Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/F1Bbyx8xEfEM4eu1iYVgbAFCcV4.roa
File:                     F1Bbyx8xEfEM4eu1iYVgbAFCcV4.roa (raw, json)
Hash identifier:          4eoAZC3iQ/cWmmWnwJcptsIFqNDrngcH0+Rf/JsVSeo=
Subject key identifier:   17:50:5B:CB:1F:31:11:F1:0C:E1:EB:B5:89:85:60:6C:01:42:71:5E
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       018CC6B786EC409C360863AFA396303BC986
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/F1Bbyx8xEfEM4eu1iYVgbAFCcV4.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64286
IP address blocks:        185.177.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:86:ec:40:9c:36:08:63:af:a3:96:30:3b:c9:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17505bcb1f3111f10ce1ebb58985606c0142715e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a2:88:d3:70:61:77:ed:eb:ba:99:c4:07:6a:
                    ca:ac:26:5d:56:84:28:a1:b2:e5:19:55:ae:7d:9d:
                    49:9c:79:e9:5f:99:57:dd:1d:61:f0:0b:66:57:02:
                    4a:c9:6e:70:67:46:69:5d:0a:42:03:02:eb:22:44:
                    5f:35:30:e7:83:50:34:be:33:26:c5:fa:0d:20:94:
                    a4:2c:a5:6d:61:dc:d7:11:b7:45:d0:9e:23:70:62:
                    6c:8c:6d:40:9a:de:a8:b2:5a:99:c0:32:b9:74:49:
                    f4:d6:b5:a8:54:50:60:d0:86:19:d4:89:ec:37:07:
                    ca:bc:e7:ab:bc:92:31:ab:f4:71:63:7b:c2:b9:88:
                    5d:b1:15:ac:de:e7:db:3e:78:ff:de:4a:2a:30:10:
                    9b:8e:66:bf:87:7e:c2:e9:e8:55:f1:54:94:eb:7d:
                    c0:82:3f:99:bf:92:62:b8:53:2b:9b:39:22:a9:08:
                    93:b3:a5:ba:da:ca:db:63:07:0f:b7:4a:8e:68:84:
                    b3:d8:fa:4a:bf:0f:a7:0d:b7:f6:c9:e4:c3:9e:30:
                    25:6d:6e:03:c2:8b:e0:af:04:22:87:f3:8e:af:1a:
                    92:af:58:2e:7d:65:23:c2:eb:1c:c3:16:4a:16:01:
                    c3:e9:8d:f6:c2:57:58:09:b7:e3:25:44:45:64:8e:
                    09:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:50:5B:CB:1F:31:11:F1:0C:E1:EB:B5:89:85:60:6C:01:42:71:5E
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/F1Bbyx8xEfEM4eu1iYVgbAFCcV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:85:23:24:00:7f:a9:74:9c:d2:af:a9:2a:78:22:fa:61:b4:
         97:b0:3b:fe:18:ef:b3:3f:e4:b1:63:9c:5f:7d:cd:53:57:ea:
         cc:84:33:98:65:ae:f3:b6:0b:63:dd:e3:c9:85:1e:77:89:79:
         9d:96:e3:4b:7c:e1:c9:eb:47:0e:67:dc:12:55:a9:e4:0c:b6:
         95:f6:aa:0a:7b:a1:2b:de:17:f6:75:ab:88:ce:94:f3:1b:9d:
         5e:f0:3b:b7:ed:de:7e:ca:4c:fd:3e:60:08:14:6c:8c:1f:f9:
         4d:af:50:b2:88:1c:b6:e6:55:2e:61:81:42:30:aa:3c:56:b9:
         43:a2:60:95:41:01:46:b0:76:3e:72:f9:17:6f:13:72:c8:1a:
         3b:59:fd:a0:ac:80:81:be:6a:8c:34:35:06:75:f2:e5:65:5b:
         1b:1f:88:16:d2:88:43:b2:2e:e1:24:44:cd:9c:51:85:ac:01:
         1e:4f:d7:02:20:05:6a:88:99:28:e2:f1:e8:3b:ca:02:13:5c:
         1b:bc:5b:48:bb:e4:60:c6:c3:62:c0:90:81:69:fd:89:a9:16:
         18:50:54:69:6e:94:29:04:fd:13:d5:42:a3:64:76:65:dc:02:
         27:3f:29:f2:8b:fd:e6:f4:5a:b9:9a:56:81:ec:9e:3a:79:7c:
         2b:f4:6f:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4bsQJw2CGOvo5YwO8mGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzUwNWJjYjFmMzExMWYxMGNlMWViYjU4OTg1NjA2YzAxNDI3MTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKKI03Bhd+3rupnEB2rKrCZdVoQo
obLlGVWufZ1JnHnpX5lX3R1h8AtmVwJKyW5wZ0ZpXQpCAwLrIkRfNTDng1A0vjMm
xfoNIJSkLKVtYdzXEbdF0J4jcGJsjG1Amt6oslqZwDK5dEn01rWoVFBg0IYZ1Ins
NwfKvOervJIxq/RxY3vCuYhdsRWs3ufbPnj/3koqMBCbjma/h37C6ehV8VSU633A
gj+Zv5JiuFMrmzkiqQiTs6W62srbYwcPt0qOaISz2PpKvw+nDbf2yeTDnjAlbW4D
wovgrwQih/OOrxqSr1gufWUjwuscwxZKFgHD6Y32wldYCbfjJURFZI4JoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdQW8sfMRHxDOHrtYmFYGwBQnFeMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvRjFCYnl4OHhFZkVNNGV1MWlZVmdiQUZDY1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubHkMA0G
CSqGSIb3DQEBCwUAA4IBAQAMhSMkAH+pdJzSr6kqeCL6YbSXsDv+GO+zP+SxY5xf
fc1TV+rMhDOYZa7ztgtj3ePJhR53iXmdluNLfOHJ60cOZ9wSVankDLaV9qoKe6Er
3hf2dauIzpTzG51e8Du37d5+ykz9PmAIFGyMH/lNr1CyiBy25lUuYYFCMKo8VrlD
omCVQQFGsHY+cvkXbxNyyBo7Wf2grICBvmqMNDUGdfLlZVsbH4gW0ohDsi7hJETN
nFGFrAEeT9cCIAVqiJko4vHoO8oCE1wbvFtIu+RgxsNiwJCBaf2JqRYYUFRpbpQp
BP0T1UKjZHZl3AInPynyi/3m9Fq5mlaB7J46eXwr9G9s
-----END CERTIFICATE-----