Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/SDo5BpnN2Z2dkbdOu07iGQhfeOw.roa
File:                     SDo5BpnN2Z2dkbdOu07iGQhfeOw.roa (raw, json)
Hash identifier:          2bL63vK+wd0LrGnqGTgDGN7m2PX0zc2TP5+Tqc4Txag=
Subject key identifier:   48:3A:39:06:99:CD:D9:9D:9D:91:B7:4E:BB:4E:E2:19:08:5F:78:EC
Certificate issuer:       /CN=b78cddbfc76bda26a029ea80c8987798745f1f02
Certificate serial:       018CC8DED5E3910D1F9F81602C46F7B08B4C
Authority key identifier: B7:8C:DD:BF:C7:6B:DA:26:A0:29:EA:80:C8:98:77:98:74:5F:1F:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/SDo5BpnN2Z2dkbdOu07iGQhfeOw.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.215.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d5:e3:91:0d:1f:9f:81:60:2c:46:f7:b0:8b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78cddbfc76bda26a029ea80c8987798745f1f02
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=483a390699cdd99d9d91b74ebb4ee219085f78ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:65:be:fc:be:80:21:ea:c1:66:91:d3:e5:95:
                    5a:02:d3:f6:80:fa:7a:39:35:b6:c6:ab:bd:8d:f3:
                    ef:5c:8d:f6:89:c5:09:88:87:d3:69:c1:f6:7d:d2:
                    46:30:69:b1:c0:5c:fd:ac:e5:59:27:27:32:73:09:
                    ab:25:8b:eb:f1:f3:6e:de:a7:90:31:2a:e6:13:d3:
                    2c:a6:3b:a9:17:5b:8f:e4:c7:f0:ff:62:a7:d7:c1:
                    50:7c:d3:31:0e:00:00:d8:ba:b0:62:20:88:a0:a6:
                    6a:84:fe:d5:1c:6d:90:a0:85:fd:cc:43:02:ab:08:
                    b9:41:47:47:f6:d1:ed:57:aa:41:e2:2f:25:6c:b2:
                    ef:d2:b1:66:02:99:d9:51:5d:be:a0:95:c8:9c:84:
                    c7:4c:68:9d:d4:71:28:5a:26:9c:40:92:40:12:61:
                    3e:22:d1:e3:47:56:c6:33:d2:35:44:dc:75:e5:d9:
                    2b:0d:da:e2:92:f1:a8:49:25:4e:41:be:d2:df:6d:
                    50:97:cc:b6:eb:e4:8b:52:85:4e:97:8c:a8:c9:4c:
                    7d:d3:96:d3:ea:29:00:8c:af:e6:e7:3b:d8:91:ab:
                    c9:73:d1:6f:68:54:56:0f:11:f7:78:74:e2:2c:2e:
                    47:b5:03:1c:c2:b5:5f:b0:be:1b:8c:8f:cc:7a:00:
                    1c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:3A:39:06:99:CD:D9:9D:9D:91:B7:4E:BB:4E:E2:19:08:5F:78:EC
            X509v3 Authority Key Identifier:
                keyid:B7:8C:DD:BF:C7:6B:DA:26:A0:29:EA:80:C8:98:77:98:74:5F:1F:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/SDo5BpnN2Z2dkbdOu07iGQhfeOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:9e:cb:54:0f:39:0a:65:86:5c:77:fb:3e:50:e7:6d:6c:a8:
