Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/Jc4VWzoJw33vIu329THUgofK_IM.roa
File:                     Jc4VWzoJw33vIu329THUgofK_IM.roa (raw, json)
Hash identifier:          MOP2AiSIWkcLFcI1RG8RWITxOEFQCtSsoiNaYpP8jyM=
Subject key identifier:   25:CE:15:5B:3A:09:C3:7D:EF:22:ED:F6:F5:31:D4:82:87:CA:FC:83
Certificate issuer:       /CN=16ac160da99b3494a56b547c68a8e2c0918691b5
Certificate serial:       018CC7933171B0BED38114E604C18DE4448C
Authority key identifier: 16:AC:16:0D:A9:9B:34:94:A5:6B:54:7C:68:A8:E2:C0:91:86:91:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FqwWDambNJSla1R8aKjiwJGGkbU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/Jc4VWzoJw33vIu329THUgofK_IM.roa
Signing time:             Tue 02 Jan 2024 00:29:21 +0000
ROA not before:           Tue 02 Jan 2024 00:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62223
IP address blocks:        185.42.192.0/24 maxlen: 24
                          185.42.192.0/22 maxlen: 22
                          185.42.194.0/24 maxlen: 24
                          185.42.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/FqwWDambNJSla1R8aKjiwJGGkbU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/FqwWDambNJSla1R8aKjiwJGGkbU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FqwWDambNJSla1R8aKjiwJGGkbU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:31:71:b0:be:d3:81:14:e6:04:c1:8d:e4:44:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16ac160da99b3494a56b547c68a8e2c0918691b5
        Validity
            Not Before: Jan  2 00:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25ce155b3a09c37def22edf6f531d48287cafc83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9f:82:a7:ad:29:73:f1:ec:74:79:f7:9a:b9:
                    27:99:07:5d:d9:4d:12:56:55:a6:47:ec:26:f5:a7:
                    2b:86:8c:ec:23:0e:0a:6f:7c:86:54:0e:2b:2a:c7:
                    1d:91:f7:db:95:a7:17:c0:cf:d6:0e:b3:1a:2e:09:
                    d7:f5:7d:05:71:e3:7e:30:4b:b7:49:71:fb:ba:92:
                    0a:52:33:b6:d4:c6:d5:99:dd:13:56:e3:c0:ce:89:
                    88:32:f0:0e:18:3e:c7:8a:03:6e:08:5a:d7:77:34:
                    ba:15:4a:aa:b2:d7:d2:2c:3e:56:75:1a:ab:fb:5d:
                    d3:1a:ca:b5:2e:1c:78:54:ae:22:a9:e9:7b:af:23:
                    6b:9e:8a:af:84:dc:aa:6c:65:d8:d0:e6:8f:75:de:
                    c1:65:23:8e:0f:d0:41:e9:04:f8:47:16:12:ba:9c:
                    bd:30:7f:fb:ea:85:db:1c:44:49:ee:78:ed:4d:09:
                    01:da:91:75:81:38:67:65:f6:53:f6:08:66:4d:67:
                    ac:66:3e:56:ca:cf:0c:02:a2:45:32:20:2d:d4:e8:
                    9c:5f:73:12:e1:c0:f6:3b:0a:ce:c8:f7:60:3a:1c:
                    09:4e:0a:e2:da:b4:d1:01:e1:51:ca:17:41:ce:28:
                    df:cf:1e:2f:51:54:ca:29:94:56:ba:03:11:84:41:
                    ff:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:CE:15:5B:3A:09:C3:7D:EF:22:ED:F6:F5:31:D4:82:87:CA:FC:83
            X509v3 Authority Key Identifier:
                keyid:16:AC:16:0D:A9:9B:34:94:A5:6B:54:7C:68:A8:E2:C0:91:86:91:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FqwWDambNJSla1R8aKjiwJGGkbU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/Jc4VWzoJw33vIu329THUgofK_IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f4973-60bf-4386-97a6-1e6912689dd8/1/FqwWDambNJSla1R8aKjiwJGGkbU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:e1:80:97:9a:f6:b1:d9:aa:08:93:a2:f6:57:e8:cb:60:cb:
         57:da:3d:d0:06:0a:75:8c:b1:65:59:ff:4c:aa:91:18:60:7a:
         3c:8a:91:3e:76:18:9e:40:72:a4:c0:0d:55:96:80:8c:2e:1b:
         93:5f:e8:51:98:b0:c1:a4:17:8a:ed:2e:25:27:9e:94:50:a8:
         0e:19:ab:83:28:28:9f:76:0a:8a:86:e1:31:3c:39:1c:af:1d:
         7b:e8:a3:2b:50:23:f5:12:ec:bc:b9:36:e6:aa:1f:ca:3b:2c:
         45:f6:71:34:0f:c6:3d:b8:05:57:01:92:70:a9:68:81:01:e1:
         eb:30:09:96:45:69:e5:53:bd:5c:ec:47:20:3b:98:17:44:ed:
         25:e6:bc:cc:8c:a1:eb:d9:b2:44:66:41:d6:58:6e:05:e8:7c:
         74:29:ef:34:e9:b8:ad:84:3f:a1:a5:da:2e:40:e2:37:18:04:
         f0:de:23:49:51:83:0a:43:af:70:4d:00:e4:0a:71:d9:b8:65:
         e4:69:25:f9:b9:f3:32:99:3e:b2:c0:c7:73:19:13:33:77:d0:
         24:82:39:49:98:22:52:a3:a7:8b:a7:b1:24:64:5c:e2:80:11:
         e7:65:d9:f6:f0:2a:1a:7f:ab:40:20:d0:eb:21:74:04:08:14:
         2d:7d:c6:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzFxsL7TgRTmBMGN5ESMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YWMxNjBkYTk5YjM0OTRhNTZiNTQ3YzY4YThlMmMwOTE4
NjkxYjUwHhcNMjQwMTAyMDAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWNlMTU1YjNhMDljMzdkZWYyMmVkZjZmNTMxZDQ4Mjg3Y2FmYzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5+Cp60pc/HsdHn3mrknmQdd2U0S
VlWmR+wm9acrhozsIw4Kb3yGVA4rKscdkffblacXwM/WDrMaLgnX9X0FceN+MEu3
SXH7upIKUjO21MbVmd0TVuPAzomIMvAOGD7HigNuCFrXdzS6FUqqstfSLD5WdRqr
+13TGsq1Lhx4VK4iqel7ryNrnoqvhNyqbGXY0OaPdd7BZSOOD9BB6QT4RxYSupy9
MH/76oXbHERJ7njtTQkB2pF1gThnZfZT9ghmTWesZj5Wys8MAqJFMiAt1OicX3MS
4cD2OwrOyPdgOhwJTgri2rTRAeFRyhdBzijfzx4vUVTKKZRWugMRhEH/nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXOFVs6CcN97yLt9vUx1IKHyvyDMB8GA1UdIwQY
MBaAFBasFg2pmzSUpWtUfGio4sCRhpG1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnF3V0RhbWJOSlNsYTFSOGFLaml3SkdHa2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8wZjQ5NzMtNjBiZi00Mzg2LTk3YTYt
MWU2OTEyNjg5ZGQ4LzEvSmM0Vld6b0p3MzN2SXUzMjlUSFVnb2ZLX0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8wZjQ5NzMtNjBiZi00Mzg2LTk3YTYtMWU2OTEyNjg5ZGQ4
LzEvRnF3V0RhbWJOSlNsYTFSOGFLaml3SkdHa2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSrAMA0G
CSqGSIb3DQEBCwUAA4IBAQAl4YCXmvax2aoIk6L2V+jLYMtX2j3QBgp1jLFlWf9M
qpEYYHo8ipE+dhieQHKkwA1VloCMLhuTX+hRmLDBpBeK7S4lJ56UUKgOGauDKCif
dgqKhuExPDkcrx176KMrUCP1Euy8uTbmqh/KOyxF9nE0D8Y9uAVXAZJwqWiBAeHr
MAmWRWnlU71c7EcgO5gXRO0l5rzMjKHr2bJEZkHWWG4F6Hx0Ke806bithD+hpdou
QOI3GATw3iNJUYMKQ69wTQDkCnHZuGXkaSX5ufMymT6ywMdzGRMzd9AkgjlJmCJS
o6eLp7EkZFzigBHnZdn28Coaf6tAINDrIXQECBQtfcYL
-----END CERTIFICATE-----