Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/6ivJZU8zBDIEewWwCSIMFAfwsmc.roa
File:                     6ivJZU8zBDIEewWwCSIMFAfwsmc.roa (raw, json)
Hash identifier:          7mSbGFpVls9w3PSImLFZcA8TJwAT4kphcJVlpxv486A=
Subject key identifier:   EA:2B:C9:65:4F:33:04:32:04:7B:05:B0:09:22:0C:14:07:F0:B2:67
Certificate issuer:       /CN=fa55d2877132aaadcdf54058acbf9e07eddb598c
Certificate serial:       018CC64AE71E90F7CDD921D0111947492B1E
Authority key identifier: FA:55:D2:87:71:32:AA:AD:CD:F5:40:58:AC:BF:9E:07:ED:DB:59:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/6ivJZU8zBDIEewWwCSIMFAfwsmc.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25009
IP address blocks:        185.21.112.0/22 maxlen: 24
                          2a03:240::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e7:1e:90:f7:cd:d9:21:d0:11:19:47:49:2b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa55d2877132aaadcdf54058acbf9e07eddb598c
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea2bc9654f330432047b05b009220c1407f0b267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cf:d4:15:b1:0c:11:1c:cf:a4:74:3d:28:25:
                    d7:52:96:41:6c:a7:e5:df:6d:65:49:69:47:32:e0:
                    84:eb:a8:73:aa:f8:89:b3:cb:1b:38:c0:6e:0c:3a:
                    a9:4f:24:1f:1b:ec:0b:54:fe:62:52:78:8a:76:57:
                    db:e6:4a:b7:e6:45:e1:82:44:7b:19:71:86:29:f7:
                    37:b0:c5:80:ae:1f:1e:57:37:43:88:c9:34:db:73:
                    85:9f:2b:42:41:13:32:d7:2b:b9:c5:58:c8:72:a2:
                    ad:89:b3:0b:b5:3e:b2:dd:fd:f9:44:8b:1e:9c:bf:
                    09:14:28:be:fc:a3:5d:19:36:67:b4:42:94:12:bf:
                    53:03:a8:20:4c:c1:aa:94:09:6c:97:d3:71:b2:61:
                    0f:26:c4:bf:e4:a3:b9:37:00:12:9d:77:cf:40:52:
                    38:62:28:ef:5b:5d:ab:fd:27:a7:ce:c5:c3:bd:4a:
                    9e:c7:dd:9c:fc:9a:08:8a:42:2a:74:49:c2:18:32:
                    5c:05:e3:2e:78:19:12:83:a5:b8:f9:86:08:44:2b:
                    1c:c1:2b:18:be:2f:82:9b:20:28:76:99:86:20:58:
                    13:5c:e0:c5:52:0c:f5:5e:09:c7:31:51:b1:a4:a6:
                    e1:7c:20:ae:6b:1f:5d:02:ae:cd:34:c9:57:e3:7b:
                    10:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2B:C9:65:4F:33:04:32:04:7B:05:B0:09:22:0C:14:07:F0:B2:67
            X509v3 Authority Key Identifier:
                keyid:FA:55:D2:87:71:32:AA:AD:CD:F5:40:58:AC:BF:9E:07:ED:DB:59:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/6ivJZU8zBDIEewWwCSIMFAfwsmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/92d208-a22a-421c-8c5b-eaf9da4adef6/1/1-lXSh3Eyqq3N9UBYrL-eB-3bWYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.112.0/22
