Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/RKDfIWOTQq8PWl32qwqHUtwswi0.roa
File:                     RKDfIWOTQq8PWl32qwqHUtwswi0.roa (raw, json)
Hash identifier:          e+550mq6rA7xRGPJMPImzdI5pWmMEclNkmmVmX6mT3g=
Subject key identifier:   44:A0:DF:21:63:93:42:AF:0F:5A:5D:F6:AB:0A:87:52:DC:2C:C2:2D
Certificate issuer:       /CN=7ca04cc67ef96d9022f3d0bfc51eadb4a4b63ee6
Certificate serial:       018CC56DE00DD531D980BC0FA304E3F9B1DC
Authority key identifier: 7C:A0:4C:C6:7E:F9:6D:90:22:F3:D0:BF:C5:1E:AD:B4:A4:B6:3E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/RKDfIWOTQq8PWl32qwqHUtwswi0.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44558
IP address blocks:        159.255.40.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e0:0d:d5:31:d9:80:bc:0f:a3:04:e3:f9:b1:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca04cc67ef96d9022f3d0bfc51eadb4a4b63ee6
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44a0df21639342af0f5a5df6ab0a8752dc2cc22d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8a:00:56:77:e6:6d:17:7d:7d:c8:01:ee:18:
                    69:6c:01:91:18:ad:77:7d:ad:81:db:fd:d6:e3:5a:
                    c0:37:a8:4c:a5:96:d8:cb:7e:1f:eb:c0:d0:33:75:
                    3b:a9:47:46:df:c1:4c:a6:5c:8f:df:53:9c:a3:b2:
                    1d:ee:a7:de:77:bd:de:e4:7f:27:e3:c0:9f:21:35:
                    8c:ed:76:58:a1:5c:c2:87:cf:b5:f9:92:fc:45:82:
                    a4:d5:21:f4:27:e1:43:7b:32:00:06:ec:1b:b6:aa:
                    52:60:fd:8d:f5:2e:a4:c4:7b:fb:df:c1:18:59:e1:
                    7f:81:59:bd:e3:86:f8:b9:f4:dc:7e:b6:cd:e5:f5:
                    c7:c3:f8:1b:f9:1f:45:38:91:4c:9d:fb:92:f3:69:
                    68:da:23:f0:7c:02:3b:59:55:3a:4e:92:d3:26:83:
                    a7:a3:68:58:9b:35:c9:35:d7:bc:d8:7c:79:5f:03:
                    df:06:6b:5e:e1:11:91:2d:e6:42:ca:c5:b3:9b:9c:
                    42:e8:af:33:e9:7b:51:f5:40:63:06:8d:61:31:79:
                    8e:d3:0d:0d:74:28:86:64:2e:59:33:fb:53:24:51:
                    0c:d1:de:60:87:9e:de:d2:58:9f:9d:d4:40:12:89:
                    0a:48:75:6d:c4:f5:38:72:eb:84:dc:31:d8:23:b0:
                    0f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A0:DF:21:63:93:42:AF:0F:5A:5D:F6:AB:0A:87:52:DC:2C:C2:2D
            X509v3 Authority Key Identifier:
                keyid:7C:A0:4C:C6:7E:F9:6D:90:22:F3:D0:BF:C5:1E:AD:B4:A4:B6:3E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/RKDfIWOTQq8PWl32qwqHUtwswi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:ab:a9:86:13:83:65:0f:b0:ca:af:96:d7:bd:40:59:a3:11:
