Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/dVEck85erDds98_QiV_VXm5io6I.roa
File:                     dVEck85erDds98_QiV_VXm5io6I.roa (raw, json)
Hash identifier:          xFCXKxGOetWSpij9ZTedBT7CQGx783b+tYz63eUTcZ8=
Subject key identifier:   75:51:1C:93:CE:5E:AC:37:6C:F7:CF:D0:89:5F:D5:5E:6E:62:A3:A2
Certificate issuer:       /CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
Certificate serial:       018CC64B3609C28B3D66ED80ADB903DD6652
Authority key identifier: 95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/dVEck85erDds98_QiV_VXm5io6I.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31727
IP address blocks:        185.144.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:36:09:c2:8b:3d:66:ed:80:ad:b9:03:dd:66:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75511c93ce5eac376cf7cfd0895fd55e6e62a3a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c1:20:45:5f:02:6a:62:bf:12:f6:99:8f:a1:
                    b8:1c:62:ac:11:33:a0:92:e4:b3:ed:d6:ac:92:b8:
                    49:b1:bb:27:9b:9f:11:a8:20:88:0f:97:5c:c1:0d:
                    e2:80:07:4e:6c:f1:8d:8f:b3:9a:57:1a:a3:f4:72:
                    78:55:e0:9a:71:33:13:dc:3b:e0:01:c4:84:a0:05:
                    6a:61:0d:8f:b2:48:ee:98:7d:98:0c:70:c3:82:0d:
                    4b:21:78:c7:a7:f0:71:b9:3e:89:b6:a3:59:24:e9:
                    32:bf:49:ed:6d:77:be:89:85:79:de:be:9a:c3:6a:
                    91:69:96:43:13:34:b7:4f:07:61:12:30:04:3a:80:
                    62:85:9f:75:56:e7:f9:b7:37:96:f7:0a:20:24:17:
                    00:95:e6:7a:90:db:2c:ad:9d:dc:a2:a1:e8:86:b9:
                    45:fe:9c:f3:c2:68:7c:89:b2:d7:31:85:29:0e:d8:
                    69:23:ff:5d:7b:7b:e2:e7:30:1c:c8:a9:cd:15:61:
                    b8:00:67:48:f0:9c:84:88:4f:fe:45:50:61:8e:61:
                    ec:8d:33:a4:9d:91:bb:60:dd:98:18:dc:0b:30:74:
                    04:b9:25:20:5d:22:25:65:1a:e4:f1:5f:02:e3:79:
                    f5:8b:78:8f:59:92:c3:a4:1e:13:13:7b:d0:a7:42:
                    fa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:51:1C:93:CE:5E:AC:37:6C:F7:CF:D0:89:5F:D5:5E:6E:62:A3:A2
            X509v3 Authority Key Identifier:
                keyid:95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/dVEck85erDds98_QiV_VXm5io6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b7:5f:75:fa:34:47:fe:f4:3a:76:a4:89:5d:98:62:e2:55:
         8e:a0:cd:e8:12:dc:13:a7:99:c1:84:13:c0:2c:2b:d7:a4:6c:
         c5:17:61:4c:1e:5d:e4:f2:53:01:62:7c:5a:5e:08:d9:4d:86:
         8c:2d:a8:a8:7a:5c:07:25:fa:36:40:da:2a:39:9d:07:b0:fb:
         ff:64:d8:ea:74:b4:53:13:f4:35:e4:f1:84:d5:e8:b7:68:40:
         67:76:83:69:19:68:45:e5:fb:5c:9e:96:fe:87:a7:35:b0:12:
         39:05:54:b9:86:a1:0c:15:ab:95:54:49:35:fe:ad:b1:88:6c:
         1f:1d:2c:7d:60:f1:df:96:e1:6c:60:bc:71:6a:32:7c:0f:5b:
         c9:59:e5:d4:7f:59:19:a4:ab:b8:d7:bf:e2:3d:16:09:02:f8:
         9b:87:64:ed:8b:23:b1:06:b9:60:bc:9f:4b:c1:4a:df:d5:97:
         43:7a:39:c6:b8:8c:1b:4e:3a:17:8d:d9:d1:31:f9:8c:a9:5d:
         04:3b:4b:39:51:91:f5:32:33:94:ef:b6:a8:f1:2c:fd:d5:ff:
         2c:7d:c8:4f:3a:53:3d:b6:d1:4c:17:4e:38:87:04:32:78:1e:
         ba:2c:be:25:f4:52:0c:84:53:04:30:64:be:89:d4:c5:88:10:
         7d:f6:a3:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzYJwos9Zu2ArbkD3WZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YTVhZGY2YWYxZmNjMDU3MGFkZjg1OGZkNWJmYmUyODc5
MWExODYwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTUxMWM5M2NlNWVhYzM3NmNmN2NmZDA4OTVmZDU1ZTZlNjJhM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sEgRV8CamK/EvaZj6G4HGKsETOg
kuSz7daskrhJsbsnm58RqCCID5dcwQ3igAdObPGNj7OaVxqj9HJ4VeCacTMT3Dvg
AcSEoAVqYQ2PskjumH2YDHDDgg1LIXjHp/BxuT6JtqNZJOkyv0ntbXe+iYV53r6a
w2qRaZZDEzS3TwdhEjAEOoBihZ91Vuf5tzeW9wogJBcAleZ6kNssrZ3coqHohrlF
/pzzwmh8ibLXMYUpDthpI/9de3vi5zAcyKnNFWG4AGdI8JyEiE/+RVBhjmHsjTOk
nZG7YN2YGNwLMHQEuSUgXSIlZRrk8V8C43n1i3iPWZLDpB4TE3vQp0L6SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVRHJPOXqw3bPfP0Ilf1V5uYqOiMB8GA1UdIwQY
MBaAFJWlrfavH8wFcK34WP1b++KHkaGGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTIt
MTYxOWQwOGM2OTY1LzEvZFZFY2s4NWVyRGRzOThfUWlWX1ZYbTVpbzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTItMTYxOWQwOGM2OTY1
LzEvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZBuMA0G
CSqGSIb3DQEBCwUAA4IBAQBwt191+jRH/vQ6dqSJXZhi4lWOoM3oEtwTp5nBhBPA
LCvXpGzFF2FMHl3k8lMBYnxaXgjZTYaMLaioelwHJfo2QNoqOZ0HsPv/ZNjqdLRT
E/Q15PGE1ei3aEBndoNpGWhF5ftcnpb+h6c1sBI5BVS5hqEMFauVVEk1/q2xiGwf
HSx9YPHfluFsYLxxajJ8D1vJWeXUf1kZpKu417/iPRYJAvibh2TtiyOxBrlgvJ9L
wUrf1ZdDejnGuIwbTjoXjdnRMfmMqV0EO0s5UZH1MjOU77ao8Sz91f8sfchPOlM9
ttFMF044hwQyeB66LL4l9FIMhFMEMGS+idTFiBB99qNG
-----END CERTIFICATE-----