Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/hMgrGlhLILq6xHXR7JVWLOXL9SM.roa
File:                     hMgrGlhLILq6xHXR7JVWLOXL9SM.roa (raw, json)
Hash identifier:          5qbTTqaAgM7vwvJEHdjX+Vr0VXQvWbzJ8/7OC0XG4xc=
Subject key identifier:   84:C8:2B:1A:58:4B:20:BA:BA:C4:75:D1:EC:95:56:2C:E5:CB:F5:23
Certificate issuer:       /CN=cef38f48568833a5f7157eef59787833a01f53f5
Certificate serial:       018CC2DB1A6AAA007CF69179CEEFC85A8643
Authority key identifier: CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/hMgrGlhLILq6xHXR7JVWLOXL9SM.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200428
IP address blocks:        185.92.60.0/22 maxlen: 22
                          2a05:ef40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:6a:aa:00:7c:f6:91:79:ce:ef:c8:5a:86:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cef38f48568833a5f7157eef59787833a01f53f5
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c82b1a584b20babac475d1ec95562ce5cbf523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:26:86:2f:d5:83:60:23:d8:6e:36:a2:f5:05:
                    33:fb:3a:af:c3:39:7d:8c:2d:99:9c:4c:31:47:ef:
                    f6:ba:56:ed:f8:59:d3:8e:99:30:4e:ab:9f:dd:4e:
                    a0:b5:66:b6:98:0a:3a:b0:06:d8:d8:b8:42:c3:4b:
                    c7:2a:2e:af:d1:6e:55:af:63:59:7a:3d:09:9b:f3:
                    c7:1c:75:8f:1c:67:8c:82:11:ac:5c:f4:2a:cd:cd:
                    1e:77:18:11:19:09:4e:a3:55:c6:c7:14:08:8e:79:
                    d3:3f:61:32:39:d6:a1:1d:16:c7:8a:0c:36:96:07:
                    a0:72:8c:66:bd:21:ca:41:26:a5:f0:fd:74:cf:c7:
                    db:20:e2:69:88:b8:8b:45:a3:4d:bb:de:7d:bd:f5:
                    a5:f8:1c:97:0b:72:90:77:a9:65:17:30:10:55:e7:
                    83:f6:2d:44:3a:e8:98:8c:14:89:99:4a:1b:06:5a:
                    23:dd:a9:bc:6e:0a:73:53:1d:4f:b8:e8:39:81:38:
                    91:df:ea:2a:22:4d:c0:98:d1:5a:69:b7:ec:0b:2f:
                    96:ac:c2:81:35:d5:7e:ca:e7:90:a1:f6:01:fc:c1:
                    c5:94:d7:cd:1f:05:6e:2d:c8:de:5e:11:bc:93:ed:
                    87:3e:28:4b:db:39:0f:67:08:85:da:d7:ef:a4:e6:
                    8e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C8:2B:1A:58:4B:20:BA:BA:C4:75:D1:EC:95:56:2C:E5:CB:F5:23
            X509v3 Authority Key Identifier:
                keyid:CE:F3:8F:48:56:88:33:A5:F7:15:7E:EF:59:78:78:33:A0:1F:53:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvOPSFaIM6X3FX7vWXh4M6AfU_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/hMgrGlhLILq6xHXR7JVWLOXL9SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e10abe-4148-451b-94f5-f95c6097a50d/1/zvOPSFaIM6X3FX7vWXh4M6AfU_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.60.0/22
