Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/RwBx01bfgDXqP6UQh7iEwARc4Js.roa
File:                     RwBx01bfgDXqP6UQh7iEwARc4Js.roa (raw, json)
Hash identifier:          M2LvlgQh+UzUchwcLnaJZGIUxCXemd9T1MTl3UadjM0=
Subject key identifier:   47:00:71:D3:56:DF:80:35:EA:3F:A5:10:87:B8:84:C0:04:5C:E0:9B
Certificate issuer:       /CN=821219469c6df76cf476f274cdcf27e52f8f0df8
Certificate serial:       018CCFAAB0A014F290BBB98A02A51624B926
Authority key identifier: 82:12:19:46:9C:6D:F7:6C:F4:76:F2:74:CD:CF:27:E5:2F:8F:0D:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ghIZRpxt92z0dvJ0zc8n5S-PDfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/RwBx01bfgDXqP6UQh7iEwARc4Js.roa
Signing time:             Wed 03 Jan 2024 14:11:59 +0000
ROA not before:           Wed 03 Jan 2024 14:11:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56485
IP address blocks:        188.65.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/ghIZRpxt92z0dvJ0zc8n5S-PDfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/ghIZRpxt92z0dvJ0zc8n5S-PDfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ghIZRpxt92z0dvJ0zc8n5S-PDfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:aa:b0:a0:14:f2:90:bb:b9:8a:02:a5:16:24:b9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821219469c6df76cf476f274cdcf27e52f8f0df8
        Validity
            Not Before: Jan  3 14:11:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=470071d356df8035ea3fa51087b884c0045ce09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:31:cc:60:68:3f:9f:b6:6a:a4:a2:2a:f5:3b:
                    6f:33:88:5b:40:63:79:ce:09:45:3a:28:83:fd:de:
                    64:41:ef:2e:be:35:3c:31:5d:ad:5d:43:f6:56:4c:
                    ad:28:b6:67:91:6f:29:f2:da:f6:be:b5:3d:71:34:
                    3c:0f:d0:c1:d8:57:e4:7d:e5:00:6e:11:49:1c:e2:
                    15:8c:09:89:5e:a4:65:f5:cc:a1:d5:fa:80:b2:81:
                    7c:98:be:44:0e:31:cf:74:42:cc:ec:05:d6:1a:af:
                    1c:d5:64:f0:eb:5f:da:6e:ad:e6:f2:34:b3:dc:97:
                    e6:e2:ce:aa:5a:98:c2:2c:63:b6:64:13:4b:60:e2:
                    23:7a:4b:eb:a6:87:a1:9e:55:88:db:fc:99:ff:8a:
                    3a:20:e8:bc:72:5c:27:fd:80:29:33:a0:23:18:59:
                    69:92:78:d1:51:9e:f5:31:19:16:7e:29:40:b1:e9:
                    d3:66:e2:cb:88:3a:a6:53:60:73:e3:67:34:50:64:
                    b2:1e:f7:da:db:a3:76:44:3c:7c:b6:c3:9f:03:71:
                    12:d2:8a:31:e3:1f:24:c7:e3:f4:7b:e4:60:83:a3:
                    b3:31:ee:21:93:e1:9f:bf:de:8d:69:4a:51:6f:d4:
                    da:e9:ad:45:39:1f:c2:10:a1:9c:a4:82:a6:1b:70:
                    4c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:00:71:D3:56:DF:80:35:EA:3F:A5:10:87:B8:84:C0:04:5C:E0:9B
            X509v3 Authority Key Identifier:
                keyid:82:12:19:46:9C:6D:F7:6C:F4:76:F2:74:CD:CF:27:E5:2F:8F:0D:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ghIZRpxt92z0dvJ0zc8n5S-PDfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/RwBx01bfgDXqP6UQh7iEwARc4Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a1a11d-11fb-4424-8cd4-0daa0704b992/1/ghIZRpxt92z0dvJ0zc8n5S-PDfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.65.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:a8:a8:11:7d:99:a8:93:02:87:dc:21:d8:25:64:6f:a9:11:
         31:84:9b:1d:62:3c:55:46:c5:60:74:ee:7a:37:f9:4b:50:ee:
         f5:2e:b2:76:fc:2e:e0:6a:2c:50:0d:43:c5:3a:85:11:52:a6:
         0f:71:67:68:66:d7:0e:9a:f2:80:3c:78:46:72:9d:2a:4c:1a:
         f0:e7:7c:96:b6:da:a6:40:fa:d6:c2:40:0d:a4:75:3c:5f:b5:
         bf:57:bb:95:ad:03:1b:76:3b:3d:87:56:d7:e0:1e:20:49:79:
         08:36:db:0b:86:80:cf:f5:5c:49:43:e6:9a:c2:10:36:f3:33:
         29:dc:0e:04:2b:64:67:32:9f:55:57:52:39:2a:5b:30:d0:85:
         9a:34:3f:37:db:db:7a:4b:cf:4a:7b:c5:77:28:2c:88:8f:9b:
         d5:0d:8e:17:ff:f7:0a:fb:e7:51:6d:eb:e6:51:7c:e3:d4:8f:
         0c:86:0c:bb:21:59:b2:c1:2c:e3:dc:66:e1:c9:1c:96:2f:c8:
         1e:76:40:a2:a8:bf:c3:d1:9c:37:08:7a:7b:b9:a3:21:b4:19:
         84:14:2f:e3:bb:fa:38:b2:a3:19:9a:24:77:62:0c:cc:f2:e9:
         1c:c6:a5:7c:46:d7:66:d0:82:94:a2:38:72:ee:58:c1:b0:d5:
         76:47:6c:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPqrCgFPKQu7mKAqUWJLkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMTIxOTQ2OWM2ZGY3NmNmNDc2ZjI3NGNkY2YyN2U1MmY4
ZjBkZjgwHhcNMjQwMTAzMTQxMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzAwNzFkMzU2ZGY4MDM1ZWEzZmE1MTA4N2I4ODRjMDA0NWNlMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTHMYGg/n7ZqpKIq9TtvM4hbQGN5
zglFOiiD/d5kQe8uvjU8MV2tXUP2VkytKLZnkW8p8tr2vrU9cTQ8D9DB2FfkfeUA
bhFJHOIVjAmJXqRl9cyh1fqAsoF8mL5EDjHPdELM7AXWGq8c1WTw61/abq3m8jSz
3Jfm4s6qWpjCLGO2ZBNLYOIjekvrpoehnlWI2/yZ/4o6IOi8clwn/YApM6AjGFlp
knjRUZ71MRkWfilAsenTZuLLiDqmU2Bz42c0UGSyHvfa26N2RDx8tsOfA3ES0oox
4x8kx+P0e+Rgg6OzMe4hk+Gfv96NaUpRb9Ta6a1FOR/CEKGcpIKmG3BMkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcAcdNW34A16j+lEIe4hMAEXOCbMB8GA1UdIwQY
MBaAFIISGUacbfds9HbydM3PJ+Uvjw34MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hJWlJweHQ5MnowZHZKMHpjOG41Uy1QRGZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMWExMWQtMTFmYi00NDI0LThjZDQt
MGRhYTA3MDRiOTkyLzEvUndCeDAxYmZnRFhxUDZVUWg3aUV3QVJjNEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMWExMWQtMTFmYi00NDI0LThjZDQtMGRhYTA3MDRiOTky
LzEvZ2hJWlJweHQ5MnowZHZKMHpjOG41Uy1QRGZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEGgMA0G
CSqGSIb3DQEBCwUAA4IBAQBkqKgRfZmokwKH3CHYJWRvqRExhJsdYjxVRsVgdO56
N/lLUO71LrJ2/C7gaixQDUPFOoURUqYPcWdoZtcOmvKAPHhGcp0qTBrw53yWttqm
QPrWwkANpHU8X7W/V7uVrQMbdjs9h1bX4B4gSXkINtsLhoDP9VxJQ+aawhA28zMp
3A4EK2RnMp9VV1I5Klsw0IWaND8329t6S89Ke8V3KCyIj5vVDY4X//cK++dRbevm
UXzj1I8Mhgy7IVmywSzj3GbhyRyWL8gedkCiqL/D0Zw3CHp7uaMhtBmEFC/ju/o4
sqMZmiR3YgzM8ukcxqV8Rtdm0IKUojhy7ljBsNV2R2x7
-----END CERTIFICATE-----