Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fFYHrPP8qTAcahyjwQzYNJ2BB40.roa
File:                     fFYHrPP8qTAcahyjwQzYNJ2BB40.roa (raw, json)
Hash identifier:          KR5YeMHW8HOrcAEbXrFPJ9BQKv4vM7dWmNE18JPNpuo=
Subject key identifier:   7C:56:07:AC:F3:FC:A9:30:1C:6A:1C:A3:C1:0C:D8:34:9D:81:07:8D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B987126448F43E9F6314733604D2A
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fFYHrPP8qTAcahyjwQzYNJ2BB40.roa
Signing time:             Mon 01 Jan 2024 18:31:32 +0000
ROA not before:           Mon 01 Jan 2024 18:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208384
IP address blocks:        85.202.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:98:71:26:44:8f:43:e9:f6:31:47:33:60:4d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5607acf3fca9301c6a1ca3c10cd8349d81078d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a6:0c:27:06:22:f8:d6:38:b1:35:c3:e6:b4:
                    20:dd:5f:f7:1d:13:70:99:f0:58:0e:b4:15:57:4c:
                    a6:be:ca:26:36:8c:34:f3:77:61:87:b3:40:56:37:
                    7d:7a:ac:b2:b2:06:ac:3a:d4:97:67:bf:db:07:03:
                    75:c0:32:68:c6:32:1f:1e:3d:52:a1:9b:0e:fa:cc:
                    c9:d3:36:69:aa:23:e8:4d:b0:0b:99:a8:c3:aa:67:
                    f0:70:2a:78:18:65:40:5b:72:06:0d:60:96:f2:e0:
                    7d:05:94:ca:2c:1f:f1:0d:ad:0e:22:fb:35:89:25:
                    2c:0a:48:67:18:86:ed:f7:64:7e:5b:70:a1:0d:5b:
                    05:86:5e:d0:92:b1:35:7a:57:6c:1c:bc:d2:d9:19:
                    a0:8a:c5:94:0b:c6:72:de:c6:ba:f1:5a:cd:6c:c1:
                    50:18:95:67:c0:fa:5c:ad:03:a6:75:99:cc:63:6c:
                    b6:f5:d6:7e:1d:4f:c4:70:00:e5:4d:bb:ab:8e:c2:
                    0a:cd:d5:4c:b3:5f:81:90:12:21:58:30:17:e0:02:
                    14:0e:55:84:1f:a4:f3:37:35:b7:e7:2d:f5:1b:2e:
                    b8:50:67:cf:4f:0c:23:13:49:7b:f7:2e:4f:ac:6c:
                    aa:2f:5e:5b:c4:c9:25:f6:1e:cc:32:7c:5a:6a:d3:
                    7e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:56:07:AC:F3:FC:A9:30:1C:6A:1C:A3:C1:0C:D8:34:9D:81:07:8D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/fFYHrPP8qTAcahyjwQzYNJ2BB40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:d8:4d:09:d7:33:5c:1d:9b:08:e9:0d:9b:ad:14:cc:6b:43:
         cb:f2:e4:e9:98:d3:eb:74:75:f0:f6:2c:06:35:f7:0e:ef:c5:
         1e:2e:84:cd:c3:ed:2b:4d:ce:43:db:46:89:2b:68:59:79:24:
         16:af:68:0c:0f:48:2b:fa:01:47:84:83:a8:c7:a1:1d:f8:5e:
         ed:0c:68:b0:9e:d6:c3:77:39:16:fa:6c:29:7d:4f:c0:e2:dc:
         94:58:57:05:83:84:8a:2c:64:ac:a2:4f:66:5b:29:5f:af:4d:
         01:5c:fe:5a:30:f5:e8:a4:ea:4f:b5:56:b6:7d:e3:61:07:a7:
         7d:fc:2d:14:f6:ba:82:54:1a:d4:1f:9c:89:3a:e7:85:12:a2:
         f1:fd:8d:ca:d9:c9:37:47:e5:1e:5b:63:e3:13:19:f7:48:ee:
         51:3c:d0:13:c9:54:0f:d7:9a:2d:4d:6c:f0:71:e8:6c:f0:32:
         49:85:99:e1:7c:1a:54:e1:d7:fb:9d:2c:25:2d:45:24:bd:8b:
         bc:2c:30:49:82:74:51:33:19:f8:5c:1e:ba:c7:a5:6c:7b:4c:
         92:15:c8:b0:e6:53:c3:5f:2e:60:f8:0f:05:5c:cb:69:1f:96:
         23:63:8c:58:19:9f:93:18:36:c1:04:43:f2:63:f7:77:c2:2e:
         4a:1b:4f:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5hxJkSPQ+n2MUczYE0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU2MDdhY2YzZmNhOTMwMWM2YTFjYTNjMTBjZDgzNDlkODEwNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6YMJwYi+NY4sTXD5rQg3V/3HRNw
mfBYDrQVV0ymvsomNow083dhh7NAVjd9eqyysgasOtSXZ7/bBwN1wDJoxjIfHj1S
oZsO+szJ0zZpqiPoTbALmajDqmfwcCp4GGVAW3IGDWCW8uB9BZTKLB/xDa0OIvs1
iSUsCkhnGIbt92R+W3ChDVsFhl7QkrE1eldsHLzS2RmgisWUC8Zy3sa68VrNbMFQ
GJVnwPpcrQOmdZnMY2y29dZ+HU/EcADlTburjsIKzdVMs1+BkBIhWDAX4AIUDlWE
H6TzNzW35y31Gy64UGfPTwwjE0l79y5PrGyqL15bxMkl9h7MMnxaatN+bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxWB6zz/KkwHGoco8EM2DSdgQeNMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvZkZZSHJQUDhxVEFjYWh5andRellOSjJCQjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVco3MA0G
CSqGSIb3DQEBCwUAA4IBAQAm2E0J1zNcHZsI6Q2brRTMa0PL8uTpmNPrdHXw9iwG
NfcO78UeLoTNw+0rTc5D20aJK2hZeSQWr2gMD0gr+gFHhIOox6Ed+F7tDGiwntbD
dzkW+mwpfU/A4tyUWFcFg4SKLGSsok9mWylfr00BXP5aMPXopOpPtVa2feNhB6d9
/C0U9rqCVBrUH5yJOueFEqLx/Y3K2ck3R+UeW2PjExn3SO5RPNATyVQP15otTWzw
cehs8DJJhZnhfBpU4df7nSwlLUUkvYu8LDBJgnRRMxn4XB66x6Vse0ySFciw5lPD
Xy5g+A8FXMtpH5YjY4xYGZ+TGDbBBEPyY/d3wi5KG0/3
-----END CERTIFICATE-----