Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/1tDKNKLegnS7HfxTgmMp_-Unfrw.roa
File:                     1tDKNKLegnS7HfxTgmMp_-Unfrw.roa (raw, json)
Hash identifier:          uGdHrSBjfxX/CT87Ww76VmIASZxYeUSG1IdO00oSUiQ=
Subject key identifier:   D6:D0:CA:34:A2:DE:82:74:BB:1D:FC:53:82:63:29:FF:E5:27:7E:BC
Certificate issuer:       /CN=a561ccb03741056715a6be4805321662d88e7e7c
Certificate serial:       018CC42547507DF93B6B300C9F1BFFA4092C
Authority key identifier: A5:61:CC:B0:37:41:05:67:15:A6:BE:48:05:32:16:62:D8:8E:7E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/1tDKNKLegnS7HfxTgmMp_-Unfrw.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203184
IP address blocks:        185.142.150.0/24 maxlen: 24
                          185.142.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:47:50:7d:f9:3b:6b:30:0c:9f:1b:ff:a4:09:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a561ccb03741056715a6be4805321662d88e7e7c
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d0ca34a2de8274bb1dfc53826329ffe5277ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e4:7d:fd:3f:6e:25:5b:8d:78:89:aa:c4:b4:
                    67:73:61:79:78:9f:5d:83:30:e5:cb:a8:3c:fb:86:
                    63:f0:c6:29:0d:35:eb:bb:48:67:0f:d0:a5:c9:66:
                    9f:ba:9b:cf:93:32:f0:e0:f7:e0:da:3a:fe:5e:d9:
                    5b:ac:e1:36:ac:87:fa:bc:06:16:a3:61:08:dc:05:
                    db:fa:57:85:04:f1:32:41:1c:0c:12:14:d7:bf:d0:
                    30:99:7b:eb:e0:75:b4:b5:e4:24:ae:69:e8:cb:75:
                    2d:5a:14:ac:c8:68:1a:1e:79:b7:68:57:20:5e:4b:
                    ab:fc:2d:30:2d:c1:76:3f:2d:d1:b5:1e:fd:6b:ed:
                    c2:a8:6d:ee:5e:7b:ae:db:75:06:be:17:ef:d9:6e:
                    92:e5:ca:56:07:83:fc:0b:64:01:3d:e4:0d:89:16:
                    94:b6:95:90:f5:4d:ad:16:85:c0:a4:fd:31:ba:a0:
                    4e:84:ca:04:32:d8:11:85:13:67:6a:5f:e4:c8:98:
                    6c:fb:71:79:30:d0:68:27:06:36:30:bc:b8:5b:b6:
                    76:01:19:0c:fd:57:c0:c1:23:58:6c:30:6d:32:82:
                    2d:7c:9b:25:8a:5c:27:72:1c:bd:d5:88:ab:0f:ce:
                    75:1a:31:0e:f1:23:d1:ff:45:d9:6d:ec:15:16:b6:
                    81:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D0:CA:34:A2:DE:82:74:BB:1D:FC:53:82:63:29:FF:E5:27:7E:BC
            X509v3 Authority Key Identifier:
                keyid:A5:61:CC:B0:37:41:05:67:15:A6:BE:48:05:32:16:62:D8:8E:7E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/1tDKNKLegnS7HfxTgmMp_-Unfrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:5b:be:a7:57:c8:59:b4:0a:63:a7:2c:d2:2f:5e:b8:73:c7:
