Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/1-D-mb5u_zDNGIVYpjcyK5BEEaLI.roa
File:                     1-D-mb5u_zDNGIVYpjcyK5BEEaLI.roa (raw, json)
Hash identifier:          N++DCZISS/VXLo+Ia9VwcmlvYDKzp5hYnBl8QhJjtgw=
Subject key identifier:   F8:3F:A6:6F:9B:BF:CC:33:46:21:56:29:8D:CC:8A:E4:11:04:68:B2
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       018E5505C48DE85DB4AC5EB7DBE3050F8805
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/1-D-mb5u_zDNGIVYpjcyK5BEEaLI.roa
Signing time:             Tue 19 Mar 2024 04:43:45 +0000
ROA not before:           Tue 19 Mar 2024 04:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58026
IP address blocks:        104.167.18.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:55:05:c4:8d:e8:5d:b4:ac:5e:b7:db:e3:05:0f:88:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Mar 19 04:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f83fa66f9bbfcc33462156298dcc8ae4110468b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:da:71:45:37:9d:47:aa:b1:7c:9b:2f:78:0c:
                    96:75:c0:9a:3c:3e:83:3a:c8:d5:62:ff:8c:d9:ac:
                    07:8a:b0:03:07:da:ab:70:84:df:70:f0:1f:df:1d:
                    31:f2:d6:7f:71:7d:08:74:f1:7a:88:eb:b3:12:b8:
                    d5:91:24:68:ad:d1:21:19:40:76:45:34:40:b2:02:
                    ed:9e:bd:a4:34:13:16:73:5f:99:fe:42:81:25:90:
                    92:76:29:f6:62:b0:b5:73:d5:c6:0a:6b:6a:84:8b:
                    42:67:b0:0f:b2:62:4b:e1:95:31:a8:dc:a2:dd:f6:
                    c1:b4:56:c1:39:01:5f:23:c1:0d:ad:f9:71:f9:aa:
                    a2:89:08:aa:2f:6e:b9:92:7d:60:ff:b5:88:29:0d:
                    e9:cd:7e:6d:e0:e6:93:62:59:3e:96:f2:55:28:b1:
                    49:1b:e0:e1:92:35:50:78:a2:33:00:08:13:71:4e:
                    f1:a1:f2:29:f0:79:03:62:e8:3c:4d:71:56:d6:2e:
                    e4:e4:a5:5b:ac:2f:57:b8:21:d8:68:2f:bf:e0:e4:
                    f1:08:c1:6f:6a:ad:25:fb:49:47:7b:f7:21:60:03:
                    64:dd:3c:81:3d:cd:e4:71:f7:86:e2:66:e5:ff:34:
                    2d:6f:73:6e:e0:b8:b2:fc:50:d2:71:8c:40:91:ce:
                    6e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3F:A6:6F:9B:BF:CC:33:46:21:56:29:8D:CC:8A:E4:11:04:68:B2
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/1-D-mb5u_zDNGIVYpjcyK5BEEaLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:23:e4:c8:00:8e:16:a9:a6:10:a5:73:ab:9e:f3:19:88:ff:
         a4:64:3d:b9:ee:63:e1:c6:8f:26:40:eb:bd:17:d8:8d:6d:f9:
         90:08:1c:5b:4c:1d:87:fc:96:06:2f:04:14:1c:25:57:5c:4d:
         4d:7f:d3:d9:28:20:6c:56:33:19:8d:97:7e:c0:22:76:de:76:
         d3:88:ce:47:47:4c:74:d3:22:79:a9:69:27:61:37:ba:f4:1e:
         b5:76:2f:8f:bc:be:3d:c3:1b:44:f8:57:c7:4d:6a:6e:4f:2e:
         84:8c:a7:f9:b4:be:aa:e4:d9:e0:7f:84:e0:d0:e9:07:e3:fb:
         c1:c3:02:55:2d:a9:39:47:aa:73:38:d5:e7:fe:aa:31:ca:af:
         7a:f7:a7:b5:72:13:1b:f3:e6:ee:d6:27:f8:78:26:4b:a8:1b:
         d6:fc:f4:53:f3:b5:cb:88:f8:81:86:fe:e6:96:20:97:c6:45:
         1d:82:67:68:ff:13:c0:e7:db:93:02:37:59:0d:87:61:31:52:
         5a:15:82:a1:d7:43:34:bb:5d:f2:dc:cc:89:3c:f6:b1:79:45:
         63:46:80:26:09:b9:fb:94:dc:ef:f4:33:a1:b4:51:cf:fe:d6:
         94:16:95:4d:37:48:1d:e7:38:dc:01:66:19:7a:a8:de:e7:0c:
         22:dd:89:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5VBcSN6F20rF632+MFD4gFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjQwMzE5MDQ0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODNmYTY2ZjliYmZjYzMzNDYyMTU2Mjk4ZGNjOGFlNDExMDQ2OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdpxRTedR6qxfJsveAyWdcCaPD6D
OsjVYv+M2awHirADB9qrcITfcPAf3x0x8tZ/cX0IdPF6iOuzErjVkSRordEhGUB2
RTRAsgLtnr2kNBMWc1+Z/kKBJZCSdin2YrC1c9XGCmtqhItCZ7APsmJL4ZUxqNyi
3fbBtFbBOQFfI8ENrflx+aqiiQiqL265kn1g/7WIKQ3pzX5t4OaTYlk+lvJVKLFJ
G+DhkjVQeKIzAAgTcU7xofIp8HkDYug8TXFW1i7k5KVbrC9XuCHYaC+/4OTxCMFv
aq0l+0lHe/chYANk3TyBPc3kcfeG4mbl/zQtb3Nu4Liy/FDScYxAkc5uQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg/pm+bv8wzRiFWKY3MiuQRBGiyMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvMS1ELW1iNXVfekROR0lWWXBqY3lLNUJFRWFMSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODgvYWJlMTZiLTkyY2MtNDhlMy1iNWI5LTg2YTJmMDY3YjRl
OC8xL3RBVE1EZ09Pc09hWDdHNTY1SjBDaGhSdURCby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAWinEjAN
BgkqhkiG9w0BAQsFAAOCAQEACyPkyACOFqmmEKVzq57zGYj/pGQ9ue5j4caPJkDr
vRfYjW35kAgcW0wdh/yWBi8EFBwlV1xNTX/T2SggbFYzGY2XfsAidt5204jOR0dM
dNMiealpJ2E3uvQetXYvj7y+PcMbRPhXx01qbk8uhIyn+bS+quTZ4H+E4NDpB+P7
wcMCVS2pOUeqczjV5/6qMcqveventXITG/Pm7tYn+HgmS6gb1vz0U/O1y4j4gYb+
5pYgl8ZFHYJnaP8TwOfbkwI3WQ2HYTFSWhWCoddDNLtd8tzMiTz2sXlFY0aAJgm5
+5Tc7/QzobRRz/7WlBaVTTdIHec43AFmGXqo3ucMIt2J8Q==
-----END CERTIFICATE-----