Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/MdIomRixP_0L0F31-wyVMKjDzjs.roa
File:                     MdIomRixP_0L0F31-wyVMKjDzjs.roa (raw, json)
Hash identifier:          DP8WKfBDSRC8lAHD8Rgk9q035Tuksauz+z9xzGQoZeU=
Subject key identifier:   31:D2:28:99:18:B1:3F:FD:0B:D0:5D:F5:FB:0C:95:30:A8:C3:CE:3B
Certificate issuer:       /CN=4fbb63df06de00c843da63977349595471e51a26
Certificate serial:       018CC5002225F47AFF5D6D0C6B683265330D
Authority key identifier: 4F:BB:63:DF:06:DE:00:C8:43:DA:63:97:73:49:59:54:71:E5:1A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/MdIomRixP_0L0F31-wyVMKjDzjs.roa
Signing time:             Mon 01 Jan 2024 12:29:29 +0000
ROA not before:           Mon 01 Jan 2024 12:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199490
IP address blocks:        185.14.232.0/22 maxlen: 22
                          2a02:f000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:22:25:f4:7a:ff:5d:6d:0c:6b:68:32:65:33:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbb63df06de00c843da63977349595471e51a26
        Validity
            Not Before: Jan  1 12:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d2289918b13ffd0bd05df5fb0c9530a8c3ce3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9e:46:97:b8:bc:3a:6e:0e:0a:54:9d:07:08:
                    11:7b:06:80:d4:d0:9c:ec:de:3f:15:40:80:d4:0a:
                    86:61:c4:f9:da:68:16:75:29:38:2e:73:f2:bf:1f:
                    90:c3:c7:99:47:d1:de:d0:8a:9b:9c:6d:b2:7d:6c:
                    bc:6d:39:08:0b:71:3b:e0:50:53:a5:40:ee:58:17:
                    cf:2a:45:a1:cc:cd:67:a4:66:1b:f4:e7:87:4d:4f:
                    82:60:cf:0e:7c:61:19:56:29:53:c3:47:14:2f:a7:
                    10:50:2d:ab:61:af:fc:36:3f:20:9d:1b:7a:93:25:
                    82:b1:f5:38:64:f6:14:68:eb:c7:ce:c4:12:e7:8b:
                    d7:87:c1:43:af:c2:d5:3a:03:58:9d:60:29:5f:4a:
                    8c:5f:86:b5:f2:95:52:61:d0:91:02:ca:dc:ca:a2:
                    51:51:2f:6a:47:1b:fd:63:52:67:6e:09:a1:97:6e:
                    ef:eb:8a:8f:01:41:90:c0:cd:be:05:41:c5:04:02:
                    da:6f:45:8c:86:80:be:df:06:d5:64:a6:a9:48:9e:
                    08:10:ad:9e:10:79:f8:20:7e:67:8b:ef:35:3e:2c:
                    04:44:c7:e3:95:31:f6:5e:a7:1d:de:86:c8:70:a6:
                    55:9c:3a:f6:64:56:69:61:74:0d:3d:18:28:f0:d6:
                    eb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D2:28:99:18:B1:3F:FD:0B:D0:5D:F5:FB:0C:95:30:A8:C3:CE:3B
            X509v3 Authority Key Identifier:
                keyid:4F:BB:63:DF:06:DE:00:C8:43:DA:63:97:73:49:59:54:71:E5:1A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7tj3wbeAMhD2mOXc0lZVHHlGiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/MdIomRixP_0L0F31-wyVMKjDzjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a59ee9-33cd-47df-8403-b9472a2c5b3e/1/T7tj3wbeAMhD2mOXc0lZVHHlGiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.232.0/22
