Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/9mUCIqeL32TmAELdyDNXWCcuf00.roa
File:                     9mUCIqeL32TmAELdyDNXWCcuf00.roa (raw, json)
Hash identifier:          mEdy+aXneYt45ptTXhvQaS6kuHt9W7Wjjp1M79CxYzs=
Subject key identifier:   F6:65:02:22:A7:8B:DF:64:E6:00:42:DD:C8:33:57:58:27:2E:7F:4D
Certificate issuer:       /CN=e2636e02f1554f70d971a656849c01bdff138ce8
Certificate serial:       018F799519B17BF216DD3C06F5DDFA70B90F
Authority key identifier: E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/9mUCIqeL32TmAELdyDNXWCcuf00.roa
Signing time:             Wed 15 May 2024 00:09:25 +0000
ROA not before:           Wed 15 May 2024 00:09:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199912
IP address blocks:        185.171.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:79:95:19:b1:7b:f2:16:dd:3c:06:f5:dd:fa:70:b9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2636e02f1554f70d971a656849c01bdff138ce8
        Validity
            Not Before: May 15 00:09:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6650222a78bdf64e60042ddc8335758272e7f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2e:93:c4:c6:1f:7b:b2:e7:4e:01:f9:b4:b2:
                    c6:4a:cf:d7:c6:93:14:c1:d4:cd:c8:f9:28:5a:76:
                    f7:3e:51:27:9a:ca:f4:80:ec:3c:ff:c5:8b:57:9b:
                    b4:05:8b:93:99:1d:75:00:c0:89:d9:f0:5f:a6:1e:
                    85:38:fb:dc:76:4a:35:e3:a7:73:c7:8b:8b:be:c0:
                    7f:23:72:8e:67:74:7c:46:72:48:f6:83:89:bb:63:
                    01:5e:c1:75:10:ab:1b:e6:cc:4e:00:95:e5:0f:a2:
                    af:9c:e3:9a:ba:c1:b6:4f:20:fc:da:ce:04:cc:8e:
                    c2:28:34:e9:bb:d0:19:8f:5e:c6:77:d9:fd:47:ac:
                    02:be:36:d0:09:ee:1d:a0:f3:9d:1f:6a:ed:29:4b:
                    44:34:71:2b:27:ac:b4:8a:ee:a6:84:e1:bc:99:63:
                    14:a2:04:4b:c7:8d:4c:e3:66:21:a3:ef:7f:2a:32:
                    e1:8e:dd:e0:3f:fa:c7:be:f7:13:ee:11:1e:23:be:
                    2f:a3:f1:c5:dc:1a:5d:88:8a:d6:a8:7d:ee:1d:d1:
                    af:ab:0c:32:06:68:83:41:1f:0d:c0:63:d7:1b:91:
                    01:cc:a7:fa:07:f5:5c:c4:5f:6c:b1:0d:1e:8c:0f:
                    c6:92:22:01:28:4c:76:ab:10:d1:de:95:40:ba:1f:
                    c5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:65:02:22:A7:8B:DF:64:E6:00:42:DD:C8:33:57:58:27:2E:7F:4D
            X509v3 Authority Key Identifier:
                keyid:E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/9mUCIqeL32TmAELdyDNXWCcuf00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:08:85:a3:02:07:1b:22:53:3d:be:b8:11:36:26:21:e8:cf:
         af:51:af:c9:6a:a2:1c:76:61:66:f2:63:2f:12:2d:44:a4:5d:
         61:db:4f:1f:5d:8c:b6:80:fb:ae:36:02:cc:30:c9:1c:b9:45:
         4e:aa:6f:1f:03:e6:db:69:aa:e0:7f:55:73:05:b6:ec:9f:be:
         6d:4d:7c:87:9b:fd:f5:a0:61:03:94:2f:5c:90:76:e2:bd:0f:
         9d:20:dd:e3:f5:13:d7:5f:1a:45:58:57:56:96:8e:e7:a1:fe:
         23:1b:0c:fb:0b:d9:65:72:23:2f:23:9d:63:0b:df:56:62:da:
         ff:30:25:64:e4:d6:35:82:ad:af:be:ad:08:0d:d3:82:ca:90:
         9f:e2:9b:ec:93:03:a1:d8:d6:a1:50:53:30:c4:e6:7d:af:3d:
         27:39:9e:f5:53:45:7c:08:ab:ed:bb:bb:2c:f7:5b:b2:71:24:
         8f:06:47:80:fe:d5:9b:4f:46:c2:0c:43:e0:b2:3a:17:02:99:
         49:68:3c:a0:25:a0:ae:f0:bb:ee:ec:ee:9a:e3:f6:61:c6:c0:
         1b:dc:ce:91:ab:0f:b0:01:13:de:3b:e5:35:23:68:28:de:b6:
         dc:a4:4a:67:c1:fe:80:4e:f3:cf:ce:4c:21:2e:b1:f3:58:62:
         e4:e6:6f:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY95lRmxe/IW3TwG9d36cLkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjM2ZTAyZjE1NTRmNzBkOTcxYTY1Njg0OWMwMWJkZmYx
MzhjZTgwHhcNMjQwNTE1MDAwOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjY1MDIyMmE3OGJkZjY0ZTYwMDQyZGRjODMzNTc1ODI3MmU3ZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC6TxMYfe7LnTgH5tLLGSs/XxpMU
wdTNyPkoWnb3PlEnmsr0gOw8/8WLV5u0BYuTmR11AMCJ2fBfph6FOPvcdko146dz
x4uLvsB/I3KOZ3R8RnJI9oOJu2MBXsF1EKsb5sxOAJXlD6KvnOOausG2TyD82s4E
zI7CKDTpu9AZj17Gd9n9R6wCvjbQCe4doPOdH2rtKUtENHErJ6y0iu6mhOG8mWMU
ogRLx41M42Yho+9/KjLhjt3gP/rHvvcT7hEeI74vo/HF3BpdiIrWqH3uHdGvqwwy
BmiDQR8NwGPXG5EBzKf6B/VcxF9ssQ0ejA/GkiIBKEx2qxDR3pVAuh/FgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZlAiKni99k5gBC3cgzV1gnLn9NMB8GA1UdIwQY
MBaAFOJjbgLxVU9w2XGmVoScAb3/E4zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQt
MTJmOWY3MzNkYzRmLzEvOW1VQ0lxZUwzMlRtQUVMZHlETlhXQ2N1ZjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQtMTJmOWY3MzNkYzRm
LzEvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaugMA0G
CSqGSIb3DQEBCwUAA4IBAQCECIWjAgcbIlM9vrgRNiYh6M+vUa/JaqIcdmFm8mMv
Ei1EpF1h208fXYy2gPuuNgLMMMkcuUVOqm8fA+bbaargf1VzBbbsn75tTXyHm/31
oGEDlC9ckHbivQ+dIN3j9RPXXxpFWFdWlo7nof4jGwz7C9llciMvI51jC99WYtr/
MCVk5NY1gq2vvq0IDdOCypCf4pvskwOh2NahUFMwxOZ9rz0nOZ71U0V8CKvtu7ss
91uycSSPBkeA/tWbT0bCDEPgsjoXAplJaDygJaCu8Lvu7O6a4/ZhxsAb3M6Rqw+w
ARPeO+U1I2go3rbcpEpnwf6ATvPPzkwhLrHzWGLk5m9u
-----END CERTIFICATE-----