                IPv6:
                  2a05:ef40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:37:90:4f:d4:1c:cf:d8:d3:c2:13:db:cc:02:08:3e:a3:92:
         a2:6c:13:90:ec:4c:62:43:47:07:0f:54:ec:af:7b:2d:f7:e1:
         be:62:22:e6:94:0c:70:af:58:28:b7:ae:9d:2e:7f:fe:24:42:
         00:a2:b7:da:9e:7c:93:76:a9:a1:ef:2b:38:17:66:4f:6f:68:
         04:29:6a:df:ba:94:af:57:91:c1:42:8c:34:76:ba:b2:ab:ad:
         93:4c:5a:d4:1d:70:18:1d:56:56:a2:e0:39:f4:dd:5d:3d:6a:
         ef:ab:b6:47:d9:dd:fe:20:0b:d1:be:58:d7:6c:2b:61:0f:22:
         ee:cb:71:c5:ad:82:29:ac:dd:3b:ad:c7:0a:19:5d:4e:57:51:
         ba:af:a0:bf:0f:18:2d:d6:83:74:7d:a2:3a:83:a0:81:2d:d8:
         ae:92:03:0a:e7:2a:bf:07:6e:21:79:57:b3:62:96:8a:57:e8:
         47:bb:19:5c:25:ad:94:d1:c1:ac:57:a7:c6:35:7c:a8:0d:ee:
         de:bd:e3:3e:a5:d9:c0:23:3c:54:9a:3a:34:e1:ef:48:5a:b4:
         b3:9d:a0:ce:8a:ab:1d:8d:0e:f3:54:c2:db:25:a8:82:02:39:
         c6:ac:6d:ee:20:a8:b1:89:33:54:ff:55:27:af:df:e1:44:96:
         1e:5c:dc:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2xpqqgB89pF5zu/IWoZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZjM4ZjQ4NTY4ODMzYTVmNzE1N2VlZjU5Nzg3ODMzYTAx
ZjUzZjUwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM4MmIxYTU4NGIyMGJhYmFjNDc1ZDFlYzk1NTYyY2U1Y2JmNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SaGL9WDYCPYbjai9QUz+zqvwzl9
jC2ZnEwxR+/2ulbt+FnTjpkwTquf3U6gtWa2mAo6sAbY2LhCw0vHKi6v0W5Vr2NZ
ej0Jm/PHHHWPHGeMghGsXPQqzc0edxgRGQlOo1XGxxQIjnnTP2EyOdahHRbHigw2
lgegcoxmvSHKQSal8P10z8fbIOJpiLiLRaNNu959vfWl+ByXC3KQd6llFzAQVeeD
9i1EOuiYjBSJmUobBloj3am8bgpzUx1PuOg5gTiR3+oqIk3AmNFaabfsCy+WrMKB
NdV+yueQofYB/MHFlNfNHwVuLcjeXhG8k+2HPihL2zkPZwiF2tfvpOaOEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFITIKxpYSyC6usR10eyVVizly/UjMB8GA1UdIwQY
MBaAFM7zj0hWiDOl9xV+71l4eDOgH1P1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenZPUFNGYUlNNlgzRlg3dldYaDRNNkFmVV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9lMTBhYmUtNDE0OC00NTFiLTk0ZjUt
Zjk1YzYwOTdhNTBkLzEvaE1nckdsaExJTHE2eEhYUjdKVldMT1hMOVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9lMTBhYmUtNDE0OC00NTFiLTk0ZjUtZjk1YzYwOTdhNTBk
LzEvenZPUFNGYUlNNlgzRlg3dldYaDRNNkFmVV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVw8MA0E
AgACMAcDBQMqBe9AMA0GCSqGSIb3DQEBCwUAA4IBAQB8N5BP1BzP2NPCE9vMAgg+
o5KibBOQ7ExiQ0cHD1Tsr3st9+G+YiLmlAxwr1got66dLn/+JEIAorfannyTdqmh
7ys4F2ZPb2gEKWrfupSvV5HBQow0drqyq62TTFrUHXAYHVZWouA59N1dPWrvq7ZH
2d3+IAvRvljXbCthDyLuy3HFrYIprN07rccKGV1OV1G6r6C/Dxgt1oN0faI6g6CB
LdiukgMK5yq/B24heVezYpaKV+hHuxlcJa2U0cGsV6fGNXyoDe7eveM+pdnAIzxU
mjo04e9IWrSznaDOiqsdjQ7zVMLbJaiCAjnGrG3uIKixiTNU/1Unr9/hRJYeXNxB
-----END CERTIFICATE-----