Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/B0LVHIH81zmffyilOxaz_qwkHhE.roa
File:                     B0LVHIH81zmffyilOxaz_qwkHhE.roa (raw, json)
Hash identifier:          mIDrhKmsM0wEJQrWsmTT85NdLBbyO+t4boOxMFrlVNA=
Subject key identifier:   07:42:D5:1C:81:FC:D7:39:9F:7F:28:A5:3B:16:B3:FE:AC:24:1E:11
Certificate issuer:       /CN=75b982eaba4408cd941899f5ceec1da6a67c5c49
Certificate serial:       018CCA9A049D35D5DAF7E568F677BB469360
Authority key identifier: 75:B9:82:EA:BA:44:08:CD:94:18:99:F5:CE:EC:1D:A6:A6:7C:5C:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbmC6rpECM2UGJn1zuwdpqZ8XEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/B0LVHIH81zmffyilOxaz_qwkHhE.roa
Signing time:             Tue 02 Jan 2024 14:35:40 +0000
ROA not before:           Tue 02 Jan 2024 14:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203111
IP address blocks:        185.144.104.0/22 maxlen: 22
                          2a07:3e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/dbmC6rpECM2UGJn1zuwdpqZ8XEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/dbmC6rpECM2UGJn1zuwdpqZ8XEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbmC6rpECM2UGJn1zuwdpqZ8XEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:04:9d:35:d5:da:f7:e5:68:f6:77:bb:46:93:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b982eaba4408cd941899f5ceec1da6a67c5c49
        Validity
            Not Before: Jan  2 14:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0742d51c81fcd7399f7f28a53b16b3feac241e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fc:3e:27:48:72:bf:77:dd:4c:39:b9:60:44:
                    09:d0:c1:60:2d:de:7d:74:e9:7d:e6:12:4d:c9:de:
                    f4:2b:a3:c5:ea:a8:56:18:cf:8d:52:e2:d0:e4:48:
                    e2:a6:76:b7:83:10:61:a0:62:30:76:02:c3:e9:f8:
                    e0:42:1b:6e:3f:56:10:af:9c:91:9c:7b:11:fc:c9:
                    e6:00:85:60:49:dd:56:04:e4:5d:80:c6:e2:b0:32:
                    cc:40:60:a7:5f:22:e6:ea:21:bd:6c:20:24:14:77:
                    2c:75:0e:87:12:64:d4:a6:eb:33:ec:28:14:94:b9:
                    73:26:98:4c:df:d9:e2:77:b7:c9:e9:f6:7b:b1:fd:
                    f8:19:85:73:e8:1e:6e:c5:8f:24:67:eb:fa:6c:b4:
                    5d:2c:5b:ae:6b:30:4a:43:93:59:79:f3:a7:71:9f:
                    78:dc:d6:24:4f:8c:84:d9:30:b2:d4:21:ec:45:d8:
                    d3:5a:c0:52:b4:78:60:4c:01:3b:09:73:b2:75:c2:
                    3c:8f:78:18:6d:95:6a:65:30:a4:60:73:c6:61:f4:
                    22:77:82:36:22:73:26:22:b5:9c:8a:c9:75:51:89:
                    e8:3a:f9:bc:ef:b8:c1:0e:64:d3:da:2e:6e:6e:3a:
                    04:e9:14:ce:99:97:d5:2d:39:04:a9:2b:68:ae:ed:
                    8e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:42:D5:1C:81:FC:D7:39:9F:7F:28:A5:3B:16:B3:FE:AC:24:1E:11
            X509v3 Authority Key Identifier:
                keyid:75:B9:82:EA:BA:44:08:CD:94:18:99:F5:CE:EC:1D:A6:A6:7C:5C:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbmC6rpECM2UGJn1zuwdpqZ8XEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/B0LVHIH81zmffyilOxaz_qwkHhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/69f3f3-0faa-465f-aa7a-d71ca19f989e/1/dbmC6rpECM2UGJn1zuwdpqZ8XEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.104.0/22
                IPv6:
                  2a07:3e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:4e:2f:7a:16:d4:ab:9d:07:74:10:59:55:01:44:b6:2b:
         0d:f4:49:48:51:eb:a8:28:c7:f0:41:22:05:2c:da:73:0a:36:
         a4:93:1f:79:92:a3:13:d9:61:92:e9:65:8c:7f:b4:17:26:80:
         ab:5c:ae:7c:23:f5:8b:48:7d:63:46:9d:27:c7:c6:7f:a9:e8:
         71:dd:58:b5:74:88:58:54:91:53:16:b5:bf:68:d3:51:00:09:
         5f:0a:c2:21:be:12:8a:a5:89:84:4f:bc:c4:47:77:a4:01:97:
         88:01:8b:8a:4b:1b:53:2d:5c:b1:bb:c6:60:2d:db:07:df:e8:
         19:68:6b:34:2d:59:c4:01:c3:1e:94:c9:52:78:ab:6c:7f:13:
         d4:c9:48:c8:9b:82:8b:5b:fe:ff:cc:a1:a8:b9:fb:42:55:f2:
         26:55:74:04:7c:b2:0a:d5:df:5e:f9:2a:af:7e:22:14:a7:0d:
         2d:5f:54:50:e4:8e:b7:93:89:d0:88:71:5c:2e:14:12:d7:76:
         71:67:21:03:7e:a3:3f:87:87:67:f4:24:84:c4:1b:c5:b8:05:
         15:86:c4:89:33:f6:22:b4:3f:a7:71:7c:8a:4c:03:a8:a4:76:
         19:fa:90:35:9b:4a:1b:a9:ce:f7:f7:f7:ba:26:20:7b:cc:c1:
         e2:84:fd:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmgSdNdXa9+Vo9ne7RpNgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjk4MmVhYmE0NDA4Y2Q5NDE4OTlmNWNlZWMxZGE2YTY3
YzVjNDkwHhcNMjQwMTAyMTQzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQyZDUxYzgxZmNkNzM5OWY3ZjI4YTUzYjE2YjNmZWFjMjQxZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfw+J0hyv3fdTDm5YEQJ0MFgLd59
dOl95hJNyd70K6PF6qhWGM+NUuLQ5Ejipna3gxBhoGIwdgLD6fjgQhtuP1YQr5yR
nHsR/MnmAIVgSd1WBORdgMbisDLMQGCnXyLm6iG9bCAkFHcsdQ6HEmTUpusz7CgU
lLlzJphM39nid7fJ6fZ7sf34GYVz6B5uxY8kZ+v6bLRdLFuuazBKQ5NZefOncZ94
3NYkT4yE2TCy1CHsRdjTWsBStHhgTAE7CXOydcI8j3gYbZVqZTCkYHPGYfQid4I2
InMmIrWcisl1UYnoOvm877jBDmTT2i5ubjoE6RTOmZfVLTkEqStoru2OYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAdC1RyB/Nc5n38opTsWs/6sJB4RMB8GA1UdIwQY
MBaAFHW5guq6RAjNlBiZ9c7sHaamfFxJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJtQzZycEVDTTJVR0puMXp1d2RwcVo4WEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82OWYzZjMtMGZhYS00NjVmLWFhN2Et
ZDcxY2ExOWY5ODllLzEvQjBMVkhJSDgxem1mZnlpbE94YXpfcXdrSGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82OWYzZjMtMGZhYS00NjVmLWFhN2EtZDcxY2ExOWY5ODll
LzEvZGJtQzZycEVDTTJVR0puMXp1d2RwcVo4WEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZBoMA0E
AgACMAcDBQMqBz6AMA0GCSqGSIb3DQEBCwUAA4IBAQCD7U4vehbUq50HdBBZVQFE
tisN9ElIUeuoKMfwQSIFLNpzCjakkx95kqMT2WGS6WWMf7QXJoCrXK58I/WLSH1j
Rp0nx8Z/qehx3Vi1dIhYVJFTFrW/aNNRAAlfCsIhvhKKpYmET7zER3ekAZeIAYuK
SxtTLVyxu8ZgLdsH3+gZaGs0LVnEAcMelMlSeKtsfxPUyUjIm4KLW/7/zKGouftC
VfImVXQEfLIK1d9e+SqvfiIUpw0tX1RQ5I63k4nQiHFcLhQS13ZxZyEDfqM/h4dn
9CSExBvFuAUVhsSJM/YitD+ncXyKTAOopHYZ+pA1m0obqc739/e6JiB7zMHihP0w
-----END CERTIFICATE-----