                IPv6:
                  2a03:240::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:8b:18:7c:52:fa:08:1d:f7:55:22:d9:60:3f:58:a5:b5:c4:
         01:4d:cd:84:2a:23:5f:c8:a7:b0:0d:0e:e3:19:01:53:83:2b:
         bb:d6:2c:86:67:a0:70:57:3c:70:37:86:5b:e6:57:33:0c:de:
         20:da:39:40:91:38:f4:bb:89:65:6d:7b:48:53:b3:ca:dd:92:
         17:57:bf:b6:76:5a:ae:76:04:22:b7:f7:69:61:ff:7c:de:31:
         4e:55:9a:1f:71:cd:0d:e2:8b:7a:ee:e9:79:f5:55:8c:97:b0:
         58:cf:f7:50:68:b0:f6:69:76:39:b9:0b:b5:01:b5:37:25:27:
         6a:b2:c9:4c:be:11:b4:9b:8f:8a:28:21:10:40:29:6d:de:fc:
         dd:aa:21:92:2b:aa:de:39:62:76:74:9c:5b:5a:dc:41:ab:fc:
         60:2d:18:49:fa:c7:ae:2d:a9:cd:3b:b8:e1:46:b0:94:6b:25:
         7d:b5:44:1b:b1:c3:ec:1d:07:15:38:52:6b:d4:78:b8:ce:69:
         e8:d3:7a:ee:12:40:78:bb:1d:f9:21:95:44:40:87:af:22:6a:
         9e:0b:7e:fb:06:a2:18:da:f5:87:91:bc:05:2f:2a:42:89:3f:
         f9:c1:53:7e:17:ce:32:7c:0b:ff:80:66:4d:d7:51:a7:b7:71:
         57:43:73:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSucekPfN2SHQERlHSSseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNTVkMjg3NzEzMmFhYWRjZGY1NDA1OGFjYmY5ZTA3ZWRk
YjU5OGMwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJiYzk2NTRmMzMwNDMyMDQ3YjA1YjAwOTIyMGMxNDA3ZjBiMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc/UFbEMERzPpHQ9KCXXUpZBbKfl
321lSWlHMuCE66hzqviJs8sbOMBuDDqpTyQfG+wLVP5iUniKdlfb5kq35kXhgkR7
GXGGKfc3sMWArh8eVzdDiMk023OFnytCQRMy1yu5xVjIcqKtibMLtT6y3f35RIse
nL8JFCi+/KNdGTZntEKUEr9TA6ggTMGqlAlsl9NxsmEPJsS/5KO5NwASnXfPQFI4
YijvW12r/SenzsXDvUqex92c/JoIikIqdEnCGDJcBeMueBkSg6W4+YYIRCscwSsY
vi+CmyAodpmGIFgTXODFUgz1XgnHMVGxpKbhfCCuax9dAq7NNMlX43sQTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOoryWVPMwQyBHsFsAkiDBQH8LJnMB8GA1UdIwQY
MBaAFPpV0odxMqqtzfVAWKy/ngft21mMMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1sWFNoM0V5cXEzTjlVQllyTC1lQi0zYldZdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvOTJkMjA4LWEyMmEtNDIxYy04YzVi
LWVhZjlkYTRhZGVmNi8xLzZpdkpaVTh6QkRJRWV3V3dDU0lNRkFmd3NtYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvOTJkMjA4LWEyMmEtNDIxYy04YzViLWVhZjlkYTRhZGVm
Ni8xLzEtbFhTaDNFeXFxM045VUJZckwtZUItM2JXWXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5FXAw
DQQCAAIwBwMFACoDAkAwDQYJKoZIhvcNAQELBQADggEBAF+LGHxS+ggd91Ui2WA/
WKW1xAFNzYQqI1/Ip7ANDuMZAVODK7vWLIZnoHBXPHA3hlvmVzMM3iDaOUCROPS7
iWVte0hTs8rdkhdXv7Z2Wq52BCK392lh/3zeMU5Vmh9xzQ3ii3ru6Xn1VYyXsFjP
91BosPZpdjm5C7UBtTclJ2qyyUy+EbSbj4ooIRBAKW3e/N2qIZIrqt45YnZ0nFta
3EGr/GAtGEn6x64tqc07uOFGsJRrJX21RBuxw+wdBxU4UmvUeLjOaejTeu4SQHi7
HfkhlURAh68iap4LfvsGohja9YeRvAUvKkKJP/nBU34XzjJ8C/+AZk3XUae3cVdD
c4c=
-----END CERTIFICATE-----