Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/CuuWOocDvFqCF5ZT5AZxC6Mz54g.roa
File:                     CuuWOocDvFqCF5ZT5AZxC6Mz54g.roa (raw, json)
Hash identifier:          ouXvUF+5/+WIV/e52TzomEamU9rcTPag9MdphuuuhH4=
Subject key identifier:   0A:EB:96:3A:87:03:BC:5A:82:17:96:53:E4:06:71:0B:A3:33:E7:88
Certificate issuer:       /CN=a71a2a2db4d7418e9bf4f93c8c046a0161663c62
Certificate serial:       018D31BC785FAC5241AC78E9611860FFC3E6
Authority key identifier: A7:1A:2A:2D:B4:D7:41:8E:9B:F4:F9:3C:8C:04:6A:01:61:66:3C:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pxoqLbTXQY6b9Pk8jARqAWFmPGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/CuuWOocDvFqCF5ZT5AZxC6Mz54g.roa
Signing time:             Mon 22 Jan 2024 15:14:11 +0000
ROA not before:           Mon 22 Jan 2024 15:14:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        185.157.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/pxoqLbTXQY6b9Pk8jARqAWFmPGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/pxoqLbTXQY6b9Pk8jARqAWFmPGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pxoqLbTXQY6b9Pk8jARqAWFmPGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:bc:78:5f:ac:52:41:ac:78:e9:61:18:60:ff:c3:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a71a2a2db4d7418e9bf4f93c8c046a0161663c62
        Validity
            Not Before: Jan 22 15:14:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aeb963a8703bc5a82179653e406710ba333e788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:80:6d:8e:e4:8f:ea:80:55:f4:0f:cb:3b:f6:
                    dd:7b:14:b6:b3:23:31:c1:f8:6a:8e:db:33:b6:18:
                    12:f8:d2:e6:aa:6c:b4:9d:70:f7:0e:da:62:1d:a9:
                    91:64:ca:e6:92:e0:f6:e3:9a:c2:f8:7b:cd:d5:19:
                    7a:85:e0:ca:d1:02:61:93:01:8c:8e:a9:7a:c6:3c:
                    b5:0d:ca:6f:91:4c:48:5e:e1:d4:04:8c:f2:f4:c8:
                    28:5d:69:55:bb:d6:36:35:3f:a8:4a:53:75:e0:ca:
                    1b:83:52:0d:4e:6b:76:20:b1:c1:90:6d:84:9f:21:
                    5c:c3:19:35:d1:46:e1:3a:ff:8f:25:7a:13:ae:bd:
                    6e:6f:d9:b2:b5:85:bf:ba:1a:6b:51:97:dd:75:6b:
                    35:0c:02:26:27:f0:8c:04:02:6c:62:60:1d:c3:67:
                    0e:71:67:37:20:45:c1:69:c0:07:42:19:f0:f6:7e:
                    ac:85:ee:8b:28:79:f8:64:f1:de:70:11:0f:50:07:
                    8e:6a:52:03:c6:5c:86:ed:d3:07:06:07:14:19:3b:
                    76:37:e3:db:e4:0c:74:24:0d:48:d3:bb:ac:3d:e7:
                    cc:6b:89:71:43:d8:a7:0e:39:bc:a4:8a:2e:24:c5:
                    8e:10:53:11:ae:0c:01:b4:fa:a1:cb:3b:a6:6d:52:
                    dc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:EB:96:3A:87:03:BC:5A:82:17:96:53:E4:06:71:0B:A3:33:E7:88
            X509v3 Authority Key Identifier:
                keyid:A7:1A:2A:2D:B4:D7:41:8E:9B:F4:F9:3C:8C:04:6A:01:61:66:3C:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pxoqLbTXQY6b9Pk8jARqAWFmPGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/CuuWOocDvFqCF5ZT5AZxC6Mz54g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/b7abdf-3be1-4642-9f3e-f1f0b9598f32/1/pxoqLbTXQY6b9Pk8jARqAWFmPGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d0:a4:6b:3b:dc:2d:99:ca:53:79:27:b0:50:d7:e1:e1:c1:
         a7:46:cc:08:a4:6a:e7:f8:b0:49:71:a5:4a:de:c0:cb:c2:30:
         39:72:7f:da:37:ec:51:68:66:71:df:25:ae:8c:5e:d6:6c:cc:
         7f:b6:7c:9d:c3:4c:ad:c9:89:9e:9e:24:af:34:b8:f3:64:03:
         67:e8:de:e8:cd:2e:3a:14:ae:94:51:44:8b:11:83:7f:f8:01:
         f5:61:1c:4a:5a:99:cc:c5:d7:f5:fa:08:d6:da:ef:4b:21:10:
         0d:f8:a1:46:7d:83:e5:aa:c7:d5:19:2e:7c:88:de:53:2e:03:
         41:69:da:cb:65:5a:de:ec:88:5a:ff:e9:8a:d0:9f:62:2b:18:
         ed:37:be:b8:93:e8:2f:88:bf:06:e9:d9:34:12:aa:36:cf:23:
         a9:f6:ce:02:5c:38:91:07:76:0a:61:58:20:e5:1d:c5:31:aa:
         70:86:68:f5:23:a5:c2:d3:71:bb:2e:71:c9:0b:a0:82:08:20:
         58:0c:38:59:4d:27:37:34:9b:9f:94:a6:24:b5:51:57:00:8c:
         6d:0d:49:56:71:bc:63:06:b2:0d:bd:8c:e6:5d:52:f2:2c:34:
         60:ac:f6:5c:82:95:c0:9e:30:7c:3a:10:88:2d:26:0f:8f:46:
         bd:55:00:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0xvHhfrFJBrHjpYRhg/8PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MWEyYTJkYjRkNzQxOGU5YmY0ZjkzYzhjMDQ2YTAxNjE2
NjNjNjIwHhcNMjQwMTIyMTUxNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWViOTYzYTg3MDNiYzVhODIxNzk2NTNlNDA2NzEwYmEzMzNlNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIBtjuSP6oBV9A/LO/bdexS2syMx
wfhqjtszthgS+NLmqmy0nXD3DtpiHamRZMrmkuD245rC+HvN1Rl6heDK0QJhkwGM
jql6xjy1DcpvkUxIXuHUBIzy9MgoXWlVu9Y2NT+oSlN14Mobg1INTmt2ILHBkG2E
nyFcwxk10UbhOv+PJXoTrr1ub9mytYW/uhprUZfddWs1DAImJ/CMBAJsYmAdw2cO
cWc3IEXBacAHQhnw9n6she6LKHn4ZPHecBEPUAeOalIDxlyG7dMHBgcUGTt2N+Pb
5Ax0JA1I07usPefMa4lxQ9inDjm8pIouJMWOEFMRrgwBtPqhyzumbVLc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArrljqHA7xagheWU+QGcQujM+eIMB8GA1UdIwQY
MBaAFKcaKi2010GOm/T5PIwEagFhZjxiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHhvcUxiVFhRWTZiOVBrOGpBUnFBV0ZtUEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9iN2FiZGYtM2JlMS00NjQyLTlmM2Ut
ZjFmMGI5NTk4ZjMyLzEvQ3V1V09vY0R2RnFDRjVaVDVBWnhDNk16NTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9iN2FiZGYtM2JlMS00NjQyLTlmM2UtZjFmMGI5NTk4ZjMy
LzEvcHhvcUxiVFhRWTZiOVBrOGpBUnFBV0ZtUEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ0yMA0G
CSqGSIb3DQEBCwUAA4IBAQAf0KRrO9wtmcpTeSewUNfh4cGnRswIpGrn+LBJcaVK
3sDLwjA5cn/aN+xRaGZx3yWujF7WbMx/tnydw0ytyYmeniSvNLjzZANn6N7ozS46
FK6UUUSLEYN/+AH1YRxKWpnMxdf1+gjW2u9LIRAN+KFGfYPlqsfVGS58iN5TLgNB
adrLZVre7Iha/+mK0J9iKxjtN764k+gviL8G6dk0Eqo2zyOp9s4CXDiRB3YKYVgg
5R3FMapwhmj1I6XC03G7LnHJC6CCCCBYDDhZTSc3NJuflKYktVFXAIxtDUlWcbxj
BrINvYzmXVLyLDRgrPZcgpXAnjB8OhCILSYPj0a9VQCG
-----END CERTIFICATE-----