Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IKDhPPGH_RXZSqbQio4TCd_lsDU.roa
File:                     IKDhPPGH_RXZSqbQio4TCd_lsDU.roa (raw, json)
Hash identifier:          fjFMaCJFcNVij0uP7qkH1aqBHpsHSy3flJ8eMXKYU34=
Subject key identifier:   20:A0:E1:3C:F1:87:FD:15:D9:4A:A6:D0:8A:8E:13:09:DF:E5:B0:35
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       018D3603713F5D16715419FAABE7E3A09AFC
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IKDhPPGH_RXZSqbQio4TCd_lsDU.roa
Signing time:             Tue 23 Jan 2024 11:10:11 +0000
ROA not before:           Tue 23 Jan 2024 11:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25211
IP address blocks:        85.11.161.0/24 maxlen: 24
                          85.11.163.0/24 maxlen: 24
                          85.11.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:03:71:3f:5d:16:71:54:19:fa:ab:e7:e3:a0:9a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Jan 23 11:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20a0e13cf187fd15d94aa6d08a8e1309dfe5b035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a4:51:33:a6:4d:3b:f5:90:fe:c3:38:fe:13:
                    54:30:39:41:69:36:d3:45:92:d9:e9:4a:d3:7d:6c:
                    6c:f2:05:f2:e2:02:18:1b:9c:17:76:13:6c:90:7d:
                    13:4c:5b:37:97:d7:56:80:16:eb:d2:1b:09:17:3d:
                    f7:f0:6c:25:27:1d:e1:e3:76:9b:72:40:eb:8d:77:
                    c7:d0:dd:1c:36:39:7a:55:24:73:14:65:e2:e9:eb:
                    ab:e2:86:3f:d3:47:70:64:a1:18:20:73:1b:e2:df:
                    19:0d:aa:ae:f9:eb:e3:24:c8:e4:44:65:40:a5:79:
                    10:62:1d:6f:1e:6e:80:d3:e3:62:7f:fe:91:d7:84:
                    c5:54:66:fd:63:e5:94:da:1e:26:bd:ec:24:63:df:
                    96:0d:b1:94:45:e8:75:38:48:ff:f8:4e:a7:43:8a:
                    99:1f:5b:b0:bb:a3:c1:cb:6c:36:b5:55:92:ca:b5:
                    57:15:aa:d0:6d:37:a6:6c:fb:1f:3a:d1:c1:04:04:
                    2f:6d:ee:5b:d8:eb:82:d4:b8:ed:82:7d:c6:7d:23:
                    c4:fd:8d:c1:4f:ad:ae:8e:fe:65:54:2b:29:ba:43:
                    f6:da:0e:51:d7:a2:4c:d1:e9:9e:98:84:87:b2:26:
                    9d:98:6f:79:e2:a3:4a:51:3a:80:6a:44:72:4f:6a:
                    f5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A0:E1:3C:F1:87:FD:15:D9:4A:A6:D0:8A:8E:13:09:DF:E5:B0:35
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/IKDhPPGH_RXZSqbQio4TCd_lsDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.161.0/24
                  85.11.163.0/24
                  85.11.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:f8:fe:bc:f0:28:35:50:0e:67:36:6f:65:e1:e3:63:05:b0:
         8a:e4:c4:ad:1f:67:a1:6a:72:19:4f:e6:d4:f7:f8:16:63:38:
         e2:9b:b8:d7:55:d9:c3:b9:0b:55:4d:bf:d1:4e:98:fe:7d:e3:
         41:6f:a9:72:ca:26:6d:86:0c:41:e6:00:e4:89:c2:9c:de:4d:
         a0:f3:2e:81:55:fc:31:7f:ac:90:cc:15:7b:c5:62:2e:eb:e0:
         d2:f9:cb:57:ad:e1:d5:19:53:10:61:be:c2:5d:85:37:1d:90:
         74:37:2f:32:36:58:ec:71:96:f7:9a:39:91:ac:ad:18:8f:ef:
         f2:f0:b6:38:f8:8a:8c:00:b3:f5:a7:57:27:3b:6b:fa:c0:d0:
         78:62:37:ad:71:39:b2:ad:10:b0:0c:82:c1:63:54:3f:67:26:
         63:f8:13:12:fe:f8:fb:50:17:f4:66:45:a8:80:cc:be:9b:2c:
         a7:e6:7d:01:93:05:1d:34:f3:a0:ed:d8:1c:bc:06:de:c1:e8:
         89:95:1b:47:63:81:90:9c:85:e1:37:f6:b2:94:33:fc:33:76:
         c0:21:f6:40:24:de:55:9c:13:e9:08:53:81:d2:eb:a9:ce:3f:
         59:55:da:df:86:d6:8d:29:2b:03:bc:f4:19:96:3f:9a:b2:08:
         fd:e6:cc:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY02A3E/XRZxVBn6q+fjoJr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjQwMTIzMTExMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGEwZTEzY2YxODdmZDE1ZDk0YWE2ZDA4YThlMTMwOWRmZTViMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6RRM6ZNO/WQ/sM4/hNUMDlBaTbT
RZLZ6UrTfWxs8gXy4gIYG5wXdhNskH0TTFs3l9dWgBbr0hsJFz338GwlJx3h43ab
ckDrjXfH0N0cNjl6VSRzFGXi6eur4oY/00dwZKEYIHMb4t8ZDaqu+evjJMjkRGVA
pXkQYh1vHm6A0+Nif/6R14TFVGb9Y+WU2h4mvewkY9+WDbGUReh1OEj/+E6nQ4qZ
H1uwu6PBy2w2tVWSyrVXFarQbTembPsfOtHBBAQvbe5b2OuC1Ljtgn3GfSPE/Y3B
T62ujv5lVCspukP22g5R16JM0ememISHsiadmG954qNKUTqAakRyT2r1qQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCCg4Tzxh/0V2Uqm0IqOEwnf5bA1MB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvSUtEaFBQR0hfUlhaU3FiUWlvNFRDZF9sc0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVQuhAwQA
VQujAwQCVQu0MA0GCSqGSIb3DQEBCwUAA4IBAQCS+P688Cg1UA5nNm9l4eNjBbCK
5MStH2ehanIZT+bU9/gWYzjim7jXVdnDuQtVTb/RTpj+feNBb6lyyiZthgxB5gDk
icKc3k2g8y6BVfwxf6yQzBV7xWIu6+DS+ctXreHVGVMQYb7CXYU3HZB0Ny8yNljs
cZb3mjmRrK0Yj+/y8LY4+IqMALP1p1cnO2v6wNB4YjetcTmyrRCwDILBY1Q/ZyZj
+BMS/vj7UBf0ZkWogMy+myyn5n0BkwUdNPOg7dgcvAbeweiJlRtHY4GQnIXhN/ay
lDP8M3bAIfZAJN5VnBPpCFOB0uupzj9ZVdrfhtaNKSsDvPQZlj+asgj95sxl
-----END CERTIFICATE-----