Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/kd5JhmJaTYDxi3Wdrlv_49i4fU0.roa
File:                     kd5JhmJaTYDxi3Wdrlv_49i4fU0.roa (raw, json)
Hash identifier:          ZPpR8NrA7F43jrIXxJ1Rn+YP+6A83KYPP7cvSNAtS00=
Subject key identifier:   91:DE:49:86:62:5A:4D:80:F1:8B:75:9D:AE:5B:FF:E3:D8:B8:7D:4D
Certificate issuer:       /CN=787aac71f17ef033cb6536795338fdc7bc0f2263
Certificate serial:       018CC3B6B75C3608AB58833A3F90353A3E53
Authority key identifier: 78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/kd5JhmJaTYDxi3Wdrlv_49i4fU0.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35571
IP address blocks:        185.141.180.0/22 maxlen: 22
                          87.236.86.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b7:5c:36:08:ab:58:83:3a:3f:90:35:3a:3e:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=787aac71f17ef033cb6536795338fdc7bc0f2263
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91de4986625a4d80f18b759dae5bffe3d8b87d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:41:2d:15:8e:98:69:1b:78:67:2b:55:07:cb:
                    ef:e7:81:19:2c:b0:f0:bf:9a:f1:94:1a:ad:8e:93:
                    55:43:33:50:07:a1:1e:a6:ac:9c:9d:dd:21:76:ca:
                    a7:b8:73:96:a6:15:2b:65:be:25:e0:84:7a:a7:c3:
                    98:eb:d2:44:72:62:24:9b:e4:98:b3:fe:e3:7d:4f:
                    6d:c1:0d:60:c5:b3:c1:7a:8b:46:c8:88:61:99:7d:
                    b7:5c:8d:0b:bf:43:00:42:49:a9:c7:84:2e:b0:25:
                    48:76:ac:02:2e:f1:11:08:a5:3e:6a:5f:e1:ba:73:
                    3e:be:72:12:27:a1:da:ed:41:3a:e8:d1:a7:f8:9c:
                    6b:ef:a0:41:6a:19:5e:51:d1:2a:91:63:08:2e:4c:
                    b4:8f:a2:39:cc:a5:1e:5f:30:fd:84:96:0e:79:e9:
                    22:c6:b0:ec:c5:07:7f:08:c2:ba:19:92:29:3b:ce:
                    e3:9a:bf:e6:f1:d5:2c:5b:91:47:dc:95:c9:4c:51:
                    90:89:26:49:60:36:ea:27:e0:c0:09:ef:22:90:c9:
                    7c:f3:52:88:9b:59:eb:94:6d:0d:d2:ac:aa:47:f9:
                    2e:ed:bf:39:e1:c3:d3:01:0c:d8:c9:3a:99:92:b8:
                    13:0e:e0:7b:e0:89:23:11:34:98:51:b2:f2:c6:dd:
                    22:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DE:49:86:62:5A:4D:80:F1:8B:75:9D:AE:5B:FF:E3:D8:B8:7D:4D
            X509v3 Authority Key Identifier:
                keyid:78:7A:AC:71:F1:7E:F0:33:CB:65:36:79:53:38:FD:C7:BC:0F:22:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHqscfF-8DPLZTZ5Uzj9x7wPImM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/kd5JhmJaTYDxi3Wdrlv_49i4fU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/85ddae-54a7-4e7b-96da-d12867b46733/1/eHqscfF-8DPLZTZ5Uzj9x7wPImM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.86.0/23