         00:2d:7e:3e:37:4f:02:50:be:3a:c2:4e:ae:f3:0f:53:22:b1:
         55:b7:35:10:4c:df:bd:21:fa:7b:00:f8:ae:24:50:b7:20:6b:
         e8:31:92:ad:6d:51:2f:9c:00:51:f2:58:cb:06:92:68:bf:d3:
         0c:a6:29:4b:6b:6a:1e:7e:38:d8:40:67:57:93:70:9d:8d:d1:
         bd:1a:27:16:ea:4c:7a:26:2b:f9:53:f7:d8:3e:b7:0f:4a:1d:
         41:e5:64:54:54:b4:8e:b5:af:7c:e6:9f:08:84:9f:50:b4:db:
         b3:1a:36:af:8b:0e:6d:23:53:43:b6:8f:4c:e2:d4:65:1c:08:
         32:00:a3:99:29:bb:da:ef:96:96:f3:95:fd:bd:2d:8d:76:d8:
         13:ef:8a:fd:f2:b5:a4:e1:7c:79:64:39:ca:1e:6e:c7:46:0a:
         1e:dd:bf:83:37:0c:a5:8b:69:4f:08:37:44:19:83:b2:74:e9:
         14:62:d7:7b:64:77:3f:2b:91:d8:46:cb:b1:cb:8f:38:b5:36:
         b6:08:36:21:67:d8:56:de:0e:d6:be:19:2e:54:90:f3:c7:01:
         a3:2a:3e:d0:49:c6:6a:6e:51:8c:91:29:93:0e:5c:45:da:f8:
         b0:dd:f5:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUdQffk7azAMnxv/pAksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjFjY2IwMzc0MTA1NjcxNWE2YmU0ODA1MzIxNjYyZDg4
ZTdlN2MwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQwY2EzNGEyZGU4Mjc0YmIxZGZjNTM4MjYzMjlmZmU1Mjc3ZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuR9/T9uJVuNeImqxLRnc2F5eJ9d
gzDly6g8+4Zj8MYpDTXru0hnD9ClyWafupvPkzLw4Pfg2jr+XtlbrOE2rIf6vAYW
o2EI3AXb+leFBPEyQRwMEhTXv9AwmXvr4HW0teQkrmnoy3UtWhSsyGgaHnm3aFcg
Xkur/C0wLcF2Py3RtR79a+3CqG3uXnuu23UGvhfv2W6S5cpWB4P8C2QBPeQNiRaU
tpWQ9U2tFoXApP0xuqBOhMoEMtgRhRNnal/kyJhs+3F5MNBoJwY2MLy4W7Z2ARkM
/VfAwSNYbDBtMoItfJslilwnchy91YirD851GjEO8SPR/0XZbewVFraBVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbQyjSi3oJ0ux38U4JjKf/lJ368MB8GA1UdIwQY
MBaAFKVhzLA3QQVnFaa+SAUyFmLYjn58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdITXNEZEJCV2NWcHI1SUJUSVdZdGlPZm53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YmM3ZmEtMDQ2Mi00Y2Y2LTkxODkt
YWU0ZTY5ODY2NGYxLzEvMXRES05LTGVnblM3SGZ4VGdtTXBfLVVuZnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80YmM3ZmEtMDQ2Mi00Y2Y2LTkxODktYWU0ZTY5ODY2NGYx
LzEvcFdITXNEZEJCV2NWcHI1SUJUSVdZdGlPZm53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuY6WMA0G
CSqGSIb3DQEBCwUAA4IBAQBSW76nV8hZtApjpyzSL164c8cALX4+N08CUL46wk6u
8w9TIrFVtzUQTN+9Ifp7APiuJFC3IGvoMZKtbVEvnABR8ljLBpJov9MMpilLa2oe
fjjYQGdXk3CdjdG9GicW6kx6Jiv5U/fYPrcPSh1B5WRUVLSOta985p8IhJ9QtNuz
Gjaviw5tI1NDto9M4tRlHAgyAKOZKbva75aW85X9vS2NdtgT74r98rWk4Xx5ZDnK
Hm7HRgoe3b+DNwyli2lPCDdEGYOydOkUYtd7ZHc/K5HYRsuxy484tTa2CDYhZ9hW
3g7WvhkuVJDzxwGjKj7QScZqblGMkSmTDlxF2viw3fUS
-----END CERTIFICATE-----