Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/Om4sicHTbZlXf8KZ6j48SxkVkvQ.roa
File:                     Om4sicHTbZlXf8KZ6j48SxkVkvQ.roa (raw, json)
Hash identifier:          SgeWU8gd241bNnIHt6dJ9SOvPBQt4oMcmOKseCuo+Us=
Subject key identifier:   3A:6E:2C:89:C1:D3:6D:99:57:7F:C2:99:EA:3E:3C:4B:19:15:92:F4
Certificate issuer:       /CN=27ded1d90c4d52b6871023bc71296d08a98c4cdb
Certificate serial:       0193210A180B48A2938837D775F1FDDBDF4D
Authority key identifier: 27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/Om4sicHTbZlXf8KZ6j48SxkVkvQ.roa
Signing time:             Tue 12 Nov 2024 15:42:09 +0000
ROA not before:           Tue 12 Nov 2024 15:42:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.135.57.0/24 maxlen: 24
                          185.135.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:0a:18:0b:48:a2:93:88:37:d7:75:f1:fd:db:df:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27ded1d90c4d52b6871023bc71296d08a98c4cdb
        Validity
            Not Before: Nov 12 15:42:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a6e2c89c1d36d99577fc299ea3e3c4b191592f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ed:6a:c7:0f:15:08:5c:85:08:d2:26:f6:b0:
                    86:8a:40:02:f0:66:81:8d:43:a2:b5:6b:1a:ff:c7:
                    be:9f:9b:b4:c3:47:91:f3:88:24:80:32:bc:9d:73:
                    24:31:33:6f:d5:45:bd:bb:94:70:e5:14:68:71:be:
                    ff:b0:e0:ff:81:ab:e6:b2:6e:2a:f2:18:c8:0f:09:
                    63:62:74:71:8e:7a:c0:6d:01:49:b9:ed:08:34:a9:
                    32:f6:59:46:30:bb:94:7a:b6:f6:fc:6b:e1:39:c3:
                    3c:d8:4c:94:18:a9:90:e0:66:3a:4c:36:c8:7a:94:
                    43:2d:17:42:ca:0d:f8:ae:7e:88:fc:ab:f7:a9:cb:
                    77:27:07:2e:e0:30:ac:0f:3f:2b:41:da:e6:74:ba:
                    e4:e5:5d:d6:10:16:65:e6:51:fa:e4:af:75:f7:20:
                    43:c3:4c:ef:70:d8:ba:d5:e0:e4:eb:21:b3:b2:3c:
                    c2:bd:82:34:a2:67:ad:92:53:a4:50:57:5f:90:26:
                    f9:92:3f:8c:e9:8f:9d:ee:c4:e9:35:cd:6e:06:2d:
                    01:6a:2c:bc:3c:a8:94:a3:51:5e:1d:8c:79:5e:f4:
                    af:12:c4:60:19:82:8a:ce:27:e9:78:b5:9f:6a:56:
                    41:b7:2d:56:7d:ed:4d:8d:3a:f7:b9:20:fd:e0:d3:
                    bb:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:6E:2C:89:C1:D3:6D:99:57:7F:C2:99:EA:3E:3C:4B:19:15:92:F4
            X509v3 Authority Key Identifier:
                keyid:27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/Om4sicHTbZlXf8KZ6j48SxkVkvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.57.0-185.135.58.255

