Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/l075ySfmsKgqMuXU1HYb6ac3MYs.roa
File:                     l075ySfmsKgqMuXU1HYb6ac3MYs.roa (raw, json)
Hash identifier:          w/ri1/C/LqcDxBCG4tFTTFeKsO+lpQbZRcoBat9GBRM=
Subject key identifier:   97:4E:F9:C9:27:E6:B0:A8:2A:32:E5:D4:D4:76:1B:E9:A7:37:31:8B
Certificate issuer:       /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial:       0191A2857B9439FEF24B7E6CB3A6DC9300D7
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/l075ySfmsKgqMuXU1HYb6ac3MYs.roa
Signing time:             Fri 30 Aug 2024 09:02:22 +0000
ROA not before:           Fri 30 Aug 2024 09:02:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24768
IP address blocks:        85.116.200.0/22 maxlen: 22
                          85.116.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:85:7b:94:39:fe:f2:4b:7e:6c:b3:a6:dc:93:00:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
        Validity
            Not Before: Aug 30 09:02:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=974ef9c927e6b0a82a32e5d4d4761be9a737318b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:45:75:1e:2a:99:8c:f6:27:62:ae:4b:5a:
                    ea:fe:26:06:35:2a:6b:99:5f:d8:14:b8:7d:d5:2b:
                    78:ea:60:dc:f6:1a:73:da:d5:f0:26:d1:25:eb:58:
                    60:f5:e5:df:4c:57:14:e9:32:50:70:6c:7b:4d:fa:
                    fd:45:54:e2:18:d2:ed:13:19:1e:1a:f3:ad:25:75:
                    28:83:2c:ab:b4:3d:c2:0c:b8:5d:35:bb:45:ff:3d:
                    e2:fe:df:00:4c:37:8b:73:8c:20:65:58:21:d6:d2:
                    a1:84:cc:a7:24:4a:df:d4:39:8d:70:32:1e:51:96:
                    3b:ce:13:4d:13:ba:17:42:10:10:f1:01:e3:ae:a0:
                    b4:78:5b:42:f4:39:ee:13:df:82:70:ad:ca:14:cf:
                    08:a3:b9:da:bb:ac:9c:1c:6e:53:12:b9:34:33:39:
                    da:a5:51:da:3a:9e:29:23:98:81:83:e6:5e:8c:a0:
                    a6:77:44:23:69:a2:98:8a:62:90:7e:39:aa:ad:12:
                    7c:80:2d:49:2d:94:f2:02:a1:0a:e1:fe:cb:3d:f5:
                    1a:a3:83:56:c3:9c:4f:48:b9:d7:4f:3b:b7:52:bc:
                    e4:9c:bd:1d:b2:a7:00:77:5b:6d:87:ee:eb:2b:16:
                    c3:dc:d7:30:5c:81:9c:d0:46:99:ed:23:f9:01:61:
                    c7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4E:F9:C9:27:E6:B0:A8:2A:32:E5:D4:D4:76:1B:E9:A7:37:31:8B
            X509v3 Authority Key Identifier:
                keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/l075ySfmsKgqMuXU1HYb6ac3MYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.200.0/22
                  85.116.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:6d:b8:8b:ae:a3:91:ad:79:4e:c6:78:62:ee:1f:a8:91:74:
         e7:96:4b:bb:b6:2c:14:19:aa:be:42:72:0b:e3:7c:38:b3:e2:
         d7:6f:e3:77:39:b8:bf:c2:4a:17:8a:ed:29:ea:77:20:da:3a:
         be:99:66:64:5d:01:ff:8d:34:60:b0:64:61:c4:92:b7:72:8f:
         41:59:e8:af:bd:8e:5b:01:b9:34:10:60:02:2b:c3:dc:5e:94:
         7f:a2:c9:15:fc:b6:19:d0:b2:6b:ae:50:30:20:83:34:12:5c:
         1f:1c:fa:33:96:f7:0b:7d:97:63:c5:c6:22:38:0c:69:11:9b:
         7a:ea:d0:05:7b:4a:19:b4:e8:0d:22:ef:94:b7:4d:75:a3:82:
         b9:0b:67:91:e6:0b:2a:74:6a:3f:5a:aa:0f:80:f9:6c:83:94:
         8f:c4:22:5f:9f:49:d0:02:a5:77:78:de:60:9f:63:30:62:2e:
         a2:b6:c9:d4:d2:28:21:ec:11:3e:40:e8:e4:d0:04:e5:81:f9:
         db:b4:7d:b1:68:99:ac:6b:60:5a:3c:64:37:60:ff:d5:f6:4c:
         15:bc:b1:8e:9f:20:37:f6:b0:94:39:ce:6c:1a:9d:e9:51:a6:
         f9:f9:34:e8:32:89:52:ee:ba:d2:b2:56:df:83:89:fb:df:63:
         db:4b:c3:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGihXuUOf7yS35ss6bckwDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjQwODMwMDkwMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRlZjljOTI3ZTZiMGE4MmEzMmU1ZDRkNDc2MWJlOWE3MzczMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD5FdR4qmYz2J2KuS1rq/iYGNSpr
mV/YFLh91St46mDc9hpz2tXwJtEl61hg9eXfTFcU6TJQcGx7Tfr9RVTiGNLtExke
GvOtJXUogyyrtD3CDLhdNbtF/z3i/t8ATDeLc4wgZVgh1tKhhMynJErf1DmNcDIe
UZY7zhNNE7oXQhAQ8QHjrqC0eFtC9DnuE9+CcK3KFM8Io7nau6ycHG5TErk0Mzna
pVHaOp4pI5iBg+ZejKCmd0QjaaKYimKQfjmqrRJ8gC1JLZTyAqEK4f7LPfUao4NW
w5xPSLnXTzu3UrzknL0dsqcAd1tth+7rKxbD3NcwXIGc0EaZ7SP5AWHHNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJdO+ckn5rCoKjLl1NR2G+mnNzGLMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvbDA3NXlTZm1zS2dxTXVYVTFIWWI2YWMzTVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVXTIAwQC
VXTUMA0GCSqGSIb3DQEBCwUAA4IBAQCabbiLrqORrXlOxnhi7h+okXTnlku7tiwU
Gaq+QnIL43w4s+LXb+N3Obi/wkoXiu0p6ncg2jq+mWZkXQH/jTRgsGRhxJK3co9B
WeivvY5bAbk0EGACK8PcXpR/oskV/LYZ0LJrrlAwIIM0ElwfHPozlvcLfZdjxcYi
OAxpEZt66tAFe0oZtOgNIu+Ut011o4K5C2eR5gsqdGo/WqoPgPlsg5SPxCJfn0nQ
AqV3eN5gn2MwYi6itsnU0igh7BE+QOjk0ATlgfnbtH2xaJmsa2BaPGQ3YP/V9kwV
vLGOnyA39rCUOc5sGp3pUab5+TToMolS7rrSslbfg4n732PbS8Nt
-----END CERTIFICATE-----