Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/MsP8MexBYcgn1u018Uksudv-1DU.roa
File:                     MsP8MexBYcgn1u018Uksudv-1DU.roa (raw, json)
Hash identifier:          xqEvYloI/cmwfNekKX2MJfT3YeHGw13jqUmfZZ4US1M=
Subject key identifier:   32:C3:FC:31:EC:41:61:C8:27:D6:ED:35:F1:49:2C:B9:DB:FE:D4:35
Certificate issuer:       /CN=795b319e7b5b00401df9805b095ebf5ae2ce959c
Certificate serial:       018CC2DB2439D01CABB3E74E2D59BCF6DC6F
Authority key identifier: 79:5B:31:9E:7B:5B:00:40:1D:F9:80:5B:09:5E:BF:5A:E2:CE:95:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eVsxnntbAEAd-YBbCV6_WuLOlZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/MsP8MexBYcgn1u018Uksudv-1DU.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203605
IP address blocks:        185.198.192.0/23 maxlen: 24
                          185.198.194.0/23 maxlen: 24
                          2a0a:8e40::/29 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/eVsxnntbAEAd-YBbCV6_WuLOlZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/eVsxnntbAEAd-YBbCV6_WuLOlZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eVsxnntbAEAd-YBbCV6_WuLOlZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:24:39:d0:1c:ab:b3:e7:4e:2d:59:bc:f6:dc:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=795b319e7b5b00401df9805b095ebf5ae2ce959c
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32c3fc31ec4161c827d6ed35f1492cb9dbfed435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:95:45:84:48:1a:d8:25:47:be:80:d8:43:37:
                    00:ac:c6:85:f0:fa:5c:f3:58:82:85:2a:80:ad:da:
                    f9:b8:a2:9d:da:2d:c2:3a:80:8c:b1:ad:65:a6:c8:
                    bd:d6:d3:9f:b6:a9:81:26:d4:ad:d1:42:a2:78:27:
                    16:ac:00:da:f1:67:aa:84:be:50:92:53:7a:ac:21:
                    f4:f8:df:3f:f4:71:cb:e0:c5:be:e7:2c:9d:36:5a:
                    91:2c:f2:00:7f:9c:b8:60:5e:ef:3f:03:cb:b7:62:
                    f3:18:01:b3:18:d2:e8:3d:4c:e8:90:a7:2a:3a:bd:
                    a8:2e:fe:a9:86:d4:59:8e:5e:4e:b8:cb:aa:6c:64:
                    c2:d5:32:2f:0d:51:8e:27:45:67:bc:f3:c5:44:e6:
                    ce:48:6b:64:52:b2:c4:18:64:63:d2:eb:88:a0:4b:
                    a7:5d:eb:a7:ad:92:5f:15:31:f7:3b:d9:fe:9e:95:
                    7a:cc:25:6b:da:b6:05:b2:04:44:ff:9f:a6:f7:0e:
                    e8:92:a7:9c:59:a0:c4:72:ee:b7:41:b2:6e:ad:e8:
                    99:a3:9f:63:77:ee:55:b4:b8:f1:9b:0b:5d:16:14:
                    f4:fd:f0:1f:b5:b3:5a:31:2e:b7:08:57:9a:12:05:
                    79:5d:31:d7:0f:d2:53:4f:2c:ab:2f:51:ce:2e:a3:
                    0a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C3:FC:31:EC:41:61:C8:27:D6:ED:35:F1:49:2C:B9:DB:FE:D4:35
            X509v3 Authority Key Identifier:
