Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oV660rAHwTTdtyusISjkh3hJebo.roa
File:                     oV660rAHwTTdtyusISjkh3hJebo.roa (raw, json)
Hash identifier:          x228iA+OyxWUnYJm06PaFSQPtgHYElwu6eAlFXsxZcQ=
Subject key identifier:   A1:5E:BA:D2:B0:07:C1:34:DD:B7:2B:AC:21:28:E4:87:78:49:79:BA
Certificate issuer:       /CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
Certificate serial:       0191559CB8525155FFDC536AE95C170BDF57
Authority key identifier: A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oV660rAHwTTdtyusISjkh3hJebo.roa
Signing time:             Thu 15 Aug 2024 10:36:59 +0000
ROA not before:           Thu 15 Aug 2024 10:36:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60470
IP address blocks:        185.88.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:9c:b8:52:51:55:ff:dc:53:6a:e9:5c:17:0b:df:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
        Validity
            Not Before: Aug 15 10:36:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a15ebad2b007c134ddb72bac2128e487784979ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a1:f5:c0:51:2c:ee:1d:13:d1:d7:fd:c5:eb:
                    74:1c:34:88:44:d9:93:2b:07:e7:23:7f:5a:52:05:
                    2a:3e:58:6d:09:f4:6f:da:a3:f0:00:41:87:f7:83:
                    cd:43:b3:fa:e3:5c:ba:61:81:7f:40:8b:c8:c2:f7:
                    11:89:2e:f7:22:f7:85:ed:4c:8b:3a:57:f8:76:3f:
                    fd:d1:e1:9b:57:f3:8c:cc:5f:4a:bb:f1:74:50:f6:
                    8e:bc:7a:f6:45:b8:63:78:7b:82:46:95:b2:3a:1d:
                    c9:77:0c:7c:fa:f0:bf:58:27:3c:cf:69:90:90:1c:
                    b2:b6:9b:6e:cc:a3:00:c1:8b:f5:8a:87:ae:d9:4c:
                    56:93:c0:e2:8c:b4:35:30:c8:cb:be:b1:53:45:68:
                    8d:c0:a5:e9:78:18:9b:b3:2d:ab:96:b5:90:d8:f7:
                    35:f5:86:78:3b:9b:d7:0c:f7:4b:37:88:ee:41:a2:
                    b0:29:34:3a:ce:41:a8:c6:3f:0a:40:00:00:e3:35:
                    12:c5:82:5a:9c:75:a8:4a:b6:52:b8:7f:f7:d7:55:
                    36:a5:00:00:1a:65:c5:aa:08:f4:d9:11:4a:ad:27:
                    25:56:df:08:76:6d:00:68:a4:0f:3b:74:31:3d:1c:
                    30:ac:d0:27:6e:9e:7d:39:3e:d2:93:e4:ac:69:45:
                    1e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:5E:BA:D2:B0:07:C1:34:DD:B7:2B:AC:21:28:E4:87:78:49:79:BA
            X509v3 Authority Key Identifier:
                keyid:A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oV660rAHwTTdtyusISjkh3hJebo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:0e:34:67:7a:2e:74:de:14:ec:c8:36:f6:d4:7f:cc:fa:80:
         7d:99:7a:3c:92:a3:92:fd:a1:17:35:26:c6:2c:1d:36:d2:c0:
         c1:0e:cf:9f:04:f5:a1:a6:e4:83:e6:de:75:a8:84:f4:4a:bf:
         04:d4:e4:b0:7b:ca:5d:cb:83:2a:2c:57:60:80:19:0c:0e:df:
         50:cd:14:8d:7a:ff:61:c2:c6:d8:b4:9c:3e:f8:f7:7c:72:3a:
         3e:2c:46:c9:23:20:f0:e6:89:e5:58:e7:a2:46:0e:89:35:45:
         8d:09:9f:a7:b4:b8:20:88:b0:23:08:9d:4d:da:0d:73:e7:48:
         3e:32:8d:8e:ea:02:82:63:f3:a1:17:ad:47:d7:a1:c8:e7:da:
         d6:01:ae:0c:f9:fe:48:a2:60:c4:ce:48:5f:ba:fb:2c:0f:e0:
         6e:8c:7f:ba:18:52:ea:97:f8:94:96:33:1e:f6:09:7a:a7:ce:
         95:65:f8:35:52:ce:9b:94:55:13:25:c1:94:d1:86:36:59:32:
         4b:e3:24:a5:9c:ba:c6:5b:8a:1d:e6:c1:f7:47:fb:71:43:22:
         69:41:6d:f7:53:ae:00:37:05:1e:60:d5:61:c0:65:6f:eb:f1:
         74:f2:6b:f0:52:85:b9:83:a5:31:40:55:38:e2:09:c7:eb:79:
         2e:80:f3:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFVnLhSUVX/3FNq6VwXC99XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc5YmY0YzYyN2Q4NWZlZTJjZTEzYTUzYzQ0ODUxYjlk
ZjA1NjMwHhcNMjQwODE1MTAzNjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTVlYmFkMmIwMDdjMTM0ZGRiNzJiYWMyMTI4ZTQ4Nzc4NDk3OWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqH1wFEs7h0T0df9xet0HDSIRNmT
KwfnI39aUgUqPlhtCfRv2qPwAEGH94PNQ7P641y6YYF/QIvIwvcRiS73IveF7UyL
Olf4dj/90eGbV/OMzF9Ku/F0UPaOvHr2RbhjeHuCRpWyOh3Jdwx8+vC/WCc8z2mQ
kByytptuzKMAwYv1ioeu2UxWk8DijLQ1MMjLvrFTRWiNwKXpeBibsy2rlrWQ2Pc1
9YZ4O5vXDPdLN4juQaKwKTQ6zkGoxj8KQAAA4zUSxYJanHWoSrZSuH/311U2pQAA
GmXFqgj02RFKrSclVt8Idm0AaKQPO3QxPRwwrNAnbp59OT7Sk+SsaUUePwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFeutKwB8E03bcrrCEo5Id4SXm6MB8GA1UdIwQY
MBaAFKNnm/TGJ9hf7izhOlPESFG53wVjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjct
NTU2NzI2MzRjYmMxLzEvb1Y2NjByQUh3VFRkdHl1c0lTamtoM2hKZWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjctNTU2NzI2MzRjYmMx
LzEvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVicMA0G
CSqGSIb3DQEBCwUAA4IBAQCvDjRnei503hTsyDb21H/M+oB9mXo8kqOS/aEXNSbG
LB020sDBDs+fBPWhpuSD5t51qIT0Sr8E1OSwe8pdy4MqLFdggBkMDt9QzRSNev9h
wsbYtJw++Pd8cjo+LEbJIyDw5onlWOeiRg6JNUWNCZ+ntLggiLAjCJ1N2g1z50g+
Mo2O6gKCY/OhF61H16HI59rWAa4M+f5IomDEzkhfuvssD+BujH+6GFLql/iUljMe
9gl6p86VZfg1Us6blFUTJcGU0YY2WTJL4ySlnLrGW4od5sH3R/txQyJpQW33U64A
NwUeYNVhwGVv6/F08mvwUoW5g6UxQFU44gnH63kugPNW
-----END CERTIFICATE-----