         bc:e5:ca:26:01:10:b6:38:ff:15:5e:63:b3:7e:e2:48:f9:2f:
         a7:c7:29:6d:f6:f3:d8:4f:f6:e5:ab:37:e0:b3:59:8b:70:da:
         24:44:ac:a8:93:53:04:3e:21:ca:54:79:53:72:04:98:0e:01:
         1f:07:65:be:22:73:08:f2:97:d4:8d:67:9d:e7:54:be:c6:1a:
         d9:b7:fc:30:e6:88:fd:67:c7:bc:1b:15:c2:70:0d:6e:15:cb:
         7e:12:ff:aa:ea:1d:8b:e6:ba:d9:b4:0a:53:20:bd:91:d2:52:
         5b:06:4d:2e:ac:92:5d:ae:44:6f:b6:54:b0:cc:da:92:16:79:
         06:31:1e:60:10:9e:98:73:98:62:b1:0c:32:b0:b7:04:de:06:
         4e:87:f2:b7:e8:fe:4d:af:c2:e2:67:c7:79:f8:ff:ca:84:2c:
         1e:a5:07:8a:37:52:e4:dd:81:36:5b:ba:2c:4c:64:76:c3:8b:
         b6:a1:1b:43:2b:68:bd:ed:b7:87:19:ee:e4:b1:d0:65:4f:0f:
         23:32:50:c1:35:85:0a:a3:30:90:b9:01:c4:2d:93:5b:04:b0:
         01:73:cf:4b:22:32:b0:6e:be:6b:3d:bc:6c:c8:3c:60:fb:8c:
         03:da:d2:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeAN1THZgLwPowTj+bHcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTA0Y2M2N2VmOTZkOTAyMmYzZDBiZmM1MWVhZGI0YTRi
NjNlZTYwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEwZGYyMTYzOTM0MmFmMGY1YTVkZjZhYjBhODc1MmRjMmNjMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmooAVnfmbRd9fcgB7hhpbAGRGK13
fa2B2/3W41rAN6hMpZbYy34f68DQM3U7qUdG38FMplyP31Oco7Id7qfed73e5H8n
48CfITWM7XZYoVzCh8+1+ZL8RYKk1SH0J+FDezIABuwbtqpSYP2N9S6kxHv738EY
WeF/gVm944b4ufTcfrbN5fXHw/gb+R9FOJFMnfuS82lo2iPwfAI7WVU6TpLTJoOn
o2hYmzXJNde82Hx5XwPfBmte4RGRLeZCysWzm5xC6K8z6XtR9UBjBo1hMXmO0w0N
dCiGZC5ZM/tTJFEM0d5gh57e0lifndRAEokKSHVtxPU4cuuE3DHYI7APqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESg3yFjk0KvD1pd9qsKh1LcLMItMB8GA1UdIwQY
MBaAFHygTMZ++W2QIvPQv8UerbSktj7mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktCTXhuNzViWkFpODlDX3hSNnR0S1MyUHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85Yjk0ZTItZDIxZC00ZDgxLThhZWEt
YTU1NjhlMGZiYjZkLzEvUktEZklXT1RRcThQV2wzMnF3cUhVdHdzd2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85Yjk0ZTItZDIxZC00ZDgxLThhZWEtYTU1NjhlMGZiYjZk
LzEvZktCTXhuNzViWkFpODlDX3hSNnR0S1MyUHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDn/8oMA0G
CSqGSIb3DQEBCwUAA4IBAQBZq6mGE4NlD7DKr5bXvUBZoxG85comARC2OP8VXmOz
fuJI+S+nxylt9vPYT/blqzfgs1mLcNokRKyok1MEPiHKVHlTcgSYDgEfB2W+InMI
8pfUjWed51S+xhrZt/ww5oj9Z8e8GxXCcA1uFct+Ev+q6h2L5rrZtApTIL2R0lJb
Bk0urJJdrkRvtlSwzNqSFnkGMR5gEJ6Yc5hisQwysLcE3gZOh/K36P5Nr8LiZ8d5
+P/KhCwepQeKN1Lk3YE2W7osTGR2w4u2oRtDK2i97beHGe7ksdBlTw8jMlDBNYUK
ozCQuQHELZNbBLABc89LIjKwbr5rPbxsyDxg+4wD2tKi
-----END CERTIFICATE-----