Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/mTugYz-dBB_vNDrCeiSuU6D72qQ.roa
File:                     mTugYz-dBB_vNDrCeiSuU6D72qQ.roa (raw, json)
Hash identifier:          YtZ1SnIjXNEeH8LPMccb+ontvN2yWFJMIJlGcZj7kuM=
Subject key identifier:   99:3B:A0:63:3F:9D:04:1F:EF:34:3A:C2:7A:24:AE:53:A0:FB:DA:A4
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       018CC7257FE8E2B7979B8A9C9594FDADE45A
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/mTugYz-dBB_vNDrCeiSuU6D72qQ.roa
Signing time:             Mon 01 Jan 2024 22:29:32 +0000
ROA not before:           Mon 01 Jan 2024 22:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        185.167.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7f:e8:e2:b7:97:9b:8a:9c:95:94:fd:ad:e4:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Jan  1 22:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=993ba0633f9d041fef343ac27a24ae53a0fbdaa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a0:e8:f5:cf:54:4a:65:3a:27:29:1f:76:21:
                    60:91:ec:43:6a:57:fb:b5:02:b8:fc:5f:a9:95:f8:
                    6b:02:c4:22:12:2e:05:17:e7:75:e5:e1:14:99:e6:
                    9a:6e:8c:da:17:18:de:c0:a1:87:73:02:d3:de:ef:
                    cd:7c:2e:1f:d9:2e:91:23:ee:2a:08:d6:a3:c9:5b:
                    17:41:94:3f:43:11:65:d2:ec:34:21:48:82:af:1b:
                    bc:2f:67:f3:f4:67:f8:2d:12:67:07:09:1c:ea:7f:
                    85:0a:23:43:5d:2f:e8:fa:0f:17:b2:b8:51:ba:e0:
                    47:4b:2f:de:ab:c4:91:59:6e:80:6b:e3:be:d3:11:
                    62:a6:39:a1:f7:87:b1:4f:cd:e1:3c:f4:00:de:89:
                    c7:79:e5:02:61:7d:55:2b:e9:98:78:64:5c:15:8b:
                    70:a0:0d:0b:19:e0:58:20:8a:3a:32:65:9e:cf:68:
                    3b:a2:ac:26:58:04:32:45:70:fd:4f:75:82:5f:96:
                    d0:cf:4d:4f:93:eb:8f:6d:61:4e:d4:ff:98:5d:9e:
                    c9:a1:bf:3b:d1:e6:35:6b:e4:00:41:78:7c:2f:f5:
                    99:1f:a1:e7:5f:8e:48:7d:31:06:0a:85:54:04:f7:
                    c6:9b:cf:4a:d8:af:61:42:e6:88:5e:fc:0e:a2:47:
                    f4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:3B:A0:63:3F:9D:04:1F:EF:34:3A:C2:7A:24:AE:53:A0:FB:DA:A4
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/mTugYz-dBB_vNDrCeiSuU6D72qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ce:61:dc:6c:d1:64:62:34:2b:64:1f:22:46:2e:e3:90:6e:
         08:3d:7f:94:4c:70:25:b3:b2:9e:5d:37:8d:55:e5:e9:e3:c9:
         3a:b5:02:6d:cc:22:84:5f:0c:58:6b:4b:9c:38:b8:11:d2:40:
         0d:2f:95:c0:9c:80:c7:ce:fb:6a:f8:fa:ac:aa:33:8c:d2:e3:
         ff:d6:12:d5:d7:7e:cf:c0:de:8f:c6:c4:87:8e:ec:ab:fa:27:
         b3:be:8c:cc:48:b0:8b:d6:72:7c:28:e6:94:9f:6f:e0:1a:f2:
         aa:87:f0:8a:70:4f:1d:c1:7b:45:9e:b5:33:08:20:9f:2a:d2:
         7e:85:49:d2:0c:88:b3:4c:84:67:ab:f3:ab:22:5d:55:05:c7:
         f7:da:5f:0c:fd:a1:06:31:bb:3f:57:f7:18:32:9e:b3:af:2d:
         ab:ed:45:a1:2f:dd:e0:f0:f8:bd:e9:c9:12:f9:a6:49:af:ba:
         85:13:d3:d6:31:a2:37:e8:02:27:07:53:c2:b0:55:df:5c:dd:
         ef:37:c5:1d:a7:d4:47:8f:5b:db:df:80:43:87:d5:3b:5f:5c:
         ec:97:4e:fd:71:d3:69:d2:14:ac:4b:43:c0:b6:6c:ef:4a:9e:
         a2:7b:1f:f3:ee:db:99:26:a8:36:ba:77:82:14:d1:cf:c5:09:
         c1:63:9b:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJX/o4reXm4qclZT9reRaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjQwMTAxMjIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTNiYTA2MzNmOWQwNDFmZWYzNDNhYzI3YTI0YWU1M2EwZmJkYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6Do9c9USmU6JykfdiFgkexDalf7
tQK4/F+plfhrAsQiEi4FF+d15eEUmeaabozaFxjewKGHcwLT3u/NfC4f2S6RI+4q
CNajyVsXQZQ/QxFl0uw0IUiCrxu8L2fz9Gf4LRJnBwkc6n+FCiNDXS/o+g8XsrhR
uuBHSy/eq8SRWW6Aa+O+0xFipjmh94exT83hPPQA3onHeeUCYX1VK+mYeGRcFYtw
oA0LGeBYIIo6MmWez2g7oqwmWAQyRXD9T3WCX5bQz01Pk+uPbWFO1P+YXZ7Job87
0eY1a+QAQXh8L/WZH6HnX45IfTEGCoVUBPfGm89K2K9hQuaIXvwOokf0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJk7oGM/nQQf7zQ6wnokrlOg+9qkMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvbVR1Z1l6LWRCQl92TkRyQ2VpU3VVNkQ3MnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafrMA0G
CSqGSIb3DQEBCwUAA4IBAQACzmHcbNFkYjQrZB8iRi7jkG4IPX+UTHAls7KeXTeN
VeXp48k6tQJtzCKEXwxYa0ucOLgR0kANL5XAnIDHzvtq+PqsqjOM0uP/1hLV137P
wN6PxsSHjuyr+iezvozMSLCL1nJ8KOaUn2/gGvKqh/CKcE8dwXtFnrUzCCCfKtJ+
hUnSDIizTIRnq/OrIl1VBcf32l8M/aEGMbs/V/cYMp6zry2r7UWhL93g8Pi96ckS
+aZJr7qFE9PWMaI36AInB1PCsFXfXN3vN8Udp9RHj1vb34BDh9U7X1zsl079cdNp
0hSsS0PAtmzvSp6iex/z7tuZJqg2uneCFNHPxQnBY5vA
-----END CERTIFICATE-----