Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/1kHHMke9hWLQr3qEEbQGWg4EIPQ.roa
File:                     1kHHMke9hWLQr3qEEbQGWg4EIPQ.roa (raw, json)
Hash identifier:          k8JYUYuRySnYAwh2TRsTdaUGtsjPT1QkKMbbDEMkOKU=
Subject key identifier:   D6:41:C7:32:47:BD:85:62:D0:AF:7A:84:11:B4:06:5A:0E:04:20:F4
Certificate issuer:       /CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
Certificate serial:       018D7E993F6FF0C5AC5AF6C905FD402ED89D
Authority key identifier: E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/1kHHMke9hWLQr3qEEbQGWg4EIPQ.roa
Signing time:             Tue 06 Feb 2024 13:26:28 +0000
ROA not before:           Tue 06 Feb 2024 13:26:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        185.237.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:99:3f:6f:f0:c5:ac:5a:f6:c9:05:fd:40:2e:d8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
        Validity
            Not Before: Feb  6 13:26:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d641c73247bd8562d0af7a8411b4065a0e0420f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:29:e8:a5:8a:07:98:af:7d:d3:47:4c:2b:31:
                    62:4d:b0:26:e0:11:fa:11:ef:9d:54:35:ec:83:1b:
                    6f:af:e1:fc:da:ea:5a:1a:3a:87:23:03:be:83:91:
                    7e:2c:2f:24:47:7d:78:20:68:9e:64:df:43:e1:a7:
                    a1:8b:04:f4:7d:72:88:95:57:73:73:a4:9c:b5:12:
                    78:21:f7:b6:15:3d:e9:c9:5f:e6:94:8a:a4:0f:4d:
                    6a:d9:77:ea:ad:36:ed:2e:2e:05:6b:29:d7:e8:72:
                    ce:65:f2:e8:2a:0c:dd:37:0d:d7:84:39:44:05:c4:
                    88:87:f9:a3:bd:ce:df:69:ab:5d:98:55:21:52:3f:
                    fc:f5:a2:4a:90:00:02:8d:0f:dd:b3:86:05:a7:4b:
                    30:ae:9e:65:48:23:ba:27:68:8a:5e:fd:38:62:68:
                    b2:99:55:82:68:33:ac:dc:02:5f:1b:2d:06:2f:f8:
                    24:35:01:01:5d:7c:61:8e:f4:83:28:e8:5c:b7:0b:
                    67:1d:80:f1:3e:38:81:27:45:56:ef:00:b6:9d:36:
                    36:b7:95:0e:75:18:29:5c:81:9c:8a:0f:33:6a:61:
                    de:16:6a:b1:5f:7c:f6:50:02:c2:32:3b:1d:1c:66:
                    e7:61:33:e1:29:d0:ac:70:8e:99:37:b4:59:cd:b1:
                    70:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:41:C7:32:47:BD:85:62:D0:AF:7A:84:11:B4:06:5A:0E:04:20:F4
            X509v3 Authority Key Identifier:
                keyid:E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/1kHHMke9hWLQr3qEEbQGWg4EIPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e1:36:be:fa:41:5a:09:fa:ee:37:2a:62:c5:e7:a4:85:22:
         4e:e5:05:17:dd:4f:c7:c3:ac:3e:a7:c4:35:9b:d5:88:c6:12:
         be:18:12:db:ef:54:96:35:b6:fc:d0:b8:06:12:fe:69:e5:2a:
         74:b7:20:c7:6f:5f:08:ca:13:48:d4:11:45:6e:52:65:72:d4:
         72:79:8a:6b:b4:fe:53:2f:85:9a:80:f7:e0:ce:1e:57:72:24:
         25:eb:33:a9:f7:73:16:ca:30:43:e8:16:4f:ee:f5:64:70:da:
         e2:f4:3f:f8:79:f1:0c:4f:fc:42:2a:7f:b0:31:b2:ba:86:1b:
         22:b7:90:f2:a5:a0:07:ed:69:46:d1:fc:a3:c2:9a:bc:5a:1e:
         a2:cf:e9:42:d7:22:33:20:2e:9a:7e:7d:cb:94:77:49:12:bc:
         e6:e9:88:5f:e5:46:41:96:6e:21:50:3d:5f:3a:fd:12:ae:d2:
         a9:d3:12:13:92:fb:3c:b0:42:a6:55:71:54:51:e6:59:cc:36:
         29:73:4b:57:f5:a3:e2:6a:24:6a:a6:97:ea:fc:70:8b:5b:b9:
         5c:4a:f6:fc:44:ca:a0:4b:dd:d1:05:6c:ff:96:0a:6a:7f:6b:
         e9:48:da:25:f9:30:03:50:a0:fa:bf:a5:98:37:6a:c7:e2:5b:
         af:9e:60:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+mT9v8MWsWvbJBf1ALtidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODU2YzMwODJhYjJmYzhkZDFiMzU5YTdiMzk5MTM2ODUz
OGI0ZDAwHhcNMjQwMjA2MTMyNjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQxYzczMjQ3YmQ4NTYyZDBhZjdhODQxMWI0MDY1YTBlMDQyMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSnopYoHmK9900dMKzFiTbAm4BH6
Ee+dVDXsgxtvr+H82upaGjqHIwO+g5F+LC8kR314IGieZN9D4aehiwT0fXKIlVdz
c6SctRJ4Ife2FT3pyV/mlIqkD01q2XfqrTbtLi4FaynX6HLOZfLoKgzdNw3XhDlE
BcSIh/mjvc7faatdmFUhUj/89aJKkAACjQ/ds4YFp0swrp5lSCO6J2iKXv04Ymiy
mVWCaDOs3AJfGy0GL/gkNQEBXXxhjvSDKOhctwtnHYDxPjiBJ0VW7wC2nTY2t5UO
dRgpXIGcig8zamHeFmqxX3z2UALCMjsdHGbnYTPhKdCscI6ZN7RZzbFwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZBxzJHvYVi0K96hBG0BloOBCD0MB8GA1UdIwQY
MBaAFOGFbDCCqy/I3Rs1mns5kTaFOLTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmIt
OGVhYTZiZjQwMzU3LzEvMWtISE1rZTloV0xRcjNxRUViUUdXZzRFSVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmItOGVhYTZiZjQwMzU3
LzEvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1eMA0G
CSqGSIb3DQEBCwUAA4IBAQBI4Ta++kFaCfruNypixeekhSJO5QUX3U/Hw6w+p8Q1
m9WIxhK+GBLb71SWNbb80LgGEv5p5Sp0tyDHb18IyhNI1BFFblJlctRyeYprtP5T
L4WagPfgzh5XciQl6zOp93MWyjBD6BZP7vVkcNri9D/4efEMT/xCKn+wMbK6hhsi
t5DypaAH7WlG0fyjwpq8Wh6iz+lC1yIzIC6afn3LlHdJErzm6Yhf5UZBlm4hUD1f
Ov0SrtKp0xITkvs8sEKmVXFUUeZZzDYpc0tX9aPiaiRqppfq/HCLW7lcSvb8RMqg
S93RBWz/lgpqf2vpSNol+TADUKD6v6WYN2rH4luvnmCx
-----END CERTIFICATE-----