         f9:c1:19:27:00:de:f4:01:96:7e:6c:14:9f:d5:82:76:66:36:
         9f:6e:52:ff:9f:7d:fa:1a:dd:32:65:94:d3:d1:da:1b:6b:bd:
         55:f0:31:7c:87:0d:08:61:57:76:41:84:10:6c:cd:19:8f:c1:
         99:52:27:12:91:36:c9:44:87:6c:03:33:03:d7:c0:1e:9c:3b:
         ee:81:4b:09:a5:08:3f:ba:ba:2e:2b:4c:11:97:0a:71:16:60:
         51:51:b5:9f:b3:63:9c:d6:14:c0:a6:f8:74:8e:6f:fc:ec:88:
         e3:68:6e:fd:10:e4:e3:1b:ef:e1:55:20:04:a0:11:ff:f8:4f:
         ac:95:91:10:7c:49:9c:23:b4:18:27:e5:ab:5e:71:c1:96:e1:
         a1:cd:fa:8c:ea:c9:50:b8:e5:0d:09:df:04:eb:d9:8d:49:00:
         c7:82:5e:66:ca:b6:e6:b9:df:48:5c:70:5c:d5:61:d6:be:34:
         ef:06:05:6c:2c:55:aa:ad:c0:b5:52:ef:6c:e2:18:05:7f:ab:
         c2:a3:d3:c5:e6:fa:fb:eb:06:fd:66:46:90:ac:48:1b:af:e7:
         eb:94:41:04:3c:c7:43:64:88:1e:56:45:ac:9e:a4:c2:54:b5:
         64:e5:c9:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tXjkQ0fn4FgLEb3sItMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OGNkZGJmYzc2YmRhMjZhMDI5ZWE4MGM4OTg3Nzk4NzQ1
ZjFmMDIwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODNhMzkwNjk5Y2RkOTlkOWQ5MWI3NGViYjRlZTIxOTA4NWY3OGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmW+/L6AIerBZpHT5ZVaAtP2gPp6
OTW2xqu9jfPvXI32icUJiIfTacH2fdJGMGmxwFz9rOVZJycycwmrJYvr8fNu3qeQ
MSrmE9MspjupF1uP5Mfw/2Kn18FQfNMxDgAA2LqwYiCIoKZqhP7VHG2QoIX9zEMC
qwi5QUdH9tHtV6pB4i8lbLLv0rFmApnZUV2+oJXInITHTGid1HEoWiacQJJAEmE+
ItHjR1bGM9I1RNx15dkrDdrikvGoSSVOQb7S321Ql8y26+SLUoVOl4yoyUx905bT
6ikAjK/m5zvYkavJc9FvaFRWDxH3eHTiLC5HtQMcwrVfsL4bjI/MegAckwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEg6OQaZzdmdnZG3TrtO4hkIX3jsMB8GA1UdIwQY
MBaAFLeM3b/Ha9omoCnqgMiYd5h0Xx8CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDR6ZHY4ZHIyaWFnS2VxQXlKaDNtSFJmSHdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMGI4ZTktZTdkNC00MGNjLWFkNWYt
M2M3NDEyMjBlYTAwLzEvU0RvNUJwbk4yWjJka2JkT3UwN2lHUWhmZU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMGI4ZTktZTdkNC00MGNjLWFkNWYtM2M3NDEyMjBlYTAw
LzEvdDR6ZHY4ZHIyaWFnS2VxQXlKaDNtSFJmSHdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuddzMA0G
CSqGSIb3DQEBCwUAA4IBAQCxnstUDzkKZYZcd/s+UOdtbKj5wRknAN70AZZ+bBSf
1YJ2ZjafblL/n336Gt0yZZTT0doba71V8DF8hw0IYVd2QYQQbM0Zj8GZUicSkTbJ
RIdsAzMD18AenDvugUsJpQg/urouK0wRlwpxFmBRUbWfs2Oc1hTApvh0jm/87Ijj
aG79EOTjG+/hVSAEoBH/+E+slZEQfEmcI7QYJ+WrXnHBluGhzfqM6slQuOUNCd8E
69mNSQDHgl5myrbmud9IXHBc1WHWvjTvBgVsLFWqrcC1Uu9s4hgFf6vCo9PF5vr7
6wb9ZkaQrEgbr+frlEEEPMdDZIgeVkWsnqTCVLVk5cmS
-----END CERTIFICATE-----