Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/mbM8I4bHenNeEH4ohofVUw85gIk.roa
File:                     mbM8I4bHenNeEH4ohofVUw85gIk.roa (raw, json)
Hash identifier:          w6VNZJf18vl0Ct2yx+mmP4fdMsY2fofZYaT/6a0dJW0=
Subject key identifier:   99:B3:3C:23:86:C7:7A:73:5E:10:7E:28:86:87:D5:53:0F:39:80:89
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       0191EAEDA73B66CF67CA1202E56C2BAC1B16
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/mbM8I4bHenNeEH4ohofVUw85gIk.roa
Signing time:             Fri 13 Sep 2024 10:28:48 +0000
ROA not before:           Fri 13 Sep 2024 10:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207080
IP address blocks:        185.194.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:ed:a7:3b:66:cf:67:ca:12:02:e5:6c:2b:ac:1b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Sep 13 10:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99b33c2386c77a735e107e288687d5530f398089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:10:63:24:f1:63:cd:2a:85:9f:aa:e7:8b:03:
                    05:af:37:63:ab:58:60:8f:0a:8a:de:78:59:ba:9e:
                    27:e7:93:9e:11:14:4d:81:76:6c:9d:28:ec:33:1a:
                    07:2e:29:00:0c:c4:61:4f:9d:26:45:6d:ec:93:05:
                    08:67:73:62:af:70:97:01:c2:34:e3:a4:c6:08:09:
                    64:73:14:b3:c3:d6:1b:78:59:74:cc:d4:3d:14:3d:
                    4c:20:b8:8c:aa:36:85:c3:d5:dd:56:00:20:53:bd:
                    51:2a:08:3a:8c:2a:61:44:e0:4d:c8:ce:8b:c1:d5:
                    c6:71:0d:40:b3:82:b9:80:05:12:10:3e:c2:f5:73:
                    79:58:05:e4:00:39:57:e1:6e:b5:a6:89:6d:b6:d9:
                    13:88:80:ad:0a:82:c4:2a:b9:73:7b:b6:15:80:dc:
                    3e:34:ae:8a:bf:91:00:06:7a:15:6f:3b:fe:f7:fc:
                    d7:9f:55:83:c7:9a:fe:8b:1d:30:f8:1b:4a:da:36:
                    41:83:c8:a0:9e:3a:5e:eb:8a:3b:c3:50:69:8d:f5:
                    20:7d:ec:cf:5c:28:26:dc:8f:27:57:8c:5f:46:04:
                    d2:f3:20:a3:3d:a3:f9:df:38:34:14:c7:19:dc:b1:
                    c2:51:e5:59:59:2d:76:c9:66:5b:66:79:05:12:c4:
                    ff:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:B3:3C:23:86:C7:7A:73:5E:10:7E:28:86:87:D5:53:0F:39:80:89
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/mbM8I4bHenNeEH4ohofVUw85gIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:dd:35:e1:47:16:e1:0f:c2:30:60:39:6d:5c:dd:13:34:a0:
         fa:1d:f5:28:0f:4a:2b:18:7d:44:df:e2:06:2f:65:11:49:fb:
         13:76:b8:f7:d2:56:90:3a:71:7a:1c:87:10:bd:49:c3:ae:18:
         90:24:cf:b8:f0:fb:70:5a:93:c1:f1:5e:68:bd:70:ee:9a:af:
         f9:53:ce:22:b5:7f:fc:4f:1d:58:51:65:5d:53:6f:5c:d0:e1:
         ac:8a:5d:ba:a0:cd:2c:b2:72:6f:df:38:2a:b8:fd:d2:9e:12:
         82:0b:f6:14:7d:95:b8:30:27:0c:14:ed:49:c0:37:c0:41:81:
         16:94:fd:2b:c0:a4:77:51:79:17:9f:44:51:60:a3:e0:b0:28:
         e4:37:0e:23:2c:42:36:5a:6d:d3:21:43:ac:52:60:e2:5c:38:
         5d:57:9e:b3:93:3d:b1:79:e3:70:12:06:a7:69:d2:3a:44:37:
         2a:09:6b:2e:0a:4e:dd:9b:2f:08:85:05:c1:01:6c:a7:76:9b:
         8d:ae:a8:b5:ce:12:51:22:7a:58:61:3e:91:d3:f9:4a:f8:93:
         6d:0c:3f:9b:66:52:e3:2e:f5:1f:12:47:2c:56:69:03:6f:f6:
         aa:c2:7e:fa:54:9b:ab:8c:1a:92:15:0d:7b:43:4f:07:4d:4e:
         85:fe:eb:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHq7ac7Zs9nyhIC5WwrrBsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjQwOTEzMTAyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWIzM2MyMzg2Yzc3YTczNWUxMDdlMjg4Njg3ZDU1MzBmMzk4MDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRBjJPFjzSqFn6rniwMFrzdjq1hg
jwqK3nhZup4n55OeERRNgXZsnSjsMxoHLikADMRhT50mRW3skwUIZ3Nir3CXAcI0
46TGCAlkcxSzw9YbeFl0zNQ9FD1MILiMqjaFw9XdVgAgU71RKgg6jCphROBNyM6L
wdXGcQ1As4K5gAUSED7C9XN5WAXkADlX4W61poltttkTiICtCoLEKrlze7YVgNw+
NK6Kv5EABnoVbzv+9/zXn1WDx5r+ix0w+BtK2jZBg8ignjpe64o7w1BpjfUgfezP
XCgm3I8nV4xfRgTS8yCjPaP53zg0FMcZ3LHCUeVZWS12yWZbZnkFEsT/EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmzPCOGx3pzXhB+KIaH1VMPOYCJMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvbWJNOEk0Ykhlbk5lRUg0b2hvZlZVdzg1Z0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucJxMA0G
CSqGSIb3DQEBCwUAA4IBAQAS3TXhRxbhD8IwYDltXN0TNKD6HfUoD0orGH1E3+IG
L2URSfsTdrj30laQOnF6HIcQvUnDrhiQJM+48PtwWpPB8V5ovXDumq/5U84itX/8
Tx1YUWVdU29c0OGsil26oM0ssnJv3zgquP3SnhKCC/YUfZW4MCcMFO1JwDfAQYEW
lP0rwKR3UXkXn0RRYKPgsCjkNw4jLEI2Wm3TIUOsUmDiXDhdV56zkz2xeeNwEgan
adI6RDcqCWsuCk7dmy8IhQXBAWyndpuNrqi1zhJRInpYYT6R0/lK+JNtDD+bZlLj
LvUfEkcsVmkDb/aqwn76VJurjBqSFQ17Q08HTU6F/uuV
-----END CERTIFICATE-----