Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/DoIEl80ccU71Rtj4MTm_t-G6yDI.roa
File:                     DoIEl80ccU71Rtj4MTm_t-G6yDI.roa (raw, json)
Hash identifier:          Ib+Z5pbMkFxnsl9UrMCdKlUglMekzBGXjfD22LlkWkc=
Subject key identifier:   0E:82:04:97:CD:1C:71:4E:F5:46:D8:F8:31:39:BF:B7:E1:BA:C8:32
Certificate issuer:       /CN=2c4344722645da25ece3b17c7a83762ed42dda52
Certificate serial:       018CC7958AF20D7A72B16E7BA9AE28C47001
Authority key identifier: 2C:43:44:72:26:45:DA:25:EC:E3:B1:7C:7A:83:76:2E:D4:2D:DA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/DoIEl80ccU71Rtj4MTm_t-G6yDI.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202078
IP address blocks:        185.54.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8a:f2:0d:7a:72:b1:6e:7b:a9:ae:28:c4:70:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c4344722645da25ece3b17c7a83762ed42dda52
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e820497cd1c714ef546d8f83139bfb7e1bac832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:fe:05:f7:e9:89:51:c4:bf:f8:d8:f6:71:
                    0b:3f:00:3c:15:59:48:3d:c9:de:32:6a:7e:35:37:
                    5b:45:28:bf:84:60:26:7e:2b:0d:1b:33:16:73:fc:
                    74:ae:27:4c:44:cd:07:c6:a2:2f:48:ee:f2:4a:7f:
                    9b:1a:1e:29:41:47:b8:66:3c:c7:01:37:9f:c8:4a:
                    94:51:a3:89:a6:de:43:47:b0:fa:5a:4c:90:71:ce:
                    cd:77:14:39:d2:b0:ca:63:23:da:21:5c:06:bf:36:
                    3a:89:4f:8e:e4:bc:8f:e4:b5:49:ee:7d:aa:ed:2d:
                    0a:4e:32:f8:4a:6d:98:c2:b4:d4:73:18:40:58:b5:
                    c5:4d:83:10:66:ed:0c:c5:72:46:aa:0d:f8:cf:8a:
                    da:8d:6c:ad:b7:34:cd:09:17:ec:25:2b:1d:64:fd:
                    8e:7c:70:75:b0:0d:06:6a:37:dd:b3:33:89:a9:0b:
                    c1:90:a9:7d:20:20:99:03:8c:d6:a1:ca:ae:b3:aa:
                    fe:47:c5:37:0d:89:e2:29:60:bc:66:d7:09:e4:78:
                    59:0f:8e:48:27:63:c5:b4:e9:73:6a:95:56:00:30:
                    6c:b5:86:6d:a2:6c:59:fe:35:3f:21:2b:55:ab:90:
                    09:c0:0c:27:98:ae:31:7b:c7:96:23:36:49:b6:49:
                    13:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:82:04:97:CD:1C:71:4E:F5:46:D8:F8:31:39:BF:B7:E1:BA:C8:32
            X509v3 Authority Key Identifier:
                keyid:2C:43:44:72:26:45:DA:25:EC:E3:B1:7C:7A:83:76:2E:D4:2D:DA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LENEciZF2iXs47F8eoN2LtQt2lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/DoIEl80ccU71Rtj4MTm_t-G6yDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c35dcd-3103-4ea0-a8c5-866f1d2327aa/1/LENEciZF2iXs47F8eoN2LtQt2lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:f5:16:a1:86:4e:9b:c4:fd:ff:ff:6a:55:59:f2:ee:01:69:
         67:91:40:b0:5c:f3:81:87:d4:75:0a:c4:c4:85:61:4f:6a:dc:
         b0:97:31:bc:17:6b:c9:d5:d9:03:f9:c4:ee:56:f8:c0:00:d5:
         48:6f:be:3b:a4:c6:75:e2:c2:83:89:e2:d6:78:d3:f4:a6:6f:
         f6:ec:1b:f9:1d:a4:a3:aa:f3:1b:0e:5b:f2:53:45:62:d7:b7:
         e2:90:d5:5a:68:6e:df:f1:1d:08:5a:a8:a6:02:43:08:00:1e:
         f0:15:19:5f:34:e3:76:55:7d:b1:a8:84:2e:1f:dc:5a:ab:64:
         19:74:a3:7d:d7:42:14:ea:af:1f:29:b9:52:e6:b8:b1:18:fe:
         24:1f:af:2f:45:00:66:68:d8:dc:bc:9a:34:94:13:32:f8:a4:
         4f:ac:c3:2f:e2:0c:22:65:11:03:2e:a6:d3:5f:29:89:0b:ba:
         51:0e:17:fe:f4:66:3d:39:2c:03:40:4e:62:ac:e5:a3:3c:87:
         60:d6:01:d5:ee:39:42:3c:a8:95:5d:63:ab:99:d7:d3:1b:ac:
         0e:eb:7b:d7:5e:a8:72:8e:45:f8:c4:ca:78:04:b7:f6:3b:d2:
         8e:91:22:fe:79:ff:54:b4:d6:10:f1:e3:54:78:c5:b6:76:44:
         5f:bd:a6:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYryDXpysW57qa4oxHABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNDM0NDcyMjY0NWRhMjVlY2UzYjE3YzdhODM3NjJlZDQy
ZGRhNTIwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgyMDQ5N2NkMWM3MTRlZjU0NmQ4ZjgzMTM5YmZiN2UxYmFjODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVT+BffpiVHEv/jY9nELPwA8FVlI
PcneMmp+NTdbRSi/hGAmfisNGzMWc/x0ridMRM0HxqIvSO7ySn+bGh4pQUe4ZjzH
ATefyEqUUaOJpt5DR7D6WkyQcc7NdxQ50rDKYyPaIVwGvzY6iU+O5LyP5LVJ7n2q
7S0KTjL4Sm2YwrTUcxhAWLXFTYMQZu0MxXJGqg34z4rajWyttzTNCRfsJSsdZP2O
fHB1sA0GajfdszOJqQvBkKl9ICCZA4zWocqus6r+R8U3DYniKWC8ZtcJ5HhZD45I
J2PFtOlzapVWADBstYZtomxZ/jU/IStVq5AJwAwnmK4xe8eWIzZJtkkTLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6CBJfNHHFO9UbY+DE5v7fhusgyMB8GA1UdIwQY
MBaAFCxDRHImRdol7OOxfHqDdi7ULdpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEVORWNpWkYyaVhzNDdGOGVvTjJMdFF0MmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jMzVkY2QtMzEwMy00ZWEwLWE4YzUt
ODY2ZjFkMjMyN2FhLzEvRG9JRWw4MGNjVTcxUnRqNE1UbV90LUc2eURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jMzVkY2QtMzEwMy00ZWEwLWE4YzUtODY2ZjFkMjMyN2Fh
LzEvTEVORWNpWkYyaVhzNDdGOGVvTjJMdFF0MmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTYoMA0G
CSqGSIb3DQEBCwUAA4IBAQAu9Rahhk6bxP3//2pVWfLuAWlnkUCwXPOBh9R1CsTE
hWFPatywlzG8F2vJ1dkD+cTuVvjAANVIb747pMZ14sKDieLWeNP0pm/27Bv5HaSj
qvMbDlvyU0Vi17fikNVaaG7f8R0IWqimAkMIAB7wFRlfNON2VX2xqIQuH9xaq2QZ
dKN910IU6q8fKblS5rixGP4kH68vRQBmaNjcvJo0lBMy+KRPrMMv4gwiZREDLqbT
XymJC7pRDhf+9GY9OSwDQE5irOWjPIdg1gHV7jlCPKiVXWOrmdfTG6wO63vXXqhy
jkX4xMp4BLf2O9KOkSL+ef9UtNYQ8eNUeMW2dkRfvabf
-----END CERTIFICATE-----