Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/jwxvgONINcPP0d2dGaGth8QHC2I.roa
File:                     jwxvgONINcPP0d2dGaGth8QHC2I.roa (raw, json)
Hash identifier:          UIAeQpMI4UvvbXc4JA8Gd5ismBT1DVGH+W2l9hGo1CQ=
Subject key identifier:   8F:0C:6F:80:E3:48:35:C3:CF:D1:DD:9D:19:A1:AD:87:C4:07:0B:62
Certificate issuer:       /CN=1a99c75fe5777e136573e1e51efba6781f3a5b16
Certificate serial:       018CCA2A949B35BAF51A04AD21687CA04189
Authority key identifier: 1A:99:C7:5F:E5:77:7E:13:65:73:E1:E5:1E:FB:A6:78:1F:3A:5B:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpnHX-V3fhNlc-HlHvumeB86WxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/jwxvgONINcPP0d2dGaGth8QHC2I.roa
Signing time:             Tue 02 Jan 2024 12:33:57 +0000
ROA not before:           Tue 02 Jan 2024 12:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203450
IP address blocks:        185.134.160.0/22 maxlen: 22
                          2a06:ed40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/GpnHX-V3fhNlc-HlHvumeB86WxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/GpnHX-V3fhNlc-HlHvumeB86WxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpnHX-V3fhNlc-HlHvumeB86WxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:94:9b:35:ba:f5:1a:04:ad:21:68:7c:a0:41:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a99c75fe5777e136573e1e51efba6781f3a5b16
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f0c6f80e34835c3cfd1dd9d19a1ad87c4070b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:12:cb:07:bf:b3:5d:aa:29:d6:bc:35:5c:d3:
                    01:ef:81:df:57:04:31:96:ef:b2:e9:35:14:e6:ef:
                    e7:4d:62:fc:49:e5:84:2a:9e:9f:3a:39:85:9e:07:
                    12:7b:09:f6:81:a4:58:2d:e8:8e:d1:98:cc:6b:dd:
                    91:63:f3:88:af:2d:29:bb:72:e6:8a:22:51:8c:e2:
                    bc:c5:bb:2b:14:45:6e:8e:11:b8:ba:e9:57:76:6e:
                    33:2a:79:30:29:31:53:3a:37:8e:5d:33:60:23:0a:
                    3e:1e:24:4d:de:ae:90:12:18:24:f1:b0:91:a3:fb:
                    5f:7f:1c:58:bc:d9:23:a1:ac:6d:32:83:99:5b:37:
                    6f:2a:63:08:51:2a:c7:48:01:8a:a6:b1:76:ce:46:
                    85:3f:35:73:04:61:4e:5c:4a:b6:8e:19:7c:ec:35:
                    4b:c6:71:73:f6:b1:22:2b:e9:5e:3f:6d:7d:d3:dc:
                    83:60:da:b1:a4:c3:8c:3d:0f:97:c2:53:fe:e4:fb:
                    a1:5f:c3:83:e7:47:dc:b8:2d:ec:07:86:5b:80:2d:
                    1a:98:fa:aa:d5:7c:a4:7b:03:6d:7b:1d:df:a8:e0:
                    bd:10:ca:0a:ba:d9:47:65:f7:8e:4a:38:c0:0d:ca:
                    c8:cd:aa:4c:4d:3e:5a:13:eb:32:e6:0d:ae:13:d9:
                    e5:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:0C:6F:80:E3:48:35:C3:CF:D1:DD:9D:19:A1:AD:87:C4:07:0B:62
            X509v3 Authority Key Identifier:
                keyid:1A:99:C7:5F:E5:77:7E:13:65:73:E1:E5:1E:FB:A6:78:1F:3A:5B:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpnHX-V3fhNlc-HlHvumeB86WxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/jwxvgONINcPP0d2dGaGth8QHC2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/71173b-1938-4835-af00-a699bcb08ae3/1/GpnHX-V3fhNlc-HlHvumeB86WxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.160.0/22
                IPv6:
                  2a06:ed40::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:84:c7:0d:cc:6f:37:96:ab:64:0a:9c:30:1a:3d:90:3b:06:
         b0:b6:a0:55:80:58:66:3f:4a:c6:f5:38:9b:9c:f0:2d:83:f3:
         ac:e6:c3:2a:eb:5d:79:12:a3:bc:e5:90:f5:af:ef:36:2b:de:
         96:30:f8:4d:d0:c5:cb:80:9b:f8:34:d1:4e:ed:c3:96:a1:12:
         f5:8d:c0:87:4e:bf:0c:ac:d2:54:77:6b:e7:6f:db:fa:c9:05:
         76:41:3f:54:b1:66:15:a4:a5:6e:f7:15:30:33:b8:6e:00:2e:
         0b:a7:7f:a2:36:1e:29:77:a3:d0:b1:86:1b:23:5d:c2:32:5d:
         47:1a:f4:90:91:07:67:b0:8d:3c:1b:f6:9c:20:17:a0:d1:fc:
         3e:ab:49:1e:19:c4:7b:99:90:f2:de:df:af:0f:b6:fd:a9:89:
         2e:2a:6c:68:ee:b9:7c:4f:56:f9:5a:94:22:61:f7:42:8b:1a:
         5c:83:ff:a9:15:5c:ae:30:b7:03:2e:6a:a6:5b:6f:41:ae:6a:
         f8:87:69:57:cc:27:ed:0d:b6:52:b2:28:fd:b6:66:c4:47:79:
         2a:f4:58:69:c4:92:15:a4:0f:8f:dc:13:3d:d9:c6:52:92:24:
         0d:79:ee:2c:a5:5a:4f:87:07:95:be:a0:9c:b1:c4:de:6e:88:
         82:5c:65:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKpSbNbr1GgStIWh8oEGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTljNzVmZTU3NzdlMTM2NTczZTFlNTFlZmJhNjc4MWYz
YTViMTYwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjBjNmY4MGUzNDgzNWMzY2ZkMWRkOWQxOWExYWQ4N2M0MDcwYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBLLB7+zXaop1rw1XNMB74HfVwQx
lu+y6TUU5u/nTWL8SeWEKp6fOjmFngcSewn2gaRYLeiO0ZjMa92RY/OIry0pu3Lm
iiJRjOK8xbsrFEVujhG4uulXdm4zKnkwKTFTOjeOXTNgIwo+HiRN3q6QEhgk8bCR
o/tffxxYvNkjoaxtMoOZWzdvKmMIUSrHSAGKprF2zkaFPzVzBGFOXEq2jhl87DVL
xnFz9rEiK+leP21909yDYNqxpMOMPQ+XwlP+5PuhX8OD50fcuC3sB4ZbgC0amPqq
1XykewNtex3fqOC9EMoKutlHZfeOSjjADcrIzapMTT5aE+sy5g2uE9nlcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI8Mb4DjSDXDz9HdnRmhrYfEBwtiMB8GA1UdIwQY
MBaAFBqZx1/ld34TZXPh5R77pngfOlsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BuSFgtVjNmaE5sYy1IbEh2dW1lQjg2V3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83MTE3M2ItMTkzOC00ODM1LWFmMDAt
YTY5OWJjYjA4YWUzLzEvand4dmdPTklOY1BQMGQyZEdhR3RoOFFIQzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83MTE3M2ItMTkzOC00ODM1LWFmMDAtYTY5OWJjYjA4YWUz
LzEvR3BuSFgtVjNmaE5sYy1IbEh2dW1lQjg2V3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYagMA0E
AgACMAcDBQMqBu1AMA0GCSqGSIb3DQEBCwUAA4IBAQA1hMcNzG83lqtkCpwwGj2Q
OwawtqBVgFhmP0rG9TibnPAtg/Os5sMq6115EqO85ZD1r+82K96WMPhN0MXLgJv4
NNFO7cOWoRL1jcCHTr8MrNJUd2vnb9v6yQV2QT9UsWYVpKVu9xUwM7huAC4Lp3+i
Nh4pd6PQsYYbI13CMl1HGvSQkQdnsI08G/acIBeg0fw+q0keGcR7mZDy3t+vD7b9
qYkuKmxo7rl8T1b5WpQiYfdCixpcg/+pFVyuMLcDLmqmW29Brmr4h2lXzCftDbZS
sij9tmbER3kq9FhpxJIVpA+P3BM92cZSkiQNee4spVpPhweVvqCcscTeboiCXGWx
-----END CERTIFICATE-----