Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/V3B8ET9Ic4jaRc0NDrlv_thaKog.roa
File:                     V3B8ET9Ic4jaRc0NDrlv_thaKog.roa (raw, json)
Hash identifier:          /VxhmfEJ3NopaVuKgD8AjbB1zMcbDtROT80oOaGIrHQ=
Subject key identifier:   57:70:7C:11:3F:48:73:88:DA:45:CD:0D:0E:B9:6F:FE:D8:5A:2A:88
Certificate issuer:       /CN=44f4c5a61978549b248388f9df449d2a95e10a07
Certificate serial:       018CC26D6CEAD8A8368E5FEA602BA5947955
Authority key identifier: 44:F4:C5:A6:19:78:54:9B:24:83:88:F9:DF:44:9D:2A:95:E1:0A:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPTFphl4VJskg4j530SdKpXhCgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/V3B8ET9Ic4jaRc0NDrlv_thaKog.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203361
IP address blocks:        185.105.152.0/22 maxlen: 22
                          2a06:f1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/RPTFphl4VJskg4j530SdKpXhCgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/RPTFphl4VJskg4j530SdKpXhCgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPTFphl4VJskg4j530SdKpXhCgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6c:ea:d8:a8:36:8e:5f:ea:60:2b:a5:94:79:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f4c5a61978549b248388f9df449d2a95e10a07
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57707c113f487388da45cd0d0eb96ffed85a2a88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e0:a8:f4:a1:6f:bd:b7:5a:9a:2a:e8:f7:30:
                    c5:3d:9b:30:f1:61:60:e8:d5:11:13:42:6a:d9:cb:
                    f0:72:0a:2b:2d:c8:03:12:0a:da:7d:8a:c5:b1:19:
                    7d:58:1e:99:29:44:f8:bf:5c:6e:20:91:33:83:91:
                    35:9e:a3:77:4a:c6:85:db:a9:0f:07:ee:17:fc:92:
                    f5:52:be:e0:59:0b:f7:ae:bd:ba:e9:5a:7f:d9:6f:
                    cc:14:e9:48:bc:60:77:17:34:a7:6d:51:6c:da:06:
                    32:89:91:25:16:21:a3:6e:a7:fb:88:d6:7c:8e:0f:
                    76:3a:67:01:f2:5d:f8:8f:13:37:06:29:5f:e5:b6:
                    3c:6a:2c:5b:29:06:1b:97:b4:5f:02:30:e3:97:2d:
                    9a:54:2d:c3:17:ed:72:52:df:c4:d1:eb:5d:c2:22:
                    5b:fc:2f:00:d8:aa:4c:a8:3c:88:da:41:ec:15:b4:
                    80:0f:d8:38:03:fc:0a:3f:9c:ac:7e:27:50:7b:49:
                    bc:9c:bb:c7:29:a7:21:ea:ba:47:d1:b9:06:31:a5:
                    72:16:00:8d:de:9b:4e:82:2c:19:34:43:54:5a:df:
                    72:19:d4:8f:26:a1:03:9b:54:47:bd:fc:e7:4a:21:
                    b0:a3:b8:03:00:d6:1c:80:68:03:ce:0f:ce:21:7e:
                    27:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:70:7C:11:3F:48:73:88:DA:45:CD:0D:0E:B9:6F:FE:D8:5A:2A:88
            X509v3 Authority Key Identifier:
                keyid:44:F4:C5:A6:19:78:54:9B:24:83:88:F9:DF:44:9D:2A:95:E1:0A:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPTFphl4VJskg4j530SdKpXhCgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/V3B8ET9Ic4jaRc0NDrlv_thaKog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5c8df-4ef8-4d90-a490-35800e9f170e/1/RPTFphl4VJskg4j530SdKpXhCgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.152.0/22
                IPv6:
                  2a06:f1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:7f:75:e8:94:30:be:95:73:16:3f:7c:de:b4:e8:56:82:1d:
         a7:e5:7d:53:16:83:17:89:34:30:10:48:79:1b:92:bb:5c:6d:
         9e:72:47:ce:3e:1b:ce:72:4a:ec:f3:88:94:a8:51:98:51:d2:
         cd:1a:a0:cc:24:c0:47:9c:d4:d7:9d:5f:fc:26:02:57:fb:e1:
         72:07:98:77:09:31:83:d2:22:f4:02:ae:91:ec:a0:0f:86:77:
         8a:8b:bb:36:4c:99:79:ed:b7:7b:9e:ee:b3:89:d1:d3:70:0b:
         6c:0a:9d:80:7c:4e:f0:2c:ce:59:bc:1a:85:a6:73:07:02:d9:
         8e:0c:72:a9:18:47:f8:bc:9d:aa:d9:40:25:2b:1a:52:41:53:
         b2:1c:ab:5a:71:a2:ed:10:60:1f:86:3e:44:aa:6e:b4:ed:c2:
         21:39:d1:92:5c:9c:c2:ce:92:07:36:00:f0:77:d1:28:f1:dc:
         3f:43:0d:21:30:87:af:a1:1d:64:e2:f2:58:b0:7a:23:21:8d:
         7c:6b:a9:3f:bb:71:72:34:3a:f9:af:cf:eb:3d:65:56:f9:27:
         19:36:56:09:ba:6e:5c:8f:c5:06:5d:66:b7:05:1c:d4:01:9f:
         1d:dd:f0:06:e4:57:4c:a6:dd:8c:fc:ca:76:ba:37:c7:e9:2f:
         98:6b:65:6e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbWzq2Kg2jl/qYCullHlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZjRjNWE2MTk3ODU0OWIyNDgzODhmOWRmNDQ5ZDJhOTVl
MTBhMDcwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzcwN2MxMTNmNDg3Mzg4ZGE0NWNkMGQwZWI5NmZmZWQ4NWEyYTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Co9KFvvbdamiro9zDFPZsw8WFg
6NURE0Jq2cvwcgorLcgDEgrafYrFsRl9WB6ZKUT4v1xuIJEzg5E1nqN3SsaF26kP
B+4X/JL1Ur7gWQv3rr266Vp/2W/MFOlIvGB3FzSnbVFs2gYyiZElFiGjbqf7iNZ8
jg92OmcB8l34jxM3Bilf5bY8aixbKQYbl7RfAjDjly2aVC3DF+1yUt/E0etdwiJb
/C8A2KpMqDyI2kHsFbSAD9g4A/wKP5ysfidQe0m8nLvHKach6rpH0bkGMaVyFgCN
3ptOgiwZNENUWt9yGdSPJqEDm1RHvfznSiGwo7gDANYcgGgDzg/OIX4n0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFdwfBE/SHOI2kXNDQ65b/7YWiqIMB8GA1UdIwQY
MBaAFET0xaYZeFSbJIOI+d9EnSqV4QoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBURnBobDRWSnNrZzRqNTMwU2RLcFhoQ2djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lNWM4ZGYtNGVmOC00ZDkwLWE0OTAt
MzU4MDBlOWYxNzBlLzEvVjNCOEVUOUljNGphUmMwTkRybHZfdGhhS29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lNWM4ZGYtNGVmOC00ZDkwLWE0OTAtMzU4MDBlOWYxNzBl
LzEvUlBURnBobDRWSnNrZzRqNTMwU2RLcFhoQ2djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWmYMA0E
AgACMAcDBQMqBvHAMA0GCSqGSIb3DQEBCwUAA4IBAQAof3XolDC+lXMWP3zetOhW
gh2n5X1TFoMXiTQwEEh5G5K7XG2eckfOPhvOckrs84iUqFGYUdLNGqDMJMBHnNTX
nV/8JgJX++FyB5h3CTGD0iL0Aq6R7KAPhneKi7s2TJl57bd7nu6zidHTcAtsCp2A
fE7wLM5ZvBqFpnMHAtmODHKpGEf4vJ2q2UAlKxpSQVOyHKtacaLtEGAfhj5Eqm60
7cIhOdGSXJzCzpIHNgDwd9Eo8dw/Qw0hMIevoR1k4vJYsHojIY18a6k/u3FyNDr5
r8/rPWVW+ScZNlYJum5cj8UGXWa3BRzUAZ8d3fAG5FdMpt2M/Mp2ujfH6S+Ya2Vu
-----END CERTIFICATE-----