Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/mmsZR4d0zR8run18T1Dfavz1vlA.roa
File:                     mmsZR4d0zR8run18T1Dfavz1vlA.roa (raw, json)
Hash identifier:          cNVIpPdpuMYM0MVOKCny7AEC4GDRELnyhwMZtk2O3ZA=
Subject key identifier:   9A:6B:19:47:87:74:CD:1F:2B:BA:7D:7C:4F:50:DF:6A:FC:F5:BE:50
Certificate issuer:       /CN=af88c8bd2da8be279c1772a1110aa388f0ef1102
Certificate serial:       018CC94E32C5ACA935284B96156CACB1FB56
Authority key identifier: AF:88:C8:BD:2D:A8:BE:27:9C:17:72:A1:11:0A:A3:88:F0:EF:11:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4jIvS2oviecF3KhEQqjiPDvEQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/mmsZR4d0zR8run18T1Dfavz1vlA.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        134.155.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/r4jIvS2oviecF3KhEQqjiPDvEQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/r4jIvS2oviecF3KhEQqjiPDvEQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4jIvS2oviecF3KhEQqjiPDvEQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:c5:ac:a9:35:28:4b:96:15:6c:ac:b1:fb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af88c8bd2da8be279c1772a1110aa388f0ef1102
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a6b19478774cd1f2bba7d7c4f50df6afcf5be50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:19:fa:16:6a:ea:ed:c5:6d:bd:93:cb:59:aa:
                    3a:51:ef:29:9c:31:64:f6:69:cd:a1:f9:ec:0f:49:
                    14:0c:70:cf:bf:f0:1a:1c:0d:bf:da:5a:94:a1:1c:
                    b5:1f:0b:67:ea:60:0a:58:bd:ea:0d:7b:19:14:ad:
                    49:ba:1e:a3:f7:b1:d4:ee:f3:6b:1b:95:e3:6d:4a:
                    4b:d5:ee:53:99:20:6b:59:02:0f:c7:fd:17:58:c3:
                    76:84:88:45:00:31:9f:3a:8c:05:fe:f4:ff:15:71:
                    75:11:ed:47:35:83:fb:64:d6:bd:4c:c5:16:f4:15:
                    52:93:bb:ac:da:a4:15:72:4a:b1:6f:a3:a6:eb:9e:
                    8a:e2:1d:d1:ab:44:0d:9d:37:4a:d7:72:43:55:b5:
                    51:f8:c7:93:cb:e3:ca:e7:e0:1d:c6:ac:ac:30:10:
                    6e:ea:82:d1:31:d7:04:6c:e2:cd:f7:f2:00:d8:78:
                    26:25:d5:12:06:75:e7:a7:86:93:a3:5e:e4:03:c6:
                    7a:55:f2:9b:61:38:f2:c8:f9:c3:c5:33:a7:f1:49:
                    0d:f5:99:70:97:bc:c5:46:51:09:f1:14:df:b5:cf:
                    13:43:bf:fd:76:88:cd:83:30:9f:74:10:be:ac:09:
                    00:52:c3:4b:7d:53:00:63:59:0e:1d:b7:ba:1b:50:
                    bb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:6B:19:47:87:74:CD:1F:2B:BA:7D:7C:4F:50:DF:6A:FC:F5:BE:50
            X509v3 Authority Key Identifier:
                keyid:AF:88:C8:BD:2D:A8:BE:27:9C:17:72:A1:11:0A:A3:88:F0:EF:11:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4jIvS2oviecF3KhEQqjiPDvEQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/mmsZR4d0zR8run18T1Dfavz1vlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f2f1d3-f4c1-49df-9d41-bc76caf07860/1/r4jIvS2oviecF3KhEQqjiPDvEQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.155.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         08:2e:65:71:36:75:8b:8e:d8:85:e4:f6:62:a1:e5:ec:b9:a2:
         bb:6a:c0:7a:5a:38:fe:18:e0:59:5a:89:46:60:76:37:89:8b:
         38:70:2b:d8:7f:de:fc:41:25:09:70:a2:cc:fe:f4:e9:7f:d8:
         3b:16:be:cf:76:de:0a:5f:b0:06:ef:aa:ee:26:9f:78:ca:23:
         fd:0d:77:6a:b4:cc:22:59:60:d3:bd:f8:40:d2:52:5b:74:44:
         fe:15:78:7c:ab:94:84:a6:91:b7:50:6f:ee:2b:4b:31:af:bb:
         52:98:fe:2b:87:3c:df:96:47:8c:86:f0:f0:81:db:37:5f:bb:
         bb:11:45:75:e4:b7:e5:d0:52:97:d0:83:62:96:fc:d7:46:ce:
         fe:9b:b2:df:82:2b:1c:fe:83:51:ec:7f:fa:1f:cc:ba:59:eb:
         ef:93:da:4e:84:0a:2f:0b:23:0c:a1:a8:00:cc:f2:56:52:51:
         dd:e1:49:d3:5a:9b:a9:84:a1:79:38:9e:8a:f8:b0:c1:ba:81:
         71:09:95:a7:b4:87:36:bd:1c:fe:14:5e:7b:4c:fe:df:ea:92:
         c5:54:09:eb:33:d9:f5:92:21:0d:28:3a:b9:31:71:7b:a5:f5:
         75:b7:c1:ac:c1:a7:45:53:25:f2:e2:db:21:af:ff:0d:57:df:
         01:25:38:2a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJTjLFrKk1KEuWFWyssftWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODhjOGJkMmRhOGJlMjc5YzE3NzJhMTExMGFhMzg4ZjBl
ZjExMDIwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTZiMTk0Nzg3NzRjZDFmMmJiYTdkN2M0ZjUwZGY2YWZjZjViZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhn6Fmrq7cVtvZPLWao6Ue8pnDFk
9mnNofnsD0kUDHDPv/AaHA2/2lqUoRy1Hwtn6mAKWL3qDXsZFK1Juh6j97HU7vNr
G5XjbUpL1e5TmSBrWQIPx/0XWMN2hIhFADGfOowF/vT/FXF1Ee1HNYP7ZNa9TMUW
9BVSk7us2qQVckqxb6Om656K4h3Rq0QNnTdK13JDVbVR+MeTy+PK5+AdxqysMBBu
6oLRMdcEbOLN9/IA2HgmJdUSBnXnp4aTo17kA8Z6VfKbYTjyyPnDxTOn8UkN9Zlw
l7zFRlEJ8RTftc8TQ7/9dojNgzCfdBC+rAkAUsNLfVMAY1kOHbe6G1C7gwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJprGUeHdM0fK7p9fE9Q32r89b5QMB8GA1UdIwQY
MBaAFK+IyL0tqL4nnBdyoREKo4jw7xECMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRqSXZTMm92aWVjRjNLaEVRcWppUER2RVFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mMmYxZDMtZjRjMS00OWRmLTlkNDEt
YmM3NmNhZjA3ODYwLzEvbW1zWlI0ZDB6UjhydW4xOFQxRGZhdnoxdmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mMmYxZDMtZjRjMS00OWRmLTlkNDEtYmM3NmNhZjA3ODYw
LzEvcjRqSXZTMm92aWVjRjNLaEVRcWppUER2RVFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhpswDQYJ
KoZIhvcNAQELBQADggEBAAguZXE2dYuO2IXk9mKh5ey5ortqwHpaOP4Y4FlaiUZg
djeJizhwK9h/3vxBJQlwosz+9Ol/2DsWvs923gpfsAbvqu4mn3jKI/0Nd2q0zCJZ
YNO9+EDSUlt0RP4VeHyrlISmkbdQb+4rSzGvu1KY/iuHPN+WR4yG8PCB2zdfu7sR
RXXkt+XQUpfQg2KW/NdGzv6bst+CKxz+g1Hsf/ofzLpZ6++T2k6ECi8LIwyhqADM
8lZSUd3hSdNam6mEoXk4nor4sMG6gXEJlae0hza9HP4UXntM/t/qksVUCesz2fWS
IQ0oOrkxcXul9XW3wazBp0VTJfLi2yGv/w1X3wElOCo=
-----END CERTIFICATE-----