Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/i5KQ6jHNqangp8-QlV-6J6NAZV8.roa
File:                     i5KQ6jHNqangp8-QlV-6J6NAZV8.roa (raw, json)
Hash identifier:          h+Gss1x6ya61mctglIz5YTfCJYgswah+MXpzRbLDH8Y=
Subject key identifier:   8B:92:90:EA:31:CD:A9:A9:E0:A7:CF:90:95:5F:BA:27:A3:40:65:5F
Certificate issuer:       /CN=95571d88b53965a7d081f3b1d8289cbc28775b88
Certificate serial:       018FCD9367CD63EEE2CE29D25A7ADC92F782
Authority key identifier: 95:57:1D:88:B5:39:65:A7:D0:81:F3:B1:D8:28:9C:BC:28:77:5B:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lVcdiLU5ZafQgfOx2CicvCh3W4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/i5KQ6jHNqangp8-QlV-6J6NAZV8.roa
Signing time:             Fri 31 May 2024 07:35:40 +0000
ROA not before:           Fri 31 May 2024 07:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.68.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/lVcdiLU5ZafQgfOx2CicvCh3W4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/lVcdiLU5ZafQgfOx2CicvCh3W4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lVcdiLU5ZafQgfOx2CicvCh3W4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cd:93:67:cd:63:ee:e2:ce:29:d2:5a:7a:dc:92:f7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95571d88b53965a7d081f3b1d8289cbc28775b88
        Validity
            Not Before: May 31 07:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b9290ea31cda9a9e0a7cf90955fba27a340655f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6a:7f:82:94:88:14:07:8f:b7:ce:ee:67:70:
                    66:43:8c:d4:fb:17:5d:30:b3:43:02:33:5d:37:bd:
                    d2:39:c8:25:b0:06:bc:d4:e2:42:0e:22:fb:4c:f7:
                    b5:ef:81:43:95:b7:05:d6:2d:35:f4:fc:d3:5f:5c:
                    da:5e:cb:aa:c2:87:4d:01:e9:f6:2f:d6:9f:ed:f2:
                    98:90:a6:95:3c:f9:c6:43:e7:c0:58:bb:c6:60:c9:
                    0d:62:2c:1f:75:18:16:a3:4b:b5:a1:19:98:21:71:
                    b0:9a:58:d9:67:6f:82:88:1d:10:d7:af:6a:3a:2d:
                    a4:4a:eb:2a:b3:26:f4:7f:3a:2b:39:cd:42:a9:db:
                    a1:31:00:da:2f:d2:d2:8e:1d:31:9c:3a:54:fc:ba:
                    06:68:f6:2e:8c:f6:87:71:49:a2:99:d3:78:c2:80:
                    60:f0:f2:ee:d3:7e:3d:16:8d:f3:d7:ed:ea:93:e0:
                    e3:3e:40:f3:7f:7a:8a:e4:50:17:76:e4:37:b4:d5:
                    aa:1c:f7:c2:5c:8e:b1:ca:e1:9f:7d:09:be:9a:00:
                    33:71:08:cf:9b:05:56:33:95:f7:1a:09:31:55:7c:
                    f3:12:a0:63:55:8e:22:6e:21:af:61:91:6c:7d:00:
                    b0:8d:fa:17:aa:56:64:c7:e8:c8:5c:e9:74:55:1e:
                    cd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:92:90:EA:31:CD:A9:A9:E0:A7:CF:90:95:5F:BA:27:A3:40:65:5F
            X509v3 Authority Key Identifier:
                keyid:95:57:1D:88:B5:39:65:A7:D0:81:F3:B1:D8:28:9C:BC:28:77:5B:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lVcdiLU5ZafQgfOx2CicvCh3W4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/i5KQ6jHNqangp8-QlV-6J6NAZV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/lVcdiLU5ZafQgfOx2CicvCh3W4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:0d:e8:28:ce:ed:ff:3a:8c:48:b0:8d:09:6a:7b:02:bc:b5:
         5d:aa:0e:04:8c:33:90:18:62:0a:33:14:96:0a:98:2a:f1:c5:
         c5:64:eb:d9:30:1d:15:0f:0e:b4:06:46:26:2f:01:2e:c4:ad:
         2d:bf:d2:a9:ac:2f:7c:d4:a1:2c:a6:70:d9:04:85:c1:c9:5b:
         01:37:d3:4d:4a:dd:58:a6:7c:11:14:4c:5b:ae:03:d4:8e:09:
         87:99:da:98:45:54:40:af:70:61:0b:29:6e:1f:fd:af:81:58:
         e2:fb:b5:81:c8:a2:6d:75:62:51:0f:6d:24:74:3d:0c:f0:69:
         e7:57:ed:d1:3b:2b:4f:a2:b7:be:d4:39:ee:ca:ff:d8:88:0c:
         69:b3:5c:5e:16:69:3b:22:ca:31:c4:ec:ee:fd:96:78:f1:eb:
         f9:e7:b0:5b:04:52:79:77:39:72:b8:b6:91:cc:17:8b:19:64:
         eb:a6:04:e1:a3:af:96:56:9f:6c:92:58:0d:8e:cc:73:32:57:
         43:35:5a:77:54:59:3f:99:fa:cc:69:79:1b:bb:5c:94:92:44:
         99:08:4e:2e:de:eb:4e:bd:32:94:80:9e:c9:86:75:8f:14:8a:
         f4:a6:f0:7a:82:28:fd:2c:b8:43:ce:ee:ae:03:75:5b:45:c5:
         70:cb:74:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Nk2fNY+7izinSWnrckveCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NTcxZDg4YjUzOTY1YTdkMDgxZjNiMWQ4Mjg5Y2JjMjg3
NzViODgwHhcNMjQwNTMxMDczNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkyOTBlYTMxY2RhOWE5ZTBhN2NmOTA5NTVmYmEyN2EzNDA2NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2p/gpSIFAePt87uZ3BmQ4zU+xdd
MLNDAjNdN73SOcglsAa81OJCDiL7TPe174FDlbcF1i019PzTX1zaXsuqwodNAen2
L9af7fKYkKaVPPnGQ+fAWLvGYMkNYiwfdRgWo0u1oRmYIXGwmljZZ2+CiB0Q169q
Oi2kSusqsyb0fzorOc1CqduhMQDaL9LSjh0xnDpU/LoGaPYujPaHcUmimdN4woBg
8PLu0349Fo3z1+3qk+DjPkDzf3qK5FAXduQ3tNWqHPfCXI6xyuGffQm+mgAzcQjP
mwVWM5X3GgkxVXzzEqBjVY4ibiGvYZFsfQCwjfoXqlZkx+jIXOl0VR7NJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuSkOoxzamp4KfPkJVfuiejQGVfMB8GA1UdIwQY
MBaAFJVXHYi1OWWn0IHzsdgonLwod1uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZjZGlMVTVaYWZRZ2ZPeDJDaWN2Q2gzVzRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iM2Y5OTMtZDAzYi00YjEzLTgxYWYt
YWE2MjI5Njk4NDYxLzEvaTVLUTZqSE5xYW5ncDgtUWxWLTZKNk5BWlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iM2Y5OTMtZDAzYi00YjEzLTgxYWYtYWE2MjI5Njk4NDYx
LzEvbFZjZGlMVTVaYWZRZ2ZPeDJDaWN2Q2gzVzRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUSIMA0G
CSqGSIb3DQEBCwUAA4IBAQCpDegozu3/OoxIsI0JansCvLVdqg4EjDOQGGIKMxSW
Cpgq8cXFZOvZMB0VDw60BkYmLwEuxK0tv9KprC981KEspnDZBIXByVsBN9NNSt1Y
pnwRFExbrgPUjgmHmdqYRVRAr3BhCyluH/2vgVji+7WByKJtdWJRD20kdD0M8Gnn
V+3ROytPore+1Dnuyv/YiAxps1xeFmk7IsoxxOzu/ZZ48ev557BbBFJ5dzlyuLaR
zBeLGWTrpgTho6+WVp9sklgNjsxzMldDNVp3VFk/mfrMaXkbu1yUkkSZCE4u3utO
vTKUgJ7JhnWPFIr0pvB6gij9LLhDzu6uA3VbRcVwy3TJ
-----END CERTIFICATE-----