Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/jMFr7RfBs2FTx8htLVh4P1p41Hg.roa
File:                     jMFr7RfBs2FTx8htLVh4P1p41Hg.roa (raw, json)
Hash identifier:          Hdq1xu6L0sPmUrew62U5ZsWAP+NeORL/7eMhOjX4yGI=
Subject key identifier:   8C:C1:6B:ED:17:C1:B3:61:53:C7:C8:6D:2D:58:78:3F:5A:78:D4:78
Certificate issuer:       /CN=6ebcb57e2d5e40630e193bd5ceb16f1ef18743a3
Certificate serial:       018CC86F1FD27FF4D869D59B4DFFEA34A262
Authority key identifier: 6E:BC:B5:7E:2D:5E:40:63:0E:19:3B:D5:CE:B1:6F:1E:F1:87:43:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/jMFr7RfBs2FTx8htLVh4P1p41Hg.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203609
IP address blocks:        185.129.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1f:d2:7f:f4:d8:69:d5:9b:4d:ff:ea:34:a2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ebcb57e2d5e40630e193bd5ceb16f1ef18743a3
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cc16bed17c1b36153c7c86d2d58783f5a78d478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ce:a0:a7:d9:a0:c6:20:be:47:c8:eb:87:2a:
                    13:79:35:9f:28:41:e6:bd:27:47:53:73:89:7e:d3:
                    3f:11:9b:e7:eb:02:dc:49:32:9c:f5:2a:dd:a6:84:
                    3d:1c:9b:c7:88:4b:9f:30:3a:8e:2e:43:07:46:ea:
                    0d:00:16:2b:5d:20:4b:3a:76:5e:c1:b9:6d:69:80:
                    1e:ed:99:ad:49:16:11:a2:68:87:a6:07:5f:7f:74:
                    1f:5b:3d:1b:18:b3:5a:fb:5c:db:61:f3:aa:c4:fa:
                    ab:e9:0b:ee:7f:cd:1f:ae:7e:d8:38:5e:22:39:ba:
                    8d:3c:f7:c0:21:16:1e:12:68:e9:5a:7b:38:12:ec:
                    0c:2e:1d:8b:8a:77:2e:1f:96:ac:64:c1:24:c1:98:
                    a9:bc:cc:a8:33:71:99:34:69:3f:e4:16:4e:41:80:
                    41:e7:6c:e7:88:03:7d:cb:f5:a6:d5:da:1a:f5:c7:
                    61:7c:e9:e4:33:3a:7f:c8:80:74:37:44:83:09:13:
                    df:07:8d:60:10:fe:80:45:f2:38:3c:c1:fd:17:a3:
                    03:19:19:cb:40:c4:b5:8e:28:df:dd:74:5e:ef:93:
                    00:b8:28:9e:c4:73:eb:a4:f1:17:c9:78:09:ec:c3:
                    db:cf:25:7c:a4:d0:a9:95:7a:5a:1d:31:44:25:8d:
                    9c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C1:6B:ED:17:C1:B3:61:53:C7:C8:6D:2D:58:78:3F:5A:78:D4:78
            X509v3 Authority Key Identifier:
                keyid:6E:BC:B5:7E:2D:5E:40:63:0E:19:3B:D5:CE:B1:6F:1E:F1:87:43:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bry1fi1eQGMOGTvVzrFvHvGHQ6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/jMFr7RfBs2FTx8htLVh4P1p41Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e45fa1-429d-4eaf-b278-9ad18ba1a3d9/1/bry1fi1eQGMOGTvVzrFvHvGHQ6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:7a:4d:8d:b7:6d:0d:a8:52:45:13:be:57:b2:6d:de:93:18:
         f6:a3:38:9f:64:39:65:4a:3c:b2:8b:fc:e8:00:d1:06:68:58:
         00:bc:7b:1d:3e:44:c2:aa:11:16:2e:21:c1:bd:8c:50:b5:11:
         d4:31:e0:88:66:2d:44:c5:c8:16:00:f7:eb:94:15:89:56:98:
         2d:87:49:c8:c5:5a:54:4c:4c:0d:cf:f9:ad:e4:d0:6f:c1:ad:
         cd:9e:f3:2f:d3:e3:5f:5a:ff:0f:1f:9c:af:a8:b6:a2:40:28:
         b1:2e:66:94:c4:e4:b2:41:2e:5d:68:0c:fe:3b:eb:0d:53:85:
         9b:1c:30:61:9f:e7:03:13:e9:c4:33:13:f2:45:f0:8b:54:ef:
         d5:58:cd:b3:55:4d:8e:ef:a9:34:c6:98:39:0a:50:18:18:c2:
         1d:99:9d:51:4c:d9:ba:96:2d:72:cc:54:74:a4:65:c9:1c:cd:
         e9:87:ea:42:86:3d:1b:bb:3b:d3:da:84:66:60:bd:5a:16:56:
         71:91:be:d8:77:47:e2:8a:ea:c8:6d:42:8d:ae:f0:3b:59:17:
         d1:46:4d:8a:f2:a5:a8:2e:0a:4f:32:bf:2c:56:c1:07:23:89:
         ab:4f:02:a4:5f:79:35:84:20:f3:e8:1d:20:8b:b7:22:9b:e4:
         35:35:7a:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx/Sf/TYadWbTf/qNKJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYmNiNTdlMmQ1ZTQwNjMwZTE5M2JkNWNlYjE2ZjFlZjE4
NzQzYTMwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2MxNmJlZDE3YzFiMzYxNTNjN2M4NmQyZDU4NzgzZjVhNzhkNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM6gp9mgxiC+R8jrhyoTeTWfKEHm
vSdHU3OJftM/EZvn6wLcSTKc9SrdpoQ9HJvHiEufMDqOLkMHRuoNABYrXSBLOnZe
wbltaYAe7ZmtSRYRomiHpgdff3QfWz0bGLNa+1zbYfOqxPqr6Qvuf80frn7YOF4i
ObqNPPfAIRYeEmjpWns4EuwMLh2LincuH5asZMEkwZipvMyoM3GZNGk/5BZOQYBB
52zniAN9y/Wm1doa9cdhfOnkMzp/yIB0N0SDCRPfB41gEP6ARfI4PMH9F6MDGRnL
QMS1jijf3XRe75MAuCiexHPrpPEXyXgJ7MPbzyV8pNCplXpaHTFEJY2c0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzBa+0XwbNhU8fIbS1YeD9aeNR4MB8GA1UdIwQY
MBaAFG68tX4tXkBjDhk71c6xbx7xh0OjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJ5MWZpMWVRR01PR1R2VnpyRnZIdkdIUTZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNDVmYTEtNDI5ZC00ZWFmLWIyNzgt
OWFkMThiYTFhM2Q5LzEvak1GcjdSZkJzMkZUeDhodExWaDRQMXA0MUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNDVmYTEtNDI5ZC00ZWFmLWIyNzgtOWFkMThiYTFhM2Q5
LzEvYnJ5MWZpMWVRR01PR1R2VnpyRnZIdkdIUTZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYGYMA0G
CSqGSIb3DQEBCwUAA4IBAQAsek2Nt20NqFJFE75Xsm3ekxj2ozifZDllSjyyi/zo
ANEGaFgAvHsdPkTCqhEWLiHBvYxQtRHUMeCIZi1ExcgWAPfrlBWJVpgth0nIxVpU
TEwNz/mt5NBvwa3NnvMv0+NfWv8PH5yvqLaiQCixLmaUxOSyQS5daAz+O+sNU4Wb
HDBhn+cDE+nEMxPyRfCLVO/VWM2zVU2O76k0xpg5ClAYGMIdmZ1RTNm6li1yzFR0
pGXJHM3ph+pChj0buzvT2oRmYL1aFlZxkb7Yd0fiiurIbUKNrvA7WRfRRk2K8qWo
LgpPMr8sVsEHI4mrTwKkX3k1hCDz6B0gi7cim+Q1NXpF
-----END CERTIFICATE-----