Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/v6MoYg4mwatcJgaf8OVN0XsRYk0.roa
File:                     v6MoYg4mwatcJgaf8OVN0XsRYk0.roa (raw, json)
Hash identifier:          HY3jYUUmtqZWsWYFUh/XhgJHtARtr3AKjwBkCarY4mc=
Subject key identifier:   BF:A3:28:62:0E:26:C1:AB:5C:26:06:9F:F0:E5:4D:D1:7B:11:62:4D
Certificate issuer:       /CN=83486841b4f4adc56264c5963085182a220e46d4
Certificate serial:       018EA973ACB02EC0E3053EFEC9B8F712127B
Authority key identifier: 83:48:68:41:B4:F4:AD:C5:62:64:C5:96:30:85:18:2A:22:0E:46:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/v6MoYg4mwatcJgaf8OVN0XsRYk0.roa
Signing time:             Thu 04 Apr 2024 14:11:54 +0000
ROA not before:           Thu 04 Apr 2024 14:11:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.148.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:73:ac:b0:2e:c0:e3:05:3e:fe:c9:b8:f7:12:12:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83486841b4f4adc56264c5963085182a220e46d4
        Validity
            Not Before: Apr  4 14:11:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa328620e26c1ab5c26069ff0e54dd17b11624d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:77:69:5f:dd:6a:ec:7e:db:20:5d:7e:f7:5f:
                    e1:39:5d:a6:d3:50:24:18:23:66:a3:60:41:a8:ca:
                    88:00:6f:86:28:d2:66:0c:02:4d:f2:89:79:b6:45:
                    97:2f:34:02:fd:7f:a1:b4:55:da:2d:d0:6b:3d:e8:
                    78:4a:3b:fe:8c:09:bc:de:f4:f8:e2:63:0b:e9:42:
                    ac:77:23:9b:75:db:8b:19:f7:cc:23:ae:87:81:a8:
                    03:fa:7b:be:7f:db:bf:c5:1c:b6:62:95:3c:b4:9d:
                    1c:0c:22:88:8e:a7:4d:3a:68:17:c3:dc:91:c2:a8:
                    8f:47:55:27:8f:70:e5:96:9c:65:e3:d0:7a:61:f1:
                    25:32:7e:18:29:20:60:fc:2f:b2:aa:95:cc:a3:13:
                    2f:8e:26:1e:e3:b4:65:17:4f:da:cc:e1:3f:7e:dc:
                    33:4b:8e:e5:c9:a8:d9:01:07:55:c0:53:90:8d:16:
                    67:cf:4f:04:26:72:76:ee:69:ae:fd:79:4d:ab:d9:
                    94:89:dc:b2:19:eb:da:79:9f:7d:bd:f4:38:ff:16:
                    70:50:83:b0:bb:a8:3d:a3:ec:e3:f7:5f:e6:57:42:
                    bf:f9:e6:b8:bb:08:f2:31:da:d1:d0:ff:5c:17:01:
                    22:75:af:c5:39:d6:a7:c2:30:d3:f8:46:63:7b:cb:
                    66:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A3:28:62:0E:26:C1:AB:5C:26:06:9F:F0:E5:4D:D1:7B:11:62:4D
            X509v3 Authority Key Identifier:
                keyid:83:48:68:41:B4:F4:AD:C5:62:64:C5:96:30:85:18:2A:22:0E:46:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0hoQbT0rcViZMWWMIUYKiIORtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/v6MoYg4mwatcJgaf8OVN0XsRYk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/57cb04-58ce-433b-93ab-10bc59d8ff8d/1/g0hoQbT0rcViZMWWMIUYKiIORtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:1b:39:4a:12:f4:0d:1e:4b:4c:5d:71:58:79:9b:47:dd:55:
         5b:06:7f:5e:60:bc:41:2b:b4:6e:07:a6:88:72:4c:66:7a:30:
         b3:6a:8d:14:06:5c:a5:96:47:c3:85:52:2e:61:33:f2:83:b1:
         4a:7d:6f:17:1f:3a:8d:ac:f1:5f:af:67:02:01:f0:4b:1b:aa:
         75:13:91:c6:33:4a:45:e0:5b:fc:a1:dc:70:6b:d9:c8:18:1d:
         4b:44:1e:f6:7a:66:3e:4b:fa:08:02:0b:7b:9d:b7:45:bf:15:
         55:39:02:24:03:e8:9c:32:1b:7a:74:52:3c:e7:d9:47:77:e7:
         b2:8e:b3:ff:76:28:45:90:1f:90:89:7d:c8:2c:dd:3f:fe:56:
         b5:75:fa:59:8f:be:99:83:7b:27:fe:53:34:5b:3c:33:84:8b:
         df:77:4a:0c:d1:a2:d8:18:b6:cc:92:ea:5b:86:f0:7c:22:5f:
         07:af:60:0f:11:7b:5a:2e:e9:25:86:98:42:68:0d:9c:1d:bd:
         f1:d8:d5:32:9d:9c:b3:1c:81:fb:58:67:1c:aa:dc:0c:bc:46:
         2d:eb:1d:95:8c:5a:13:95:8f:98:eb:29:80:2e:a2:d3:04:72:
         eb:a7:da:17:6e:8c:8c:8f:cb:5d:40:8c:8e:f3:4f:ec:07:f5:
         e3:82:68:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6pc6ywLsDjBT7+ybj3EhJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDg2ODQxYjRmNGFkYzU2MjY0YzU5NjMwODUxODJhMjIw
ZTQ2ZDQwHhcNMjQwNDA0MTQxMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmEzMjg2MjBlMjZjMWFiNWMyNjA2OWZmMGU1NGRkMTdiMTE2MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3dpX91q7H7bIF1+91/hOV2m01Ak
GCNmo2BBqMqIAG+GKNJmDAJN8ol5tkWXLzQC/X+htFXaLdBrPeh4Sjv+jAm83vT4
4mML6UKsdyObdduLGffMI66HgagD+nu+f9u/xRy2YpU8tJ0cDCKIjqdNOmgXw9yR
wqiPR1Unj3Dllpxl49B6YfElMn4YKSBg/C+yqpXMoxMvjiYe47RlF0/azOE/ftwz
S47lyajZAQdVwFOQjRZnz08EJnJ27mmu/XlNq9mUidyyGevaeZ99vfQ4/xZwUIOw
u6g9o+zj91/mV0K/+ea4uwjyMdrR0P9cFwEida/FOdanwjDT+EZje8tmGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+jKGIOJsGrXCYGn/DlTdF7EWJNMB8GA1UdIwQY
MBaAFINIaEG09K3FYmTFljCFGCoiDkbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBob1FiVDByY1ZpWk1XV01JVVlLaUlPUnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi81N2NiMDQtNThjZS00MzNiLTkzYWIt
MTBiYzU5ZDhmZjhkLzEvdjZNb1lnNG13YXRjSmdhZjhPVk4wWHNSWWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi81N2NiMDQtNThjZS00MzNiLTkzYWItMTBiYzU5ZDhmZjhk
LzEvZzBob1FiVDByY1ZpWk1XV01JVVlLaUlPUnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZS/MA0G
CSqGSIb3DQEBCwUAA4IBAQBUGzlKEvQNHktMXXFYeZtH3VVbBn9eYLxBK7RuB6aI
ckxmejCzao0UBlyllkfDhVIuYTPyg7FKfW8XHzqNrPFfr2cCAfBLG6p1E5HGM0pF
4Fv8odxwa9nIGB1LRB72emY+S/oIAgt7nbdFvxVVOQIkA+icMht6dFI859lHd+ey
jrP/dihFkB+QiX3ILN0//la1dfpZj76Zg3sn/lM0WzwzhIvfd0oM0aLYGLbMkupb
hvB8Il8Hr2APEXtaLuklhphCaA2cHb3x2NUynZyzHIH7WGccqtwMvEYt6x2VjFoT
lY+Y6ymALqLTBHLrp9oXboyMj8tdQIyO80/sB/XjgmiJ
-----END CERTIFICATE-----