Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/5rfCFk_bmdbujk_vtGklU-YAldI.roa
File:                     5rfCFk_bmdbujk_vtGklU-YAldI.roa (raw, json)
Hash identifier:          9YVUlrxmzjtmpqAr+WzkHZkrS/i6WbwXEvP2BUCBS0Q=
Subject key identifier:   E6:B7:C2:16:4F:DB:99:D6:EE:8E:4F:EF:B4:69:25:53:E6:00:95:D2
Certificate issuer:       /CN=875fc80242d2e69ebd0f22b5e3cc457594ae90ac
Certificate serial:       018CC4250092011E1CBDFFEFAF4C1B8DB642
Authority key identifier: 87:5F:C8:02:42:D2:E6:9E:BD:0F:22:B5:E3:CC:45:75:94:AE:90:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h1_IAkLS5p69DyK148xFdZSukKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/5rfCFk_bmdbujk_vtGklU-YAldI.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212808
IP address blocks:        185.175.88.0/24 maxlen: 24
                          2a10:45c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/h1_IAkLS5p69DyK148xFdZSukKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/h1_IAkLS5p69DyK148xFdZSukKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h1_IAkLS5p69DyK148xFdZSukKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:00:92:01:1e:1c:bd:ff:ef:af:4c:1b:8d:b6:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=875fc80242d2e69ebd0f22b5e3cc457594ae90ac
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6b7c2164fdb99d6ee8e4fefb4692553e60095d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b6:93:70:f1:8b:16:ff:09:ac:9a:e4:e3:7e:
                    a5:f0:f9:91:e3:0a:2f:e0:e8:72:be:f0:c2:d4:9e:
                    74:fe:8f:5e:dd:99:34:e1:55:b9:1c:67:33:59:8e:
                    d8:e9:d5:d3:5f:70:ff:85:c0:2b:1b:61:aa:8d:aa:
                    88:8a:b5:f3:b5:12:cf:40:c3:7f:93:f7:78:1a:2a:
                    a9:93:f1:d3:53:fc:af:c9:74:b1:a3:83:9c:e4:98:
                    19:8c:0e:65:f7:91:5e:b4:ba:b2:7b:96:98:8c:c9:
                    a5:69:50:72:00:67:61:a8:aa:c9:ed:ee:e7:8d:bc:
                    4d:41:72:73:99:a5:24:ad:e5:ae:ed:01:de:1b:40:
                    4c:17:47:80:60:db:d1:36:4a:99:3b:52:68:75:07:
                    7a:00:c2:fb:c6:af:d1:34:31:40:95:ce:f6:69:b1:
                    49:e5:bb:4b:ec:ed:ad:a1:8e:40:44:78:a5:f4:7b:
                    08:4c:7e:79:95:de:1c:0a:29:02:31:67:b3:e1:e1:
                    aa:97:2b:8a:6d:13:56:93:50:1e:aa:67:3e:75:ca:
                    ef:d9:12:41:46:95:f2:ab:8b:fe:83:ba:cb:7b:be:
                    15:09:15:81:b9:c0:e0:45:9a:0c:0c:a0:f0:27:be:
                    a7:97:2b:44:99:72:2d:6e:87:c0:33:10:3a:21:7a:
                    6b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B7:C2:16:4F:DB:99:D6:EE:8E:4F:EF:B4:69:25:53:E6:00:95:D2
            X509v3 Authority Key Identifier:
