Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/aVJehFK_rkw0nKs20vITzJ30ZTs.roa
File:                     aVJehFK_rkw0nKs20vITzJ30ZTs.roa (raw, json)
Hash identifier:          NWTkAq3oElDxz7Tqc/gT6aTcW/GxOefFXbz1GZMZk2Y=
Subject key identifier:   69:52:5E:84:52:BF:AE:4C:34:9C:AB:36:D2:F2:13:CC:9D:F4:65:3B
Certificate issuer:       /CN=f970049cba7f39aeed31d65313c7b953f3fda135
Certificate serial:       0192D1FB8F13CBC3A7418B1ADAB9BD2B897C
Authority key identifier: F9:70:04:9C:BA:7F:39:AE:ED:31:D6:53:13:C7:B9:53:F3:FD:A1:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/aVJehFK_rkw0nKs20vITzJ30ZTs.roa
Signing time:             Mon 28 Oct 2024 07:16:17 +0000
ROA not before:           Mon 28 Oct 2024 07:16:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16086
IP address blocks:        185.158.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:fb:8f:13:cb:c3:a7:41:8b:1a:da:b9:bd:2b:89:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f970049cba7f39aeed31d65313c7b953f3fda135
        Validity
            Not Before: Oct 28 07:16:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69525e8452bfae4c349cab36d2f213cc9df4653b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:dd:82:24:f5:63:b8:d0:5e:61:df:53:da:3d:
                    94:12:7e:c6:8c:bd:10:73:d2:b3:21:30:f9:45:ab:
                    a6:05:38:68:fa:e1:22:ca:b6:8b:14:89:04:a6:5c:
                    e0:75:37:12:1f:31:02:b5:36:5b:92:3f:ca:ea:f2:
                    ec:3f:c8:50:7a:7a:9c:44:c0:5c:c9:48:6d:60:ed:
                    e3:8f:81:3d:2b:d2:4d:3c:63:37:83:e0:af:28:b0:
                    e5:22:d3:8b:55:4b:11:89:1f:a4:6e:ad:de:4d:cd:
                    1f:15:6c:97:aa:a6:7b:8a:c0:c5:98:99:16:c4:58:
                    bc:ff:4c:2c:6b:0e:b4:d9:ac:0f:9f:48:a3:33:f4:
                    fa:81:83:7c:bc:3f:63:6c:a4:34:16:5e:cf:c1:e2:
                    b9:71:fa:47:ac:0d:6d:3c:a1:84:54:52:7e:87:d1:
                    d9:47:5e:ae:9c:a2:7b:89:b2:ea:45:81:43:cc:25:
                    37:ba:63:2e:4e:32:8b:cd:7c:d0:a3:5f:30:48:e0:
                    8d:e5:ac:c7:6d:f6:11:ef:b5:67:35:f2:b2:bb:9c:
                    82:b1:b4:85:55:28:15:cc:be:c1:28:c8:b4:d5:9a:
                    d8:2f:be:35:c6:23:2a:ab:20:11:6c:ca:e5:14:56:
                    22:ca:43:fa:52:39:b0:99:62:40:ba:f3:03:66:3d:
                    27:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:52:5E:84:52:BF:AE:4C:34:9C:AB:36:D2:F2:13:CC:9D:F4:65:3B
            X509v3 Authority Key Identifier:
                keyid:F9:70:04:9C:BA:7F:39:AE:ED:31:D6:53:13:C7:B9:53:F3:FD:A1:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/aVJehFK_rkw0nKs20vITzJ30ZTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/13f5f1-45b6-4bc1-b5a5-521fa41dfc96/1/1-XAEnLp_Oa7tMdZTE8e5U_P9oTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:7d:78:1b:0a:5a:77:77:27:9b:8f:a5:84:9b:a2:f9:77:d0:
         29:8a:79:75:7b:06:52:73:9a:4e:48:d0:85:2c:7d:de:40:e2:
         dd:9d:3f:73:e2:e2:5e:e7:70:ba:e2:5a:4e:84:ff:b2:8a:4d:
         56:0a:d8:04:23:93:a4:cd:77:34:0b:94:04:43:3f:54:6d:0f:
         b2:df:04:77:f7:07:d9:15:ed:06:20:c2:83:6c:69:e9:43:39:
         bd:f1:d1:33:6f:bc:00:dc:fa:ca:2a:4c:50:4a:92:54:fc:2b:
         72:d7:60:db:c1:f4:c0:2b:47:b5:aa:ba:71:14:f0:e8:ac:d0:
         4a:83:5f:56:b9:78:d5:51:85:d7:9a:36:97:8c:69:75:88:56:
         6d:b0:b8:29:fe:17:af:b1:0c:9b:55:e8:52:b5:e0:cd:5a:ec:
         2b:3c:9f:a6:f4:28:68:b0:96:85:9f:43:c7:23:e9:86:be:0c:
         8a:cd:36:56:21:a0:65:97:83:19:72:b5:0a:76:9d:47:af:52:
         a5:24:34:2b:30:24:6f:fc:ac:73:41:fb:84:b4:d5:6f:4a:34:
         a3:42:99:fc:a3:84:4d:10:02:af:8e:1e:b1:07:e2:3b:86:54:
         d9:a2:ff:0a:36:e7:9d:7f:89:7e:61:00:54:1b:b8:de:b2:60:
         26:12:74:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLR+48Ty8OnQYsa2rm9K4l8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzAwNDljYmE3ZjM5YWVlZDMxZDY1MzEzYzdiOTUzZjNm
ZGExMzUwHhcNMjQxMDI4MDcxNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTUyNWU4NDUyYmZhZTRjMzQ5Y2FiMzZkMmYyMTNjYzlkZjQ2NTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo92CJPVjuNBeYd9T2j2UEn7GjL0Q
c9KzITD5RaumBTho+uEiyraLFIkEplzgdTcSHzECtTZbkj/K6vLsP8hQenqcRMBc
yUhtYO3jj4E9K9JNPGM3g+CvKLDlItOLVUsRiR+kbq3eTc0fFWyXqqZ7isDFmJkW
xFi8/0wsaw602awPn0ijM/T6gYN8vD9jbKQ0Fl7PweK5cfpHrA1tPKGEVFJ+h9HZ
R16unKJ7ibLqRYFDzCU3umMuTjKLzXzQo18wSOCN5azHbfYR77VnNfKyu5yCsbSF
VSgVzL7BKMi01ZrYL741xiMqqyARbMrlFFYiykP6UjmwmWJAuvMDZj0nbwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGlSXoRSv65MNJyrNtLyE8yd9GU7MB8GA1UdIwQY
MBaAFPlwBJy6fzmu7THWUxPHuVPz/aE1MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YQUVuTHBfT2E3dE1kWlRFOGU1VV9QOW9UVS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvMTNmNWYxLTQ1YjYtNGJjMS1iNWE1
LTUyMWZhNDFkZmM5Ni8xL2FWSmVoRktfcmt3MG5LczIwdklUekozMFpUcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvMTNmNWYxLTQ1YjYtNGJjMS1iNWE1LTUyMWZhNDFkZmM5
Ni8xLzEtWEFFbkxwX09hN3RNZFpURThlNVVfUDlvVFUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5nqIw
DQYJKoZIhvcNAQELBQADggEBABh9eBsKWnd3J5uPpYSbovl30CmKeXV7BlJzmk5I
0IUsfd5A4t2dP3Pi4l7ncLriWk6E/7KKTVYK2AQjk6TNdzQLlARDP1RtD7LfBHf3
B9kV7QYgwoNsaelDOb3x0TNvvADc+soqTFBKklT8K3LXYNvB9MArR7WqunEU8Ois
0EqDX1a5eNVRhdeaNpeMaXWIVm2wuCn+F6+xDJtV6FK14M1a7Cs8n6b0KGiwloWf
Q8cj6Ya+DIrNNlYhoGWXgxlytQp2nUevUqUkNCswJG/8rHNB+4S01W9KNKNCmfyj
hE0QAq+OHrEH4juGVNmi/wo2551/iX5hAFQbuN6yYCYSdD8=
-----END CERTIFICATE-----