Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/B5WdsEkW5-OF5-zWm3HdrWn2w6Y.roa
File:                     B5WdsEkW5-OF5-zWm3HdrWn2w6Y.roa (raw, json)
Hash identifier:          lSv/o4e6WbsrzmKM+yeNHbtxUnmuLlnBUaM8nO9pvMI=
Subject key identifier:   07:95:9D:B0:49:16:E7:E3:85:E7:EC:D6:9B:71:DD:AD:69:F6:C3:A6
Certificate issuer:       /CN=83609f2b9d2486f36e8cd29dfa2a756a48de7c51
Certificate serial:       018CC9BCC43703882BC09D72887F635051A5
Authority key identifier: 83:60:9F:2B:9D:24:86:F3:6E:8C:D2:9D:FA:2A:75:6A:48:DE:7C:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2CfK50khvNujNKd-ip1akjefFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/B5WdsEkW5-OF5-zWm3HdrWn2w6Y.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.226.161.0/24 maxlen: 24
                          185.226.160.0/24 maxlen: 24
                          185.226.163.0/24 maxlen: 24
                          185.226.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/g2CfK50khvNujNKd-ip1akjefFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/g2CfK50khvNujNKd-ip1akjefFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2CfK50khvNujNKd-ip1akjefFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c4:37:03:88:2b:c0:9d:72:88:7f:63:50:51:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83609f2b9d2486f36e8cd29dfa2a756a48de7c51
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07959db04916e7e385e7ecd69b71ddad69f6c3a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:43:39:04:9d:38:46:47:82:dd:55:bb:71:33:
                    7f:0f:c4:57:1f:6c:f9:30:3d:7e:65:a4:66:64:97:
                    a4:84:f8:ac:32:be:92:08:e8:21:3e:c9:c9:68:e4:
                    28:96:04:61:b2:48:43:17:9a:a6:c7:cb:ae:c9:9d:
                    27:e1:1c:16:b9:50:4f:67:57:d3:47:a7:13:e4:60:
                    ee:ae:53:0d:c5:b7:08:2d:16:fb:b4:77:ea:e8:ac:
                    f2:ee:d7:9a:18:b3:25:94:51:0b:3f:f9:fe:d7:54:
                    49:f0:b7:39:c6:8a:f5:eb:69:17:49:55:fc:61:a0:
                    22:db:2f:c4:4d:6e:7d:41:0d:bd:e3:ee:66:63:b4:
                    9b:d5:44:68:43:30:6e:d1:9d:14:63:cd:48:9e:a2:
                    fb:48:db:73:8d:9b:a0:ee:a4:02:43:50:e8:31:aa:
                    d5:14:91:8f:9d:40:53:74:51:b8:19:d8:de:ee:92:
                    00:6d:e6:51:88:f9:73:4f:7b:86:7e:ad:47:31:90:
                    fd:de:73:39:b0:bc:0c:d9:96:63:70:ab:09:b2:3e:
                    cf:f4:f5:07:f5:c1:d7:69:f8:38:4d:43:70:f3:f4:
                    df:b9:9e:5c:cf:e3:cf:d5:86:9e:17:60:d1:c4:2f:
                    04:41:71:3d:64:33:0e:93:8a:04:3f:d1:2f:27:24:
                    c2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:95:9D:B0:49:16:E7:E3:85:E7:EC:D6:9B:71:DD:AD:69:F6:C3:A6
            X509v3 Authority Key Identifier:
