Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/ackA7jXS5Z9Pz-5Zxgsfx61Ke58.roa
File:                     ackA7jXS5Z9Pz-5Zxgsfx61Ke58.roa (raw, json)
Hash identifier:          ixJTggagT/nnyOWjEHOLzbGwziW1jOLS5sFJwMifay8=
Subject key identifier:   69:C9:00:EE:35:D2:E5:9F:4F:CF:EE:59:C6:0B:1F:C7:AD:4A:7B:9F
Certificate issuer:       /CN=ef478021f72a21b77142a44d815dde9ef2684cbc
Certificate serial:       018CC9BC54820B79DE3EE0EDFD9C7718854E
Authority key identifier: EF:47:80:21:F7:2A:21:B7:71:42:A4:4D:81:5D:DE:9E:F2:68:4C:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/70eAIfcqIbdxQqRNgV3envJoTLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/ackA7jXS5Z9Pz-5Zxgsfx61Ke58.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203675
IP address blocks:        185.82.108.0/24 maxlen: 24
                          185.82.111.0/24 maxlen: 24
                          185.82.108.0/22 maxlen: 22
                          185.82.109.0/24 maxlen: 24
                          185.82.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/70eAIfcqIbdxQqRNgV3envJoTLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/70eAIfcqIbdxQqRNgV3envJoTLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/70eAIfcqIbdxQqRNgV3envJoTLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:54:82:0b:79:de:3e:e0:ed:fd:9c:77:18:85:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef478021f72a21b77142a44d815dde9ef2684cbc
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c900ee35d2e59f4fcfee59c60b1fc7ad4a7b9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:10:17:21:aa:15:d0:c8:b7:20:e8:5f:f1:ef:
                    25:bc:01:a2:b0:1b:77:1a:80:7d:8a:1e:28:94:c6:
                    3b:c3:e2:04:4f:2c:76:c9:ec:54:44:10:0a:b7:87:
                    14:fa:fb:99:aa:e3:0e:8f:a8:5e:cb:ec:05:a1:69:
                    f6:dd:08:c5:6d:17:af:a7:0b:38:a7:9c:3a:ad:0b:
                    5b:f9:e5:f0:2c:ce:e3:e0:35:b4:f2:a0:46:29:f7:
                    7d:0e:ad:02:8a:8f:08:e1:07:38:0d:b8:f2:b4:af:
                    1f:e7:d3:1e:02:0e:d6:6e:ce:57:ea:45:db:9c:45:
                    fa:bb:56:0b:3f:12:59:f5:05:ff:e9:91:f4:49:5a:
                    6c:4e:7c:31:02:75:2b:b4:06:e5:a0:8d:cf:42:70:
                    85:f4:d7:9f:28:a4:35:71:53:74:a5:fe:f4:50:71:
                    69:2a:45:37:3e:94:51:a8:93:58:1c:8e:67:a3:8d:
                    0b:40:57:3b:a5:c5:52:bc:3a:58:ad:b5:a2:8b:01:
                    cb:11:7d:74:ee:e5:22:60:0f:92:d2:e4:1d:1e:a3:
                    c9:ea:53:9e:d2:d9:28:36:0a:06:e7:a3:46:91:52:
                    d8:e3:2b:df:4b:a1:30:24:48:55:f5:4a:62:57:dd:
                    16:5b:66:f1:be:0b:dd:00:b8:b8:cb:06:cd:2d:e9:
                    d3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C9:00:EE:35:D2:E5:9F:4F:CF:EE:59:C6:0B:1F:C7:AD:4A:7B:9F
            X509v3 Authority Key Identifier:
                keyid:EF:47:80:21:F7:2A:21:B7:71:42:A4:4D:81:5D:DE:9E:F2:68:4C:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/70eAIfcqIbdxQqRNgV3envJoTLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/ackA7jXS5Z9Pz-5Zxgsfx61Ke58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/5172eb-6fb8-4216-8d81-3443464b9209/1/70eAIfcqIbdxQqRNgV3envJoTLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:5d:cd:f0:1b:da:39:d7:6b:14:62:dc:74:c5:5b:a4:3b:7c:
         de:96:5d:e6:e1:ca:32:d5:b9:fd:83:4d:8e:bd:19:be:96:0e:
         02:5e:e8:91:83:82:bb:12:0d:70:74:4c:11:30:cb:4d:36:55:
         9d:09:ca:69:62:36:1d:a4:4f:02:a0:b9:14:6e:a0:b2:f4:ac:
         c5:e1:f3:08:00:3f:51:5b:81:b1:6f:c2:05:f3:23:c9:ae:11:
         e8:c0:1d:f9:cc:c9:de:73:30:cc:68:37:65:40:e7:3c:a5:e8:
         7f:e8:f2:ed:45:06:31:a4:e1:83:19:61:6d:df:ee:52:a8:2f:
         16:61:6a:57:7e:45:3e:95:9d:ba:fe:50:3b:6f:05:a1:48:c5:
         61:e5:52:13:00:47:6e:a9:20:3c:32:41:4d:8b:a1:0a:51:72:
         fe:f8:6a:a1:74:31:f2:b8:cf:64:38:8b:75:65:a2:ef:63:17:
         d9:8b:52:11:47:af:6f:b1:59:dc:1a:8e:2c:2c:aa:d2:7b:e6:
         a2:97:2c:11:2a:7d:3b:ad:a0:05:a2:cc:58:83:e0:1a:c6:87:
         67:ff:d9:3d:b1:9f:9c:6f:8b:71:1c:fb:0d:ee:74:da:ee:72:
         f4:56:23:f2:a6:43:ef:1e:10:25:45:9d:eb:10:ca:97:41:7c:
         19:ce:01:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFSCC3nePuDt/Zx3GIVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNDc4MDIxZjcyYTIxYjc3MTQyYTQ0ZDgxNWRkZTllZjI2
ODRjYmMwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM5MDBlZTM1ZDJlNTlmNGZjZmVlNTljNjBiMWZjN2FkNGE3YjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohAXIaoV0Mi3IOhf8e8lvAGisBt3
GoB9ih4olMY7w+IETyx2yexURBAKt4cU+vuZquMOj6hey+wFoWn23QjFbRevpws4
p5w6rQtb+eXwLM7j4DW08qBGKfd9Dq0Cio8I4Qc4DbjytK8f59MeAg7Wbs5X6kXb
nEX6u1YLPxJZ9QX/6ZH0SVpsTnwxAnUrtAbloI3PQnCF9NefKKQ1cVN0pf70UHFp
KkU3PpRRqJNYHI5no40LQFc7pcVSvDpYrbWiiwHLEX107uUiYA+S0uQdHqPJ6lOe
0tkoNgoG56NGkVLY4yvfS6EwJEhV9UpiV90WW2bxvgvdALi4ywbNLenT7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnJAO410uWfT8/uWcYLH8etSnufMB8GA1UdIwQY
MBaAFO9HgCH3KiG3cUKkTYFd3p7yaEy8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzBlQUlmY3FJYmR4UXFSTmdWM2VudkpvVEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81MTcyZWItNmZiOC00MjE2LThkODEt
MzQ0MzQ2NGI5MjA5LzEvYWNrQTdqWFM1WjlQei01Wnhnc2Z4NjFLZTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81MTcyZWItNmZiOC00MjE2LThkODEtMzQ0MzQ2NGI5MjA5
LzEvNzBlQUlmY3FJYmR4UXFSTmdWM2VudkpvVEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVJsMA0G
CSqGSIb3DQEBCwUAA4IBAQBdXc3wG9o512sUYtx0xVukO3zell3m4coy1bn9g02O
vRm+lg4CXuiRg4K7Eg1wdEwRMMtNNlWdCcppYjYdpE8CoLkUbqCy9KzF4fMIAD9R
W4Gxb8IF8yPJrhHowB35zMneczDMaDdlQOc8peh/6PLtRQYxpOGDGWFt3+5SqC8W
YWpXfkU+lZ26/lA7bwWhSMVh5VITAEduqSA8MkFNi6EKUXL++GqhdDHyuM9kOIt1
ZaLvYxfZi1IRR69vsVncGo4sLKrSe+ailywRKn07raAFosxYg+Aaxodn/9k9sZ+c
b4txHPsN7nTa7nL0ViPypkPvHhAlRZ3rEMqXQXwZzgHT
-----END CERTIFICATE-----