Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/aEJQq8mpzlFt35B-BD_QJo9THGc.roa
File:                     aEJQq8mpzlFt35B-BD_QJo9THGc.roa (raw, json)
Hash identifier:          BMCkTjd9fapdoPIqEbGYKz2qhU1rWaB5GhnFoKSKO6w=
Subject key identifier:   68:42:50:AB:C9:A9:CE:51:6D:DF:90:7E:04:3F:D0:26:8F:53:1C:67
Certificate issuer:       /CN=b8c8f23d0c48c62e18e28f560cc9159893d4e42f
Certificate serial:       018D9082EAC8437849EAA616F51A5E7DF18F
Authority key identifier: B8:C8:F2:3D:0C:48:C6:2E:18:E2:8F:56:0C:C9:15:98:93:D4:E4:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/aEJQq8mpzlFt35B-BD_QJo9THGc.roa
Signing time:             Sat 10 Feb 2024 00:55:15 +0000
ROA not before:           Sat 10 Feb 2024 00:55:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203148
IP address blocks:        185.130.148.0/22 maxlen: 22
                          185.130.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:90:82:ea:c8:43:78:49:ea:a6:16:f5:1a:5e:7d:f1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c8f23d0c48c62e18e28f560cc9159893d4e42f
        Validity
            Not Before: Feb 10 00:55:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=684250abc9a9ce516ddf907e043fd0268f531c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:57:e4:65:23:b1:49:f1:e6:20:83:32:fc:a1:
                    d1:2d:79:9b:71:87:b4:39:66:a6:32:63:39:be:0e:
                    c2:66:05:bf:33:79:7f:ed:fe:7d:1a:44:dc:c0:a2:
                    c7:71:94:bf:60:c0:4a:62:9e:26:b1:c9:98:4f:11:
                    70:23:dc:16:42:53:9a:56:c9:1e:ca:07:00:47:72:
                    b7:4f:9e:20:69:00:16:5a:ec:49:ae:5f:9c:b2:4e:
                    0e:0b:e6:7a:e5:5b:c0:02:4c:f0:77:d6:7e:64:3e:
                    b3:30:24:79:44:3a:d1:3d:cc:22:85:96:a5:8a:4e:
                    6e:00:3b:64:48:ea:b4:9e:b5:47:48:34:3b:28:1e:
                    1a:85:07:6c:37:f6:70:ee:1b:f3:08:a8:ea:30:bc:
                    bb:2b:ad:74:6f:15:bd:b7:9d:34:87:6b:b2:ea:4c:
                    79:65:06:b1:80:50:0d:86:da:93:e2:55:16:f7:e5:
                    58:cf:43:cb:64:b6:dd:fc:77:03:af:37:2d:ef:5a:
                    43:b5:1f:e9:e7:27:81:95:d2:53:fe:30:08:ee:fe:
                    e3:76:43:ab:2b:61:6d:cf:70:3b:e6:02:de:e2:70:
                    7a:ac:b6:cd:ab:aa:28:7c:a3:11:bd:7f:07:66:c8:
                    51:4a:a5:06:43:08:a7:f4:74:50:6d:de:c9:02:b2:
                    4b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:42:50:AB:C9:A9:CE:51:6D:DF:90:7E:04:3F:D0:26:8F:53:1C:67
            X509v3 Authority Key Identifier:
