Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/0V_LTYEDfJNyJmghNs_MSEUm5EA.roa
File:                     0V_LTYEDfJNyJmghNs_MSEUm5EA.roa (raw, json)
Hash identifier:          6yn5iO3tavP60XLVkWSvqVvHbjFZPkZlUZpYI4w5qQY=
Subject key identifier:   D1:5F:CB:4D:81:03:7C:93:72:26:68:21:36:CF:CC:48:45:26:E4:40
Certificate issuer:       /CN=b264bd0c3c02a4cbc2cf74a9367e3cd530798726
Certificate serial:       018CC94DDB6623D9EFCFBC5720CE72F4933F
Authority key identifier: B2:64:BD:0C:3C:02:A4:CB:C2:CF:74:A9:36:7E:3C:D5:30:79:87:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/smS9DDwCpMvCz3SpNn481TB5hyY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/0V_LTYEDfJNyJmghNs_MSEUm5EA.roa
Signing time:             Tue 02 Jan 2024 08:32:52 +0000
ROA not before:           Tue 02 Jan 2024 08:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.147.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/smS9DDwCpMvCz3SpNn481TB5hyY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/smS9DDwCpMvCz3SpNn481TB5hyY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/smS9DDwCpMvCz3SpNn481TB5hyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:db:66:23:d9:ef:cf:bc:57:20:ce:72:f4:93:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b264bd0c3c02a4cbc2cf74a9367e3cd530798726
        Validity
            Not Before: Jan  2 08:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d15fcb4d81037c937226682136cfcc484526e440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c7:bf:24:a3:2f:32:15:51:cb:8e:68:e0:14:
                    b3:40:f6:45:2d:d5:67:6f:6e:57:55:e2:95:af:19:
                    9d:74:70:4b:19:c4:14:b7:86:b6:ee:11:a8:d4:ad:
                    6a:d1:f6:0e:67:02:b6:9a:94:f5:ca:fe:bb:33:7f:
                    0a:8b:6e:2a:21:d5:bf:0c:ba:f8:82:2b:f3:96:5b:
                    c3:8c:83:64:af:23:d3:7e:a6:ab:e7:56:5a:0c:e0:
                    ad:a5:92:b0:2c:bc:4d:31:cd:55:8b:46:65:1a:16:
                    39:a6:45:81:f0:df:dd:1f:1b:68:bc:e0:6b:3f:6b:
                    e3:1d:7b:aa:da:4c:0a:29:7a:b6:39:2c:ef:ea:25:
                    53:bc:4a:9f:e1:32:21:b6:f1:c2:9d:12:d8:8b:86:
                    0d:14:b5:72:af:65:05:00:c5:b6:40:9a:ec:45:2c:
                    4a:93:e3:81:bf:21:45:db:ef:90:bd:c7:31:6d:dc:
                    af:dd:45:d3:16:bd:ec:6b:b0:db:42:01:57:e6:78:
                    72:99:da:f5:e0:08:cc:b4:ff:b2:b4:2c:18:8d:30:
                    97:a9:24:c9:79:d9:04:ce:b1:9b:d9:63:c6:51:18:
                    24:57:0f:f9:17:f6:4d:7d:56:d3:54:5a:a7:78:00:
                    c7:1b:39:33:4c:a1:dd:f4:cf:1c:91:56:eb:f2:10:
                    36:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:5F:CB:4D:81:03:7C:93:72:26:68:21:36:CF:CC:48:45:26:E4:40
            X509v3 Authority Key Identifier:
                keyid:B2:64:BD:0C:3C:02:A4:CB:C2:CF:74:A9:36:7E:3C:D5:30:79:87:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smS9DDwCpMvCz3SpNn481TB5hyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/0V_LTYEDfJNyJmghNs_MSEUm5EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ecdb70-5e6d-4d4a-bc27-9e90f02c9313/1/smS9DDwCpMvCz3SpNn481TB5hyY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:9b:ad:39:6a:fb:8b:4a:ec:33:dd:48:60:2a:32:f8:e9:2f:
         b7:c5:0c:ea:94:31:5f:fc:5c:80:4b:8f:14:d6:a3:44:bd:db:
         40:3f:c4:e2:be:80:36:c0:cc:5d:34:74:07:ea:49:53:3d:0b:
         13:44:a2:ef:31:9c:00:2f:d5:d4:49:c0:f6:e9:d1:15:b3:65:
         5c:c0:fd:3b:f6:b7:b8:83:eb:79:0a:dd:c0:b9:2b:96:3b:a5:
         8d:6e:15:b5:ee:b2:2d:15:85:17:5a:4a:bd:43:01:3a:39:53:
         b2:f9:95:95:22:33:ce:40:d4:c7:8f:e4:21:32:83:61:c5:14:
         1e:81:38:ea:51:bb:7f:75:fc:f2:06:01:36:bd:cc:36:8d:ec:
         3b:67:e6:26:d2:24:67:9c:92:20:63:41:6f:dc:c6:b2:23:44:
         7a:12:50:bf:0f:85:92:70:68:d3:c2:e4:76:68:be:6b:5c:c6:
         a5:87:db:2e:de:c0:96:06:ba:ab:cf:dd:1a:2a:41:04:9c:10:
         f4:4d:09:33:d7:84:f5:6a:2c:75:1b:a6:01:c9:1e:56:1c:a1:
         14:eb:7a:a4:21:37:3a:c9:de:12:ab:53:2a:68:43:ae:90:61:
         d1:07:96:04:ef:ad:b0:d8:7d:27:76:5c:f4:1f:b4:85:ad:34:
         dc:77:4c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdtmI9nvz7xXIM5y9JM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNjRiZDBjM2MwMmE0Y2JjMmNmNzRhOTM2N2UzY2Q1MzA3
OTg3MjYwHhcNMjQwMTAyMDgzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTVmY2I0ZDgxMDM3YzkzNzIyNjY4MjEzNmNmY2M0ODQ1MjZlNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmce/JKMvMhVRy45o4BSzQPZFLdVn
b25XVeKVrxmddHBLGcQUt4a27hGo1K1q0fYOZwK2mpT1yv67M38Ki24qIdW/DLr4
givzllvDjINkryPTfqar51ZaDOCtpZKwLLxNMc1Vi0ZlGhY5pkWB8N/dHxtovOBr
P2vjHXuq2kwKKXq2OSzv6iVTvEqf4TIhtvHCnRLYi4YNFLVyr2UFAMW2QJrsRSxK
k+OBvyFF2++Qvccxbdyv3UXTFr3sa7DbQgFX5nhymdr14AjMtP+ytCwYjTCXqSTJ
edkEzrGb2WPGURgkVw/5F/ZNfVbTVFqneADHGzkzTKHd9M8ckVbr8hA2kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFfy02BA3yTciZoITbPzEhFJuRAMB8GA1UdIwQY
MBaAFLJkvQw8AqTLws90qTZ+PNUweYcmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc21TOUREd0NwTXZDejNTcE5uNDgxVEI1aHlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lY2RiNzAtNWU2ZC00ZDRhLWJjMjct
OWU5MGYwMmM5MzEzLzEvMFZfTFRZRURmSk55Sm1naE5zX01TRVVtNUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lY2RiNzAtNWU2ZC00ZDRhLWJjMjctOWU5MGYwMmM5MzEz
LzEvc21TOUREd0NwTXZDejNTcE5uNDgxVEI1aHlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZN+MA0G
CSqGSIb3DQEBCwUAA4IBAQBWm605avuLSuwz3UhgKjL46S+3xQzqlDFf/FyAS48U
1qNEvdtAP8TivoA2wMxdNHQH6klTPQsTRKLvMZwAL9XUScD26dEVs2VcwP079re4
g+t5Ct3AuSuWO6WNbhW17rItFYUXWkq9QwE6OVOy+ZWVIjPOQNTHj+QhMoNhxRQe
gTjqUbt/dfzyBgE2vcw2jew7Z+Ym0iRnnJIgY0Fv3MayI0R6ElC/D4WScGjTwuR2
aL5rXMalh9su3sCWBrqrz90aKkEEnBD0TQkz14T1aix1G6YByR5WHKEU63qkITc6
yd4Sq1MqaEOukGHRB5YE762w2H0ndlz0H7SFrTTcd0x/
-----END CERTIFICATE-----