                keyid:83:60:9F:2B:9D:24:86:F3:6E:8C:D2:9D:FA:2A:75:6A:48:DE:7C:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2CfK50khvNujNKd-ip1akjefFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/B5WdsEkW5-OF5-zWm3HdrWn2w6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/d6ec3b-e717-4c3d-b0ae-5e60f6da2b09/1/g2CfK50khvNujNKd-ip1akjefFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:f7:96:03:26:8f:35:18:09:f8:09:78:a4:9f:a7:dc:39:74:
         b4:1e:bf:65:2a:8a:e5:e8:30:39:9e:f5:a8:6b:49:5f:88:df:
         2f:3d:7b:eb:61:86:4e:b0:3a:9f:af:75:b1:28:8c:b9:f5:97:
         c3:6c:2c:94:76:1a:91:f2:4b:67:6e:af:3a:f8:74:99:fe:b8:
         8e:7c:9e:39:d8:05:d3:f9:ed:0a:d2:fc:37:09:34:1c:22:bf:
         87:f3:c4:ba:96:8f:e2:c7:61:b3:93:28:84:19:79:20:27:57:
         22:55:c2:a7:78:cf:ea:19:ff:46:e2:bc:72:9e:7c:55:20:4b:
         04:ca:9d:76:ce:1b:cb:2a:54:98:b5:cd:b9:ae:f1:fd:a4:38:
         db:38:89:9e:f9:a1:88:bf:bc:01:ff:86:92:20:e1:8f:a4:53:
         ab:d4:20:74:c0:17:bc:0b:d4:83:f7:62:02:9f:0d:3f:7a:57:
         ae:9f:4f:b4:9c:14:23:d8:39:5e:56:27:1c:66:0b:72:d2:44:
         41:82:f6:12:9e:a6:b4:43:6f:0a:ce:c1:c6:52:01:02:f0:34:
         f0:9a:8b:0e:a5:e8:29:fc:87:43:2e:a7:80:53:5c:98:53:97:
         81:c3:79:3d:e3:c9:55:fc:8a:6d:2b:89:4d:4d:3e:d5:fb:21:
         a6:76:86:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMQ3A4grwJ1yiH9jUFGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjA5ZjJiOWQyNDg2ZjM2ZThjZDI5ZGZhMmE3NTZhNDhk
ZTdjNTEwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk1OWRiMDQ5MTZlN2UzODVlN2VjZDY5YjcxZGRhZDY5ZjZjM2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUM5BJ04RkeC3VW7cTN/D8RXH2z5
MD1+ZaRmZJekhPisMr6SCOghPsnJaOQolgRhskhDF5qmx8uuyZ0n4RwWuVBPZ1fT
R6cT5GDurlMNxbcILRb7tHfq6Kzy7teaGLMllFELP/n+11RJ8Lc5xor162kXSVX8
YaAi2y/ETW59QQ294+5mY7Sb1URoQzBu0Z0UY81InqL7SNtzjZug7qQCQ1DoMarV
FJGPnUBTdFG4Gdje7pIAbeZRiPlzT3uGfq1HMZD93nM5sLwM2ZZjcKsJsj7P9PUH
9cHXafg4TUNw8/TfuZ5cz+PP1YaeF2DRxC8EQXE9ZDMOk4oEP9EvJyTC3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeVnbBJFufjhefs1ptx3a1p9sOmMB8GA1UdIwQY
MBaAFINgnyudJIbzbozSnfoqdWpI3nxRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJDZks1MGtodk51ak5LZC1pcDFha2plZkZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9kNmVjM2ItZTcxNy00YzNkLWIwYWUt
NWU2MGY2ZGEyYjA5LzEvQjVXZHNFa1c1LU9GNS16V20zSGRyV24ydzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9kNmVjM2ItZTcxNy00YzNkLWIwYWUtNWU2MGY2ZGEyYjA5
LzEvZzJDZks1MGtodk51ak5LZC1pcDFha2plZkZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueKgMA0G
CSqGSIb3DQEBCwUAA4IBAQCG95YDJo81GAn4CXikn6fcOXS0Hr9lKorl6DA5nvWo
a0lfiN8vPXvrYYZOsDqfr3WxKIy59ZfDbCyUdhqR8ktnbq86+HSZ/riOfJ452AXT
+e0K0vw3CTQcIr+H88S6lo/ix2GzkyiEGXkgJ1ciVcKneM/qGf9G4rxynnxVIEsE
yp12zhvLKlSYtc25rvH9pDjbOIme+aGIv7wB/4aSIOGPpFOr1CB0wBe8C9SD92IC
nw0/eleun0+0nBQj2DleViccZgty0kRBgvYSnqa0Q28KzsHGUgEC8DTwmosOpegp
/IdDLqeAU1yYU5eBw3k948lV/IptK4lNTT7V+yGmdoaH
-----END CERTIFICATE-----