Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/OM2PftldEmRx3oq0WnpX1_KJbyU.roa
File:                     OM2PftldEmRx3oq0WnpX1_KJbyU.roa (raw, json)
Hash identifier:          1xVBDU5wFM+BK2O09aPn9SHecodxlEgCxOYL6yruc7w=
Subject key identifier:   38:CD:8F:7E:D9:5D:12:64:71:DE:8A:B4:5A:7A:57:D7:F2:89:6F:25
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA075A53ECC71385A924D12F1F04A
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/OM2PftldEmRx3oq0WnpX1_KJbyU.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200064
IP address blocks:        185.111.186.0/24 maxlen: 24
                          185.111.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a0:75:a5:3e:cc:71:38:5a:92:4d:12:f1:f0:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38cd8f7ed95d126471de8ab45a7a57d7f2896f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:52:53:08:8d:5a:d0:76:32:8b:b7:70:79:a9:
                    ab:99:bc:16:a7:b3:18:74:96:d3:1b:61:2b:ea:fd:
                    3d:0e:32:40:88:f4:96:a3:32:e6:c4:77:5f:9b:bc:
                    07:74:b2:f3:65:de:d5:23:21:ea:be:d0:de:03:fe:
                    ff:a6:62:ce:cd:44:91:3d:74:ac:ae:d2:ce:5a:19:
                    9c:74:2a:cd:e9:40:5d:a8:7f:01:0f:6c:f0:b6:c8:
                    87:99:1c:56:38:60:36:cf:f6:75:c7:91:86:4d:73:
                    49:49:2d:44:7e:29:30:38:10:37:69:3b:f4:11:b6:
                    99:2c:99:40:c6:76:d6:47:96:04:39:be:ab:8d:44:
                    18:9f:4d:00:5b:f7:b9:51:5d:dc:46:09:5d:8b:74:
                    70:44:a9:e5:d4:f3:3f:d1:47:9c:45:0a:4c:25:b9:
                    27:71:f3:63:51:fe:7b:41:e7:a2:5b:13:19:31:0f:
                    62:61:c0:07:1b:7b:ec:01:57:ef:7e:29:3e:60:27:
                    bf:71:d1:92:7d:b3:db:95:7b:39:0e:98:1d:f0:2c:
                    63:c3:c7:19:95:a9:27:cb:63:c3:1a:32:ec:8f:dd:
                    48:74:78:21:7a:43:19:37:fd:5f:b5:fc:c8:10:d3:
                    cc:a1:4d:33:64:85:42:7f:77:a0:cf:a1:02:9b:1c:
                    56:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CD:8F:7E:D9:5D:12:64:71:DE:8A:B4:5A:7A:57:D7:F2:89:6F:25
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/OM2PftldEmRx3oq0WnpX1_KJbyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:12:11:d7:33:5d:04:82:f4:13:e1:45:1d:9d:c5:45:51:9a:
         74:34:68:6e:a8:4c:df:53:83:e5:bb:89:e1:ec:c3:45:74:6b:
         10:e8:5c:e6:6f:d6:c5:85:8b:8f:46:b6:41:a6:6b:72:1e:85:
         f2:ae:25:cc:7b:fa:9c:9b:5d:a3:42:14:28:89:0d:f1:b4:fc:
         1d:7a:09:82:ad:f3:03:44:d7:9f:12:28:40:c9:79:97:d0:3d:
         18:f4:b6:69:3d:ae:e4:71:6e:b2:33:d0:bd:b6:7f:7a:72:06:
         a0:6e:72:3c:5b:ba:e6:f3:62:76:9c:07:29:6b:7f:1e:f4:0b:
         31:a7:fb:85:8a:2c:11:e3:02:9c:77:ef:14:67:b1:e3:d1:23:
         18:ff:0c:e8:09:cc:15:b4:7c:38:83:09:65:fc:0c:7d:c1:48:
         5c:d7:8f:b7:9e:a9:6d:1a:39:4e:59:d5:4b:aa:d6:04:fa:e2:
         01:59:60:5b:27:85:a9:9d:8e:ae:33:f5:7d:4a:d3:6d:5a:76:
         21:de:ec:36:09:fd:c5:e8:3a:dd:e4:4c:ed:15:3b:d0:6d:e0:
         41:88:1d:1c:7c:4f:17:ea:e2:ec:12:8e:c5:0e:62:0b:b5:71:
         e4:0a:18:05:6f:d8:75:4a:cb:42:8c:1e:01:9b:71:66:ec:eb:
         58:8b:06:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKB1pT7McThakk0S8fBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNkOGY3ZWQ5NWQxMjY0NzFkZThhYjQ1YTdhNTdkN2YyODk2ZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5lJTCI1a0HYyi7dweamrmbwWp7MY
dJbTG2Er6v09DjJAiPSWozLmxHdfm7wHdLLzZd7VIyHqvtDeA/7/pmLOzUSRPXSs
rtLOWhmcdCrN6UBdqH8BD2zwtsiHmRxWOGA2z/Z1x5GGTXNJSS1EfikwOBA3aTv0
EbaZLJlAxnbWR5YEOb6rjUQYn00AW/e5UV3cRgldi3RwRKnl1PM/0UecRQpMJbkn
cfNjUf57QeeiWxMZMQ9iYcAHG3vsAVfvfik+YCe/cdGSfbPblXs5Dpgd8Cxjw8cZ
lakny2PDGjLsj91IdHghekMZN/1ftfzIENPMoU0zZIVCf3egz6ECmxxW8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjNj37ZXRJkcd6KtFp6V9fyiW8lMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvT00yUGZ0bGRFbVJ4M29xMFducFgxX0tKYnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW+6MA0G
CSqGSIb3DQEBCwUAA4IBAQA/EhHXM10EgvQT4UUdncVFUZp0NGhuqEzfU4Plu4nh
7MNFdGsQ6Fzmb9bFhYuPRrZBpmtyHoXyriXMe/qcm12jQhQoiQ3xtPwdegmCrfMD
RNefEihAyXmX0D0Y9LZpPa7kcW6yM9C9tn96cgagbnI8W7rm82J2nAcpa38e9Asx
p/uFiiwR4wKcd+8UZ7Hj0SMY/wzoCcwVtHw4gwll/Ax9wUhc14+3nqltGjlOWdVL
qtYE+uIBWWBbJ4WpnY6uM/V9StNtWnYh3uw2Cf3F6Drd5EztFTvQbeBBiB0cfE8X
6uLsEo7FDmILtXHkChgFb9h1SstCjB4Bm3Fm7OtYiwZy
-----END CERTIFICATE-----