                IPv6:
                  2a02:f000::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:92:2a:6a:f8:92:bc:c7:4a:fb:28:fd:19:20:4c:00:5a:ae:
         b3:24:b5:18:28:bf:cc:70:81:ac:e0:74:f3:ac:f8:eb:04:3e:
         8c:89:28:6c:d8:e1:bd:08:40:5a:1f:d3:95:7d:71:3b:c2:07:
         b2:ff:67:48:1b:27:6e:db:3b:51:ba:a9:25:14:73:36:78:ea:
         36:c3:8b:2a:62:d5:aa:6f:5b:d7:a6:46:66:43:1a:b6:9e:6e:
         f9:a8:fc:bd:72:a2:db:f7:ca:a4:28:ee:f0:11:d4:82:e3:a8:
         e5:d3:80:82:1f:9f:1e:4e:48:50:89:99:81:91:b2:eb:e9:db:
         b3:99:be:2c:aa:98:c1:8b:9e:c1:aa:25:35:4d:9a:80:ec:59:
         f8:d5:dc:c3:ce:bf:a0:e3:60:db:82:2c:6e:08:fc:2c:81:66:
         92:bd:af:87:38:65:2d:a6:4e:22:89:5f:20:a1:ac:ef:b7:2e:
         d2:86:ad:ef:4c:ad:e1:b9:a9:17:26:a7:7c:fd:2e:56:30:13:
         c4:c6:b2:fc:76:b9:17:87:b8:c4:4b:50:d4:22:77:36:f0:3d:
         2e:d3:bc:62:8f:01:01:20:8f:f0:5a:59:8d:ab:69:aa:21:d8:
         b1:a3:35:8c:b1:b5:87:27:7f:54:2f:5c:db:be:e3:fb:4f:44:
         ce:99:f6:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFACIl9Hr/XW0Ma2gyZTMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmI2M2RmMDZkZTAwYzg0M2RhNjM5NzczNDk1OTU0NzFl
NTFhMjYwHhcNMjQwMTAxMTIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQyMjg5OTE4YjEzZmZkMGJkMDVkZjVmYjBjOTUzMGE4YzNjZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp55Gl7i8Om4OClSdBwgRewaA1NCc
7N4/FUCA1AqGYcT52mgWdSk4LnPyvx+Qw8eZR9He0IqbnG2yfWy8bTkIC3E74FBT
pUDuWBfPKkWhzM1npGYb9OeHTU+CYM8OfGEZVilTw0cUL6cQUC2rYa/8Nj8gnRt6
kyWCsfU4ZPYUaOvHzsQS54vXh8FDr8LVOgNYnWApX0qMX4a18pVSYdCRAsrcyqJR
US9qRxv9Y1Jnbgmhl27v64qPAUGQwM2+BUHFBALab0WMhoC+3wbVZKapSJ4IEK2e
EHn4IH5ni+81PiwERMfjlTH2Xqcd3obIcKZVnDr2ZFZpYXQNPRgo8Nbr/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDHSKJkYsT/9C9Bd9fsMlTCow847MB8GA1UdIwQY
MBaAFE+7Y98G3gDIQ9pjl3NJWVRx5RomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDd0ajN3YmVBTWhEMm1PWGMwbFpWSEhsR2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hNTllZTktMzNjZC00N2RmLTg0MDMt
Yjk0NzJhMmM1YjNlLzEvTWRJb21SaXhQXzBMMEYzMS13eVZNS2pEempzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hNTllZTktMzNjZC00N2RmLTg0MDMtYjk0NzJhMmM1YjNl
LzEvVDd0ajN3YmVBTWhEMm1PWGMwbFpWSEhsR2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ7oMA0E
AgACMAcDBQAqAvAAMA0GCSqGSIb3DQEBCwUAA4IBAQCXkipq+JK8x0r7KP0ZIEwA
Wq6zJLUYKL/McIGs4HTzrPjrBD6MiShs2OG9CEBaH9OVfXE7wgey/2dIGydu2ztR
uqklFHM2eOo2w4sqYtWqb1vXpkZmQxq2nm75qPy9cqLb98qkKO7wEdSC46jl04CC
H58eTkhQiZmBkbLr6duzmb4sqpjBi57BqiU1TZqA7Fn41dzDzr+g42DbgixuCPws
gWaSva+HOGUtpk4iiV8goazvty7Shq3vTK3huakXJqd8/S5WMBPExrL8drkXh7jE
S1DUInc28D0u07xijwEBII/wWlmNq2mqIdixozWMsbWHJ39UL1zbvuP7T0TOmfYB
-----END CERTIFICATE-----