                keyid:79:5B:31:9E:7B:5B:00:40:1D:F9:80:5B:09:5E:BF:5A:E2:CE:95:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eVsxnntbAEAd-YBbCV6_WuLOlZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/MsP8MexBYcgn1u018Uksudv-1DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/81a79c-b90f-4050-b21c-78d169e3df1f/1/eVsxnntbAEAd-YBbCV6_WuLOlZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.192.0/22
                IPv6:
                  2a0a:8e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:8a:0d:c9:89:c5:cd:0f:a3:76:1e:56:28:49:0f:79:92:8a:
         06:93:f4:e4:7e:67:a9:9e:90:2b:dd:d6:e8:d4:f4:eb:d7:34:
         c5:c6:15:b6:8a:d4:2d:62:cd:a0:86:89:a7:4f:c8:81:1b:4b:
         cc:40:aa:88:f6:61:0d:f5:74:e8:a1:60:a1:9c:31:9a:fd:c4:
         72:13:e0:73:ab:3d:9b:fe:01:48:14:5b:a9:7a:72:eb:74:95:
         c6:b9:c4:62:76:b9:d3:38:b5:ad:a6:e6:72:c3:68:0e:52:e7:
         cc:d8:df:41:c6:8d:da:2f:53:d0:ed:ef:21:27:2b:8a:a9:1e:
         9b:09:cf:cc:89:fe:da:7f:fd:df:66:e3:83:6a:b8:11:8f:6e:
         c8:2d:10:8b:83:1e:ee:77:b2:7a:10:2b:f4:cb:6a:c1:d7:f0:
         26:ac:da:70:18:57:19:2f:26:c7:bb:9f:9a:d4:35:01:e1:d3:
         7d:0a:05:62:6f:cd:6f:ea:a2:54:d7:52:14:4c:99:ca:a3:86:
         2f:ec:57:73:41:4e:f9:a0:7d:9c:96:36:70:72:9f:f3:92:2a:
         3c:35:c5:9b:56:c4:c1:3c:e7:ea:33:02:38:23:b9:90:b7:b2:
         8a:73:41:d0:de:40:fa:7c:9d:68:b7:68:a1:19:22:a5:b7:01:
         74:d4:e6:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2yQ50Byrs+dOLVm89txvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NWIzMTllN2I1YjAwNDAxZGY5ODA1YjA5NWViZjVhZTJj
ZTk1OWMwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmMzZmMzMWVjNDE2MWM4MjdkNmVkMzVmMTQ5MmNiOWRiZmVkNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZVFhEga2CVHvoDYQzcArMaF8Ppc
81iChSqArdr5uKKd2i3COoCMsa1lpsi91tOftqmBJtSt0UKieCcWrADa8WeqhL5Q
klN6rCH0+N8/9HHL4MW+5yydNlqRLPIAf5y4YF7vPwPLt2LzGAGzGNLoPUzokKcq
Or2oLv6phtRZjl5OuMuqbGTC1TIvDVGOJ0VnvPPFRObOSGtkUrLEGGRj0uuIoEun
XeunrZJfFTH3O9n+npV6zCVr2rYFsgRE/5+m9w7okqecWaDEcu63QbJureiZo59j
d+5VtLjxmwtdFhT0/fAftbNaMS63CFeaEgV5XTHXD9JTTyyrL1HOLqMKLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDLD/DHsQWHIJ9btNfFJLLnb/tQ1MB8GA1UdIwQY
MBaAFHlbMZ57WwBAHfmAWwlev1rizpWcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVZzeG5udGJBRUFkLVlCYkNWNl9XdUxPbFp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84MWE3OWMtYjkwZi00MDUwLWIyMWMt
NzhkMTY5ZTNkZjFmLzEvTXNQOE1leEJZY2duMXUwMThVa3N1ZHYtMURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84MWE3OWMtYjkwZi00MDUwLWIyMWMtNzhkMTY5ZTNkZjFm
LzEvZVZzeG5udGJBRUFkLVlCYkNWNl9XdUxPbFp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucbAMA0E
AgACMAcDBQMqCo5AMA0GCSqGSIb3DQEBCwUAA4IBAQCQig3JicXND6N2HlYoSQ95
kooGk/TkfmepnpAr3dbo1PTr1zTFxhW2itQtYs2ghomnT8iBG0vMQKqI9mEN9XTo
oWChnDGa/cRyE+Bzqz2b/gFIFFupenLrdJXGucRidrnTOLWtpuZyw2gOUufM2N9B
xo3aL1PQ7e8hJyuKqR6bCc/Mif7af/3fZuODargRj27ILRCLgx7ud7J6ECv0y2rB
1/AmrNpwGFcZLybHu5+a1DUB4dN9CgVib81v6qJU11IUTJnKo4Yv7FdzQU75oH2c
ljZwcp/zkio8NcWbVsTBPOfqMwI4I7mQt7KKc0HQ3kD6fJ1ot2ihGSKltwF01OZE
-----END CERTIFICATE-----