Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/1-9WjWG3T8YEI-zd3tFV0uoA2duU.roa
File:                     1-9WjWG3T8YEI-zd3tFV0uoA2duU.roa (raw, json)
Hash identifier:          zw68VS06UTsXwmXaMfWoRhs9nAeQktrVXNF2uJDd2bE=
Subject key identifier:   FB:D5:A3:58:6D:D3:F1:81:08:FB:37:77:B4:55:74:BA:80:36:76:E5
Certificate issuer:       /CN=00d0a95be0e601109cb19884268ba2204455c790
Certificate serial:       018CC86F1C6897FE4D362B02AB9FFEB6BBAA
Authority key identifier: 00:D0:A9:5B:E0:E6:01:10:9C:B1:98:84:26:8B:A2:20:44:55:C7:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ANCpW-DmARCcsZiEJouiIERVx5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/1-9WjWG3T8YEI-zd3tFV0uoA2duU.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202363
IP address blocks:        185.255.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/ANCpW-DmARCcsZiEJouiIERVx5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/ANCpW-DmARCcsZiEJouiIERVx5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ANCpW-DmARCcsZiEJouiIERVx5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1c:68:97:fe:4d:36:2b:02:ab:9f:fe:b6:bb:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00d0a95be0e601109cb19884268ba2204455c790
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbd5a3586dd3f18108fb3777b45574ba803676e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0a:b5:6f:d5:a9:87:17:1d:44:0f:dc:91:2d:
                    a4:96:a5:2b:8a:59:ce:77:7d:46:0d:b1:ec:d3:fd:
                    c1:ad:4b:cf:ef:bd:e2:69:5e:e5:e8:bb:d9:70:36:
                    48:7f:a0:b2:7d:79:83:ad:fe:c8:ad:9d:6d:b8:ae:
                    46:d5:4c:75:b4:4a:b5:55:a3:15:a4:ed:99:5b:21:
                    27:71:75:b9:6a:52:ec:d8:a9:86:6e:40:e5:1d:93:
                    0f:ea:b1:89:f5:3e:6f:4b:3e:e6:31:6c:82:d4:a5:
                    42:d6:3f:17:6c:cc:ae:51:d6:de:23:cf:bd:fc:9a:
                    e5:a8:3e:b3:0c:a4:86:ff:c4:89:e9:5e:c8:10:78:
                    53:47:0a:34:ec:48:f6:dd:22:43:fa:9d:0b:64:10:
                    05:c6:c3:32:ca:5e:9c:2d:6a:2b:da:2b:40:4f:73:
                    5f:fe:f8:3f:7d:61:75:11:27:b2:56:53:bf:d0:70:
                    53:32:62:83:3b:9b:ea:4e:5d:32:a7:1e:11:b1:66:
                    1f:1f:22:9b:39:f4:29:b6:8c:b4:31:d8:57:6d:4a:
                    4b:88:c6:d2:4b:e5:1d:9d:8f:c6:0c:37:75:fb:c2:
                    a9:6e:46:5c:34:57:a2:7a:f6:f7:45:59:0f:6f:85:
                    da:ba:00:e1:c8:cf:b7:96:9c:7c:04:5a:f3:bd:54:
                    d2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D5:A3:58:6D:D3:F1:81:08:FB:37:77:B4:55:74:BA:80:36:76:E5
            X509v3 Authority Key Identifier:
                keyid:00:D0:A9:5B:E0:E6:01:10:9C:B1:98:84:26:8B:A2:20:44:55:C7:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ANCpW-DmARCcsZiEJouiIERVx5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/1-9WjWG3T8YEI-zd3tFV0uoA2duU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2e5a34-5ae3-4cbe-9090-d1fd4da2d5cb/1/ANCpW-DmARCcsZiEJouiIERVx5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:93:d3:4f:d3:56:2b:93:63:19:40:36:ec:cb:44:c8:d9:81:
         47:63:de:88:49:45:25:b5:b5:f1:c6:67:a2:69:74:d1:8a:4b:
         22:1d:5d:c3:a4:8e:7b:c5:04:e6:10:b5:cc:8a:53:e2:d5:77:
         54:24:1c:dd:47:52:2a:56:5f:ab:2b:f6:92:a6:df:10:3e:58:
         80:2d:c8:8f:8b:10:b2:b8:da:b6:89:f5:a4:5b:3f:cd:fb:88:
         9c:16:34:5e:4d:33:8b:7b:2e:2c:e6:d3:af:73:88:e5:1a:38:
         3b:50:f6:ef:12:85:f4:53:70:31:35:3d:7b:a2:d8:16:1e:0a:
         d8:4f:4c:63:d8:ba:2c:8d:f6:ee:a9:f0:be:2e:f7:70:75:32:
         b2:e5:04:bc:cd:be:a9:63:42:1a:7b:ce:b5:fc:cf:03:09:5a:
         af:33:cd:6e:3c:ad:58:ef:e2:a6:00:7e:d6:e9:8f:5e:98:38:
         df:d3:f4:7e:9b:c7:59:2e:c5:f9:1c:db:91:74:c5:bd:1f:e5:
         fe:e1:d5:bf:e7:b1:99:34:62:4c:a8:31:9c:80:66:ab:bb:73:
         45:88:1a:25:b5:af:bc:fa:f5:07:54:2f:c9:d2:72:1e:60:92:
         22:dd:a1:dd:90:be:a1:9f:d7:37:4a:e6:a9:35:4b:ef:7c:27:
         75:d1:60:a8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIbxxol/5NNisCq5/+truqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZDBhOTViZTBlNjAxMTA5Y2IxOTg4NDI2OGJhMjIwNDQ1
NWM3OTAwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ1YTM1ODZkZDNmMTgxMDhmYjM3NzdiNDU1NzRiYTgwMzY3NmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgq1b9WphxcdRA/ckS2klqUrilnO
d31GDbHs0/3BrUvP773iaV7l6LvZcDZIf6CyfXmDrf7IrZ1tuK5G1Ux1tEq1VaMV
pO2ZWyEncXW5alLs2KmGbkDlHZMP6rGJ9T5vSz7mMWyC1KVC1j8XbMyuUdbeI8+9
/JrlqD6zDKSG/8SJ6V7IEHhTRwo07Ej23SJD+p0LZBAFxsMyyl6cLWor2itAT3Nf
/vg/fWF1ESeyVlO/0HBTMmKDO5vqTl0ypx4RsWYfHyKbOfQptoy0MdhXbUpLiMbS
S+UdnY/GDDd1+8KpbkZcNFeievb3RVkPb4XaugDhyM+3lpx8BFrzvVTS4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvVo1ht0/GBCPs3d7RVdLqANnblMB8GA1UdIwQY
MBaAFADQqVvg5gEQnLGYhCaLoiBEVceQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU5DcFctRG1BUkNjc1ppRUpvdWlJRVJWeDVBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yZTVhMzQtNWFlMy00Y2JlLTkwOTAt
ZDFmZDRkYTJkNWNiLzEvMS05V2pXRzNUOFlFSS16ZDN0RlYwdW9BMmR1VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTMvMmU1YTM0LTVhZTMtNGNiZS05MDkwLWQxZmQ0ZGEyZDVj
Yi8xL0FOQ3BXLURtQVJDY3NaaUVKb3VpSUVSVng1QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArn/oDAN
BgkqhkiG9w0BAQsFAAOCAQEARJPTT9NWK5NjGUA27MtEyNmBR2PeiElFJbW18cZn
oml00YpLIh1dw6SOe8UE5hC1zIpT4tV3VCQc3UdSKlZfqyv2kqbfED5YgC3Ij4sQ
srjaton1pFs/zfuInBY0Xk0zi3suLObTr3OI5Ro4O1D27xKF9FNwMTU9e6LYFh4K
2E9MY9i6LI327qnwvi73cHUysuUEvM2+qWNCGnvOtfzPAwlarzPNbjytWO/ipgB+
1umPXpg439P0fpvHWS7F+RzbkXTFvR/l/uHVv+exmTRiTKgxnIBmq7tzRYgaJbWv
vPr1B1QvydJyHmCSIt2h3ZC+oZ/XN0rmqTVL73wnddFgqA==
-----END CERTIFICATE-----