                  185.141.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:2b:7d:94:f5:ac:be:fd:f5:e4:7a:ca:1f:65:59:ae:ed:83:
         d6:cc:12:95:99:80:ec:4d:90:c3:06:ea:b9:83:33:d6:bb:1c:
         91:6e:ce:3e:20:4a:75:3d:6f:72:3d:23:f0:ff:b0:a1:81:a4:
         96:1d:75:42:75:90:29:cf:55:b3:32:bc:7a:53:9d:92:92:c1:
         f3:a3:5b:ef:df:0b:c1:af:24:6c:f7:02:6c:ef:43:a0:12:88:
         85:de:c6:8e:20:af:f7:a4:62:d6:28:07:45:ba:21:fb:6b:f4:
         fe:73:c1:f9:87:b0:24:6f:5a:1b:0f:9a:45:cf:93:d5:4e:b3:
         ab:c5:a9:2d:c2:55:88:1e:fd:27:d2:21:3c:c3:41:fb:50:63:
         76:22:e0:7c:ce:00:30:37:ca:74:a9:55:2d:87:25:3a:40:f3:
         57:50:ad:19:64:09:e2:a6:0c:c5:95:b3:61:87:3d:c2:cf:0a:
         7f:d1:0a:9b:9c:70:0d:48:c0:34:50:7a:d0:1a:8e:82:2a:06:
         64:2d:c3:00:43:5c:73:68:b9:09:d9:fd:54:35:c2:4c:6b:d5:
         58:45:be:a1:47:17:eb:58:1c:47:b1:37:fb:65:7f:2d:f9:19:
         07:8f:a6:52:6d:b8:8c:e7:a4:50:fc:48:26:41:60:10:d6:1e:
         a3:29:27:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtrdcNgirWIM6P5A1Oj5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4N2FhYzcxZjE3ZWYwMzNjYjY1MzY3OTUzMzhmZGM3YmMw
ZjIyNjMwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRlNDk4NjYyNWE0ZDgwZjE4Yjc1OWRhZTViZmZlM2Q4Yjg3ZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUEtFY6YaRt4ZytVB8vv54EZLLDw
v5rxlBqtjpNVQzNQB6Eepqycnd0hdsqnuHOWphUrZb4l4IR6p8OY69JEcmIkm+SY
s/7jfU9twQ1gxbPBeotGyIhhmX23XI0Lv0MAQkmpx4QusCVIdqwCLvERCKU+al/h
unM+vnISJ6Ha7UE66NGn+Jxr76BBahleUdEqkWMILky0j6I5zKUeXzD9hJYOeeki
xrDsxQd/CMK6GZIpO87jmr/m8dUsW5FH3JXJTFGQiSZJYDbqJ+DACe8ikMl881KI
m1nrlG0N0qyqR/ku7b854cPTAQzYyTqZkrgTDuB74IkjETSYUbLyxt0inwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJHeSYZiWk2A8Yt1na5b/+PYuH1NMB8GA1UdIwQY
MBaAFHh6rHHxfvAzy2U2eVM4/ce8DyJjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEt
ZDEyODY3YjQ2NzMzLzEva2Q1SmhtSmFUWUR4aTNXZHJsdl80OWk0ZlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy84NWRkYWUtNTRhNy00ZTdiLTk2ZGEtZDEyODY3YjQ2NzMz
LzEvZUhxc2NmRi04RFBMWlRaNVV6ajl4N3dQSW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV+xWAwQC
uY20MA0GCSqGSIb3DQEBCwUAA4IBAQCsK32U9ay+/fXkesofZVmu7YPWzBKVmYDs
TZDDBuq5gzPWuxyRbs4+IEp1PW9yPSPw/7ChgaSWHXVCdZApz1WzMrx6U52SksHz
o1vv3wvBryRs9wJs70OgEoiF3saOIK/3pGLWKAdFuiH7a/T+c8H5h7Akb1obD5pF
z5PVTrOrxaktwlWIHv0n0iE8w0H7UGN2IuB8zgAwN8p0qVUthyU6QPNXUK0ZZAni
pgzFlbNhhz3Czwp/0QqbnHANSMA0UHrQGo6CKgZkLcMAQ1xzaLkJ2f1UNcJMa9VY
Rb6hRxfrWBxHsTf7ZX8t+RkHj6ZSbbiM56RQ/EgmQWAQ1h6jKSei
-----END CERTIFICATE-----