Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/8A5GzQ3tz1N6DGJS0Yzn2zmS_Jk.roa
File:                     8A5GzQ3tz1N6DGJS0Yzn2zmS_Jk.roa (raw, json)
Hash identifier:          64fKJvHKaxKbF8FeLQN1lU4WC/6wxFTOpdLXDBcYc9o=
Subject key identifier:   F0:0E:46:CD:0D:ED:CF:53:7A:0C:62:52:D1:8C:E7:DB:39:92:FC:99
Certificate issuer:       /CN=e8c3e6452a63f8e47a257e53c1a8ffa75f91ea40
Certificate serial:       018CC3B68CDD179075C08A035DCEE8C5CEB6
Authority key identifier: E8:C3:E6:45:2A:63:F8:E4:7A:25:7E:53:C1:A8:FF:A7:5F:91:EA:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MPmRSpj-OR6JX5Twaj_p1-R6kA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/8A5GzQ3tz1N6DGJS0Yzn2zmS_Jk.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42035
IP address blocks:        185.199.140.0/22 maxlen: 22
                          2a0b:2b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/6MPmRSpj-OR6JX5Twaj_p1-R6kA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/6MPmRSpj-OR6JX5Twaj_p1-R6kA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MPmRSpj-OR6JX5Twaj_p1-R6kA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8c:dd:17:90:75:c0:8a:03:5d:ce:e8:c5:ce:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8c3e6452a63f8e47a257e53c1a8ffa75f91ea40
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f00e46cd0dedcf537a0c6252d18ce7db3992fc99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:62:7d:ef:fe:aa:bd:0a:7a:57:e5:2e:6b:73:
                    77:9d:07:33:53:49:69:76:d3:06:46:5f:84:07:a7:
                    51:21:ba:ba:92:d7:7d:aa:8f:60:47:25:a5:78:bb:
                    e9:1f:ec:ac:ad:17:fd:be:5b:0d:45:e5:7c:0a:5d:
                    33:ad:a2:24:28:39:4c:a2:7b:8e:f4:60:3f:8d:fb:
                    2c:d0:ed:f1:e8:eb:d0:07:4a:96:78:6b:b8:7e:cb:
                    ac:79:ef:be:16:96:1b:a4:c0:f0:28:cf:1c:9a:b6:
                    4a:42:de:ff:98:17:dc:81:de:1e:ce:1f:af:6b:0c:
                    44:55:b6:cd:45:b0:1d:45:64:f2:54:4b:24:ba:33:
                    b0:48:30:49:b9:ff:7c:4b:aa:06:7f:45:ee:19:4e:
                    8e:a2:64:93:fe:c2:86:8a:5e:24:29:7c:43:75:6c:
                    fe:b5:6e:a9:40:87:7d:28:77:4d:a4:50:97:29:0f:
                    ea:b9:7f:f6:78:b7:66:c9:fb:fb:1c:4f:38:97:6e:
                    ab:cc:f9:6d:33:97:1c:1d:15:ca:91:c6:71:97:8c:
                    69:f0:04:a0:15:39:3f:a1:2c:65:a5:0b:27:37:22:
                    e9:e6:80:77:95:f6:98:9f:93:ff:02:b7:0a:63:33:
                    3b:cb:9d:20:b9:d7:2b:e7:da:dd:b0:7c:40:be:d5:
                    b0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:0E:46:CD:0D:ED:CF:53:7A:0C:62:52:D1:8C:E7:DB:39:92:FC:99
            X509v3 Authority Key Identifier:
                keyid:E8:C3:E6:45:2A:63:F8:E4:7A:25:7E:53:C1:A8:FF:A7:5F:91:EA:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MPmRSpj-OR6JX5Twaj_p1-R6kA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/8A5GzQ3tz1N6DGJS0Yzn2zmS_Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/db4658-4275-43ba-9da9-6d810b0ada0a/1/6MPmRSpj-OR6JX5Twaj_p1-R6kA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.140.0/22
                IPv6:
                  2a0b:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:a2:7e:51:6d:db:8c:07:d2:27:a7:2c:8a:0e:b9:69:cf:88:
         24:d2:28:7c:2d:54:ab:6f:bc:12:32:bb:22:86:ea:58:7c:47:
         a2:20:c7:30:18:6b:79:e6:94:cf:2a:64:cd:e3:6b:33:a5:3b:
         3a:1e:ee:e9:4b:59:45:cb:c0:bf:f0:2c:0d:de:c3:a0:bc:27:
         87:aa:0a:37:54:6e:2e:36:75:b4:14:fb:92:19:62:86:b1:80:
         72:26:29:21:42:67:24:b4:c5:d4:49:61:08:03:b4:c0:64:74:
         48:cc:c5:aa:b4:56:a7:8b:26:44:24:ea:fb:97:77:25:19:80:
         c1:e5:70:f4:dd:97:2c:11:07:c4:cc:f9:1f:9c:95:11:93:c8:
         85:b3:52:24:97:2c:a3:e5:2a:9e:b1:e9:a0:56:56:9f:23:4b:
         a2:1f:d4:d5:54:4c:44:f8:f9:f1:82:bc:4e:0b:34:20:b9:c4:
         ce:f3:fe:99:4c:ff:cd:1f:a7:8f:74:1c:67:84:0e:53:3a:02:
         76:6c:cf:d9:97:64:c0:21:92:39:6a:1b:92:eb:69:61:e3:86:
         71:9d:a4:29:34:e9:f0:70:a4:47:d6:c5:35:ad:16:15:4d:a3:
         fc:05:0b:7a:74:e7:05:db:d5:f8:1e:a8:78:dd:63:57:03:8c:
         6f:dd:66:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtozdF5B1wIoDXc7oxc62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YzNlNjQ1MmE2M2Y4ZTQ3YTI1N2U1M2MxYThmZmE3NWY5
MWVhNDAwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDBlNDZjZDBkZWRjZjUzN2EwYzYyNTJkMThjZTdkYjM5OTJmYzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2J97/6qvQp6V+Uua3N3nQczU0lp
dtMGRl+EB6dRIbq6ktd9qo9gRyWleLvpH+ysrRf9vlsNReV8Cl0zraIkKDlMonuO
9GA/jfss0O3x6OvQB0qWeGu4fsusee++FpYbpMDwKM8cmrZKQt7/mBfcgd4ezh+v
awxEVbbNRbAdRWTyVEskujOwSDBJuf98S6oGf0XuGU6OomST/sKGil4kKXxDdWz+
tW6pQId9KHdNpFCXKQ/quX/2eLdmyfv7HE84l26rzPltM5ccHRXKkcZxl4xp8ASg
FTk/oSxlpQsnNyLp5oB3lfaYn5P/ArcKYzM7y50gudcr59rdsHxAvtWwBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPAORs0N7c9TegxiUtGM59s5kvyZMB8GA1UdIwQY
MBaAFOjD5kUqY/jkeiV+U8Go/6dfkepAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1QbVJTcGotT1I2Slg1VHdhal9wMS1SNmtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kYjQ2NTgtNDI3NS00M2JhLTlkYTkt
NmQ4MTBiMGFkYTBhLzEvOEE1R3pRM3R6MU42REdKUzBZem4yem1TX0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kYjQ2NTgtNDI3NS00M2JhLTlkYTktNmQ4MTBiMGFkYTBh
LzEvNk1QbVJTcGotT1I2Slg1VHdhal9wMS1SNmtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuceMMA0E
AgACMAcDBQMqCytAMA0GCSqGSIb3DQEBCwUAA4IBAQBaon5RbduMB9InpyyKDrlp
z4gk0ih8LVSrb7wSMrsihupYfEeiIMcwGGt55pTPKmTN42szpTs6Hu7pS1lFy8C/
8CwN3sOgvCeHqgo3VG4uNnW0FPuSGWKGsYByJikhQmcktMXUSWEIA7TAZHRIzMWq
tFaniyZEJOr7l3clGYDB5XD03ZcsEQfEzPkfnJURk8iFs1Iklyyj5SqesemgVlaf
I0uiH9TVVExE+PnxgrxOCzQgucTO8/6ZTP/NH6ePdBxnhA5TOgJ2bM/Zl2TAIZI5
ahuS62lh44ZxnaQpNOnwcKRH1sU1rRYVTaP8BQt6dOcF29X4Hqh43WNXA4xv3Wbx
-----END CERTIFICATE-----