roa
File:                     4EPwSBuCr2Myig3q53sADtC5kXE.roa (raw, json)
Hash identifier:          Y2/KvQUwGukvpm5ANnSg8bOhNs6SjaEKEdLM/XvXOpM=
Subject key identifier:   E0:43:F0:48:1B:82:AF:63:32:8A:0D:EA:E7:7B:00:0E:D0:B9:91:71
Certificate issuer:       /CN=348566061e368caff1881be2bac6737dfd3c1dba
Certificate serial:       018CC4247E77859A59160C633A67E4A640A2
Authority key identifier: 34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/4EPwSBuCr2Myig3q53sADtC5kXE.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206521
IP address blocks:        185.140.157.0/24 maxlen: 24
                          185.140.156.0/24 maxlen: 24
                          185.140.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:77:85:9a:59:16:0c:63:3a:67:e4:a6:40:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=348566061e368caff1881be2bac6737dfd3c1dba
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e043f0481b82af63328a0deae77b000ed0b99171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:43:3d:3b:61:4f:db:d1:ea:c6:06:bc:68:
                    4c:68:61:7d:ec:a6:c0:4d:69:34:44:cf:98:ed:04:
                    9b:28:a5:8f:9e:2b:8d:e1:68:77:e3:7f:51:2b:87:
                    6d:dc:4d:7c:e8:a0:d3:c5:d8:8d:d2:83:fe:77:bc:
                    e0:a6:16:7e:ab:a2:05:d3:07:0b:99:01:28:9f:06:
                    d3:fe:50:cb:11:84:26:89:83:2c:7f:02:bd:ca:8f:
                    68:bc:fb:1a:0a:90:40:a4:ac:20:cf:c4:8a:e1:48:
                    c0:ee:3b:12:81:90:79:75:8c:cc:2e:59:c9:6d:82:
                    e8:6b:4f:5a:51:38:3e:53:45:5c:35:fe:61:9d:5d:
                    29:30:45:c3:0b:24:98:c6:15:df:ac:b3:9f:c4:b7:
                    4b:60:16:32:7e:22:87:1b:67:a3:13:41:ad:28:d9:
                    48:64:db:4c:3d:51:c1:96:37:29:d3:59:96:1a:6f:
                    e8:c1:55:0f:af:57:9e:0d:67:c3:75:30:a3:01:b2:
                    a8:0e:95:19:59:95:24:16:47:cc:40:e5:20:e7:83:
                    5e:3b:02:6e:8d:ed:d5:65:49:dc:b0:e5:6f:17:b5:
                    b2:7b:8e:96:e7:51:25:5a:3f:36:33:ba:8e:84:a1:
                    b6:62:ff:9c:3e:6c:41:3e:c8:64:8e:3d:fa:96:bb:
                    89:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:43:F0:48:1B:82:AF:63:32:8A:0D:EA:E7:7B:00:0E:D0:B9:91:71
            X509v3 Authority Key Identifier:
                keyid:34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/4EPwSBuCr2Myig3q53sADtC5kXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:05:83:fb:be:61:cb:c8:fd:c6:ad:74:b0:f2:b5:17:c9:57:
         6c:0e:1a:a4:a4:a6:e8:e5:7c:14:b5:30:b1:2b:72:b9:55:84:
         48:58:eb:c0:57:fc:35:29:42:49:5a:41:13:0b:ad:87:91:73:
         f3:6d:86:41:55:25:fa:59:d2:b9:cc:e7:0f:91:2e:5f:51:4e:
         a8:59:f7:c7:c4:bb:09:cb:e5:02:12:50:0a:b8:0a:fb:e9:74:
         90:57:fc:13:f5:46:92:0c:24:ca:ca:2f:ce:c9:7f:8f:d1:d5:
         27:df:6d:00:ca:68:19:87:b9:3d:0b:6b:9a:a5:87:56:81:e2:
         66:a6:6d:75:a4:21:09:a6:f5:d9:0a:c5:6c:0b:15:9a:dd:f0:
         b0:9f:f5:b1:f1:50:54:fc:55:0b:9c:20:af:91:b5:76:e5:50:
         d6:66:1a:9c:69:76:e7:9e:80:c7:ff:36:ad:df:0f:9a:7c:16:
         d5:38:ea:7b:56:cf:62:54:c7:45:62:f9:82:f9:04:45:0d:05:
         87:b2:d6:2d:f8:08:37:e3:ac:7e:b6:37:8f:50:29:40:5b:9a:
         eb:28:59:43:94:3a:6e:a9:64:3c:d8:2e:ab:73:a6:d3:a8:dc:
         ec:17:c9:1c:e6:fe:c9:d3:3f:f3:ac:d0:b7:12:a1:95:af:e9:
         db:56:8f:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJH53hZpZFgxjOmfkpkCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODU2NjA2MWUzNjhjYWZmMTg4MWJlMmJhYzY3MzdkZmQz
YzFkYmEwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQzZjA0ODFiODJhZjYzMzI4YTBkZWFlNzdiMDAwZWQwYjk5MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1hDPTthT9vR6sYGvGhMaGF97KbA
TWk0RM+Y7QSbKKWPniuN4Wh3439RK4dt3E186KDTxdiN0oP+d7zgphZ+q6IF0wcL
mQEonwbT/lDLEYQmiYMsfwK9yo9ovPsaCpBApKwgz8SK4UjA7jsSgZB5dYzMLlnJ
bYLoa09aUTg+U0VcNf5hnV0pMEXDCySYxhXfrLOfxLdLYBYyfiKHG2ejE0GtKNlI
ZNtMPVHBljcp01mWGm/owVUPr1eeDWfDdTCjAbKoDpUZWZUkFkfMQOUg54NeOwJu
je3VZUncsOVvF7Wye46W51ElWj82M7qOhKG2Yv+cPmxBPshkjj36lruJ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBD8Egbgq9jMooN6ud7AA7QuZFxMB8GA1UdIwQY
MBaAFDSFZgYeNoyv8Ygb4rrGc339PB26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUt
MDYyNzBlYTgyMTU0LzEvNEVQd1NCdUNyMk15aWczcTUzc0FEdEM1a1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUtMDYyNzBlYTgyMTU0
LzEvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYycMA0G
CSqGSIb3DQEBCwUAA4IBAQA2BYP7vmHLyP3GrXSw8rUXyVdsDhqkpKbo5XwUtTCx
K3K5VYRIWOvAV/w1KUJJWkETC62HkXPzbYZBVSX6WdK5zOcPkS5fUU6oWffHxLsJ
y+UCElAKuAr76XSQV/wT9UaSDCTKyi/OyX+P0dUn320AymgZh7k9C2uapYdWgeJm
pm11pCEJpvXZCsVsCxWa3fCwn/Wx8VBU/FULnCCvkbV25VDWZhqcaXbnnoDH/zat
3w+afBbVOOp7Vs9iVMdFYvmC+QRFDQWHstYt+Ag346x+tjePUClAW5rrKFlDlDpu
qWQ82C6rc6bTqNzsF8kc5v7J0z/zrNC3EqGVr+nbVo+4
-----END CERTIFICATE-----