Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/05CEsUlelhrIVXU5fHxM2yMM1qE.roa
File:                     05CEsUlelhrIVXU5fHxM2yMM1qE.roa (raw, json)
Hash identifier:          i35rMwbsxJOU+qmjA++qD5IeR2URBr83mXmoI2eSD1E=
Subject key identifier:   D3:90:84:B1:49:5E:96:1A:C8:55:75:39:7C:7C:4C:DB:23:0C:D6:A1
Certificate issuer:       /CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Certificate serial:       018F99DE29E5CFEFED34EDAA96894084F3AA
Authority key identifier: 8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/05CEsUlelhrIVXU5fHxM2yMM1qE.roa
Signing time:             Tue 21 May 2024 06:37:04 +0000
ROA not before:           Tue 21 May 2024 06:37:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60525
IP address blocks:        185.149.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:de:29:e5:cf:ef:ed:34:ed:aa:96:89:40:84:f3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
        Validity
            Not Before: May 21 06:37:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d39084b1495e961ac85575397c7c4cdb230cd6a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:9a:2e:ac:4a:e4:e5:d4:28:03:b0:41:9b:
                    ee:8f:a1:c2:7a:5c:64:63:3f:02:9a:54:5e:f6:42:
                    02:20:27:48:4b:06:d5:06:d6:a1:62:d7:8b:28:6f:
                    8d:6a:4c:66:68:c2:51:34:81:ed:44:ac:a6:80:30:
                    ed:de:7c:96:2a:19:4e:b9:cc:ad:71:67:5b:13:77:
                    66:c8:55:eb:10:92:19:09:c1:92:98:b1:78:90:95:
                    7e:93:67:30:ae:f1:31:da:f2:49:55:40:c9:0b:a7:
                    d8:69:ae:11:3e:c1:8e:40:ec:cc:7b:22:30:73:5f:
                    9c:2c:2d:7b:1a:b8:af:07:d8:73:c0:97:9d:d1:50:
                    93:e2:77:c5:ac:9d:90:ff:d3:9e:57:fd:be:e1:38:
                    04:76:ca:c1:26:95:0b:92:27:33:6e:03:ca:bf:0a:
                    ea:01:47:02:fa:76:fe:3f:b4:0e:60:bf:7c:18:64:
                    c2:ae:a3:f1:fc:d1:74:67:26:95:66:95:cf:32:b9:
                    ba:f5:d7:e6:bc:55:27:0b:c4:39:26:b9:a3:ce:54:
                    58:cb:30:00:7d:e9:ab:ef:e8:a2:eb:df:aa:b5:2c:
                    b1:e2:e6:f5:d0:1a:70:67:21:08:17:1c:2d:1a:0c:
                    3a:88:a2:22:c2:4e:6d:9c:0b:33:d9:7f:41:22:8f:
                    8e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:90:84:B1:49:5E:96:1A:C8:55:75:39:7C:7C:4C:DB:23:0C:D6:A1
            X509v3 Authority Key Identifier:
                keyid:8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/05CEsUlelhrIVXU5fHxM2yMM1qE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:71:7e:0b:0f:be:66:15:c4:0e:34:5a:f2:5c:9a:aa:92:64:
         93:0a:98:d6:0e:3b:37:bc:1a:e6:e9:68:4e:e1:b1:a4:44:10:
         69:cd:78:58:57:04:24:3d:36:75:75:b1:ae:bc:4d:f5:ae:54:
         12:1b:0c:bb:6a:15:b0:0b:c7:f4:11:32:f0:35:78:ce:db:ba:
         fb:b5:4b:3e:ef:dd:07:b3:6c:eb:07:c5:c5:1d:e9:86:ce:53:
         dc:24:d6:13:25:5b:8c:bd:cd:d7:5a:fb:1b:24:cc:29:52:7c:
         b7:2d:b9:61:ee:c9:bf:e2:59:7a:19:f5:e6:07:2a:13:13:3c:
         17:24:79:2f:f1:38:a0:8d:1f:c3:40:f9:41:c2:fc:d2:0b:35:
         14:e2:04:9f:db:b7:a2:28:3e:fb:cc:58:33:a3:6c:ab:1c:9f:
         66:c7:24:db:2d:90:1b:3f:c9:4c:1e:81:0d:fa:4e:6d:e5:ae:
         74:4c:c5:91:87:84:cc:3a:d5:38:14:61:35:b6:f4:06:b2:f4:
         74:db:14:2f:29:76:91:57:10:b2:ad:e5:0e:18:56:d0:e4:e7:
         40:57:e9:ab:59:1a:36:60:42:b6:ae:ef:d2:0f:19:ed:29:27:
         e8:5c:61:2c:e3:3b:45:69:47:f4:39:d7:ae:81:ed:d5:9b:c0:
         a9:4a:36:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+Z3inlz+/tNO2qlolAhPOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWIyM2UyYzVkOWYyYzczNDQ4ODkwNDUwNTgzNWVmMjgw
OWZiM2IwHhcNMjQwNTIxMDYzNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzkwODRiMTQ5NWU5NjFhYzg1NTc1Mzk3YzdjNGNkYjIzMGNkNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG2aLqxK5OXUKAOwQZvuj6HCelxk
Yz8CmlRe9kICICdISwbVBtahYteLKG+NakxmaMJRNIHtRKymgDDt3nyWKhlOucyt
cWdbE3dmyFXrEJIZCcGSmLF4kJV+k2cwrvEx2vJJVUDJC6fYaa4RPsGOQOzMeyIw
c1+cLC17GrivB9hzwJed0VCT4nfFrJ2Q/9OeV/2+4TgEdsrBJpULkiczbgPKvwrq
AUcC+nb+P7QOYL98GGTCrqPx/NF0ZyaVZpXPMrm69dfmvFUnC8Q5JrmjzlRYyzAA
femr7+ii69+qtSyx4ub10BpwZyEIFxwtGgw6iKIiwk5tnAsz2X9BIo+OzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOQhLFJXpYayFV1OXx8TNsjDNahMB8GA1UdIwQY
MBaAFIzrI+LF2fLHNEiJBFBYNe8oCfs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODIt
ODMzNGUzNjIyMzZkLzEvMDVDRXNVbGVsaHJJVlhVNWZIeE0yeU1NMXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODItODMzNGUzNjIyMzZk
LzEvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZWvMA0G
CSqGSIb3DQEBCwUAA4IBAQBgcX4LD75mFcQONFryXJqqkmSTCpjWDjs3vBrm6WhO
4bGkRBBpzXhYVwQkPTZ1dbGuvE31rlQSGwy7ahWwC8f0ETLwNXjO27r7tUs+790H
s2zrB8XFHemGzlPcJNYTJVuMvc3XWvsbJMwpUny3Lblh7sm/4ll6GfXmByoTEzwX
JHkv8TigjR/DQPlBwvzSCzUU4gSf27eiKD77zFgzo2yrHJ9mxyTbLZAbP8lMHoEN
+k5t5a50TMWRh4TMOtU4FGE1tvQGsvR02xQvKXaRVxCyreUOGFbQ5OdAV+mrWRo2
YEK2ru/SDxntKSfoXGEs4ztFaUf0Odeuge3Vm8CpSjaa
-----END CERTIFICATE-----