Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4Llj9mlbjLdHoVBHY4aGPI8oZMs.roa
File:                     4Llj9mlbjLdHoVBHY4aGPI8oZMs.roa (raw, json)
Hash identifier:          vagTTPhKhjouZ0sx8lRQ96hSemGeWAJsHqCpZoY/sz0=
Subject key identifier:   E0:B9:63:F6:69:5B:8C:B7:47:A1:50:47:63:86:86:3C:8F:28:64:CB
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       018CC6B7CF65252A859013E38A4B037E303D
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4Llj9mlbjLdHoVBHY4aGPI8oZMs.roa
Signing time:             Mon 01 Jan 2024 20:29:44 +0000
ROA not before:           Mon 01 Jan 2024 20:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.200.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:cf:65:25:2a:85:90:13:e3:8a:4b:03:7e:30:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Jan  1 20:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0b963f6695b8cb747a150476386863c8f2864cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b5:99:91:de:9b:af:b0:42:6c:d6:1c:04:19:
                    35:f6:18:dc:cd:46:71:f0:b0:59:34:7e:31:b9:91:
                    82:44:0b:6e:93:06:7f:f2:1d:7f:63:a9:f0:55:98:
                    09:a4:b2:af:d3:de:de:85:5c:21:7e:22:ea:97:0d:
                    b4:1f:b6:41:5a:50:aa:80:fa:58:10:66:88:ed:73:
                    39:91:07:31:d6:80:f4:f7:87:bd:89:53:7d:bb:e9:
                    8c:a7:bb:5b:16:50:27:6a:7c:0f:b5:0f:83:38:cb:
                    f6:21:d1:9b:86:08:62:24:2a:d5:67:29:8b:c7:f7:
                    ba:2d:44:fd:d8:74:dc:86:c4:16:9c:85:5c:df:b4:
                    5f:c0:a2:51:4b:76:0f:87:82:52:2a:8a:bb:99:bd:
                    3c:2b:de:eb:e4:ae:28:24:95:46:b6:65:2b:53:4b:
                    a0:e6:d5:04:88:51:13:3d:07:ac:1b:8c:e0:05:e5:
                    ff:d9:a3:14:f0:0c:60:ff:fa:b8:53:59:ef:4b:77:
                    88:30:2b:71:7c:7a:f9:e9:2a:88:14:87:42:6a:c9:
                    b2:67:82:91:3f:01:09:f7:1e:5f:97:3d:7d:16:ff:
                    45:b1:9f:6f:55:0c:eb:e1:fd:b4:0d:86:1a:d7:3c:
                    bf:eb:64:c1:9c:d7:42:f2:94:69:7e:a3:f8:b7:7a:
                    e8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B9:63:F6:69:5B:8C:B7:47:A1:50:47:63:86:86:3C:8F:28:64:CB
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/4Llj9mlbjLdHoVBHY4aGPI8oZMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:8d:1d:20:4b:ec:2e:88:13:dc:ed:8c:83:dd:6e:cc:76:8a:
         7c:1b:30:b3:70:17:ad:93:e9:06:0e:1a:63:b0:cf:49:57:2c:
         e4:e6:f7:2a:a3:d7:c7:85:d3:16:44:ce:f2:29:ac:21:8c:d9:
         40:5f:ad:dd:f1:3c:49:d2:90:13:a6:ae:e3:27:41:bd:2f:ea:
         b2:26:54:b6:02:5e:fa:0f:16:90:c8:9f:2d:ee:7a:25:af:53:
         61:ec:df:ad:6f:08:1c:52:53:8a:30:24:ce:e4:df:3f:e7:2d:
         27:5d:9a:bb:d7:8f:97:d8:2d:61:e7:0a:e3:5e:2b:df:ba:e1:
         6e:15:2c:53:81:76:1f:a6:65:f3:d2:5d:ab:3a:a7:14:98:1a:
         00:77:d3:a0:e2:0b:d6:dd:a6:c9:c3:69:fd:b4:c7:3c:e9:5b:
         6b:aa:bd:99:cb:e2:cb:1f:45:0e:4d:bc:28:86:21:17:e3:6c:
         62:04:3c:e0:d1:44:da:44:b6:b3:02:b1:e8:d3:eb:b2:74:f3:
         c2:43:11:29:48:80:8e:f0:05:90:d4:b2:1a:d6:a1:f1:ac:bf:
         ba:6e:d6:7b:3f:e1:34:be:1a:75:c5:d4:62:b8:18:c7:37:5d:
         a8:f1:cc:02:53:37:ce:53:a0:b3:cf:1e:da:22:65:1d:ec:ec:
         a4:54:67:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt89lJSqFkBPjiksDfjA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjQwMTAxMjAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI5NjNmNjY5NWI4Y2I3NDdhMTUwNDc2Mzg2ODYzYzhmMjg2NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LWZkd6br7BCbNYcBBk19hjczUZx
8LBZNH4xuZGCRAtukwZ/8h1/Y6nwVZgJpLKv097ehVwhfiLqlw20H7ZBWlCqgPpY
EGaI7XM5kQcx1oD094e9iVN9u+mMp7tbFlAnanwPtQ+DOMv2IdGbhghiJCrVZymL
x/e6LUT92HTchsQWnIVc37RfwKJRS3YPh4JSKoq7mb08K97r5K4oJJVGtmUrU0ug
5tUEiFETPQesG4zgBeX/2aMU8Axg//q4U1nvS3eIMCtxfHr56SqIFIdCasmyZ4KR
PwEJ9x5flz19Fv9FsZ9vVQzr4f20DYYa1zy/62TBnNdC8pRpfqP4t3ro6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC5Y/ZpW4y3R6FQR2OGhjyPKGTLMB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvNExsajltbGJqTGRIb1ZCSFk0YUdQSThvWk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucgMMA0G
CSqGSIb3DQEBCwUAA4IBAQAnjR0gS+wuiBPc7YyD3W7Mdop8GzCzcBetk+kGDhpj
sM9JVyzk5vcqo9fHhdMWRM7yKawhjNlAX63d8TxJ0pATpq7jJ0G9L+qyJlS2Al76
DxaQyJ8t7nolr1Nh7N+tbwgcUlOKMCTO5N8/5y0nXZq714+X2C1h5wrjXivfuuFu
FSxTgXYfpmXz0l2rOqcUmBoAd9Og4gvW3abJw2n9tMc86Vtrqr2Zy+LLH0UOTbwo
hiEX42xiBDzg0UTaRLazArHo0+uydPPCQxEpSICO8AWQ1LIa1qHxrL+6btZ7P+E0
vhp1xdRiuBjHN12o8cwCUzfOU6Czzx7aImUd7OykVGet
-----END CERTIFICATE-----