                keyid:87:5F:C8:02:42:D2:E6:9E:BD:0F:22:B5:E3:CC:45:75:94:AE:90:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h1_IAkLS5p69DyK148xFdZSukKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/5rfCFk_bmdbujk_vtGklU-YAldI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/61025f-43da-437d-b010-cc49e534db00/1/h1_IAkLS5p69DyK148xFdZSukKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.88.0/24
                IPv6:
                  2a10:45c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:a1:4d:91:1f:83:5c:3d:e6:dc:95:12:5d:ec:a0:1c:4d:36:
         de:e4:8d:de:b1:4d:45:a0:35:aa:67:b4:62:81:a7:62:92:b0:
         f0:ef:60:92:54:ac:15:c9:47:48:19:ab:01:0f:f6:91:81:c8:
         f8:7b:63:f8:e9:97:53:50:9a:af:73:44:5e:5e:e9:3f:89:04:
         05:6b:3b:40:65:ad:b5:81:e4:c5:ee:cb:44:b7:fc:77:23:4d:
         58:29:91:a6:ab:50:01:2d:ee:ff:c5:a9:cf:46:49:db:64:09:
         2b:57:8a:7f:42:e1:45:80:95:cf:a1:de:6b:69:7c:c8:fd:ec:
         34:ac:11:92:55:8a:2b:1a:a5:33:17:2d:38:34:5a:c8:ca:68:
         0e:5d:6a:fe:8b:e3:b0:53:18:fe:57:7a:2c:b4:f9:8e:65:8f:
         1b:58:ce:23:96:de:c6:31:6f:94:55:be:52:dd:2d:2f:6e:72:
         68:46:f3:7e:c6:f6:ed:c7:75:0d:1f:51:5e:0a:34:fb:a5:6d:
         c0:99:aa:e3:36:60:99:16:66:ec:4a:5b:c1:f3:0f:8d:fc:20:
         b7:b9:3d:d4:6b:e4:e7:a0:24:38:dc:25:c6:f5:09:fe:03:16:
         d3:75:f2:84:80:22:92:39:ff:ad:e2:20:ba:5e:9d:35:61:63:
         0f:90:4c:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJQCSAR4cvf/vr0wbjbZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NWZjODAyNDJkMmU2OWViZDBmMjJiNWUzY2M0NTc1OTRh
ZTkwYWMwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmI3YzIxNjRmZGI5OWQ2ZWU4ZTRmZWZiNDY5MjU1M2U2MDA5NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLaTcPGLFv8JrJrk436l8PmR4wov
4OhyvvDC1J50/o9e3Zk04VW5HGczWY7Y6dXTX3D/hcArG2GqjaqIirXztRLPQMN/
k/d4Giqpk/HTU/yvyXSxo4Oc5JgZjA5l95FetLqye5aYjMmlaVByAGdhqKrJ7e7n
jbxNQXJzmaUkreWu7QHeG0BMF0eAYNvRNkqZO1JodQd6AML7xq/RNDFAlc72abFJ
5btL7O2toY5ARHil9HsITH55ld4cCikCMWez4eGqlyuKbRNWk1Aeqmc+dcrv2RJB
RpXyq4v+g7rLe74VCRWBucDgRZoMDKDwJ76nlytEmXItbofAMxA6IXpruwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOa3whZP25nW7o5P77RpJVPmAJXSMB8GA1UdIwQY
MBaAFIdfyAJC0uaevQ8itePMRXWUrpCsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDFfSUFrTFM1cDY5RHlLMTQ4eEZkWlN1a0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi82MTAyNWYtNDNkYS00MzdkLWIwMTAt
Y2M0OWU1MzRkYjAwLzEvNXJmQ0ZrX2JtZGJ1amtfdnRHa2xVLVlBbGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi82MTAyNWYtNDNkYS00MzdkLWIwMTAtY2M0OWU1MzRkYjAw
LzEvaDFfSUFrTFM1cDY5RHlLMTQ4eEZkWlN1a0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAua9YMA0E
AgACMAcDBQAqEEXAMA0GCSqGSIb3DQEBCwUAA4IBAQAjoU2RH4NcPebclRJd7KAc
TTbe5I3esU1FoDWqZ7RigadikrDw72CSVKwVyUdIGasBD/aRgcj4e2P46ZdTUJqv
c0ReXuk/iQQFaztAZa21geTF7stEt/x3I01YKZGmq1ABLe7/xanPRknbZAkrV4p/
QuFFgJXPod5raXzI/ew0rBGSVYorGqUzFy04NFrIymgOXWr+i+OwUxj+V3ostPmO
ZY8bWM4jlt7GMW+UVb5S3S0vbnJoRvN+xvbtx3UNH1FeCjT7pW3AmarjNmCZFmbs
SlvB8w+N/CC3uT3Ua+TnoCQ43CXG9Qn+AxbTdfKEgCKSOf+t4iC6Xp01YWMPkEya
-----END CERTIFICATE-----