Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/DmIh40JTPxA5spWNa2wIVbYBTYE.roa
File:                     DmIh40JTPxA5spWNa2wIVbYBTYE.roa (raw, json)
Hash identifier:          2vBf90o+a/4cf71PRYqce5oNbeTXLQNKTeZNlx3ZeLM=
Subject key identifier:   0E:62:21:E3:42:53:3F:10:39:B2:95:8D:6B:6C:08:55:B6:01:4D:81
Certificate issuer:       /CN=c546e15819eacd05bccebf80019ca3cb7c4a38e0
Certificate serial:       018CC2DAF8F05FF2D5CA5BACCCFA01A7C6B1
Authority key identifier: C5:46:E1:58:19:EA:CD:05:BC:CE:BF:80:01:9C:A3:CB:7C:4A:38:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xUbhWBnqzQW8zr-AAZyjy3xKOOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/DmIh40JTPxA5spWNa2wIVbYBTYE.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203137
IP address blocks:        185.130.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/xUbhWBnqzQW8zr-AAZyjy3xKOOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/xUbhWBnqzQW8zr-AAZyjy3xKOOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xUbhWBnqzQW8zr-AAZyjy3xKOOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f8:f0:5f:f2:d5:ca:5b:ac:cc:fa:01:a7:c6:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c546e15819eacd05bccebf80019ca3cb7c4a38e0
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e6221e342533f1039b2958d6b6c0855b6014d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3b:d9:e5:a9:af:7e:82:59:12:07:7b:5c:df:
                    ab:e1:02:ae:0e:da:0b:37:b6:0e:cb:b5:af:ee:f2:
                    d7:64:f2:26:f1:2a:2d:2c:a6:1a:93:21:14:5c:bc:
                    b0:c2:a9:3c:34:4a:88:78:a6:d0:89:45:68:1f:b7:
                    20:e3:a5:80:4d:69:64:a3:db:b3:42:ea:e7:b1:f8:
                    c1:27:63:0d:45:e1:72:b1:db:be:7f:6b:e5:ff:3c:
                    64:cf:a7:ee:92:d0:08:aa:11:ba:4a:4a:0e:53:e4:
                    89:6d:ae:06:5f:0f:1b:fe:8b:c8:66:14:ca:0d:d7:
                    4a:2d:f4:87:5c:69:99:b3:fc:7a:f0:fc:1f:ea:10:
                    30:50:99:9b:dd:00:ac:48:f6:3d:f2:9b:5d:fa:d8:
                    58:c6:90:de:49:58:22:3e:a0:73:77:cd:2a:be:e8:
                    7b:01:2e:54:14:ba:34:d2:26:c9:0d:8f:09:e9:71:
                    7c:7b:27:1e:3a:03:2a:24:b6:de:25:66:a6:76:70:
                    66:03:c2:2e:3e:a5:26:46:34:d4:17:73:e4:35:5b:
                    88:b9:51:ea:25:9c:cc:6b:e9:73:f6:08:82:85:b7:
                    dd:66:30:e6:a6:64:74:3f:01:6b:45:61:22:87:dd:
                    e1:40:3c:72:ba:66:39:0d:d4:a1:dc:07:6d:40:36:
                    93:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:62:21:E3:42:53:3F:10:39:B2:95:8D:6B:6C:08:55:B6:01:4D:81
            X509v3 Authority Key Identifier:
                keyid:C5:46:E1:58:19:EA:CD:05:BC:CE:BF:80:01:9C:A3:CB:7C:4A:38:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xUbhWBnqzQW8zr-AAZyjy3xKOOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/DmIh40JTPxA5spWNa2wIVbYBTYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/f95ac5-0b8b-45d6-be9a-2db2245f2985/1/xUbhWBnqzQW8zr-AAZyjy3xKOOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:04:9f:ae:08:c9:89:3f:c7:fe:13:37:9b:ba:de:c2:2d:e7:
         bd:01:16:a0:77:1f:49:12:96:d9:bf:2e:ba:2e:3f:a0:46:e1:
         13:c9:b0:7a:74:f1:32:7a:9b:71:db:4d:2a:56:5c:ae:1b:1d:
         a9:07:77:2d:09:49:3d:ee:70:fc:7d:78:7a:ae:68:ac:ea:30:
         0c:43:db:57:9e:4d:2c:f0:34:89:c7:29:9f:67:68:b9:a2:a1:
         2a:a9:64:f2:1b:09:8b:a8:3c:ad:ea:63:93:ad:b2:22:35:be:
         74:00:bc:74:90:a2:4d:e7:cf:c5:4e:18:3f:3c:19:58:d8:d1:
         88:7a:db:3f:e7:b3:e7:81:20:aa:92:6a:af:cf:5a:cf:da:87:
         5a:14:32:33:51:24:35:a3:e7:4b:27:63:15:2c:59:38:07:b6:
         cd:bb:86:d1:2f:13:0e:99:7f:f6:73:a1:db:fb:a6:7f:86:b3:
         8b:50:18:a8:be:73:08:33:61:da:13:00:92:13:c9:e4:38:07:
         7a:5a:e9:20:8a:9a:4a:0d:7e:a8:c8:3e:72:60:c7:02:9e:d8:
         c2:50:bb:52:a8:85:8a:e9:ee:54:5a:78:9b:2f:d1:44:4f:27:
         00:9d:8a:4d:92:61:54:5f:29:63:fe:4a:f3:61:c5:61:f8:2a:
         f6:a8:59:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vjwX/LVyluszPoBp8axMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NDZlMTU4MTllYWNkMDViY2NlYmY4MDAxOWNhM2NiN2M0
YTM4ZTAwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTYyMjFlMzQyNTMzZjEwMzliMjk1OGQ2YjZjMDg1NWI2MDE0ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzvZ5amvfoJZEgd7XN+r4QKuDtoL
N7YOy7Wv7vLXZPIm8SotLKYakyEUXLywwqk8NEqIeKbQiUVoH7cg46WATWlko9uz
QurnsfjBJ2MNReFysdu+f2vl/zxkz6fuktAIqhG6SkoOU+SJba4GXw8b/ovIZhTK
DddKLfSHXGmZs/x68Pwf6hAwUJmb3QCsSPY98ptd+thYxpDeSVgiPqBzd80qvuh7
AS5UFLo00ibJDY8J6XF8eyceOgMqJLbeJWamdnBmA8IuPqUmRjTUF3PkNVuIuVHq
JZzMa+lz9giChbfdZjDmpmR0PwFrRWEih93hQDxyumY5DdSh3AdtQDaTXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5iIeNCUz8QObKVjWtsCFW2AU2BMB8GA1UdIwQY
MBaAFMVG4VgZ6s0FvM6/gAGco8t8SjjgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFViaFdCbnF6UVc4enItQUFaeWp5M3hLT09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9mOTVhYzUtMGI4Yi00NWQ2LWJlOWEt
MmRiMjI0NWYyOTg1LzEvRG1JaDQwSlRQeEE1c3BXTmEyd0lWYllCVFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9mOTVhYzUtMGI4Yi00NWQ2LWJlOWEtMmRiMjI0NWYyOTg1
LzEveFViaFdCbnF6UVc4enItQUFaeWp5M3hLT09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYKzMA0G
CSqGSIb3DQEBCwUAA4IBAQBEBJ+uCMmJP8f+Ezebut7CLee9ARagdx9JEpbZvy66
Lj+gRuETybB6dPEyeptx200qVlyuGx2pB3ctCUk97nD8fXh6rmis6jAMQ9tXnk0s
8DSJxymfZ2i5oqEqqWTyGwmLqDyt6mOTrbIiNb50ALx0kKJN58/FThg/PBlY2NGI
ets/57PngSCqkmqvz1rP2odaFDIzUSQ1o+dLJ2MVLFk4B7bNu4bRLxMOmX/2c6Hb
+6Z/hrOLUBiovnMIM2HaEwCSE8nkOAd6WukgippKDX6oyD5yYMcCntjCULtSqIWK
6e5UWnibL9FETycAnYpNkmFUXylj/krzYcVh+Cr2qFng
-----END CERTIFICATE-----