Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/oJW6ASsURMYSfzLxAE_s1LjhP7s.roa
File:                     oJW6ASsURMYSfzLxAE_s1LjhP7s.roa (raw, json)
Hash identifier:          JpQaQ7nCa6ynkpGewMESmDjngVGw+vS8qUiZ05Qolpg=
Subject key identifier:   A0:95:BA:01:2B:14:44:C6:12:7F:32:F1:00:4F:EC:D4:B8:E1:3F:BB
Certificate issuer:       /CN=67bf353715a34dda28605fdcf7b7ae806d31159c
Certificate serial:       018CC5DC2216EB84C1994A7E30DD35CD48CF
Authority key identifier: 67:BF:35:37:15:A3:4D:DA:28:60:5F:DC:F7:B7:AE:80:6D:31:15:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z781NxWjTdooYF_c97eugG0xFZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/oJW6ASsURMYSfzLxAE_s1LjhP7s.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45040
IP address blocks:        185.216.160.0/22 maxlen: 22
                          2a0b:b9c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/Z781NxWjTdooYF_c97eugG0xFZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/Z781NxWjTdooYF_c97eugG0xFZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z781NxWjTdooYF_c97eugG0xFZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:22:16:eb:84:c1:99:4a:7e:30:dd:35:cd:48:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67bf353715a34dda28605fdcf7b7ae806d31159c
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a095ba012b1444c6127f32f1004fecd4b8e13fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f8:38:e1:cc:a8:a2:fb:0e:69:98:26:b3:ec:
                    ed:8b:95:4f:98:11:38:7e:85:27:15:c3:8e:5c:aa:
                    72:5d:a5:da:8f:02:db:da:64:e8:a7:c7:35:cb:10:
                    72:06:3d:38:0b:ee:06:77:3e:91:51:3b:f6:69:2a:
                    16:09:73:30:d1:e9:18:a8:d5:f9:e1:6e:46:8c:3e:
                    ff:15:90:eb:1f:a1:86:de:45:b3:87:a3:46:2b:86:
                    78:60:6f:65:b5:6c:a6:19:28:4c:72:d5:42:ba:61:
                    16:40:88:d1:67:1c:72:ab:99:ed:23:8f:cc:82:a7:
                    2f:df:f0:ba:07:83:0f:03:2f:ed:10:11:7a:72:b8:
                    df:ac:4b:a2:16:ec:f5:2a:27:7f:0f:46:14:46:6c:
                    0d:4a:66:b7:ef:fe:ff:6d:14:69:9d:55:33:0b:0f:
                    79:2c:ae:61:43:dc:21:78:6b:b3:9b:46:21:9e:97:
                    d8:30:34:56:84:74:10:57:90:2e:87:14:be:f4:5c:
                    bd:51:8c:ad:bb:4d:eb:f6:39:ee:b8:71:c4:4b:02:
                    6a:63:d3:d0:31:5c:98:ea:32:f3:56:f9:92:c1:0a:
                    29:33:fe:9a:9f:fe:0b:c7:22:fa:02:f1:4f:a6:12:
                    d1:34:b8:70:2d:e5:66:0b:26:97:88:95:08:9a:e3:
                    77:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:95:BA:01:2B:14:44:C6:12:7F:32:F1:00:4F:EC:D4:B8:E1:3F:BB
            X509v3 Authority Key Identifier:
                keyid:67:BF:35:37:15:A3:4D:DA:28:60:5F:DC:F7:B7:AE:80:6D:31:15:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z781NxWjTdooYF_c97eugG0xFZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/oJW6ASsURMYSfzLxAE_s1LjhP7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/701933-8450-49ca-a3ef-69d8092b54e1/1/Z781NxWjTdooYF_c97eugG0xFZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.160.0/22
                IPv6:
                  2a0b:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:d4:71:b3:0a:ca:82:c0:73:73:b0:fa:e9:dc:cd:69:57:39:
         62:c8:48:76:cb:a0:7a:8c:29:d6:99:88:f9:c9:a2:92:14:75:
         9c:43:84:b1:55:28:df:c5:ce:1e:69:7a:72:39:8d:6e:3b:0e:
         95:6d:ee:48:77:2b:de:0d:a4:6c:c7:87:67:3a:d4:96:54:24:
         73:86:4e:61:f9:3b:b2:c4:d4:a8:09:f7:20:b1:00:90:7e:78:
         db:46:81:e2:67:26:70:40:33:63:50:3b:da:9f:59:52:73:ab:
         30:66:d3:ac:72:43:e3:b1:71:64:01:cf:2b:fd:6b:e6:22:6e:
         a5:7f:42:57:89:ae:22:b1:ec:b6:c9:64:e5:f4:b8:72:57:ea:
         33:1d:d2:12:b4:44:e8:47:86:22:aa:a8:46:8d:f2:1b:9a:ec:
         89:9d:db:09:6f:7a:c4:3b:45:87:b9:11:bb:0b:aa:af:d8:c5:
         1e:6c:bf:7a:30:a5:22:2a:cc:4c:b0:5f:bf:8d:7e:4f:5a:1e:
         c2:a9:bf:cf:84:fd:f9:cf:6f:46:02:82:c3:eb:17:05:b0:9e:
         17:56:19:55:10:3c:05:15:d1:17:d5:68:f7:8c:2b:80:7a:5f:
         16:9b:fb:7e:5c:29:51:43:87:1f:d7:0c:df:ec:d5:31:c2:f4:
         81:cc:9a:70
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3CIW64TBmUp+MN01zUjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YmYzNTM3MTVhMzRkZGEyODYwNWZkY2Y3YjdhZTgwNmQz
MTE1OWMwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk1YmEwMTJiMTQ0NGM2MTI3ZjMyZjEwMDRmZWNkNGI4ZTEzZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPg44cyoovsOaZgms+zti5VPmBE4
foUnFcOOXKpyXaXajwLb2mTop8c1yxByBj04C+4Gdz6RUTv2aSoWCXMw0ekYqNX5
4W5GjD7/FZDrH6GG3kWzh6NGK4Z4YG9ltWymGShMctVCumEWQIjRZxxyq5ntI4/M
gqcv3/C6B4MPAy/tEBF6crjfrEuiFuz1Kid/D0YURmwNSma37/7/bRRpnVUzCw95
LK5hQ9wheGuzm0YhnpfYMDRWhHQQV5AuhxS+9Fy9UYytu03r9jnuuHHESwJqY9PQ
MVyY6jLzVvmSwQopM/6an/4LxyL6AvFPphLRNLhwLeVmCyaXiJUImuN3VwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKCVugErFETGEn8y8QBP7NS44T+7MB8GA1UdIwQY
MBaAFGe/NTcVo03aKGBf3Pe3roBtMRWcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjc4MU54V2pUZG9vWUZfYzk3ZXVnRzB4Rlp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83MDE5MzMtODQ1MC00OWNhLWEzZWYt
NjlkODA5MmI1NGUxLzEvb0pXNkFTc1VSTVlTZnpMeEFFX3MxTGpoUDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83MDE5MzMtODQ1MC00OWNhLWEzZWYtNjlkODA5MmI1NGUx
LzEvWjc4MU54V2pUZG9vWUZfYzk3ZXVnRzB4Rlp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudigMA0E
AgACMAcDBQAqC7nAMA0GCSqGSIb3DQEBCwUAA4IBAQBA1HGzCsqCwHNzsPrp3M1p
VzliyEh2y6B6jCnWmYj5yaKSFHWcQ4SxVSjfxc4eaXpyOY1uOw6Vbe5IdyveDaRs
x4dnOtSWVCRzhk5h+TuyxNSoCfcgsQCQfnjbRoHiZyZwQDNjUDvan1lSc6swZtOs
ckPjsXFkAc8r/WvmIm6lf0JXia4isey2yWTl9LhyV+ozHdIStEToR4YiqqhGjfIb
muyJndsJb3rEO0WHuRG7C6qv2MUebL96MKUiKsxMsF+/jX5PWh7Cqb/PhP35z29G
AoLD6xcFsJ4XVhlVEDwFFdEX1Wj3jCuAel8Wm/t+XClRQ4cf1wzf7NUxwvSBzJpw
-----END CERTIFICATE-----