    Signature Algorithm: sha256WithRSAEncryption
         45:e5:51:5e:28:7c:a2:a4:c6:4f:1a:23:bb:fc:89:f0:9d:9b:
         bc:5c:b8:78:05:9a:43:a4:d0:b2:a4:f6:a3:d3:9d:97:f4:f6:
         7f:4e:f4:a4:0f:3d:14:c2:9f:23:af:d8:7f:71:8e:d0:0d:74:
         ee:3a:3a:ae:ed:13:5d:81:15:75:b1:07:12:ef:7f:d8:2f:84:
         51:d5:7f:51:db:22:4e:ae:7b:4e:8e:64:66:c2:5a:8d:bc:4d:
         0d:ae:6c:42:03:a9:af:d8:bd:8b:04:ec:fc:8a:61:28:26:cb:
         d0:a5:b2:20:7c:ea:f4:93:12:7a:47:6a:85:f6:ad:23:7d:0d:
         22:70:72:56:08:e8:6e:64:b1:10:a2:67:e1:d7:9b:e1:df:2d:
         b8:c6:c1:d4:21:2b:01:a5:57:96:d1:ed:3c:ed:a6:21:ff:62:
         61:7d:95:f1:af:88:5b:7b:84:d4:9c:2d:3b:d9:36:9c:fd:eb:
         c0:1b:c9:77:1d:33:22:12:9a:36:c4:21:7e:05:46:fa:10:ff:
         01:34:54:f3:3c:c2:df:9b:12:67:e6:94:16:f2:8c:bd:31:5a:
         fa:56:14:5c:98:dc:84:56:8f:3b:69:8e:c4:89:49:f5:a6:78:
         6d:1d:55:ec:d5:2d:a9:c3:9b:7d:a6:a0:0b:f6:a3:5b:40:cb:
         73:6b:d4:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZMhChgLSKKTiDfXdfH9299NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZGVkMWQ5MGM0ZDUyYjY4NzEwMjNiYzcxMjk2ZDA4YTk4
YzRjZGIwHhcNMjQxMTEyMTU0MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTZlMmM4OWMxZDM2ZDk5NTc3ZmMyOTllYTNlM2M0YjE5MTU5MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5O1qxw8VCFyFCNIm9rCGikAC8GaB
jUOitWsa/8e+n5u0w0eR84gkgDK8nXMkMTNv1UW9u5Rw5RRocb7/sOD/gavmsm4q
8hjIDwljYnRxjnrAbQFJue0INKky9llGMLuUerb2/GvhOcM82EyUGKmQ4GY6TDbI
epRDLRdCyg34rn6I/Kv3qct3Jwcu4DCsDz8rQdrmdLrk5V3WEBZl5lH65K919yBD
w0zvcNi61eDk6yGzsjzCvYI0ometklOkUFdfkCb5kj+M6Y+d7sTpNc1uBi0Baiy8
PKiUo1FeHYx5XvSvEsRgGYKKzifpeLWfalZBty1Wfe1NjTr3uSD94NO72wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDpuLInB022ZV3/Cmeo+PEsZFZL0MB8GA1UdIwQY
MBaAFCfe0dkMTVK2hxAjvHEpbQipjEzbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjk3UjJReE5VcmFIRUNPOGNTbHRDS21NVE5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMzgyMTItMzhhNy00NjhkLWI4NzQt
MzUxYWI5ZjIzNmIwLzEvT200c2ljSFRiWmxYZjhLWjZqNDhTeGtWa3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMzgyMTItMzhhNy00NjhkLWI4NzQtMzUxYWI5ZjIzNmIw
LzEvSjk3UjJReE5VcmFIRUNPOGNTbHRDS21NVE5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5hzkD
BAC5hzowDQYJKoZIhvcNAQELBQADggEBAEXlUV4ofKKkxk8aI7v8ifCdm7xcuHgF
mkOk0LKk9qPTnZf09n9O9KQPPRTCnyOv2H9xjtANdO46Oq7tE12BFXWxBxLvf9gv
hFHVf1HbIk6ue06OZGbCWo28TQ2ubEIDqa/YvYsE7PyKYSgmy9ClsiB86vSTEnpH
aoX2rSN9DSJwclYI6G5ksRCiZ+HXm+HfLbjGwdQhKwGlV5bR7TztpiH/YmF9lfGv
iFt7hNScLTvZNpz968AbyXcdMyISmjbEIX4FRvoQ/wE0VPM8wt+bEmfmlBbyjL0x
WvpWFFyY3IRWjztpjsSJSfWmeG0dVezVLanDm32moAv2o1tAy3Nr1Pg=
-----END CERTIFICATE-----