Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/Ng5OoG_L-vRMnuVok-i9zTLmbcY.roa
File:                     Ng5OoG_L-vRMnuVok-i9zTLmbcY.roa (raw, json)
Hash identifier:          RMjayqIOBaHDibiGNIdzwysyMVXIkvgejBtFgtffAos=
Subject key identifier:   36:0E:4E:A0:6F:CB:FA:F4:4C:9E:E5:68:93:E8:BD:CD:32:E6:6D:C6
Certificate issuer:       /CN=04a9cff24981d7263d1b7d63779f5d673de2bdbc
Certificate serial:       018CC4935C6745E710F405A3648E827175BE
Authority key identifier: 04:A9:CF:F2:49:81:D7:26:3D:1B:7D:63:77:9F:5D:67:3D:E2:BD:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKnP8kmB1yY9G31jd59dZz3ivbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/Ng5OoG_L-vRMnuVok-i9zTLmbcY.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205495
IP address blocks:        185.136.184.0/22 maxlen: 24
                          45.153.44.0/22 maxlen: 24
                          185.216.80.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/BKnP8kmB1yY9G31jd59dZz3ivbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/BKnP8kmB1yY9G31jd59dZz3ivbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKnP8kmB1yY9G31jd59dZz3ivbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5c:67:45:e7:10:f4:05:a3:64:8e:82:71:75:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a9cff24981d7263d1b7d63779f5d673de2bdbc
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360e4ea06fcbfaf44c9ee56893e8bdcd32e66dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d5:46:3e:76:b9:5a:bd:9c:d3:44:85:c3:bb:
                    b5:b9:c6:42:1c:cf:43:69:e3:66:13:73:6c:af:fb:
                    9f:28:bb:56:6a:75:14:82:fc:9c:f4:5d:d6:df:01:
                    30:5d:28:6a:93:4a:a5:dc:d0:08:a5:5e:ac:5f:eb:
                    02:0e:70:e1:66:ca:79:dc:20:bc:66:c7:26:13:25:
                    ab:d1:ef:5e:6d:35:29:ca:95:88:d6:a1:04:2b:0f:
                    58:f2:46:7c:83:10:28:b7:8f:d2:e8:b9:a9:1e:d1:
                    5b:cc:ef:8a:14:dc:39:09:ac:3a:b6:d7:4f:37:16:
                    06:58:2b:d9:54:c1:4b:51:de:36:20:a3:0b:be:4f:
                    ae:74:43:27:27:ce:e3:99:b3:8f:2a:17:4c:cf:30:
                    ea:de:a0:48:55:35:38:0d:52:87:52:7b:c4:85:08:
                    79:03:16:84:d1:b6:a8:73:b2:df:42:55:c2:5f:1e:
                    64:a7:95:86:0f:b7:37:d4:89:bf:89:98:53:d8:b3:
                    fd:b6:03:21:33:f3:55:1a:53:3c:89:5b:e1:93:a2:
                    ba:10:2b:45:1e:f9:db:67:31:1d:ef:67:2c:b6:69:
                    00:fd:3f:d1:e7:3a:4f:1b:63:01:06:ec:cc:8f:ba:
                    8d:de:55:8d:38:75:a7:59:a7:57:af:26:a7:61:5c:
                    f6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0E:4E:A0:6F:CB:FA:F4:4C:9E:E5:68:93:E8:BD:CD:32:E6:6D:C6
            X509v3 Authority Key Identifier:
                keyid:04:A9:CF:F2:49:81:D7:26:3D:1B:7D:63:77:9F:5D:67:3D:E2:BD:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKnP8kmB1yY9G31jd59dZz3ivbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/Ng5OoG_L-vRMnuVok-i9zTLmbcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/eecf8b-3d63-4c9c-bd84-cd0d9e5742cb/1/BKnP8kmB1yY9G31jd59dZz3ivbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.44.0/22
                  185.136.184.0/22
                  185.216.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:41:4a:1b:21:40:f0:ed:9d:fe:ee:0e:26:f4:67:a5:63:22:
         1a:98:eb:37:0f:e9:5e:e9:ef:42:f8:aa:36:4e:05:e1:6a:ce:
         8b:b4:71:f4:fe:f1:60:55:04:35:ad:bf:7f:b9:c0:96:0a:31:
         d2:3b:31:f6:c8:1b:39:5f:2e:fc:96:e2:7d:33:62:3a:ee:0d:
         6c:bd:6a:41:e6:aa:bd:7c:17:14:84:bc:7f:ef:48:51:b2:ce:
         85:ac:0c:d2:9d:9a:68:fd:9e:17:1d:4f:5d:97:e4:59:88:4a:
         83:82:9b:a8:31:e5:2e:ed:47:c2:c3:1d:ea:c7:d3:b3:29:a9:
         24:be:ea:ec:6a:1c:ef:22:f3:a5:83:6a:77:26:d9:55:68:85:
         6f:64:a3:f4:69:89:5d:d6:54:37:9a:0e:1a:cc:72:2c:40:69:
         5a:db:d0:75:61:9b:c8:25:c3:66:05:e1:13:db:5d:03:99:da:
         ea:37:78:26:cc:03:d7:4c:84:e7:72:c3:bf:93:0e:fc:9e:53:
         da:39:73:d1:26:18:2d:82:ef:ef:52:9b:f0:36:bf:5e:46:c3:
         9b:8f:f8:b8:07:58:74:30:52:45:2a:92:00:79:fa:3e:cc:f2:
         c8:85:50:d1:be:6f:f4:be:f1:b2:9f:ea:25:44:b1:9c:aa:37:
         00:3d:e8:16
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk1xnRecQ9AWjZI6CcXW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTljZmYyNDk4MWQ3MjYzZDFiN2Q2Mzc3OWY1ZDY3M2Rl
MmJkYmMwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjBlNGVhMDZmY2JmYWY0NGM5ZWU1Njg5M2U4YmRjZDMyZTY2ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotVGPna5Wr2c00SFw7u1ucZCHM9D
aeNmE3Nsr/ufKLtWanUUgvyc9F3W3wEwXShqk0ql3NAIpV6sX+sCDnDhZsp53CC8
ZscmEyWr0e9ebTUpypWI1qEEKw9Y8kZ8gxAot4/S6LmpHtFbzO+KFNw5Caw6ttdP
NxYGWCvZVMFLUd42IKMLvk+udEMnJ87jmbOPKhdMzzDq3qBIVTU4DVKHUnvEhQh5
AxaE0baoc7LfQlXCXx5kp5WGD7c31Im/iZhT2LP9tgMhM/NVGlM8iVvhk6K6ECtF
HvnbZzEd72cstmkA/T/R5zpPG2MBBuzMj7qN3lWNOHWnWadXryanYVz2ewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDYOTqBvy/r0TJ7laJPovc0y5m3GMB8GA1UdIwQY
MBaAFASpz/JJgdcmPRt9Y3efXWc94r28MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktuUDhrbUIxeVk5RzMxamQ1OWRaejNpdmJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lZWNmOGItM2Q2My00YzljLWJkODQt
Y2QwZDllNTc0MmNiLzEvTmc1T29HX0wtdlJNbnVWb2staTl6VExtYmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lZWNmOGItM2Q2My00YzljLWJkODQtY2QwZDllNTc0MmNi
LzEvQktuUDhrbUIxeVk5RzMxamQ1OWRaejNpdmJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZksAwQC
uYi4AwQBudhQMA0GCSqGSIb3DQEBCwUAA4IBAQBcQUobIUDw7Z3+7g4m9GelYyIa
mOs3D+le6e9C+Ko2TgXhas6LtHH0/vFgVQQ1rb9/ucCWCjHSOzH2yBs5Xy78luJ9
M2I67g1svWpB5qq9fBcUhLx/70hRss6FrAzSnZpo/Z4XHU9dl+RZiEqDgpuoMeUu
7UfCwx3qx9OzKakkvursahzvIvOlg2p3JtlVaIVvZKP0aYld1lQ3mg4azHIsQGla
29B1YZvIJcNmBeET210DmdrqN3gmzAPXTITncsO/kw78nlPaOXPRJhgtgu/vUpvw
Nr9eRsObj/i4B1h0MFJFKpIAefo+zPLIhVDRvm/0vvGyn+olRLGcqjcAPegW
-----END CERTIFICATE-----