Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/oUFbfosRerYL4FfAZ6uYtohyzp4.roa
File:                     oUFbfosRerYL4FfAZ6uYtohyzp4.roa (raw, json)
Hash identifier:          JUInv/aznsbzYjMy5pV4S9vPkxKeoCUa9vUJpVjQ3KU=
Subject key identifier:   A1:41:5B:7E:8B:11:7A:B6:0B:E0:57:C0:67:AB:98:B6:88:72:CE:9E
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       01945E9021069995A0FFBD8583C59FD63FF3
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/oUFbfosRerYL4FfAZ6uYtohyzp4.roa
Signing time:             Mon 13 Jan 2025 07:28:11 +0000
ROA not before:           Mon 13 Jan 2025 07:28:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.167.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5e:90:21:06:99:95:a0:ff:bd:85:83:c5:9f:d6:3f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Jan 13 07:28:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1415b7e8b117ab60be057c067ab98b68872ce9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:e6:a7:26:60:b0:30:a6:0f:ba:0d:d5:df:
                    95:18:82:3e:92:cd:46:3d:67:15:a5:45:66:a4:94:
                    fe:09:5a:83:44:75:ef:ef:3c:54:57:d5:9d:ce:58:
                    8d:ac:98:ba:6e:30:a4:6c:16:25:49:3b:80:fd:e4:
                    44:0f:6b:90:fa:c7:2a:7a:f3:ec:a3:b9:b2:a5:85:
                    f3:85:47:a6:c6:ef:f9:66:f4:59:0f:5b:fc:fb:48:
                    0e:70:3d:fb:9a:05:ec:95:b8:16:ff:f9:c9:dd:f2:
                    09:93:82:60:6c:e6:bf:ff:5e:58:f0:59:30:87:2e:
                    b6:71:29:3b:f0:32:11:5d:af:16:c5:7e:48:5c:09:
                    1c:d0:a7:e9:f1:4b:4d:c8:ae:28:99:e3:cd:e7:f4:
                    4e:d7:21:bb:11:0d:b2:1e:1e:6d:6f:19:d7:a6:cc:
                    b6:61:0d:a9:89:ac:56:06:47:e8:31:09:aa:9d:64:
                    8f:97:f2:71:be:2a:63:56:11:db:2b:8a:95:7a:ae:
                    c5:24:30:a1:55:1b:9f:fc:f4:f7:db:81:5e:40:09:
                    58:e2:8c:36:5a:42:71:2c:cf:83:c7:fc:f3:cf:61:
                    df:09:46:82:d2:c4:22:3d:04:e1:e8:09:47:b3:97:
                    f9:cd:ff:d5:cc:85:e1:00:c1:9b:1b:65:6b:4e:5d:
                    f0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:41:5B:7E:8B:11:7A:B6:0B:E0:57:C0:67:AB:98:B6:88:72:CE:9E
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/oUFbfosRerYL4FfAZ6uYtohyzp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:6d:f4:10:a5:dd:84:0d:0d:d7:75:8d:41:7a:15:56:c4:e3:
         95:2d:52:a6:bd:a3:17:ac:85:55:f9:45:2a:f6:76:c9:af:5a:
         85:5d:bc:bc:02:4c:fb:61:7d:20:22:a8:4d:d8:25:5c:8b:72:
         b6:11:a3:5f:d3:f7:76:2b:00:97:2c:47:8d:8d:43:4b:0c:1d:
         86:45:22:26:9e:fb:1d:a3:26:bc:5d:7c:e3:de:34:e6:55:04:
         bf:ed:3e:40:79:4d:90:f3:31:f0:8e:03:dd:a0:df:01:3d:13:
         be:f6:88:59:39:05:31:d2:cb:2d:b3:b8:aa:6a:1d:da:3d:4d:
         57:58:e1:b7:05:ed:88:fe:4c:69:5f:51:b0:99:cb:99:2a:72:
         c8:8a:2b:09:9e:40:0b:e9:2e:5f:cb:53:7f:e4:9e:77:08:b5:
         60:6c:4b:62:07:48:f8:44:9a:b4:c5:47:11:e4:0d:c1:fc:fc:
         2d:79:c3:40:e1:f8:02:45:47:9d:34:36:aa:b6:5a:8c:62:27:
         c4:65:60:e0:72:20:af:36:a9:d2:57:33:38:e8:d6:03:94:9e:
         d8:bd:03:da:29:0a:55:37:c9:4f:83:6f:4d:45:4c:c0:7e:87:
         3d:9e:c3:a8:b0:e4:fa:9a:89:46:0a:af:7f:4a:7a:6d:46:76:
         4d:a8:30:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRekCEGmZWg/72Fg8Wf1j/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjUwMTEzMDcyODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQxNWI3ZThiMTE3YWI2MGJlMDU3YzA2N2FiOThiNjg4NzJjZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsrmpyZgsDCmD7oN1d+VGII+ks1G
PWcVpUVmpJT+CVqDRHXv7zxUV9WdzliNrJi6bjCkbBYlSTuA/eRED2uQ+scqevPs
o7mypYXzhUemxu/5ZvRZD1v8+0gOcD37mgXslbgW//nJ3fIJk4JgbOa//15Y8Fkw
hy62cSk78DIRXa8WxX5IXAkc0Kfp8UtNyK4omePN5/RO1yG7EQ2yHh5tbxnXpsy2
YQ2piaxWBkfoMQmqnWSPl/JxvipjVhHbK4qVeq7FJDChVRuf/PT324FeQAlY4ow2
WkJxLM+Dx/zzz2HfCUaC0sQiPQTh6AlHs5f5zf/VzIXhAMGbG2VrTl3wCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFBW36LEXq2C+BXwGermLaIcs6eMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvb1VGYmZvc1JlcllMNEZmQVo2dVl0b2h5enA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafoMA0G
CSqGSIb3DQEBCwUAA4IBAQCPbfQQpd2EDQ3XdY1BehVWxOOVLVKmvaMXrIVV+UUq
9nbJr1qFXby8Akz7YX0gIqhN2CVci3K2EaNf0/d2KwCXLEeNjUNLDB2GRSImnvsd
oya8XXzj3jTmVQS/7T5AeU2Q8zHwjgPdoN8BPRO+9ohZOQUx0ssts7iqah3aPU1X
WOG3Be2I/kxpX1GwmcuZKnLIiisJnkAL6S5fy1N/5J53CLVgbEtiB0j4RJq0xUcR
5A3B/PwtecNA4fgCRUedNDaqtlqMYifEZWDgciCvNqnSVzM46NYDlJ7YvQPaKQpV
N8lPg29NRUzAfoc9nsOosOT6molGCq9/SnptRnZNqDB8
-----END CERTIFICATE-----