Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/KhAMfCR_qg_kB3qGegGpw1fiMvY.roa
File:                     KhAMfCR_qg_kB3qGegGpw1fiMvY.roa (raw, json)
Hash identifier:          RF7nCIJh9Rzy3yaCAcVqyFzlLPp0ly9b5rdcO356Q5E=
Subject key identifier:   2A:10:0C:7C:24:7F:AA:0F:E4:07:7A:86:7A:01:A9:C3:57:E2:32:F6
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018E4EE5798019BD882EDE6F4D8A423D7FBA
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/KhAMfCR_qg_kB3qGegGpw1fiMvY.roa
Signing time:             Mon 18 Mar 2024 00:10:45 +0000
ROA not before:           Mon 18 Mar 2024 00:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49020
IP address blocks:        185.100.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4e:e5:79:80:19:bd:88:2e:de:6f:4d:8a:42:3d:7f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Mar 18 00:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a100c7c247faa0fe4077a867a01a9c357e232f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:11:af:20:2f:ce:37:f9:cf:9b:77:fc:c1:4b:
                    d2:16:7a:ee:88:98:41:78:dc:71:b2:95:28:16:6c:
                    23:20:82:59:93:b8:9e:6c:e4:76:b9:38:cf:92:96:
                    e7:ae:0c:ee:1f:eb:ce:f8:8c:e4:a4:2c:bc:1a:dd:
                    a3:68:75:da:c2:23:d4:d0:0c:02:c8:7d:f1:a9:cf:
                    6c:3e:93:7b:15:1e:11:5b:9b:5d:78:eb:d1:d2:37:
                    3f:d7:fd:20:dd:03:e7:81:f3:3b:3c:69:11:cb:32:
                    c8:e8:f1:62:56:90:3f:a6:d8:8d:12:da:22:5f:c7:
                    45:39:d9:6b:32:6d:21:d2:4f:29:11:95:05:8e:2b:
                    7b:9b:b7:bc:da:69:24:01:93:19:e6:62:91:f3:ec:
                    b8:20:17:64:91:c0:46:89:9e:a3:1a:7e:ce:46:34:
                    74:e1:06:7c:6f:d8:3f:bd:a8:5e:56:d5:17:60:94:
                    cd:ea:43:43:f7:c9:8a:8e:72:aa:e7:8c:de:14:30:
                    c6:8b:1e:83:76:ff:15:b4:7d:7e:10:4d:c0:f5:88:
                    3a:16:dd:db:51:65:0b:5f:c7:52:b6:02:8c:e4:96:
                    d5:cb:35:7d:db:8b:29:61:ab:c2:a5:1f:9e:49:a4:
                    ed:89:1d:c1:db:a8:ed:da:f8:15:7f:7b:e9:84:8d:
                    6c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:10:0C:7C:24:7F:AA:0F:E4:07:7A:86:7A:01:A9:C3:57:E2:32:F6
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/KhAMfCR_qg_kB3qGegGpw1fiMvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:2c:a7:a1:91:35:be:6d:6c:eb:dd:f0:75:a4:d4:5b:86:bf:
         db:7b:bc:9b:96:90:bd:a1:c6:30:e8:83:7a:13:62:a2:f3:b9:
         66:b7:2d:07:53:51:58:17:94:31:31:37:8f:5c:ab:2b:d0:cc:
         5f:84:86:d0:82:12:93:9d:ef:f8:1b:f5:96:1c:ad:b1:b8:17:
         fa:e2:cb:4b:44:c9:52:39:73:82:b0:59:f7:72:f1:e3:ba:ea:
         1d:35:45:a8:a1:47:9f:5b:fe:de:93:20:33:f1:0b:a5:36:a3:
         df:05:39:b7:d6:08:16:82:15:2e:5e:1e:d7:94:dd:29:2a:dc:
         b5:0c:44:7f:38:eb:0b:b1:04:06:27:38:28:1b:86:5b:34:5e:
         cc:77:ca:39:31:2f:de:bc:55:44:d1:c1:54:2e:6b:03:f3:12:
         32:2a:b8:a4:c8:70:87:44:66:9c:10:aa:19:1f:c8:e6:b7:eb:
         8a:01:29:55:33:75:d6:eb:d0:37:b6:7a:f7:c8:6f:5c:3b:69:
         bb:fa:9a:14:de:f2:56:03:af:f9:ed:64:8d:ff:7a:ab:0d:64:
         0b:71:b2:2f:74:86:4d:09:15:8e:c4:d6:d0:c7:b6:7a:b0:78:
         bf:b8:07:a5:8a:2b:7c:fc:f3:1b:f0:5b:ba:12:6f:4c:1f:45:
         18:c5:19:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5O5XmAGb2ILt5vTYpCPX+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwMzE4MDAxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTEwMGM3YzI0N2ZhYTBmZTQwNzdhODY3YTAxYTljMzU3ZTIzMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBGvIC/ON/nPm3f8wUvSFnruiJhB
eNxxspUoFmwjIIJZk7iebOR2uTjPkpbnrgzuH+vO+IzkpCy8Gt2jaHXawiPU0AwC
yH3xqc9sPpN7FR4RW5tdeOvR0jc/1/0g3QPngfM7PGkRyzLI6PFiVpA/ptiNEtoi
X8dFOdlrMm0h0k8pEZUFjit7m7e82mkkAZMZ5mKR8+y4IBdkkcBGiZ6jGn7ORjR0
4QZ8b9g/vaheVtUXYJTN6kND98mKjnKq54zeFDDGix6Ddv8VtH1+EE3A9Yg6Ft3b
UWULX8dStgKM5JbVyzV924spYavCpR+eSaTtiR3B26jt2vgVf3vphI1s3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoQDHwkf6oP5Ad6hnoBqcNX4jL2MB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvS2hBTWZDUl9xZ19rQjNxR2VnR3B3MWZpTXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWSrMA0G
CSqGSIb3DQEBCwUAA4IBAQAqLKehkTW+bWzr3fB1pNRbhr/be7yblpC9ocYw6IN6
E2Ki87lmty0HU1FYF5QxMTePXKsr0MxfhIbQghKTne/4G/WWHK2xuBf64stLRMlS
OXOCsFn3cvHjuuodNUWooUefW/7ekyAz8QulNqPfBTm31ggWghUuXh7XlN0pKty1
DER/OOsLsQQGJzgoG4ZbNF7Md8o5MS/evFVE0cFULmsD8xIyKrikyHCHRGacEKoZ
H8jmt+uKASlVM3XW69A3tnr3yG9cO2m7+poU3vJWA6/57WSN/3qrDWQLcbIvdIZN
CRWOxNbQx7Z6sHi/uAeliit8/PMb8Fu6Em9MH0UYxRl8
-----END CERTIFICATE-----