Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/P8iOL6sNbyT27rc5CMFHFJksCeg.roa
File:                     P8iOL6sNbyT27rc5CMFHFJksCeg.roa (raw, json)
Hash identifier:          lpEt2ZPxtqo4PRq5v3/kiJ3Zf3sZszL7ruxt2HHEMqo=
Subject key identifier:   3F:C8:8E:2F:AB:0D:6F:24:F6:EE:B7:39:08:C1:47:14:99:2C:09:E8
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       018CC26D338821714A8B18E4B9592714B207
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/P8iOL6sNbyT27rc5CMFHFJksCeg.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209709
IP address blocks:        185.210.204.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:33:88:21:71:4a:8b:18:e4:b9:59:27:14:b2:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fc88e2fab0d6f24f6eeb73908c14714992c09e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:68:89:d1:fd:00:ed:d1:fa:b4:bd:e0:7d:75:
                    72:0b:ce:61:3c:52:a1:34:24:e6:ea:47:58:eb:94:
                    34:a9:0d:f5:22:b1:60:27:5b:3c:2a:32:92:45:4b:
                    4f:0f:86:7a:1f:c2:2f:20:65:cc:78:7b:1e:8f:63:
                    40:1e:2b:0a:99:e6:38:1d:06:3a:8f:9a:ca:33:c3:
                    92:ff:ef:3d:c4:e0:4b:d8:0d:c9:32:07:48:b5:ea:
                    a3:2f:df:dd:1e:d8:c7:b3:cd:0b:7a:48:e6:5c:10:
                    67:c5:25:7c:b6:ba:9e:f0:da:af:e3:95:78:8e:4c:
                    ca:35:c7:eb:ee:2b:a0:fb:9f:da:f9:d5:64:b3:a1:
                    fc:90:99:2d:15:8c:19:d1:7f:f5:bf:ef:70:8e:2e:
                    59:f4:c7:57:6e:b4:54:45:80:2c:93:28:f3:d6:e9:
                    34:08:3c:3a:5b:50:1d:84:17:86:81:96:26:2b:81:
                    e6:f0:55:22:29:54:53:2b:ac:4f:49:65:7f:cb:f3:
                    90:f9:92:12:db:ee:9f:35:40:b0:22:3c:7a:36:d2:
                    2f:99:f2:6c:dd:b0:1c:fe:05:98:af:fd:3a:ea:73:
                    d7:e1:c9:83:22:5d:1a:00:b2:46:d2:9e:4c:1b:04:
                    97:85:f6:9a:2e:2b:40:80:f6:c5:1d:59:81:11:0a:
                    e8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C8:8E:2F:AB:0D:6F:24:F6:EE:B7:39:08:C1:47:14:99:2C:09:E8
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/P8iOL6sNbyT27rc5CMFHFJksCeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:41:5c:84:85:62:18:b7:65:a0:a3:ff:bf:da:60:a5:b7:97:
         76:64:83:0e:26:e2:95:ee:93:61:22:ce:6f:f7:ef:20:d1:75:
         19:8f:f9:c4:cd:7d:b6:e2:6c:9b:b7:05:6f:96:3c:f8:7d:2e:
         1d:fc:26:06:1a:50:f6:57:24:3a:e0:fe:83:76:99:8c:72:35:
         e5:b2:d4:a3:41:92:be:e6:7c:79:af:94:ee:80:6a:de:8a:c4:
         72:98:21:6b:3f:31:13:c5:60:a6:c4:f9:03:9b:d3:d6:81:06:
         56:73:11:ca:99:92:b4:a2:ba:9d:2b:fb:ab:97:8d:87:94:b7:
         6b:f4:71:c6:0d:ef:6b:aa:11:61:e1:e5:57:5f:93:59:71:99:
         40:ab:5b:d3:21:ae:44:b1:c8:35:96:d9:69:a9:30:94:da:b6:
         4d:dd:5a:1e:b4:21:85:38:1e:a7:cc:23:17:d1:09:f8:20:65:
         f5:45:b8:d3:de:5b:ac:3e:4c:99:34:fb:61:75:a0:d1:10:14:
         a5:d8:b4:75:23:28:32:bd:75:10:52:7e:de:af:cd:88:89:0c:
         66:7c:57:cc:2d:9c:11:90:49:cd:48:9b:57:36:49:43:29:63:
         5c:02:a8:62:e5:c7:6c:d9:1e:fb:28:b9:34:5d:09:91:5a:a6:
         17:e7:fb:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTOIIXFKixjkuVknFLIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmM4OGUyZmFiMGQ2ZjI0ZjZlZWI3MzkwOGMxNDcxNDk5MmMwOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWiJ0f0A7dH6tL3gfXVyC85hPFKh
NCTm6kdY65Q0qQ31IrFgJ1s8KjKSRUtPD4Z6H8IvIGXMeHsej2NAHisKmeY4HQY6
j5rKM8OS/+89xOBL2A3JMgdIteqjL9/dHtjHs80LekjmXBBnxSV8trqe8Nqv45V4
jkzKNcfr7iug+5/a+dVks6H8kJktFYwZ0X/1v+9wji5Z9MdXbrRURYAskyjz1uk0
CDw6W1AdhBeGgZYmK4Hm8FUiKVRTK6xPSWV/y/OQ+ZIS2+6fNUCwIjx6NtIvmfJs
3bAc/gWYr/066nPX4cmDIl0aALJG0p5MGwSXhfaaLitAgPbFHVmBEQroNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/Iji+rDW8k9u63OQjBRxSZLAnoMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvUDhpT0w2c05ieVQyN3JjNUNNRkhGSmtzQ2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudLMMA0G
CSqGSIb3DQEBCwUAA4IBAQBIQVyEhWIYt2Wgo/+/2mClt5d2ZIMOJuKV7pNhIs5v
9+8g0XUZj/nEzX224mybtwVvljz4fS4d/CYGGlD2VyQ64P6DdpmMcjXlstSjQZK+
5nx5r5TugGreisRymCFrPzETxWCmxPkDm9PWgQZWcxHKmZK0orqdK/url42HlLdr
9HHGDe9rqhFh4eVXX5NZcZlAq1vTIa5Escg1ltlpqTCU2rZN3VoetCGFOB6nzCMX
0Qn4IGX1RbjT3lusPkyZNPthdaDREBSl2LR1IygyvXUQUn7er82IiQxmfFfMLZwR
kEnNSJtXNklDKWNcAqhi5cds2R77KLk0XQmRWqYX5/tG
-----END CERTIFICATE-----