Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/pMbzYXKVQxRJfdNrHKWcgD58U9w.roa
File:                     pMbzYXKVQxRJfdNrHKWcgD58U9w.roa (raw, json)
Hash identifier:          FNwjnLZ1Xt1WXvA61oRxEBREa01Cy1Wq+7VBQ5dvk1c=
Subject key identifier:   A4:C6:F3:61:72:95:43:14:49:7D:D3:6B:1C:A5:9C:80:3E:7C:53:DC
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B819071AD3BD3CF81D36BFECD4D0E
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/pMbzYXKVQxRJfdNrHKWcgD58U9w.roa
Signing time:             Tue 02 Jan 2024 12:34:57 +0000
ROA not before:           Tue 02 Jan 2024 12:34:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56765
IP address blocks:        194.225.24.0/21 maxlen: 24
                          94.184.112.0/21 maxlen: 24
                          2001:14e8:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:81:90:71:ad:3b:d3:cf:81:d3:6b:fe:cd:4d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4c6f36172954314497dd36b1ca59c803e7c53dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:93:21:48:28:ec:84:40:2d:f6:ac:58:9a:55:
                    48:ab:aa:c6:9f:46:e7:2e:c4:38:56:b1:64:bb:99:
                    e7:1d:0c:4f:f5:3f:29:94:a8:9f:ca:77:2e:28:20:
                    84:0b:9c:dd:f1:96:62:bc:68:41:0e:80:87:b9:60:
                    cd:32:5b:41:4c:f1:5f:58:93:69:de:d8:93:d0:1a:
                    bb:5b:2a:08:8a:eb:06:b1:b2:44:6d:d2:13:0f:ab:
                    18:7c:e7:13:cf:3b:7a:d1:f6:04:3b:30:1b:cc:43:
                    0b:ec:2e:30:7e:d7:55:c8:7f:d8:69:50:cd:ae:83:
                    38:db:02:38:fd:fd:01:7b:05:70:b4:35:da:ac:31:
                    1b:3a:92:a4:cc:d4:fc:49:b5:15:9f:fc:61:26:19:
                    d2:68:1d:67:1b:f7:31:8f:1f:eb:cd:1f:21:25:7c:
                    0e:65:53:e4:5f:61:39:38:c8:29:f2:6c:4e:5d:ec:
                    d6:2d:a4:e1:2d:2c:c3:6d:9c:bf:f5:11:a2:cf:b8:
                    2a:f3:8a:d3:d5:12:26:63:5d:48:12:55:5a:ae:ae:
                    46:f4:50:ae:51:f2:e2:f3:bf:f3:39:c4:f7:14:05:
                    39:98:71:d5:b0:23:3c:7d:ff:cd:5b:af:88:5c:db:
                    cf:23:b4:88:1b:8a:48:e1:54:5a:fb:86:c2:db:a4:
                    9b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C6:F3:61:72:95:43:14:49:7D:D3:6B:1C:A5:9C:80:3E:7C:53:DC
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/pMbzYXKVQxRJfdNrHKWcgD58U9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.112.0/21
                  194.225.24.0/21
                IPv6:
                  2001:14e8:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:25:f8:d3:54:5a:b9:27:db:43:56:b2:5a:fc:6e:2a:6f:4d:
         3b:db:d8:cf:b6:e9:e7:1f:e5:5d:e1:60:12:a6:f6:6e:bd:29:
         1f:34:8b:c4:84:97:6b:6d:17:32:81:58:96:a8:30:7c:7f:a1:
         2d:fb:10:80:03:4f:15:69:be:ff:12:e2:16:86:8d:ff:77:5d:
         7d:ca:11:14:ce:89:29:96:82:a6:5d:dc:75:3f:b0:3f:ca:5b:
         83:d8:e6:4a:f3:78:28:4f:52:ac:87:ae:a2:f5:0f:d2:72:d1:
         c3:01:4f:d9:a5:c0:de:9a:43:0f:21:f4:6a:a9:10:4a:af:42:
         ba:73:ad:67:65:74:b6:de:e7:6d:63:1e:3c:e9:1b:d6:63:cf:
         61:e2:e9:d4:fa:d8:94:c6:b0:2d:0d:cb:54:1c:0b:09:0a:1a:
         62:39:fd:45:27:d8:db:37:cb:78:f9:c6:e9:57:64:30:db:1e:
         71:c2:1b:6a:bf:28:82:59:c5:0f:74:76:da:30:51:5d:35:b6:
         29:bb:9c:c9:3f:18:d9:81:53:ba:9d:be:2f:59:6c:c7:fa:79:
         21:7e:a7:37:09:0b:5c:52:f3:a9:47:76:39:2b:f0:34:d1:8a:
         40:97:89:7d:9b:c8:d7:92:4f:78:da:e0:7d:c4:5f:69:59:a0:
         0a:e0:5e:eb
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK4GQca0708+B02v+zU0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM2ZjM2MTcyOTU0MzE0NDk3ZGQzNmIxY2E1OWM4MDNlN2M1M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5MhSCjshEAt9qxYmlVIq6rGn0bn
LsQ4VrFku5nnHQxP9T8plKifyncuKCCEC5zd8ZZivGhBDoCHuWDNMltBTPFfWJNp
3tiT0Bq7WyoIiusGsbJEbdITD6sYfOcTzzt60fYEOzAbzEML7C4wftdVyH/YaVDN
roM42wI4/f0BewVwtDXarDEbOpKkzNT8SbUVn/xhJhnSaB1nG/cxjx/rzR8hJXwO
ZVPkX2E5OMgp8mxOXezWLaThLSzDbZy/9RGiz7gq84rT1RImY11IElVarq5G9FCu
UfLi87/zOcT3FAU5mHHVsCM8ff/NW6+IXNvPI7SIG4pI4VRa+4bC26SbtQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKTG82FylUMUSX3TaxylnIA+fFPcMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvcE1iellYS1ZReFJKZmROckhLV2NnRDU4VTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDXrhwAwQD
wuEYMA8EAgACMAkDBwAgARToAAUwDQYJKoZIhvcNAQELBQADggEBAFwl+NNUWrkn
20NWslr8bipvTTvb2M+26ecf5V3hYBKm9m69KR80i8SEl2ttFzKBWJaoMHx/oS37
EIADTxVpvv8S4haGjf93XX3KERTOiSmWgqZd3HU/sD/KW4PY5krzeChPUqyHrqL1
D9Jy0cMBT9mlwN6aQw8h9GqpEEqvQrpzrWdldLbe521jHjzpG9Zjz2Hi6dT62JTG
sC0Ny1QcCwkKGmI5/UUn2Ns3y3j5xulXZDDbHnHCG2q/KIJZxQ90dtowUV01tim7
nMk/GNmBU7qdvi9ZbMf6eSF+pzcJC1xS86lHdjkr8DTRikCXiX2byNeST3ja4H3E
X2lZoArgXus=
-----END CERTIFICATE-----