                keyid:B8:C8:F2:3D:0C:48:C6:2E:18:E2:8F:56:0C:C9:15:98:93:D4:E4:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/aEJQq8mpzlFt35B-BD_QJo9THGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e425de-236e-4a34-b41a-42481a62123c/1/uMjyPQxIxi4Y4o9WDMkVmJPU5C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:e7:2b:7c:d2:a7:a2:5a:8a:28:ae:5e:78:96:e6:18:1a:a2:
         a4:10:ff:9a:a4:a2:e6:f4:75:f4:5b:35:68:fc:a2:4d:01:61:
         d8:d8:a0:f2:0b:57:a9:8c:4b:a8:ea:b1:b9:84:f0:25:7f:d0:
         cf:39:a2:ca:47:5f:52:91:18:93:a1:e0:54:b7:c5:3e:7c:7f:
         ae:1b:c5:da:ce:e8:14:8e:2e:ed:8b:d8:78:eb:63:f0:f0:67:
         eb:23:cd:41:a0:92:d0:cc:ce:63:71:6b:31:6f:6d:6c:63:7d:
         3d:38:5b:d4:a2:d9:18:27:9e:c3:9c:4e:0c:6a:51:0a:b2:7c:
         0d:62:c4:be:f5:f7:c4:44:92:da:da:11:89:a7:40:f5:65:72:
         23:30:53:84:12:ad:75:0c:da:25:15:99:64:e8:45:94:07:09:
         90:f6:37:0e:0d:91:07:10:15:57:f3:17:11:3a:11:05:e6:51:
         c5:1b:1f:62:13:3f:d7:17:3e:50:91:b6:c7:64:53:44:2c:4b:
         55:de:a3:e6:87:0c:8c:bf:ea:c0:9f:c5:02:aa:fe:60:79:eb:
         9a:12:bc:ec:8f:09:61:f4:9e:d0:6a:35:7e:ec:ec:c2:fc:d2:
         07:d3:31:f3:d6:65:9d:42:1d:f0:23:47:a6:96:d5:00:ec:b3:
         4b:2c:30:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2QgurIQ3hJ6qYW9RpeffGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzhmMjNkMGM0OGM2MmUxOGUyOGY1NjBjYzkxNTk4OTNk
NGU0MmYwHhcNMjQwMjEwMDA1NTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODQyNTBhYmM5YTljZTUxNmRkZjkwN2UwNDNmZDAyNjhmNTMxYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFfkZSOxSfHmIIMy/KHRLXmbcYe0
OWamMmM5vg7CZgW/M3l/7f59GkTcwKLHcZS/YMBKYp4mscmYTxFwI9wWQlOaVske
ygcAR3K3T54gaQAWWuxJrl+csk4OC+Z65VvAAkzwd9Z+ZD6zMCR5RDrRPcwihZal
ik5uADtkSOq0nrVHSDQ7KB4ahQdsN/Zw7hvzCKjqMLy7K610bxW9t500h2uy6kx5
ZQaxgFANhtqT4lUW9+VYz0PLZLbd/HcDrzct71pDtR/p5yeBldJT/jAI7v7jdkOr
K2Ftz3A75gLe4nB6rLbNq6oofKMRvX8HZshRSqUGQwin9HRQbd7JArJL7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhCUKvJqc5Rbd+QfgQ/0CaPUxxnMB8GA1UdIwQY
MBaAFLjI8j0MSMYuGOKPVgzJFZiT1OQvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1qeVBReEl4aTRZNG85V0RNa1ZtSlBVNUM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lNDI1ZGUtMjM2ZS00YTM0LWI0MWEt
NDI0ODFhNjIxMjNjLzEvYUVKUXE4bXB6bEZ0MzVCLUJEX1FKbzlUSEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lNDI1ZGUtMjM2ZS00YTM0LWI0MWEtNDI0ODFhNjIxMjNj
LzEvdU1qeVBReEl4aTRZNG85V0RNa1ZtSlBVNUM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYKUMA0G
CSqGSIb3DQEBCwUAA4IBAQBd5yt80qeiWooorl54luYYGqKkEP+apKLm9HX0WzVo
/KJNAWHY2KDyC1epjEuo6rG5hPAlf9DPOaLKR19SkRiToeBUt8U+fH+uG8XazugU
ji7ti9h462Pw8GfrI81BoJLQzM5jcWsxb21sY309OFvUotkYJ57DnE4MalEKsnwN
YsS+9ffERJLa2hGJp0D1ZXIjMFOEEq11DNolFZlk6EWUBwmQ9jcODZEHEBVX8xcR
OhEF5lHFGx9iEz/XFz5QkbbHZFNELEtV3qPmhwyMv+rAn8UCqv5geeuaErzsjwlh
9J7QajV+7OzC/NIH0zHz1mWdQh3wI0emltUA7LNLLDCr
-----END CERTIFICATE-----